Methods for Apple Pay - csob/paymentgateway GitHub Wiki

A brief overview of methods for Apple Pay (applepay@shop)

Method Description
applepay/echo Getting parameters for Apple Pay payment initialisation.
applepay/init Initialisation of an Apple Pay payment for applepay@shop.
applepay/process Start of the Apple Pay payment processing.

The diagram below indicates the progress of Apple Pay payment:

img/en_CZ/applepay-at-shop-highlevel-en.png

The customer pays for his order on the e-shop. The merchant offers the customer the option to pay using Apple Pay payments, while obtaining the parameters for initialization by calling the operation applepay/echo (0).

When the customer chooses an Apple Pay payment, an ApplePay session is first initialised (the e-shop merchant communicates on Apple servers), then the e-shop initiates a payment at the payment gateway using the applepay/init operation.

Unlike the standard card payment at the gateway, the customer stays at the merchant's e-shop when making an Apple Pay payment; the payment gateway decrypts the necessary payment data (card number and expiry) from the payload sent as part of the applepay/init operation.

The payment gateway performs so-called device fingerprint (2) for some payments. This sends the data from the customer's browser to the card issuer, who subsequently uses this data for the payment authentication. The merchant starts further processing by calling the operation applepay/process (3). The merchant is obliged to make the device fingerprint on the e-shop side within a 1px iframe.

For some payments, a authentication is required from customer payment confirmation (5). As with the device fingerprint, the merchant is obliged to confirm the payment on the e-shop side, opening the iframe or redirecting to top.location based on the parameters received from the payment gateway.

The merchant continuously checks the status of the payment by calling the operation payment/status (4). In case that the payment confirmation is required, after completing the authentication and payment authorization the customer is redirected via returnMethod to e-shop’s returnUrl. After completing the authentication and completing the payment authorization, the merchant displays the payment result to the customer.

The parameters displayed in bold are mandatory for calls.


applepay/echo method  

POST https://api.platebnibrana.csob.cz/api/v1.9/applepay/echo

This operation allows you to get the parameters to initialise Apple Pay payment. The merchant can cache the parameters and use them repeatedly to display the page with the option to pay using Apple Pay.

Item Type Description
merchantId String Merchant ID assigned by the payment gateway.
dttm String Date and time the request was sent in the format YYYYMMDDHHMMSS.
signature String Request signature, encoded in BASE64.

Example of request:

{
  "merchantId":"M1MIPS0000",
  "dttm":"20220125131559",
  "signature":"base64-encoded-signature-of-payment-request"
}

Return values  

Item Type Description
dttm String Date and time of the response in the format YYYYMMDDHHMMSS.
resultCode Number The result of the operation, see list.
resultMessage String Text description of the operation result.
initParams Object Parameters for initialising javascript for Apple Pay, filled in if resultCode is 0.
signature String Response signature, encoded in BASE64.

Description of the parameters of the initParams object, the merchant fills in the given value in the unchanged form into js (see below) for Apple Pay initialization.

Item Type Description
countryCode Number ISO 3166-1 alpha-2 country code in which the payment is processed.
supportedNetworks String The list of accepted card brands that Apple Pay will accept from the customer will be pre-filled by the payment gateway, for example: [ "visa", "masterCard", "maestro" ].
merchantCapabilities String List of supported payment authentication methods. It will be pre-filled based on the payment gateway settings, for example: [ "supports3DS" ].

Example of return values for applepay/echo operation (applepay@shop has merchant enabled):

{
  "dttm":"20220125131601",
  "resultCode": 0,
  "resultMessage":"OK",
  "initParams": {
    "countryCode": "CZ",
    "supportedNetworks": ["visa", "masterCard", "maestro"],
    "merchantCapabilities": ["supports3DS"]
  },
  "signature":"base64-encoded-response-signature"
 }

Example of return values for applepay/echo operation (applepay@shop has merchant disabled):

{
  "dttm":"20220125131601",
  "resultCode": 160,
  "resultMessage":"Payment method disabled",
  "signature":"base64-encoded-response-signature"
 }

After the merchant obtains the parameters passed in initParams in response to the applepay/echo call, it inserts/generates a javascript on the e-shop side to initialise the Apple Pay payment.

See also description of payment method Apple Pay.


applepay/init method  

POST https://api.platebnibrana.csob.cz/api/v1.9/applepay/init

Item Type Description
merchantId String Merchant ID assigned by the payment gateway.
orderNo String The reference number of the order used for matching payments, which will also be stated on the bank statement. Numeric value, maximum length is 10 digits.
dttm String Date and time the request was sent in the format YYYYMMDDHHMMSS.
clientIp String IP address of the customer (his browser) accessing the merchant's e-shop, ipv4 or ipv6 format.
totalAmount Number Total price in hundredths of the base currency. This value will be displayed on the payment gateway as the total amount to be paid.
currency String Currency code. Allowed values: CZK, EUR, USD, GBP, HUF, PLN, RON, NOK, SEK.
closePayment Boolean Indicates whether the payment should be automatically included in the closing and paid. Allowed values: true / false. Optional parameter from version 1.9, default value: true.
payload String JSON data received by Apple Pay merchant (paymentData attribute in received data from Apple Pay). The merchant encodes as BASE64 and then passes in the payload parameter.
returnUrl String URL address to which the client will be redirected back to the e-shop after payment is completed if the payment requires confirmation within the payment Authentication. Maximum length 300 characters. When redirecting back to the e-shop, the same parameter set is passed as in the case of returning from the payment gateway when paying by card.
returnMethod String The method of returning to the e-shop URL. Allowed values POST, GET. The recommended method is POST.
customer Object Additional purchase data related to the customer. See detailed description of the structure customer.
order Object Additional purchase data related to the order. See detailed description of the structure order.
sdkUsed Boolean Indicates whether payment authentication is performed via 3DS SDK (in case of mobile application) or not (payment via browser). Allowed values: true / false. Default value: false.
merchantData String Any auxiliary data that the merchant passes to the gateway, must be BASE64 encoded. The maximum length after encoding is 255 characters. In case of the "Marketplace" business model, the merchant must identify his retailer using the ID company number. This identifier must be enclosed in square brackets [] and can be placed arbitrarily within the merchantData item. If several retailers participate in the purchase, the ID number values are separated by a comma - e.g. [12345678,87654321].
language String Preferred language version to be used in case the payment confirmation is required. Allowed values: cs,en,de,fr,hu,it,ja,pl,pt,ro,ru,sk,es,tr,vi,hr,sl,sv.
ttlSec Number Payment life setting, in seconds, min. allowed value 300, max. allowed value 1800 (5-30 min). Default value: 1800. Payment lifetime is calculated from the moment of applepay/init call.
signature String Request signature, encoded in BASE64.

Example of request:

{
  "merchantId":"M1MIPS0000",
  "orderNo":"51966",
  "dttm":"20220125131559",
  "clientIp":"192.0.2.2",
  "totalAmount":12300,
  "currency":"CZK",
  "payload":"base64-encoded-payload-from-applepay",
  "returnUrl":"https://shop.example.com/return",
  "returnMethod":"POST",
  "signature":"base64-encoded-signature-of-payment-request"
}

Example of request:

{
  "merchantId":"M1MIPS0000",
  "orderNo":"51966",
  "dttm":"20220125131559",
  "clientIp":"192.0.2.2",
  "totalAmount":12300,
  "currency":"CZK",
  "closePayment":false,
  "payload":"base64-encoded-payload-from-applepay",
  "returnUrl":"https://shop.example.com/return",
  "returnMethod":"POST",
  "customer": {
    "name":"Jan Novák",
    "email":"[email protected]",
    "mobilePhone":"+420.800300300"
  },
  "order": {
    "Type":"purchase",
    "availability":"now",
    "delivery":"digital",
    "deliveryMode": "0",
    "deliveryEmail": "[email protected]"
  },
  "signature":"base64-encoded-signature-of-payment-request"
}

Return values:  

Item Type Description
payId String Unique payment ID (assigned by the payment gateway in the applepay/init operation, contains a 15-character string).
dttm String Date and time of the response in the format YYYYMMDDHHMMSS.
resultCode Number The result of the operation, see list.
resultMessage String Text description of the operation result.
paymentStatus Number Payment status, see payment lifecycle.
statusDetail String Detailed status of payment (detailed status), contains, for example, the reason for the refusal to pay, see descriptiom.
actions Object Structure for transmitting the necessary data for performing device fingerprint. See structure actions.
signature String Response signature, encoded in BASE64.

Example of return values for applepay/init operation -- payment successfully initialised:

{
  "payId":"7624c5e60252@HA",
  "dttm":"20220125131601",
  "resultCode": 0,
  "resultMessage":"OK",
  "paymentStatus": 1,
  "signature":"base64-encoded-response-signature"
 }

Example of return values for applepay/init operation -- payment successfully initialised, including parameters for device fingerprint:

{
  "payId":"7624c5e60252@HA",
  "dttm":"20220125131601",
  "resultCode": 0,
  "resultMessage":"OK",
  "paymentStatus": 1,
  "actions": {
    "fingerprint": {
      "browserInit": {
        "url":"https://example.com/3ds-method-endpoint"
      }
    }
  },
  "signature":"base64-encoded-response-signature"
 }

Example of return values for applepay/init operation -- payment successfully initialised, including parameters for initialising the 3DS SDK for payment authentication:

{
  "payId":"7624c5e60252@HA",
  "dttm":"20220125131601",
  "resultCode": 0,
  "resultMessage":"OK",
  "paymentStatus": 1,
  "actions": {
    "fingerprint": {
      "sdkInit": {
        "directoryServerID":"A000000003",
        "schemeId":"Visa",
        "messageVersion":"2.2.0"
      }
    }
  },
  "signature":"base64-encoded-response-signature"
 }

In the event of an invalid request, the payment gateway returns a response containing a description of the error. A detailed description is provided on the page API Integration.


applepay/process method  

POST https://api.platebnibrana.csob.cz/api/v1.9/applepay/process

The operation starts processing an Apple Pay payment.

Item Type Description
merchantId String Merchant ID assigned by the payment gateway.
payId String PayID obtained when creating an Apple Pay payment using the applepay/init operation.
dttm String Date and time the request was sent in the format YYYYMMDDHHMMSS.
fingerprint Object Additional data for payment authentication. See structure fingerprint.
signature String Request signature, encoded in BASE64.

Example of request: (applepay@shop, payment performed from the customer's browser)

{
  "merchantId":"M1MIPS0000",
  "payId":"7624c5e60252@HA",
  "dttm":"20220125131615",
  "fingerprint": {
    "browser": {
      "userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36",
      "acceptHeader":"text/html,application/xhtml+xml,application/xml;",
      "language":"en",
      "javascriptEnabled":false
    }
  },
  "signature":"base64-encoded-request-signature"
}

Example of request: (applepay@shop, payment performed from a mobile application with integrated 3DS SDK)

{
  "merchantId":"M1MIPS0000",
  "payId":"7624c5e60252@HA",
  "dttm":"20220125131615",
  "fingerprint": {
    "sdk": {
      "appID":"198d0791-0025-4183-b9ae-900c88dd80e0",
      "encData":"encrypted-data",
      "ephemPubKey": "encoded-public-key",
      "maxTimeout": 5,
      "referenceNumber":"sdk-reference-number",
      "transID":"7f101033-df46-4f5c-9e96-9575c924e1e7"
    }
  },
  "signature":"base64-encoded-request-signature"
}

Return Values  

Item Type Description
payId String Unique payment ID (assigned by the payment gateway in the applepay / init operation, contains a 15-character string)
dttm String Date and time of the response in the format YYYYMMDDHHMMSS.
resultCode Number The result of the operation, see list.
resultMessage String Text description of the operation result.
paymentStatus Number Payment status, see payment lifecycle.
statusDetail String Detailed status of payment, contains, for example, the reason for the refusal to pay, see description.
actions Object The structure for transmitting the necessary data for the execution of confirmation within payment authentication. See structure actions.
signature String Response signature, encoded in BASE64.

Example of return values for applepay/process operation (without having to make a payment authentication confirmation)

{
  "payId":"7624c5e60252@HA",
  "dttm":"20220125131618",
  "resultCode": 0,
  "resultMessage":"OK",
  "paymentStatus": 2,
  "signature":"base64-encoded-response-signature"
 }

Example of return values for applepay/process operation (including parameters for confirmation within the payment authentication in the customer's browser)

{
  "payId":"7624c5e60252@HA",
  "dttm":"20220125131618",
  "resultCode": 0,
  "resultMessage":"OK",
  "paymentStatus": 2,
  "actions": {
    "authenticate": {
      "browserChallenge": {
        "url":"https://example.com/challenge-endpoint"
      }
    }
  },
  "signature":"base64-encoded-response-signature"
 }

Example of return values for applepay/process operation (including parameters for confirmation within the payment authentication using the 3DS SDK)

{
  "payId":"7624c5e60252@HA",
  "dttm":"20220125131618",
  "resultCode": 0,
  "resultMessage":"OK",
  "paymentStatus": 2,
  "actions": {
    "authenticate": {
      "sdkChallenge": {
        "threeDSServerTransID":"eeddda80-6ca7-4b22-9d6a-eb8e84791ec9",
        "acsReferenceNumber":"3DS_LOA_ACS_201_13579",
        "acsTransID":"7f3296a8-08c4-4afb-a3e2-8ce31b2e9069",
        "acsSignedContent":"base64-encoded-acs-signed-content"
      }
    }
  },
  "signature":"base64-encoded-response-signature"
 }

The result of authentication and subsequent authorization must be found by a subsequent call to payment/status. Processing times may vary depending on whether payment confirmation is required as part of its authentication:

  • if no confirmation is required, the recommended call time is 2-3 seconds after calling applepay/process, if the payment status is still 2 (payment in progress), it is recommended to call periodically at intervals of 5 seconds (the total authorisation time depends on the processing of the request in VISA/MC systems and in the worst case it can be up to 60 seconds).
  • if confirmation is required, it may take several minutes for the customer to confirm the payment and the card issuer completes the authentication. In this case, we recommend calling payment/status periodically at longer intervals, e.g. 30 seconds.