3.2. Operations for Service Providers

This page describes the operations for service providers of the Procard.Pay dispatch system for service providers

Service providers include merchants who have PSP, DWO or ISO status in Visa and/or MasterCard and have a PCI DSS compliance certificate, which allows the merchant to store customer card data on their side.

The special operations of the Procard.Pay dispatch system for service providers include:

PurchaseOnMerchant – purchase operation using a card on the page of the service provider
Complete3DS – 3DS card verification completion operation

PurchaseOnMerchant operation

Test url: https://pay-test.procard-ltd.com/api (customer receives the production url in the project log)

To pay on the merchant's payment page, send a POST request with the following data:

On this page:

1 PurchaseOnMerchant operation
2 3DS check
- 2.1 Operation Complete3DS - confirmation of 3DS verification

Parameter	Description	Value
operation	Type of transaction	PurchaseOnMerchant
merchant_id	Merchant ID
amount	Transaction amount	Example: 500.00
order_id	The unique transaction number on the merchant's side. If the operation is duplicated, the merchant receives an error.
currency_iso	Payment currency.	UAH
description	Purpose of payment. Displayed on the payment page when entering payment details. Displayed in account statement and registers
add_params	An array with additional parameters. Additional parameters are then returned to the merchant in the CALLBACK call
token	Token for debiting from a card without transferring card details	Not mandatory
card_num	Card number
card_exp_month	MM card expiration date
card_exp_year	YY card expiration date
card_cvv	CVV2 code, in case of operation without CVV, you must specify -1
card_holder	Cardowner.	Not mandatory
phone	Client's phone number.	Not mandatory
payment_type	Payment type.	Not mandatory 1 – Purchase (Purchase), 2 – Pre-Authorization (Hold) Default – 1
secure_type	Transaction security pass type
	It can take the following values:
	Auto
	3DS	1
	Non3DS	2
callback_url	URL to which information about the result of the payment will be sent
signature	In order to confirm the validity of the data, a verification signature must be generated and transmitted in the SHA-512 request using the merchant's private_key.
	A string subject to SHA-512 is generated by concatenating the merchant_id, order_id, amount, currency_iso, description parameters separated by “;” (semicolon) in UTF-8 encoding.
	The order of the parameters when concatenating is important!

"operation":"PurchaseOnMerchant",
"merchant_id":"[merchant_id]",
"order_id":[unique order_id],
"amount":"100.00",
"currency_iso":"UAH",
"description":"[description]",
"card_num" : "4012000000003119",
"card_exp_month":"12",
"card_exp_year" : "25",
"card_cvv": "-1",
"secure_type": 1,
"add_params": {
    "AReqDetails.browserAcceptHeader": "application/json, text/plain, */*",
    "AReqDetails.browserColorDepth": "24",
    "AReqDetails.browserIP": "127.0.0.1",
    "AReqDetails.browserLanguage": "ru-RU",
    "AReqDetails.browserScreenHeight": "1080",
    "AReqDetails.browserScreenWidth": "1920",
    "AReqDetails.browserTZ": "-120",
    "AReqDetails.browserUserAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",
    "AReqDetails.browserJavaEnabled": "false",
    "AReqDetails.notificationUrl":"http://localhost",
    "CReqDetails.WindowWidth": "1920",
    "CReqDetails.WindowHeight": "1080",
    "SenderName": "[full sender name]",
    "Address": "[sender address]",
    "ResidentCityInLatin": "[sender City]",
    "VisaPurchaseIdentifier": "[visa identifier]",
    "ResidentCountry": "[sender country]",
    "RecipientName": "[full recipient name]",
    "SenderPostalCode": "[sender postal code]",
    "PurposeOfPayment":"[purpose of payment digit or text format]"
  },
"signature":"[hmac.sha512(["merchant_id"]+";"+["order_id"]+";"+["amount"]+";"+["currency_iso"]+";"+["description"])]"

List of additional parameters for clients with external anti-fraud systems:

Test url with external anti-fraud systems: https://pay-fraud-test.procard-ltd.com/api (customer receives the production url in the project log)

Parameter	Description	Value
BrowserIP	Client browser IP address	IPv4 address only: 220.38.220.38
UserAccountID	Identity number of user account
Fingerprint	Fingerprint

Example of additional parameters:

*** main Purchase on Merchant parameters ***
"add_params":{
      "BrowserIP":"127.0.0.1",
      "UserAccountID":"123315483215"
      "Fingerprint":"asdwsascaw2s1d5ww5a"
}

Response is a JSON object with the following parameters:

Parameter	Description	Value
status	Payment statuses	Reference: “Payment statuses” page
code	Response Codes	Reference: “Response Codes” page
order_id	Unique order number in the merchant system
amount	Amount of payment
fee	Fee
currency	Payment currency
token	Token for subsequent payments. The token will be returned if the payment is successful
d3_acs_url	URL acs of the server to which you need to send the user for verification
d3_creq	Request to be sent to the ACS server for 3ds2
transaction_key	Transaction key to be used to confirm the payment
transaction_id	Transaction ID
signature

3DS check

If the value 2002 is received in the code response, it is necessary to check 3DS2.

To check 3ds2, you need to send the form with the parameters d3_creq to %ACS_CREQ%, d3_acs_url to %term_url% using the POST method.

Sample HTML page for redirecting to the issuer's ACS

<html><body topmargin="50%" bottommargin="50%" onLoad="document.getElementById('pareq_form').submit();">
<form method="post" name="pareq_form" id="pareq_form" action="%term_url%">
<input name="creq" type="hidden" value="%ACS_CREQ%"/>
<input type="submit" name="send" value="send"/>
<noscript>
<br/><br/>
<center>
<h1>Processing your 3-D Secure Transaction</h1>
<h2>JavaScript is currently disabled or is not supported by your browser.<br/></h2>
<h3>Please click <b> Submit </b> to continue the processing of your 3-D Secure transaction.</h3>
<input type="submit" />
</center>
</noscript>
</form>
</body>
</html>

Description of parameters to be substituted in HTML

%term_url% - d3_acs_url value received after execution of the PurchaseOnMerchant administrative operation.

%d3_creq% - d3_creq value received after execution of the PurchaseOnMerchant administrative operation.

An example of a response received in a POST request from ACS

Operation Complete3DS - confirmation of 3DS verification

Test url: https://pay-test.procard-ltd.com/api (customer receives the production url in the project log)

To receive confirmation for 3DS verification, you must send a POST request with the following data:

Parameter	Description	Value
operation	Type of transaction	Complete3DS
merchant_id	Merchant ID
transaction_key	Transaction key to be used to confirm the payment
d3ds_pares	Message received after a redirect from the ACS server (the d3ds_cres value must be substituted in this field like d3ds_pares)
signature	In order to confirm the validity of the data, a verification signature must be generated and transmitted in the SHA-512 request using the merchant's private_key.
	A string subject to SHA-512 is generated by concatenating the parameters separated by “;” (semicolon) in UTF-8 encoding: merchant_id, transaction_key, d3ds_md (if null, leave value empty like transaction_key;;d3ds_pares ), d3ds_pares (the d3ds_cres value must be substituted in the d3ds_pares field);
	The order of the parameters when concatenating is important!

The response is a JSON object with the following parameters:

Parameter	Description	Value
status	Payment statuses	Reference: “Payment statuses” page
code	Response Codes	Reference: “Response Codes” page
order_id	Unique order number in the merchant system
amount	Amount of payment
fee	Fee
currency	Payment currency
card_pan	Masked card number
transaction_id	Transaction ID
signature

Related pages:

Page:

3.1. Basic operations
Page:

3.2. Operations for Service Providers
Page:

3.3. Callback function
Page:

3.4. Additional operations
Page:

3.5. P2P transfer operations
Page:

3.6. Operations with third-party wallets