(Delphi DLL) Payeezy Place Temp Authorization Hold on Buyer’s Credit Card

Demonstrates how to place a temporary authorization hold for the desired amount on the buyer’s credit card. You can Capture the authorized amount on completion of service or Void/Refund the transaction as required.

Chilkat for Delphi Downloads Chilkat non-ActiveX DLL for Delphi Chilkat ActiveX DLL for Delphi * The examples here use the non-ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, CkDateTime, Prng, HttpResponse, StringBuilder, JsonObject, Crypt2;

...

procedure TForm1.Button1Click(Sender: TObject);
var
crypt: HCkCrypt2;
prng: HCkPrng;
success: Boolean;
apiKey: PWideChar;
apiSecret: PWideChar;
token: PWideChar;
nonce: PWideChar;
dtNow: HCkDateTime;
sbTimestamp: HCkStringBuilder;
timestamp: PWideChar;
json: HCkJsonObject;
sbHmacData: HCkStringBuilder;
hexHash: PWideChar;
sbBase64Hash: HCkStringBuilder;
http: HCkHttp;
url: PWideChar;
resp: HCkHttpResponse;

begin
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

crypt := CkCrypt2_Create();
prng := CkPrng_Create();

// An API key such as y6pWAJNyJyjGv66IsVuWnklkKUPFbb0a
apiKey := 'my_api_key';
// An API secret such as 86fbae7030253af3cd15faef2a1f4b67353e41fb6799f576b5093ae52901e6f7
apiSecret := 'my_api_secret';
// A token such as fdoa-a480ce8951daa73262734cf102641994c1e55e7cdf4c02b6
token := 'my_merchant_token';

// The nonce is a random number (bytes), something like "6057786719490086000"
nonce := CkPrng__genRandom(prng,8,'decimal');
Memo1.Lines.Add('nonce = ' + nonce);

dtNow := CkDateTime_Create();
CkDateTime_SetFromCurrentSystemTime(dtNow);
sbTimestamp := CkStringBuilder_Create();
// Get the epoch timestamp in seconds
CkStringBuilder_Append(sbTimestamp,CkDateTime__getAsUnixTimeStr(dtNow,False));
// Change it to milliseconds
CkStringBuilder_Append(sbTimestamp,'000');
// The timestamp is a number similar to this: 1546011905000 (which is a timestamp taken on 28-Dec-2018).
timestamp := CkStringBuilder__getAsString(sbTimestamp);
Memo1.Lines.Add('timestamp = ' + timestamp);

// Generate the following JSON request body:
// {
//   "merchant_ref": "Astonishing-Sale",
//   "transaction_type": "authorize",
//   "method": "credit_card",
//   "amount": "1299",
//   "currency_code": "USD",
//   "credit_card": {
//     "type": "visa",
//     "cardholder_name": "John Smith",
//     "card_number": "4788250000028291",
//     "exp_date": "1020",
//     "cvv": "123"
//   }
// }

json := CkJsonObject_Create();
CkJsonObject_UpdateString(json,'merchant_ref','Astonishing-Sale');
CkJsonObject_UpdateString(json,'transaction_type','authorize');
CkJsonObject_UpdateString(json,'method','credit_card');
CkJsonObject_UpdateString(json,'amount','1299');
CkJsonObject_UpdateString(json,'currency_code','USD');
CkJsonObject_UpdateString(json,'credit_card.type','visa');
CkJsonObject_UpdateString(json,'credit_card.cardholder_name','John Smith');
CkJsonObject_UpdateString(json,'credit_card.card_number','4788250000028291');
CkJsonObject_UpdateString(json,'credit_card.exp_date','1020');
CkJsonObject_UpdateString(json,'credit_card.cvv','123');
CkJsonObject_putEmitCompact(json,False);
Memo1.Lines.Add(CkJsonObject__emit(json));

// string hashData = apiKey + nonce + timestamp + token + jsonString;
sbHmacData := CkStringBuilder_Create();
CkStringBuilder_Append(sbHmacData,apiKey);
CkStringBuilder_Append(sbHmacData,nonce);
CkStringBuilder_Append(sbHmacData,timestamp);
CkStringBuilder_Append(sbHmacData,token);
CkStringBuilder_Append(sbHmacData,CkJsonObject__emit(json));

// HMAC the data to produce a hex string.
CkCrypt2_putEncodingMode(crypt,'hexlower');
CkCrypt2_putMacAlgorithm(crypt,'hmac');
CkCrypt2_SetMacKeyString(crypt,apiSecret);
CkCrypt2_putHashAlgorithm(crypt,'sha256');
CkCrypt2_putCharset(crypt,'utf-8');
hexHash := CkCrypt2__macStringENC(crypt,CkStringBuilder__getAsString(sbHmacData));
Memo1.Lines.Add('hexHash = ' + hexHash);

// Now base64 encode the hex string:
sbBase64Hash := CkStringBuilder_Create();
CkStringBuilder_Append(sbBase64Hash,hexHash);
CkStringBuilder_Encode(sbBase64Hash,'base64','utf-8');

Memo1.Lines.Add('This is the Authorization header to be sent with the payeezy request:');
Memo1.Lines.Add('Authorization: ' + CkStringBuilder__getAsString(sbBase64Hash));

// -----------------------------------------------------------
// Now that we have the value for the Authorization header, send the POST containing the JSON.

http := CkHttp_Create();

CkHttp_putAccept(http,'*/*');
CkHttp_putUserAgent(http,'');
CkHttp_SetRequestHeader(http,'Authorization',CkStringBuilder__getAsString(sbBase64Hash));
CkHttp_SetRequestHeader(http,'apikey',apiKey);
CkHttp_SetRequestHeader(http,'nonce',nonce);
CkHttp_SetRequestHeader(http,'timestamp',timestamp);
CkHttp_SetRequestHeader(http,'token',token);

CkHttp_putSessionLogFilename(http,'qa_output/payeezy.txt');

url := 'https://api-cert.payeezy.com/v1/transactions';
resp := CkHttp_PostJson2(http,url,'application/json',CkJsonObject__emit(json));
if (CkHttp_getLastMethodSuccess(http) <> True) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

Memo1.Lines.Add('response status code = ' + IntToStr(CkHttpResponse_getStatusCode(resp)));
CkJsonObject_Load(json,CkHttpResponse__bodyStr(resp));
Memo1.Lines.Add(CkJsonObject__emit(json));
CkHttpResponse_Dispose(resp);

// Sample JSON response:

// {
//   "correlation_id": "228.4604632998994",
//   "transaction_status": "approved",
//   "validation_status": "success",
//   "transaction_type": "authorize",
//   "transaction_id": "ET175628",
//   "transaction_tag": "2313721985",
//   "method": "credit_card",
//   "amount": "1299",
//   "currency": "USD",
//   "cvv2": "M",
//   "token": {
//     "token_type": "FDToken",
//     "token_data": {
//       "value": "9732261336638291"
//     }
//   },
//   "card": {
//     "type": "visa",
//     "cardholder_name": "John Smith",
//     "card_number": "8291",
//     "exp_date": "1020"
//   },
//   "bank_resp_code": "100",
//   "bank_message": "Approved",
//   "gateway_resp_code": "00",
//   "gateway_message": "Transaction Normal"
// }
// 

Memo1.Lines.Add(CkJsonObject__stringOf(json,'correlation_id'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'transaction_status'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'validation_status'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'transaction_type'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'transaction_id'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'transaction_tag'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'method'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'amount'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'currency'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'cvv2'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'token.token_type'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'token.token_data.value'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'card.type'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'card.cardholder_name'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'card.card_number'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'card.exp_date'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'bank_resp_code'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'bank_message'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'gateway_resp_code'));
Memo1.Lines.Add(CkJsonObject__stringOf(json,'gateway_message'));

CkCrypt2_Dispose(crypt);
CkPrng_Dispose(prng);
CkDateTime_Dispose(dtNow);
CkStringBuilder_Dispose(sbTimestamp);
CkJsonObject_Dispose(json);
CkStringBuilder_Dispose(sbHmacData);
CkStringBuilder_Dispose(sbBase64Hash);
CkHttp_Dispose(http);

end;