Authorize Payment
9. Authorize Payment
The authorize payment request is used to authorize a payment. The API is available at the following path:
| Path Name | Path Details |
|---|---|
| End Point | [Velocity URL]/mpoint/ authorize-payment |
| Format/Content Type | text/xml |
| Authentication | HTTP basic access authentication |
9.1 Request
There are alternative request formats depending on the payment methods selected during a payment.
9.1.1 New Card
The following is an example of making a payment using a new card:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<authorize-payment account="100101" client-id="10002">
<transaction type-id="30" id="1832214" store-card="false" >
<card type-id="7">
<amount country-id="200">100</amount>
<card-holder-name>CardHolder Name</card-holder-name>
<card-number>"card_number"</card-number>
<expiry>01/23</expiry>
<cvc>009</cvc>
</card>
</transaction>
<client-info language="en" version="1.28" platform="iOS/9.0">
<mobile operator-id="10000" country-id="[integer]">[phone number]</mobile>
<email>[email id]</email>
<device-id>3432444444444444444FFFFFf03</device-id>
</client-info>
</authorize-payment>
</root>
9.1.2 Credit or Debit Card
The following is an example of a payment using a credit or debit card:
<?xml version="1.0" encoding="UTF-8"?>
<authorize-payment account="100691" client-id="10069">
<transaction type-id="10091" id="1935288">
<card type-id="8">
<amount country-id="603">85556</amount>
<card-holder-name>CellPointMobie</card-holder-name>
<card-number>"card_number"</card-number>
<expiry>11/18</expiry>
</card>
</transaction>
<client-info language="da" version="1.28" platform="iOS/9.0">
<mobile operator-id="10000" country-id="200">[phone number]</mobile>
<email>[email id]</email>
<device-id>B4D54A3A4F5E4E1595F7A3BF16249F6D14555303</device-id>
</client-info>
</authorize-payment>
9.1.3 Third-party Wallet
The following is an example of a payment using a third-party wallet:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<authorize-payment account="[integer]" client-id="[integer]">
<transaction type-id="[integer]" id="[integer]">
<card network="mastercard" type-id="[integer]">
<address country-id="[integer]">
<full-name>test name</full-name>
<street>Gl. test street 8</street>
<postal-code>7766</postal-code>
<city>testCity</city>
<state>CA</state>
</address>
<amount country-id="[integer]">10025</amount>
<token>dasdlkjasl31232123231dkdlsakldfmggmmggm........</token>
</card>
</transaction>
<client-info language="en" version="1.20" platform="iOS/8.1.3">
<mobile operator-id="[integer]" country-id="[integer]">[phone number]</mobile>
<device-id>32E2C0FAF455915D14298774</device-id>
</client-info>
</authorize-payment>
9.1.4 Voucher
The following is an example of making a payment using a voucher:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<authorize-payment account="100101" client-id="10002">
<transaction type-id="30" id="1832214" store-card="false" >
<voucher id=”[string]” order-no=”[string]”>
<amount currency-id=”840” country-id="200">100</amount>
</voucher>
</transaction>
<client-info language="en" version="1.28" platform="iOS/9.0">
<mobile operator-id="10000" country-id="[integer]">[phone number]</mobile>
<email>[email id]</email>
<device-id>3432444444444444444FFFFFf03</device-id>
</client-info>
</authorize-payment>
</root>
9.1.5 3D secure authenticated card
The following is an example of a payment using a credit or debit card with 3D secure information:
<?xml version="1.0" encoding="UTF-8"?>
<authorize-payment account="100691" client-id="10069">
<transaction type-id="10091" id="1935288">
<card type-id="8">
<amount country-id="603">85556</amount>
<card-holder-name>CellPointMobie</card-holder-name>
<card-number>"card_number"</card-number>
<expiry>11/18</expiry>
<pre_authenticated>true/false</pre_authenticated>
<info-3d-secure>
<provider>{{provider_which_is_used_for_authentication}}</provider>
<version>{{3DS Version}}</version>
<cryptogram eci="{{eci}}" xid="{{xid}}" algorithm-id="{{algorithm}}">
{{cryptogram}}
</cryptogram>
<additional-data>
<param name="status">{{status}}</param>
<param name="msg">{{msg}}</param>
<param name="veresEnrolledStatus">{{veres enrolled status}}</param>
<param name="paresTxStatus">{{paresTxStatus}}</param>
<param name="PAResVerified">{{PAResVerified}}</param>
<param name="PAResSyntaxOK">{{PAResSyntaxOK}}</param>
<param name="cardType">{{cardType}}</param>
<param name="accessControlServerTransactionId">{{accessControlServerTransactionId}}</param>
<param name="threeDSServerTransID">{{threeDSServerTransID}}</param>
<param name="directoryServerTransactionId">{{directoryServerTransactionId}}</param>
</additional-data>
</info-3d-secure>
</card>
</transaction>
<client-info language="da" version="1.28" platform="iOS/9.0">
<mobile operator-id="10000" country-id="200">[phone number]</mobile>
<email>[email id]</email>
<device-id>B4D54A3A4F5E4E1595F7A3BF16249F6D14555303</device-id>
</client-info>
</authorize-payment>
| Parameter | Type | Required | Description |
|---|---|---|---|
| card | |||
| pre_authenticated | String | No | True: In Case of 3DS already done at the merchant end. | Info-3d-secure Parameter |
| version | String | Yes | The version of 3DS used to process the transaction.
|
| provider | String | No | The provider’s name which is used for authentication. |
| cryptogram | String | Conditional | Required, if eci value is 01, 02, 05 or 06.
A cryptographic value that provides evidence of the outcome of a 3DS verification.
|
| eci | String | Yes | Electronic Commerce Indicator (ECI).
It indicates the outcome of the 3DS verification.
|
| xid | String | Conditional | This is mandatory for 3DS Version 1. |
| algorithm-id | String | No | A cryptographic algorithm used for cryptograms. | additional-data | Node | No In the case of 3DS version 2 directoryServerTransactionId param, it is mandatory. | An optional node that contains additional information about the 3DS authentication transaction provided by an external authentication service. It includes a list of parameters with values.
For example:
|
9.2 Response
The Velocity server sends the response confirming if the transaction authorization was a success or a failure. The following example shows that a payment request was authorized successfully:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<status code="2000">Payment authorized</status>
</root>
The following is an example of response received for a failed authorization:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<status code="2010" sub-code="2010205"> Unable to authorize</status>
</root>
The parameters are listed and defined in the table below.
| Parameter | Type | Required | Description |
|---|---|---|---|
| status | String | Yes | Describes the status code. |
| code | Integer | Yes | A status code for the authorizing processes. |
| sub-code | Integer | Yes | The granular-level status code which shows the reason for a failed authorization. |
9.2.1 3DS 1.0 Authentication Required
The following is an example of response received for 3DS 1.0 authentication required:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<status code="2005">3d verification required</status>
<parsed-challenge>
<action type-id="11">
<url content-type="application/x-www-form-urlencoded" method="post">https://3ds-acs.test.modirum.com/mdpayacs/creq?token=220646651.1670842886.KJTk10b79hUunC4uy7erl0gOsaZW7UHoEh56a0-9Un4</url>
<hidden-fields>
<creq>ewogICAiYWNzVHJhbnNJRCIgOiAiZjEyZjUxMDItOTI4ZC00N2I3LTg1YjAtZTM5NDhjYjIzZDY1IiwKICAgImNoYWxsZW5nZVdpbmRvd1NpemUiIDogIjAzIiwKICAgIm1lc3NhZ2VUeXBlIiA6ICJDUmVxIiwKICAgIm1lc3NhZ2VWZXJzaW9uIiA6ICIyLjIuMCIsCiAgICJ0aHJlZURTU2VydmVyVHJhbnNJRCIgOiAiMzIwYmUxM2MtYmQ4ZC01YzliLTgwMDAtMDAwMDAxMjRiYTM1Igp9</creq>
<TermUrl>https://5j.mesb.sit.cpm.dev/mpoint/first-data/threed-redirect?referencedTransactionId=5721077</TermUrl>
</hidden-fields>
</action>
</parsed-challenge>
</root>
The steps to process the authorize response for the 3DS 1.0 authentication are as follows:
- Extract the content of tags<parsed-challenge>.
- Do a form post of all the fields hidden-fields to the url in the action tag using browser.
- Follow the instruction to complete authentication.
- After the authentication is complete, it is redirected to your Accept or Decline URL.
- The Callback notification with the authorization status is sent to your Callback URL.
9.2.2 3DS 2.0 Authentication Required
The following is an example of response received for 3DS 2.0 authentication required:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<status code="2005" sub-code="2005002">3D Secure Verification Required</status>
<web-method><html class="no-js" lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <META http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta charset="utf-8"> <title>3D Secure Processing</title> <link href="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/mpi.css" rel="stylesheet" type="text/css"> </head> <body> <div id="main"> <div id="content"> <div id="order"> <h2>3D Secure Processing</h2> <script src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/red.js" defer>/* needed for xsl to xhtml */</script> <div id="spinner"> <img src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/preloader.gif" alt="Please wait.."></div> <img src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/mc_idcheck_hrz_ltd_pos_103px.png" alt="MasterCard ID Check"><iframe id="tdsMmethodTgtFrame" name="tdsMmethodTgtFrame" xmlns="http://www.w3.org/1999/xhtml"><!--.--> </iframe><form id="tdsMmethodForm" name="tdsMmethodForm" action="https://3ds-acs.test.modirum.com/mdpayacs/3ds-method" method="post" target="tdsMmethodTgtFrame"> <input type="hidden" name="3DSMethodData" value="eyAidGhyZWVEU1NlcnZlclRyYW5zSUQiIDogImRkZjQ5MTYxLTZiYjgtNWY5YS04MDAwLTAwMmVhNzE4N2E0ZCIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIiA6ICJodHRwczovLzNkcy1tcGktY2VsbHBvaW50bW9iaWxlLnRlc3QubW9kaXJ1bS5jb20vbWRwYXltcGkvTWVyY2hhbnRTZXJ2ZXI_bW49WSZ0eGlkPTIwMDM3MTg5NDg2MSZkaWdlc3Q9UFVyQ3ZnWnZZeHp0cVU1a1N2MTdTdnhjUlVXaTAwWVByNlh5MmttWCUyQkg0JTNEIiB9"><input type="hidden" name="threeDSMethodData" value="eyAidGhyZWVEU1NlcnZlclRyYW5zSUQiIDogImRkZjQ5MTYxLTZiYjgtNWY5YS04MDAwLTAwMmVhNzE4N2E0ZCIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIiA6ICJodHRwczovLzNkcy1tcGktY2VsbHBvaW50bW9iaWxlLnRlc3QubW9kaXJ1bS5jb20vbWRwYXltcGkvTWVyY2hhbnRTZXJ2ZXI_bW49WSZ0eGlkPTIwMDM3MTg5NDg2MSZkaWdlc3Q9UFVyQ3ZnWnZZeHp0cVU1a1N2MTdTdnhjUlVXaTAwWVByNlh5MmttWCUyQkg0JTNEIiB9"> </form><div id="formdiv"> <div> <form id="webform0" name="ddcoll" method="POST" action="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/MerchantServer" accept_charset="UTF-8"> <input type="hidden" name="txid" value="200371894861"><input type="hidden" name="TDS2_Navigator_language" value=""><input type="hidden" name="TDS2_Navigator_javaEnabled" value=""><input type="hidden" name="TDS2_Navigator_jsEnabled" value=""><input type="hidden" name="TDS2_Screen_colorDepth" value=""><input type="hidden" name="TDS2_Screen_height" value=""><input type="hidden" name="TDS2_Screen_width" value=""><input type="hidden" name="TDS2_Screen_PixelDepth" value=""><input type="hidden" name="TDS2_TimezoneOffset" value=""><input type="hidden" name="digest" value="5woOk3ql1bNMosc5yuyLXdk8k47KCTR+uVloWvAA/XQ=" readonly="true"><input type="submit" name="submitBtn" id="submitBtn" value="Please click here to continue"> </form> </div> </div> <noscript> <div align="center"> <b>Javascript is turned off or not supported!</b> <br> </div> </noscript> </div> <div id="content-footer"></div> </div> </div> </body> </html></web-method>
<return-url>https://av.uat-01.cellpointmobile.net/mpi/modirum/threed-redirect</return-url>
<card-mask>553571******3561</card-mask>
<expiry>01/23</expiry>
<token>4eeb155fc20fa07a7c01d82aa68f9d22cab6257c57b6694d722cfdc8b95dce4d2f8f44e0a5c9aab14065e1f2016fc95eb0185cb62689b78e8e06346429c1aedc</token>
</root>
The steps to process the authorize response for the 3DS 2.0 authentication are as follows:
1. Extract the content of tag <Web method>.
2. HTML decode the web-method content to get the HTML.
3. Load the HTML on the browser and follow the instruction to complete authentication.
4. After the authentication is complete, it is redirected to your Accept or Decline URL.
5. The Callback notification with authorization status is sent to your Callback URL.
Updated 9 months ago