3DS Payment Developer Documentation - minglepay/paystory_global GitHub Wiki

βœ… 3D Secure payments involve an additional level of authentication to protect both merchants and customers
       from the threat of payment fraud.


Sample Files

     



1. Overview

  • Payment Flows

    • 1️⃣ Setting Up required Information for payment requests in Input Tag.
      • Customer enters payment information on webpage configured by merchant.
    • 2️⃣ Authentication request and response
      • Merchant processes the payment information and merchant information received from customer and sends authentication request to Paystory's server.
      • After selecting the card they wish to use for payment, customer proceeds through authentication process provided by card issuer.
      • Once the customer's card authentication is successful, Paystory sends encrypted datas for authorization request to the merchant.
    • 3️⃣ Authorization request and response
      • Merchant uses authentication result value to send payment authorization request to Paystory's server.
      • Upon receiving Paystory's authorization response, merchant processes payment result as either successful or failed.

  • HashData configuration

    πŸ”’ When requesting authentication, payment, integrity of the request data is verified using
         encrypted data(Hashdata).

Parameter Algorithm Plain text
encData Hex(Sha256) mid + ediDate + goodsAmt + merchant key(merchantKey)


2. Installation

  • Requirement

    • Merchant Key Setting

      • The Merchant Key is a value that functions as a password for payment purposes and is allocated to each MID (Merchant ID).
      • "How to find the merchant key" : After accessing Paystory merchant admin site (https://mms.minglepay.co.kr),
        merchant key information is found on the menu β€œ[Account Management]β–Ά[Payment Configuration]β–Ά[KEY Information]”
      • ❗ $\textcolor{red}{\textsf{Please be careful not to disclose the key information to the outside.}}$

    • Form Data setting for Payment request

      • Please set the name attribute in the input tag (used when executing payment request script).
      • Please set field names with accurate case sensitivity.
      • Please set all fields to "hidden" except for cases where the user needs to change them.
      • Set the action attribute of the form tag to redirect to the Authorization request page after authentication is completed.

    • Include JavaScript for calling payment window

      • Include the JS File(https://pg.minglepay.co.kr/js/pgAsistant.js) provided by Pay-Story.
        ❌ $\textcolor{red}{\textsf{If you download and use the JS file, payment may not be processed.}}$
      • To call the payment window and submit after authentication, you must use two functions(SendPay() & pay_result_submit()) defined in the JS file.
<script type="text/javascript">
// function for calling payment window 
	function doPaySubmit(){
		SendPay(document.formID);  
	}
//  Function for payment Result (❌Do not modify function name )
	function pay_result_submit(){
		payResultSubmit()
	}
</script>

2.1 Authentication

  • πŸ“Œ Payment Windows in Authentication Step



2.1.1 Authentication Request Parameters

  • πŸ“Œ Use the sendPay() function defined in the Pay-Story JS file (https://pg.minglepay.co.kr/js/pgAsistant.js) to send
          the payment request data (FormData) and call the payment window.

  • πŸ’‘ Only the special characters (_()@#*+= $ ~%^&?/-[] are allowed for use in parameters.

     Parameter        Description Required Size(Byte)
payMethod ${{\color{Red}\huge{\textsf{*}}}}$ Payement method (CARD) e.g. CARD: credit card O 20
mid ${{\color{Red}\huge{\textsf{*}}}}$ Merchant ID O 10 Fixed
trxCd ${{\color{Red}\huge{\textsf{*}}}}$ βœ… β€œ0” (fixed)
Used in Escrow service (0: No 1: Yes)		 O 1
goodsNm ${{\color{Red}\huge{\textsf{*}}}}$ Goods name O 100
skipTerm "0" : Terms of Use displayed (default)
"1" : Terms of Use skipped		 1
ordNo ${{\color{Red}\huge{\textsf{*}}}}$ Merchant order ID
βœ… ${{\color{BurntOrange}{\textsf{Unique value required}}}}$ 		O 40
goodsAmt ${{\color{Red}\huge{\textsf{*}}}}$ Payment amount (βœ… ${{\color{BurntOrange}{\textsf{numbers only}}}}$)
In case of currencyType β€œUSD”, please include 2 digits of cent
E.g. β€œ1050” : 10 dollars and 50 cents		 O 15
ordNm ${{\color{Red}\huge{\textsf{*}}}}$ Buyer's first name O 30
ordLastNm ${{\color{Red}\huge{\textsf{*}}}}$ Buyer's last name O 30
ordAddr ${{\color{Red}\huge{\textsf{*}}}}$ Buyer's billing address (Street) O N/A
ordCity ${{\color{Red}\huge{\textsf{*}}}}$ Buyer's billing address (City) O N/A
countryCd ${{\color{Red}\huge{\textsf{*}}}}$ Buyer’s billing address (Country)
βœ… ISO 3166 country code		 O 2
ordArea ${{\color{Red}\huge{\textsf{*}}}}$ Buyer's billing address (State)
If countryCd is "US" or "CN", abbreviated two letters required
(e.g. "CA" In US, "SH" in CN)		 Conditional N/A
ordPost ${{\color{Red}\huge{\textsf{*}}}}$ Buyer's billing address (Zip Code) O N/A
ordTel ${{\color{Red}\huge{\textsf{*}}}}$ Phone number (βœ… ${{\color{BurntOrange}{\textsf{numbers only}}}}$) O 20
ediDate ${{\color{Red}\huge{\textsf{*}}}}$ Request date (yyyymmddhhmmss) O 14
encData ${{\color{Red}\huge{\textsf{*}}}}$ Hash256 encrypted value
πŸ’‘ Refer to HashData configuration 		O 256
userIp ${{\color{Red}\huge{\textsf{*}}}}$ Buyer IP (βœ… ${{\color{BurntOrange}{\textsf{Only support IP v4 address}}}}$) O 20
currencyType ${{\color{Red}\huge{\textsf{*}}}}$     β€œKRW” : Won, β€œUSD” : Dollar default β€œKRW” O 3
ordEmail Buyer email 60
mbsUsrId User id 20
mbsReserved Field that can be defined by merchant 255
language Payment window language configuration
"ENG", "CHN", "KOR"		 3
notiUrl DB processing page URL to receive authorization result In Back-End (server side) N/A
returnUrl Return page URL to receive authentication result
βœ… PC Not use, Mobile Only		 O N/A
charSet Character encoding method
UTF-8(default)		 10


2.1.2 Authentication Response Parameters

  • πŸ“Œ When authentication is complete, pay_result_submit() is called by the included JS file.
    • πŸ‘‰ pay_result_submit() send the authentication result data to the URL set in action of <Form>.
  • πŸ“Œ In the mobile environment, authentication result data is delivered to the URL set in the returnUrl parameter.
Parameter Description Size (Byte)
resultCode Authentication result code
"0000" is success, Others are failures		 10
resultMsg Authentication result message 100
payMethod Payment method (CARD) ex) CARD: credit card 20
tid Transaction ID Used to approve transaction mapping Return on authentication success 30
ediDate Request date (yyyymmddhhmmss) 14
mid Merchant ID 20
goodsAmt Payment amount 15
mbsReserved Reserved field for merchant 255
signData Encrypted Data of Authentication infomation 256

2.2 Authorization

πŸ“Œ The merchant sends a payment request to Pay-Story's approval server by transmitting the data received
      during authentication process.

StringBuffer requestData = new StringBuffer();
requestData.append("tid=").append(tid).append("&");
requestData.append("mid=").append(mid).append("&");
requestData.append("goodsAmt=").append(goodsAmt).append("&");
requestData.append("ediDate=").append(ediDate).append("&");
requestData.append("charSet=").append("utf-8").append("&");
requestData.append("encData=").append(encData).append("&");
requestData.append("signData=").append(signData);
String receiveData = connectToServer(requestData.toString(), "https://pg.minglepay.co.kr/payment");
Map<String, Object> resultData = jsonStringToHashMap(receiveData);

πŸ’‘ By setting the action attribute value of a <form> to the same URL as the returnUrl,
    you can make a single payment request page that works seamlessly on both PC and mobile devices.



2.2.1 Authorization Request Parameters

URL :https://pg.minglepay.co.kr/payment
Content-Type : application/x-www-form-urlencoded; charset=utf-8
Data Type : String

Parameter Description Size (Byte)
tid Transaction ID 30
mid Merchant ID 20
goodsAmt Payment amount 15
charset Character encoding method UTF-8(default), EUC-KR 10
ediDate Request date returned from authentication success 14
encData Hash256 encrypted value returned from authentication success 256
signData Encrypted data returned from authentication success 256

2.2.2 Authorization Response (Payment Completion) Parameters

Content-Type: application/json
Data Type : String

πŸ’‘ Only special characters (_()@#*+= $ ~%^&?/-[] are allowed for use in parameters.

Parameter Description Size (Byte)
resultCd Authorization result code
"3001" is success, Others are failures		 10
resultMsg Authentication result message 100
payMethod Payement method (CARD) 20
tid Transaction ID 30
mid Merchant ID 20
ediDate Payment Request date (yyyymmddhhmmss) 14
appDtm Authorization date (yyyymmddhhmmss) 14
appNo Authorization number 30
ordNo Merchant order ID 40
goodsName Goods name 100
amt Payment amount 12
ordNm Buyer name 30
cancelYN Transaction type
N : authorization, Y : Cancellation		 1
fnNm Card issuer name 20
appCardCd Card issuer code 2
acqCardCd Card acquirer code 2
quota Installment months e.g. 00 (direct), 03 (3 months) 2
usePointAmt Card point used 12
cardType Card type ( 0 : Credit, 1 : Debit ) 1
mbsReserved Reserved field for merchant 255
charSet UTF-8(default), EUC-KR 10
hashStr Hash256 encrypted value Same as encData on authentication request step 256
⚠️ **GitHub.com Fallback** ⚠️