Our Integration processes have been defined keeping two key principles in mind - Ease and Security. As a Merchant, integrating your Website with our Payment Gateway can take as less as an hour. At the same time, the built in security measures ensure that your, and your Customers data, is secure.
Ease You can be online with Shimotomo within hours of signing up with us. Shimotomo offers online live chat support during the integration process and easy to use integration kits to integrate the Payment Process within your normal flow.
» You are NOT Required to purchase a Digital Certificate or enable SSL. This reduces your cost and makes the integration process quicker, without reducing the security. Shimotomo has a 128 bit SSL Certificate which takes care of secure encrypted communication with the Customer
» The integration process consists of simplt HTTP Redirection between your website and the Payment Gateway server
» Despite the fact that the integration is a simple redirection, we still provide you ready-made pages in ASP, PHP, JSP and Perl. You can download these from the Documentation section. You can simply upload these pages to your webserver and start transacting.
Security
Shimotomo is not the only Payment Gateway to offer HTTP based integration. However undoubtedly Shimotomo is the only gateway that ensures security of the transaction while offering HTTP based redirection. All other Payment Gateways do not manage security of the transaction data when it is transmitted over HTTP between the Merchant Server and the Shimotomo gateway. Shimotomo on the other hand uses a simple, yet elegant, checksum algorithm for all data transfer between your website and the Payment Gateway. While this sounds quite simple, NO other Payment Gateway actually implements a Checksum based security mechanism in HTTP integration. This can allow a smart, tech-savvy Customer to modify the amount of transaction, as well as the status of a transaction during the transaction flow.
Checksum: This refers to a random numeric string generated using a mathematical algorithm and data bit shifting operations to ensure that data is not tampered in transit. The way it works is lets say a message has to be sent from A to B. A and B both mutually agree on a Key that only both of them possess. A checksum is generated by a mathematical function using the message and the Key as input. This checksum is then sent alongwith the message to B. B then recalculates this checksum using the Key and the same algorithm. If the checksum that B calculates is different from the checksum that A passed then the data was tampered along the way. Ideally the best checksum algorithms produce a very large change in the checksum with the smallest change in the data. The algorithm we use is a standard Adler32 which is used for CRC checks in data and is one of the most efficient algorithms for checksum generation.