Payment with MoMo

Tram Ho

1. Introduction of MoMo:

  • MoMo Payment Platform API is a payment solution for businesses, allowing customers to use MoMo Wallet account to pay for services on many different platforms: Desktop Website, Mobile Website, Mobile Application, POS, Pay In Bill, Web In App MoMo.

2. Payment methods of:

  • MoMo (All In One) payment gateway : Applicable to partners who have payments on the website, Mobile, Smart TV, …
  • App-In-App Payment : Applicable to partners with mobile applications (Android / iOS) who want to open MoMo application directly for payment.
  • POS payment : Applicable to partners who have sales systems using POSS machines. Cashier uses a scanner to scan “CODE OF PAYMENT” on the MoMo app to pay.
  • QR Code Payment : Partners create QR codes in the format provided by MoMo, customers only need to use the MoMo app to scan codes and pay.

In this article I will use the MoMo All In One payment gateway.

3. Integration process:

  • Register business account at https://business.momo.vn/ .
  • After registering an account, the default environment of the account is the Test environment.
  • You need to make a complete registration of information to bring your account to Production environment.
  • For each type of environment, the MoMo API provides you with the following information to configure and use the MoMo API
    1. Partner Code : Information to identify a business account.
    2. Access Key : Grant access to the MoMo system.
    3. Secret Key : Used to create digital signatures .
    4. Public Key : Used to create data encryption using RSA algorithm.
  • When calling Using the MoMo API we will call the following 2 end points depending on the environment:
    1. Test environment : https://test-payment.momo.vn
    2. Production environment : https://payment.momo.vn

4. Security:

  • MoMo uses digital signatures and data encryption to authenticate input and output data on each HTTP Request and HTTP Response request.
  • Refer to the source code at MoHo’s GitHub .

a. Electronic Signature:

  • signature is a string of characters generated from a given algorithm used to check the correctness of data on the path between two systems.
  • For example
  • MoMo uses the SHA256 algorithm to create a singature for the data of each request.
  • serectkey is SECRET_KEY of business account registered with MoMo.
  • rawSignature is the string created from the order’s data that needs to be paid by MoMo in the key=value pair and connected to nahu by & , for example: key1=value1&key2=value2 .

b. RSA encryption:

  • RSA encryption is a public encryption algorithm to protect information on the transmission line.
  • The partner uses PUBLIC_KEY of the business account registered with MoM to encrypt the order data that needs to be paid by MoMo.
  • MoMo uses PRIVATE_KEY corresponding to PUBLIC_KEY to decode and check the encrypted data.

5. Payment portal MoMo (All In One):

a. Introduce:

  • MoMo AIP Payment is MoMo’s payment solution applied on many different platforms in only 1 API.
  • For TEST environment, you can download the MoMo TEST app and make payment or use the test account provided by MoMo.
    SuccessLimit of 20,000,0005,000,000 limitUnsuccessful
    0917003003091910010009180020000916005000
    0917030000091910001009180020200916005050
    0917030003091910000109180022000916005500
    09170300300919010100
    09170303000919010010
    09173003000919100101
  • Password: 000000 .
  • Authentication code: 000000 .
  • For more information, see Testing Information of MoMo.

b. Process diagram:

  • Make payment with MoMo through the AIO payment portal on the web according to the following steps:
    1. User clicks buttton checkout on Web screen.
    2. The server sends requests to MoMo.
    3. Momo returns the HTTP Response to the Server.
    4. If the request contains valid data, MoMo returns an HTTP Response with an errorCode of 0 as payUrl .
    5. The server makes redirect to MoMo’s payUrl for the user to make payment.
    6. The payment results are sent by MoMo to the returnUrrl and notifyUrl of the server.
    7. The server receives the payment results and updates the order.
    8. If the request of step 2 contains invalid data, at step 3 MoMo returns an HTTP Response with an errorCode other than 0 and the message contains an error message .
  • To make payment with AIO payment gateway, send the request to the end of MoMo.

c. Data request to MoMo:

  • The data to be sent to MoMo to make payments through the AIO payment gateway includes.
    Attributedescription
    partnerCodePARTNER_CODE is from business account registered with MoMo
    accessKeyACCESS_KEY is from a business account registered with MoMo
    requestIdIdentify each request
    amountAmount to pay
    orderIdPayment order code (need to ensure uniqueness)
    returnUrlThe website that MoMo will redirect back after the user makes payment
    need to provide both the domain and path of the Url (e.g. https://example.com/orders/1 )
    notifyUrlThe website MoMo will send data to via IPN after the user makes payment
    need to provide both the domain and path of the Url (e.g. https://example.com/orders/1 )
    requestTypecaptureMoMoWallet
    signatureElectronic signature to check information
    extraDataAdditional information for order in the format <key> = <value>; <key> = <value>
    default is “”
  • Refer to MoMo’s documentation for more details.
  • Refer to Momo :: ApplicationSerrvice to see examples with Rails.
  • I used Momo :: RequestSignatureService to create a signature .

d. returnUrl and notifyUrl:

  • The 2 url of the server that MoMo will send HTTP Response containing payment information results.
  • With returnUrl MoMo will send via GET method, redirect from MoMo to returnUrl after the user makes payment.
  • With notifyUrl MoMo will send via POST method, MoMo will implement IPN to send data to notifyUrl after the user makes payment.
  • With returnUrl and notifyUrl, check whether the data received from MoMo match the data sent to MoMo and update orders via Momo :: ConfirmOrrderService and Momo :: UpdateOrrderService .
  • Avoid cases where the user types the url to update order without MoMo payment.
  • In the sample code returnUrl for MoMo::PaymentsController#show and notifyUrl for MoMo::PaymentsController#update
  • MoMo::PaymentsController#create makes MoMo AIO API call through Momo :: SendRequestService and redirects to payUrl to make payment on MoMo.
  • We need to use both returnUrl and notifyUrl to prevent MoMo from redirecting to returnUrl (due to timeout, the user shuts down the browser), the server still receives data through notifyUrl .

e. Data that MoMo returns:

  • The data to be sent to MoMo to make payments through the AIO payment gateway includes.
    Attributedescription
    partnerCodePARTNER_CODE is from business account registered with MoMo
    accessKeyACCESS_KEY is from a business account registered with MoMo
    requestIdIdentify each request
    amountAmount to pay
    orderIdPayment order code (need to ensure uniqueness)
    returnUrlThe website that MoMo will redirect back after the user makes payment
    need to provide both the domain and path of the Url (e.g. https://example.com/orders/1 )
    notifyUrlThe website that MoMo will send data to via IPN after the user makes payment
    need to provide both the domain and path of the Url (e.g. https://example.com/orders/1 )
    requestTypecaptureMoMoWallet
    signatureElectronic signature to check information
    extraDataAdditional information for orders in the format <key> = <value>; <key> = <value>
    default is “”

6. Demo screen:

Share the news now

Source : Viblo