Complete guide to integrate CCAvenue Payment gateway into ASP.NET website – with Screenshot

About this tutorial

This is an end-to-end guide to integrating a CCAvenue payment gateway into ASP.NET web application using official kit. Starting from account setup to successful payment.

Pre-Requirement

  1. Visual Studio
  2. Active CCAvenue account
    1. Merchant ID
    2. Access Code
    3. Working Key
  3. Official CCAvenue kit
  4. Little knowledge about C# & ASP.NET

Setting up your CCAvenue account for localhost

In order to run your CCAvenuepayment gateway in localhost, we need to add our localhost into CCAvenue account. You have to write an email to [email protected] and ask him to add your localhost.  Kindly refer screenshot below for more details.

Example: http://localhost:55181/

Screenshot 1

Download Integration Kit from CCAvenue website

Integration kit will be available on http://ccavenue.com → Resources → Web Integration Kit → Download Integration Kit → Download ASP.NET 3.5

Also, you can download from here: ASP.Net_Kit_Version_3.5

Extract the Integration Kit

Open the Project in Visual Studio

  1. Open Visual Studio
  2. Choose Open → Project/Solution from the file menu.

3. Browse to the downloaded Integration kit. Open the NON-SEAMLESS KIT

4. Open MCPG.ASP.net.ENC

Add Reference to the project [Very Important]

Many people used to face an issue in this stage. But it is really an easy step. Kindly follow the screenshot.

Right-click the References in solution explorer → Add Reference

Note: Reference DLL file will be available in downloaded integration kit itself.

Browse the downloaded folder

  1. bin → MCPG.ASP.net.ENC.dll & add it to the project.
  2. lib → MCPG.CCA.Util.dll & add it to project.

Note: REMOVE existing dll, if any. You have to add fresh dll.

Add localhost to the project

This step is mandatory to run the CCAvenue setup in local system i.e in a development system. If you didn’t ask localhost, this setup won’t work because by default asp.net project will point to some default IP like http://127.0.0.1/

So, better add your localhost i.e In my case it is which http://localhost:55181/ is same as in my CCAvenue Account, which we have added in step 1.

Right click project → Properties

Change Merchant ID, Acess Code and Working Key in our application

Pages to be modified:-

  1. ccavRequestHandler.aspx.cs
  2. ccavResponseHandler.aspx.cs
  3. dataFrom.htm

Change workingKey and strAccessCode in ccavRequestHandler.aspx.cs

Change workingKey again in  ccavResponseHandler.aspx.cs

Change merchant_id, redirect_url, cancel_url – VERY IMPORTANT

Great 🙂 If you followed all the step, you can build & run

Choose between Testing/Live environment

You can choose Testing or Live environment from the ccavRequestHandler.aspx

For Live Environment 

https://secure.ccavenue.com/transaction/transaction.do?command=initiateTransaction

For Testing Environment

https://test.ccavenue.com/transaction/transaction.do?command=initiateTransaction

Making Payment in Live (Production) Environment

Run the application, you will see the following account.

Fill the details & Proceed to checkout

Choose the preferred payment gateway from Credit Card/Debit Card/Net Baking etc..

Enter the required details and click on make payment

Finally, Complete the payment 🙂

That’s all 🙂 You can push your code to Live Website 🙂

I tried my best to cover all the steps in screenshot & steps. If I missed any steps, kindly drop the queries in a comment section.

Also, for any clarification or doubt, please write back to me on comment section. I will try to reply as soon as possible.

How to test CCAvenue Payment Gateway in localhost? (Avoid Error Code: 10002 Merchant Authentication failed)

In this tutorial, I am going to discuss how to test a CCAvenue payment gateway on your local system.

Why this tutorial?

  1. To test CCAvenue in localhost.
  2. To avoid issues on the Live website.

CCAvenue is one of the leading payment gateway providers in India, though their documentation is not up to the industry standard. It is hard to understand. While googling I found many peoples are getting 1002 Authentication Failed.

Reason for CCAvenue 10002 Authentication Failure

  • Wrong/invalid merchant ID
  • Wrong/invalid Working Key
  • Wrong/invalid access Key
  • URL of the registered website

aravin.net_10002_error_code_this_happen_to_best_of_us

But, that CCAvenue error message 10002 does not provide much information on which part it is failing because of security reason. However, many of them think that they are using wrong merchant id or access key or working key. But actual reason for this issue is URL of the account.

Example

If you are registered for www.aravin.net, your payment gateway will work only on www.aravin.net, you cannot use it for any other website.

Also, you cannot use this API keys for your localhost such as http://localhost/ or http://127.0.0.1

So, How to test CCAvenue in localhost or Testing Environment?

  1. Adding your localhost URL to CCAvenue Account
  2. Getting API Keys (Merchant ID, Access Code, Working key)
  3. Start Testing in localhost

1. Adding your localhost URL to CCAvenue Account

In order to add your localhost URL to CCAvenue account, you have to write an email to [email protected] from your registered email with required localhost URL.

Sample Localhost URL

http://192.168.0.3:1234/

2. Getting API Keys (Merchant ID, Access Code, Working key)

Once, your localhost or local IP address is added to your account, you can find the valid API keys in the following path

CCAvenue website -> Settings -> API Keys

Sample API Keys for localhostCCAvenue Account

3. Start Testing in localhost

Now, you can download your preferred programming language integration from the CCAvenue website & use the test API Keys.

That’s all 🙂


Quick Links

  1. CCAvenue Best Practice: http://aravin.net/best-practices-ensure-transaction-integrity-ccavenue-payment-gateway/
  2. How to integrate CCAvenue in ASP.NET website: http://aravin.net/how-to-integration-ccavenue-payment-gateway-into-your-website-using-asp-net-with-screenshot/

Updated Post Here: http://aravin.net/complete-guide-integrate-ccavenue-payment-gateway-asp-net-website-screenshot/

Best Practices to Ensure Transaction Integrity in CCAvenue Payment Gateway

The following Best Practices are guidelines only. It is recommended that you consult with security experts with experience in your web environment to ensure that your security is appropriate for your needs.

1. Use a unique order number for each transaction attempt

CCAvenue system does not validate your order number for uniqueness. If you send the same order id again it will be processed as a new transaction.

We recommend that each transaction attempt should be assigned a unique transaction reference Id, but we do not enforce it. You may also consider appending a timestamp to the order number to help ensure that each one is unique. CCAvenue system will generate a unique transaction reference id for each transaction attempted on CCAvenue system.

Certain merchants wish to ensure that one order id may be attempted only once on the same day. In this case we recommend that you use the ‘tid’ parameter to send a unique identifier for each order id. This is an optional parameter. We have also provided a snippet of code in the integration kit to generate the value for this parameter. This tid parameter will be checked for uniqueness at the CCAvenue server only for 24 hours since its receipt. After this if you sent the tid again, it will be allowed.

2. Store your unique order number for each transaction attempt

Before sending a transaction to the Payment Server, you should store this unique order number with the order details in your database. The merchant order id is returned in the Transaction Response along with the CCAvenue system generated unique transaction reference id.

The unique order number can be used for the Order status function to retrieve the transaction status of an order that was lost or missing.

3. Check that the field values in the Response match those in the Request

You should ensure that important fields such as the currency, the amount and the order ID in the Transaction Response match up with the values input in your database for the original Transaction Request.

4. Validate the SSL certificate of the Payment Server

It is highly recommended that you validate the SSL certificate of the Payment Server whenever you connect to the Payment Server. The Payment Server SSL certificate is issued by an industry standard Certificate Authority such as Verisign or Thawte whose root certificate should already be available in your web environment.

Note: Please consult a web developer if you are not familiar with validating SSL certificates or exporting certificates from websites.

5. Store your access code and secret key securely

You must keep your access code and secret key stored securely. Do not store your secret within the source code of an ASP or JSP (or other) website page as it is common for web server vulnerabilities to be discovered where source code of such pages can be viewed.

It is recommended to store your Secure Hash Secret in a secured database, or in a file that is not directly accessible by your web server and has suitable system security permissions.

You should change your secret key regularly in accordance with your company’s security policy, and any time when you believe that its security may have been compromised.

You can change your secret key in Merchant Administration in the Setup menu option on the configuration Details page. For any assistance, please feel free to contact CCAvenue technical support department.

Note: You can use it in web.config file.

6. Use order status tracker

Use the order status tracker to verify the status of a transaction as well as to find out the status of a lost transaction.

7. If you are using the seamless integration, get PCI DSS certified

If you are using seamless integration to take card information on your website before passing them on to the Payment Gateway, you must get PCI DSS certified. You must never store CVV information ever. Avoid storing card number and expiry date and if you must then ensure that they are properly encrypted.

8. Use Good Password Security for Merchant Administration

It is highly recommended that you choose a password that is difficult to guess and change your password regularly. A good password should be at least 8 characters and should contain a mix of capitals, numbers and special characters.


These points are also applicable for any payment gateway.

Source

CCAvenue