Authorize Payment

Suggest Edits

9. Authorize Payment

The authorize payment request is used to authorize a payment. The API is available at the following path:

Path NamePath Details
End Point[Velocity URL]/mpoint/ authorize-payment
Format/Content Typetext/xml
AuthenticationHTTP basic access authentication

9.1 Request

There are alternative request formats depending on the payment methods selected during a payment.

9.1.1 New Card

The following is an example of making a payment using a new card:

<?xml version="1.0" encoding="UTF-8"?>
<root>
  <authorize-payment account="100101" client-id="10002">
    <transaction type-id="30" id="1832214" store-card="false" >
      <card type-id="7">
        <amount country-id="200">100</amount>
        <card-holder-name>CardHolder Name</card-holder-name>
        <card-number>"card_number"</card-number>
        <expiry>01/23</expiry>
        <cvc>009</cvc>
      </card>
    </transaction>
    <client-info language="en" version="1.28" platform="iOS/9.0">
      <mobile operator-id="10000" country-id="[integer]">[phone number]</mobile>
      <email>[email id]</email>
      <device-id>3432444444444444444FFFFFf03</device-id>
    </client-info>
  </authorize-payment>
</root>

9.1.2 Credit or Debit Card

The following is an example of a payment using a credit or debit card:

<?xml version="1.0" encoding="UTF-8"?> 
  <authorize-payment account="100691" client-id="10069">
    <transaction type-id="10091" id="1935288">
      <card type-id="8">
        <amount country-id="603">85556</amount>
            <card-holder-name>CellPointMobie</card-holder-name>
            <card-number>"card_number"</card-number>
            <expiry>11/18</expiry>
      </card>
    </transaction>
    <client-info language="da" version="1.28" platform="iOS/9.0">
      <mobile operator-id="10000" country-id="200">[phone number]</mobile>
      <email>[email id]</email>
      <device-id>B4D54A3A4F5E4E1595F7A3BF16249F6D14555303</device-id>
    </client-info>
  </authorize-payment>

9.1.3 Third-party Wallet

The following is an example of a payment using a third-party wallet:

	<?xml version="1.0" encoding="UTF-8"?>
<root>
  <authorize-payment account="[integer]" client-id="[integer]">
    <transaction type-id="[integer]" id="[integer]">
      <card network="mastercard" type-id="[integer]">
        <address country-id="[integer]">
          <full-name>test name</full-name>
          <street>Gl. test street 8</street>
          <postal-code>7766</postal-code>
          <city>testCity</city>
          <state>CA</state>
        </address>
        <amount country-id="[integer]">10025</amount>
        <token>dasdlkjasl31232123231dkdlsakldfmggmmggm........</token>
      </card>
    </transaction>
    <client-info language="en" version="1.20" platform="iOS/8.1.3">
      <mobile operator-id="[integer]" country-id="[integer]">[phone number]</mobile>
      <device-id>32E2C0FAF455915D14298774</device-id>
    </client-info>
  </authorize-payment>

9.1.4 Voucher

The following is an example of making a payment using a voucher:

<?xml version="1.0" encoding="UTF-8"?>
<root>
  <authorize-payment account="100101" client-id="10002">
    <transaction type-id="30" id="1832214" store-card="false" >      
<voucher id=”[string]” order-no=”[string]”>
        <amount currency-id=”840” country-id="200">100</amount>
      </voucher>
    </transaction>
    <client-info language="en" version="1.28" platform="iOS/9.0">
      <mobile operator-id="10000" country-id="[integer]">[phone number]</mobile>
      <email>[email id]</email>
      <device-id>3432444444444444444FFFFFf03</device-id>
    </client-info>
  </authorize-payment>
</root>

9.1.5 3D secure authenticated card

The following is an example of a payment using a credit or debit card with 3D secure information:

	<?xml version="1.0" encoding="UTF-8"?>
<authorize-payment account="100691" client-id="10069">
<transaction type-id="10091" id="1935288">
<card type-id="8">
<amount country-id="603">85556</amount>
<card-holder-name>CellPointMobie</card-holder-name>
<card-number>"card_number"</card-number>
<expiry>11/18</expiry>
<pre_authenticated>true/false</pre_authenticated>
<info-3d-secure>
<provider>{{provider_which_is_used_for_authentication}}</provider>
<version>{{3DS Version}}</version>
<cryptogram eci="{{eci}}" xid="{{xid}}" algorithm-id="{{algorithm}}"> 
            {{cryptogram}} 
            </cryptogram>
<additional-data>
<param name="status">{{status}}</param>
<param name="msg">{{msg}}</param>
<param name="veresEnrolledStatus">{{veres enrolled status}}</param>
<param name="paresTxStatus">{{paresTxStatus}}</param>
<param name="PAResVerified">{{PAResVerified}}</param>
<param name="PAResSyntaxOK">{{PAResSyntaxOK}}</param>
<param name="cardType">{{cardType}}</param>
<param name="accessControlServerTransactionId">{{accessControlServerTransactionId}}</param>
<param name="threeDSServerTransID">{{threeDSServerTransID}}</param>
<param name="directoryServerTransactionId">{{directoryServerTransactionId}}</param>
</additional-data>
</info-3d-secure>
</card>
</transaction>
<client-info language="da" version="1.28" platform="iOS/9.0">
<mobile operator-id="10000" country-id="200">[phone number]</mobile>
<email>[email id]</email>
<device-id>B4D54A3A4F5E4E1595F7A3BF16249F6D14555303</device-id>
</client-info>
</authorize-payment>
Parameter Type Required Description
card
pre_authenticated String No True: In Case of 3DS already done at the merchant end.
Info-3d-secure Parameter
version String Yes The version of 3DS used to process the transaction.
  • For 3DS1 - 1.0.2
  • For 3DS2 - 2.1.0 or 2.2.0
provider String No The provider’s name which is used for authentication.
cryptogram String Conditional Required, if eci value is 01, 02, 05 or 06. A cryptographic value that provides evidence of the outcome of a 3DS verification.
  • Visa - Cardholder Authentication Verification Value (CAVV)
  • Mastercard - Universal Cardholder Authentication Field (UCAF)
eci String Yes Electronic Commerce Indicator (ECI). It indicates the outcome of the 3DS verification.
  • 02 or 05 - Fully Authenticated Transaction
  • 01 or 06 - Attempted Authentication Transaction
  • 00 or 07 - Non 3-D Secure Transaction
  • Mastercard - 02, 01, 00
  • Visa - 05, 06, 07
  • Amex - 05, 06, 07
  • JCB - 05, 06, 07
  • Diners - 05, 06, 07
xid String Conditional This is mandatory for 3DS Version 1.
algorithm-id String No A cryptographic algorithm used for cryptograms.
additional-data Node No In the case of 3DS version 2 directoryServerTransactionId param, it is mandatory. An optional node that contains additional information about the 3DS authentication transaction provided by an external authentication service. It includes a list of parameters with values. For example:
  • accessControlServerTransactionId : ACS server transaction ID
  • directoryServerTransactionId: Directory server trasnaction id (Mandatory for 3DS version 2.0)

9.2 Response

The Velocity server sends the response confirming if the transaction authorization was a success or a failure. The following example shows that a payment request was authorized successfully:

<?xml version="1.0" encoding="UTF-8"?>
<root>
    <status code="2000">Payment authorized</status>
</root>

The following is an example of response received for a failed authorization:

<?xml version="1.0" encoding="UTF-8"?>
<root>
    <status code="2010" sub-code="2010205"> Unable to authorize</status>
</root>

The parameters are listed and defined in the table below.

ParameterTypeRequiredDescription
statusStringYesDescribes the status code.
codeIntegerYesA status code for the authorizing processes.
sub-codeIntegerYesThe granular-level status code which shows the reason for a failed authorization.

9.2.1 3DS 1.0 Authentication Required

The following is an example of response received for 3DS 1.0 authentication required:

<?xml version="1.0" encoding="UTF-8"?>
<root>
   <status code="2005">3d verification required</status>
   <parsed-challenge>
      <action type-id="11">
         <url content-type="application/x-www-form-urlencoded" method="post">https://3ds-acs.test.modirum.com/mdpayacs/creq?token=220646651.1670842886.KJTk10b79hUunC4uy7erl0gOsaZW7UHoEh56a0-9Un4</url>
         <hidden-fields>
            <creq>ewogICAiYWNzVHJhbnNJRCIgOiAiZjEyZjUxMDItOTI4ZC00N2I3LTg1YjAtZTM5NDhjYjIzZDY1IiwKICAgImNoYWxsZW5nZVdpbmRvd1NpemUiIDogIjAzIiwKICAgIm1lc3NhZ2VUeXBlIiA6ICJDUmVxIiwKICAgIm1lc3NhZ2VWZXJzaW9uIiA6ICIyLjIuMCIsCiAgICJ0aHJlZURTU2VydmVyVHJhbnNJRCIgOiAiMzIwYmUxM2MtYmQ4ZC01YzliLTgwMDAtMDAwMDAxMjRiYTM1Igp9</creq>
            <TermUrl>https://5j.mesb.sit.cpm.dev/mpoint/first-data/threed-redirect?referencedTransactionId=5721077</TermUrl>
         </hidden-fields>
      </action>
   </parsed-challenge>
</root>

The steps to process the authorize response for the 3DS 1.0 authentication are as follows:

  1. Extract the content of tags<parsed-challenge>.
  2. Do a form post of all the fields hidden-fields to the url in the action tag using browser.
  3. Follow the instruction to complete authentication.
  4. After the authentication is complete, it is redirected to your Accept or Decline URL.
  5. The Callback notification with the authorization status is sent to your Callback URL.

9.2.2 3DS 2.0 Authentication Required

The following is an example of response received for 3DS 2.0 authentication required:

<?xml version="1.0" encoding="UTF-8"?>
<root>
    <status code="2005" sub-code="2005002">3D Secure Verification Required</status>
    <web-method>&lt;html class="no-js" lang="en" xmlns="http://www.w3.org/1999/xhtml"&gt; &lt;head&gt; &lt;META http-equiv="Content-Type" content="text/html; charset=utf-8"&gt; &lt;meta http-equiv="Content-Type" content="text/html; charset=utf-8"&gt; &lt;meta charset="utf-8"&gt; &lt;title&gt;3D Secure Processing&lt;/title&gt; &lt;link href="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/mpi.css" rel="stylesheet" type="text/css"&gt; &lt;/head&gt; &lt;body&gt; &lt;div id="main"&gt; &lt;div id="content"&gt; &lt;div id="order"&gt; &lt;h2&gt;3D Secure Processing&lt;/h2&gt; &lt;script src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/red.js" defer&gt;/* needed for xsl to xhtml */&lt;/script&gt; &lt;div id="spinner"&gt; &lt;img src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/preloader.gif" alt="Please wait.."&gt;&lt;/div&gt; &lt;img src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/mc_idcheck_hrz_ltd_pos_103px.png" alt="MasterCard ID Check"&gt;&lt;iframe id="tdsMmethodTgtFrame" name="tdsMmethodTgtFrame" xmlns="http://www.w3.org/1999/xhtml"&gt;&lt;!--.--&gt; &lt;/iframe&gt;&lt;form id="tdsMmethodForm" name="tdsMmethodForm" action="https://3ds-acs.test.modirum.com/mdpayacs/3ds-method" method="post" target="tdsMmethodTgtFrame"&gt; &lt;input type="hidden" name="3DSMethodData" value="eyAidGhyZWVEU1NlcnZlclRyYW5zSUQiIDogImRkZjQ5MTYxLTZiYjgtNWY5YS04MDAwLTAwMmVhNzE4N2E0ZCIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIiA6ICJodHRwczovLzNkcy1tcGktY2VsbHBvaW50bW9iaWxlLnRlc3QubW9kaXJ1bS5jb20vbWRwYXltcGkvTWVyY2hhbnRTZXJ2ZXI_bW49WSZ0eGlkPTIwMDM3MTg5NDg2MSZkaWdlc3Q9UFVyQ3ZnWnZZeHp0cVU1a1N2MTdTdnhjUlVXaTAwWVByNlh5MmttWCUyQkg0JTNEIiB9"&gt;&lt;input type="hidden" name="threeDSMethodData" value="eyAidGhyZWVEU1NlcnZlclRyYW5zSUQiIDogImRkZjQ5MTYxLTZiYjgtNWY5YS04MDAwLTAwMmVhNzE4N2E0ZCIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIiA6ICJodHRwczovLzNkcy1tcGktY2VsbHBvaW50bW9iaWxlLnRlc3QubW9kaXJ1bS5jb20vbWRwYXltcGkvTWVyY2hhbnRTZXJ2ZXI_bW49WSZ0eGlkPTIwMDM3MTg5NDg2MSZkaWdlc3Q9UFVyQ3ZnWnZZeHp0cVU1a1N2MTdTdnhjUlVXaTAwWVByNlh5MmttWCUyQkg0JTNEIiB9"&gt; &lt;/form&gt;&lt;div id="formdiv"&gt; &lt;div&gt; &lt;form id="webform0" name="ddcoll" method="POST" action="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/MerchantServer" accept_charset="UTF-8"&gt; &lt;input type="hidden" name="txid" value="200371894861"&gt;&lt;input type="hidden" name="TDS2_Navigator_language" value=""&gt;&lt;input type="hidden" name="TDS2_Navigator_javaEnabled" value=""&gt;&lt;input type="hidden" name="TDS2_Navigator_jsEnabled" value=""&gt;&lt;input type="hidden" name="TDS2_Screen_colorDepth" value=""&gt;&lt;input type="hidden" name="TDS2_Screen_height" value=""&gt;&lt;input type="hidden" name="TDS2_Screen_width" value=""&gt;&lt;input type="hidden" name="TDS2_Screen_PixelDepth" value=""&gt;&lt;input type="hidden" name="TDS2_TimezoneOffset" value=""&gt;&lt;input type="hidden" name="digest" value="5woOk3ql1bNMosc5yuyLXdk8k47KCTR+uVloWvAA/XQ=" readonly="true"&gt;&lt;input type="submit" name="submitBtn" id="submitBtn" value="Please click here to continue"&gt; &lt;/form&gt; &lt;/div&gt; &lt;/div&gt; &lt;noscript&gt; &lt;div align="center"&gt; &lt;b&gt;Javascript is turned off or not supported!&lt;/b&gt; &lt;br&gt; &lt;/div&gt; &lt;/noscript&gt; &lt;/div&gt; &lt;div id="content-footer"&gt;&lt;/div&gt; &lt;/div&gt; &lt;/div&gt; &lt;/body&gt; &lt;/html&gt;</web-method>
    <return-url>https://av.uat-01.cellpointmobile.net/mpi/modirum/threed-redirect</return-url>
    <card-mask>553571******3561</card-mask>
    <expiry>01/23</expiry>
    <token>4eeb155fc20fa07a7c01d82aa68f9d22cab6257c57b6694d722cfdc8b95dce4d2f8f44e0a5c9aab14065e1f2016fc95eb0185cb62689b78e8e06346429c1aedc</token>
</root>

The steps to process the authorize response for the 3DS 2.0 authentication are as follows:

1. Extract the content of tag <Web method>.

2. HTML decode the web-method content to get the HTML.

3. Load the HTML on the browser and follow the instruction to complete authentication.

4. After the authentication is complete, it is redirected to your Accept or Decline URL.

5. The Callback notification with authorization status is sent to your Callback URL.

Updated 3 months ago