Introduction

• The Merchant Must be registered with DinarPAY
• Need a Security Credentials to Connect the API. Every merchant will get a unique credentials

The API’s are exposed in Java Restful Services. (JSON)

Initial Target Language Support: EN, AR 

Following is the Level of Security Mechanism implemented to handle the B2B payment transaction,

• Each Merchant will receive the unique API access credentials. Without having the correct values against the Merchant QR Code, the service will return error with proper code. 
• All the Request is through HTTP POST service request. GET request is not allowed.
• Each Pre-Authorization request, the DinarPAY system will generate the Dynamic and unique transaction ID. Which needs to be sent as part of Customer Confirmation with Security Code. Else, the system will not accept the request for performing the final processing call.
• Every Request it is designed to respond with proper response codes
• System is running on AWS cloud system. Which is already PCI DSS certified and secured environment. And ZERO downtime of the services from AWS. (Except the System deployment on Scheduled date and time)
• The Entire DinarPAY system developed with Java & Java Related technologies to improve the security standards. 
• System will handle large number of transactions. Since it is running on cloud under PCI DSS

DP - DinarPAY

API - Application Programme Interface

JSON - JavaScript Object Notation

REST- Representational State Transfer

B2B - Business to Business

APP - Application

HTTP - Hypertext Transfer Protocol

PCI - Payment Card Industry

DSS - Data Security Standard

The purpose of this Project is,

• Validating the Virtual Cards given by the Customer
• Process Payments
• Payment Inquiries to Merchant (only online payments)

DinarPAY B2B Merchants has to adopt the Terms and Conditions for using the API into their Portal or their own Applications.

Following is the list of terms and conditions,

• We provide the DinarPAY API and other software to enable you to use the Service. We reserve the right to require you install or update any and all software updates to continue using the Service.

• Any Merchants who signed with DinarPAY must be a “B2B” merchant category – is only eligible to use this API.

• API credentials and other parameters are not allowed to share with any third parties or external systems / persons. Any such a violation will lead to terminate the contract.

• “B2B” category of merchant is not allowed to collect the regular payments from the Customer by using the DinarPAY Customer / Merchant APP. Merchants are requested to obtain a separate license to collect the payments from Customer / Merchant.

• Merchants Payout and other conditions will follow the DinarPAY Merchant Agreements.

• Other than the exposed services – if the merchant required any custom requirements will be paid service.

• Merchants are not AUTHORIZED to store any Customer CARD details without acceptance from the Customer. And as per the PCI DSS, the CVV is not allowed to store – even though customer is accepted to store the Card Information with Merchants.

• Merchants are fully responsible for the security of data on your website or otherwise in your possession. You agree to comply with all applicable state and federal laws and rules in connection with your collection, security and dissemination of any personal, financial, card, or transaction information (defined as “Data”) on your website. You agree that at all times you shall be compliant with the Payment Card Industry Data Security Standards (PCI-DSS) and the Payment Application Data Security Standards (PA-DSS), as applicable. The steps you will need to take to comply with PCI-DSS and PA-DSS when using DinarPAY will vary based on your implementation. For more information about implementing DinarPAY, please refer to our documentation on the Documentation page of our website. If we believe it is necessary based on your implementation and request it of you, you will promptly provide us with documentation evidencing your compliance with PCI DSS and/or PA DSS if requested by us. You also agree that you will use only PCI compliant service providers in connection with the storage, or transmission of Card Data. You must not store CVV2 data at any time. Information on the PCI DSS can be found on the PCI Council’s website. It is Merchants responsibility to comply with these standards.