3.2. Operations for Service Providers
This page describes the operations for service providers of the Procard.Pay dispatch system for service providers
Service providers include merchants who have PSP, DWO or ISO status in Visa and/or MasterCard and have a PCI DSS compliance certificate, which allows the merchant to store customer card data on their side.
The special operations of the Procard.Pay dispatch system for service providers include:
PurchaseOnMerchant – purchase operation using a card on the page of the service provider
Complete3DS – 3DS card verification completion operation
PurchaseOnMerchant operation
Test url: https://pay-test.procard-ltd.com/api (customer receives the production url in the project log)
To pay on the merchant's payment page, send a POST request with the following data:
Parameter | Description | Value |
operation | Type of transaction |
|
merchant_id | Merchant ID |
|
amount | Transaction amount | Example: 500.00 |
order_id | The unique transaction number on the merchant's side. If the operation is duplicated, the merchant receives an error. |
|
currency_iso | Payment currency. | UAH |
description | Purpose of payment. Displayed on the payment page when entering payment details. Displayed in account statement and registers |
|
add_params | An array with additional parameters. Additional parameters are then returned to the merchant in the CALLBACK call |
|
token | Token for debiting from a card without transferring card details | Not mandatory |
card_num | Card number |
|
card_exp_month | MM card expiration date |
|
card_exp_year | YY card expiration date |
|
card_cvv | CVV2 code, in case of operation without CVV, you must specify -1 |
|
card_holder | Cardowner. | Not mandatory |
phone | Client's phone number. | Not mandatory |
payment_type | Payment type. | Not mandatory |
secure_type | Transaction security pass type |
|
| It can take the following values: |
|
| Auto |
|
| 3DS | 1 |
| Non3DS | 2 |
callback_url | URL to which information about the result of the payment will be sent |
|
signature | In order to confirm the validity of the data, a verification signature must be generated and transmitted in the SHA-512 request using the merchant's private_key. |
|
| A string subject to SHA-512 is generated by concatenating the merchant_id, order_id, amount, currency_iso, description parameters separated by “;” (semicolon) in UTF-8 encoding. |
|
| The order of the parameters when concatenating is important! |
|
List of additional parameters for clients with external anti-fraud systems:
Test url with external anti-fraud systems: https://pay-fraud-test.procard-ltd.com/api (customer receives the production url in the project log)
Parameter | Description | Value |
BrowserIP | Client browser IP address | IPv4 address only:
|
UserAccountID | Identity number of user account |
|
Fingerprint | Fingerprint |
|
Example of additional parameters:
*** main Purchase on Merchant parameters ***
"add_params":{
"BrowserIP":"127.0.0.1",
"UserAccountID":"123315483215"
"Fingerprint":"asdwsascaw2s1d5ww5a"
}
Response is a JSON object with the following parameters:
Parameter | Description | Value |
status | Payment statuses | Reference: “Payment statuses” page |
code | Response Codes | Reference: “Response Codes” page |
order_id | Unique order number in the merchant system |
|
amount | Amount of payment |
|
fee | Fee |
|
currency | Payment currency |
|
token | Token for subsequent payments. The token will be returned if the payment is successful |
|
d3_acs_url | URL acs of the server to which you need to send the user for verification |
|
d3_creq | Request to be sent to the ACS server for 3ds2 |
|
transaction_key | Transaction key to be used to confirm the payment |
|
transaction_id | Transaction ID |
|
signature |
|
|
3DS check
If the value 2002 is received in the code response, it is necessary to check 3DS2.
To check 3ds2, you need to send the form with the parameters d3_creq to %ACS_CREQ%, d3_acs_url to %term_url% using the POST method.
Sample HTML page for redirecting to the issuer's ACS
<html><body topmargin="50%" bottommargin="50%" onLoad="document.getElementById('pareq_form').submit();">
<form method="post" name="pareq_form" id="pareq_form" action="%term_url%">
<input name="creq" type="hidden" value="%ACS_CREQ%"/>
<input type="submit" name="send" value="send"/>
<noscript>
<br/><br/>
<center>
<h1>Processing your 3-D Secure Transaction</h1>
<h2>JavaScript is currently disabled or is not supported by your browser.<br/></h2>
<h3>Please click <b> Submit </b> to continue the processing of your 3-D Secure transaction.</h3>
<input type="submit" />
</center>
</noscript>
</form>
</body>
</html>
Description of parameters to be substituted in HTML
%term_url% - d3_acs_url value received after execution of the PurchaseOnMerchant administrative operation.
%d3_creq% - d3_creq value received after execution of the PurchaseOnMerchant administrative operation.
An example of a response received in a POST request from ACS
Operation Complete3DS - confirmation of 3DS verification
Test url: https://pay-test.procard-ltd.com/api (customer receives the production url in the project log)
To receive confirmation for 3DS verification, you must send a POST request with the following data:
Parameter | Description | Value |
operation | Type of transaction | Complete3DS |
merchant_id | Merchant ID |
|
transaction_key | Transaction key to be used to confirm the payment |
|
d3ds_pares | Message received after a redirect from the ACS server (the d3ds_cres value must be substituted in this field like d3ds_pares) |
|
signature | In order to confirm the validity of the data, a verification signature must be generated and transmitted in the SHA-512 request using the merchant's private_key. |
|
| A string subject to SHA-512 is generated by concatenating the parameters separated by “;” (semicolon) in UTF-8 encoding: merchant_id, transaction_key, d3ds_md (if null, leave value empty like transaction_key;;d3ds_pares ), d3ds_pares (the d3ds_cres value must be substituted in the d3ds_pares field); |
|
| The order of the parameters when concatenating is important! |
|
The response is a JSON object with the following parameters:
Parameter | Description | Value |
status | Payment statuses | Reference: “Payment statuses” page |
code | Response Codes | Reference: “Response Codes” page |
order_id | Unique order number in the merchant system |
|
amount | Amount of payment |
|
fee | Fee |
|
currency | Payment currency |
|
card_pan | Masked card number |
|
transaction_id | Transaction ID |
|
signature |
|
|
Copyright © 2015-2023 PROCARD