5. Integration Approach

The complete integration process is simple and is usually completed within a week. The integration time depends on the number of configurations you require.

After the onboarding process is complete, CPD provides you with a unique client ID and an Account ID. You can use these to accept payments.

Before you go live, you can test the payment processing by performing mock transactions using test cards. To integrate with the APM, CPD provides a test account for many products.

The following table shows how the payment control is passed from Velocity HPP to your website.

Page	Feature
Order summary page	Shopping cart summary. Customers can checkout using the payment button.
Hosted Payment page (HPP)	Hosted by CPD. Facilitates payment processing based on your account ID. Provides payment information about the success or failure of payment. Redirects customers back to your page.
Payment Confirmation Page	Provides information if a transaction was successful or failure. Provides confirmation about the purchase.

5.1 HPP Payment Flow

The diagram provides an illustration of the HPP workflow, which includes the following:

Order Summary page > CPD payment page > Merchant Payment confirmation page

5.2 Request to Invoke Velocity HPP

To integrate HPP with your Digital Web Channel or Storefront, integrate a simple form that CPD provides. You need to redirect customers to HPP when they checkout to make a payment; a payment page opens outside your shopping cart page.

To redirect your customers to Velocity HPP, send the following request syntax to invoke Velocity HPP as a request.

<!DOCTYPE HTML>
<html>
<body><form action="https://{HPP_HOST}/views/web.php" method="POST" id="order-form">
<input type="hidden" name="country" value="200">
<input type="hidden" name="clientid" value="10022">
<input type="hidden" name="account" value="100220">
<input type="hidden" name="accept-url" value="{accept-url}">
<input type="hidden" name="cancel-url" value="{cancel-url}">
<input type="hidden" name="callback-url" value="{callback-url}">
<input type="hidden" name="orderid" value="1561120588855">
<input type="hidden" name="operator" value="20000">
<input type="hidden" name="language" value="us">
<input type="hidden" name="customer-ref" value="test">
<input type="hidden" name="email" value="[email protected]">
<input type="hidden" name="mobile-country" value="200">
<input type="hidden" name="mobile" value="9898989898">
<input type="hidden" name="amount" value="1.232">
<input type="hidden" name="auth-token" value="E814B1DE-2A6A-4A09-B522-13D5CD9829D1">
<input type="hidden" name="init-token" value="f26ebd24d623f228cb8bc37f30939003ffd1c98b2d24ab8be35e9a881521fc1b4b3f82bf131471ff68a9c716c20af08141ff4a1337f0c31ee8ddc75bedb35fd8">
<input type="hidden" name="nonce" value="12345">
<input type="hidden" name="orderdata" value="{JSON order-data}">
<input type="hidden" name="gtm-data" value="{gtmData}">
<input type="hidden" name="profile-id" value="XC2G6BYDBqibRdO06G1OGZq6OBxM">
<input type="hidden" name=response-content-type" value="2">
   <input type="hidden" name="txntype" value="1|3|5">
<input type="hidden" name="
"additionaldata" value='{
  "additional_data": {
    "param": [
      {
        "name": "session_token",
        "text": "2A6A4A09B52213D5CD9829D1"
      },
      {
        "name": "hold_fee_amount",
        "text": "150"
      },
      {
        "name": "hold_fee_currency_code",
        "text": "608"
      },
      {
        "name": "hold_period",
        "text": "8"
      },
      {
        "name": "stepper",
        "text": "1"
      }   
    ]
  }
}'> 
<input type="submit" value="Pay" class="btn-link">
</form></body></html>

The following table provides a description of the parameters sent in a request.

Parameter

Type

Required

Description

Client id

Integer

Yes

A merchant’s unique ID for Velocity, which CPD creates.

Account

Integer

Yes

The ID of a sub-account with which a payment transaction is associated. The account ID is an integer greater than 100000 and account number is an integer smaller than 1000. CPD provides the account number.

Order id

String

Yes

A unique identification string; it is a passenger name record (PNR) for airlines.

Operator

Integer

The ID of a customer’s mobile network operator. CPD recommends including this parameter in the request to ensure Velocity interacts with the operator accurately.
A typical value is (’country id’ multiplied by 100)

Country

Integer

The ID of a country from which a customer creates a transaction. It is based on the International Organization for Standardization (ISO) country standard numeric code.
Note: If you do not provide country, Velocity uses default client country for the payment routing.

Currency-code

Integer

The ID of a currency using which, a customer creates a transaction. CPD provides this ID.
Note:The list of supported currency is based on the agreement between a merchant and CPD. If you do not provide any currency code, Velocity uses default client country for the payment routing.

Mobile

Integer

The MSISDN of a customer without the International Dialling Code.

String

The email address of a customer.

Customer-ref

String

A unique merchant’s reference ID for a customer. Velocity uses this token to identify a customer. Additionally, the customer reference is included in the request to the specified auth-URL to authenticate the customer when paying with a stored card through the mVault module if single sign-on is used.
Note: If neither country nor currency-code is provided, then the default client country is used for the payment routing.

Amount

Decimal

Yes

The total amount that a customer is charged for a payment transaction in a country’s currency.

Language

String

The default language that Velocity uses when translating the payment pages. Velocity language codes are based on the ISO-639-1 standard.
Refer to http://en.wikipedia.org/wiki/List_of_ISO_639-1_codes for details.

Accept-url

String

The absolute URL where Velocity directs the customer after successfully completing a payment transaction.
Note: If you do not provide this parameter, Velocity uses your default accept URL.

Cancel-url

cancel-url

The absolute URL where Velocity directs customers if they cancel a payment transaction midway.
Note: If you do not provide this parameter, Velocity uses your default cancel URL.

Hmac

String

Yes

The Message Authentication Code. It is calculated by creating a SHA512 hash comprising the following input fields in the listed order:

Parameter	Required
clientid	Yes
orderid	Yes
amount	Yes
country	Yes
mobile	No
mobile-country	No
email	No
deviceid	No
salt	Yes

Using MAC calculation secures the information sent by the merchant to Velocity. It applies the SHA-512 encryption algorithm on key parts of the information sent to protect against tampering. The ‘salt’ is a merchant's shared secret string used to ensure that the provided MAC is unique.

Order data

JSON string

The order details, which contains event, location, date or time, ticket type, cost, booking fee, quantity, and total price. Sample code is given in the Order Data section of this document.

Gtm-data

JSON string

It is a payload for Google Analytics, the details of which are given in another document. It can be made available on request.

Response-content-type

Integer

The format in which merchant gets the redirect response:
Array content type = 1 (default value)
JSON content type = 2

Txntype

Integer

A value to indicate the purchase type such as Search and Book (S&B), Managed My Booking (MYB). The values are:

1 - S & B
3 - MYB
5 – MYB (Disable PCH)
6 - CPL Transaction.
7 - Call Centre Transaction

Additional data

JSON string

The additional data sent from a merchant.

Nonce

String

Yes

Timestamp / random string.

Init-token

String

Yes

This is a combination of SHA512 (clientid+username+password+nonce+accepturl) encryption.
Example:

clientid=10007
username = CPM
password = TEST
nonce = 123435

So, the above combination will generate the following token:
SHA512(10007CPMTEST123435).

For Cebu below params will be added in the init-token:

clientid
username
password
nonce
accept-url

For VA below params will be added in the init-token:

clientid
username
password
nonce
accept-url
cancel-url
callback-url
profile-id
auth-token

SHA512 (clientidusernamepasswordnonceaccepturlcancelurlcallbackurlprofileidauthtoken)

Profile-id

String

The profile ID of a customer which is used for fetching the customer’s profile from an external system or Velocity.
Note: This field is mandatory only if merchant wants user profile authentication.

additional data JSON

session_token

String

An authentication token for validating a user.

hold_fee_amount

Decimal

Yes

The holding fee amount that a customer is charged for an offline payment transaction in a country’s currency.

hold_fee_currency_code

Integer

The ID of a currency from which a customer creates a transaction. CPD provides this ID.
Note: The list of supported currency is based on the agreement between a merchant and CPD. This field is optional if holding fee currency is assumed as transaction currency.

hold_period

Integer

The number of hours for which the booking is reserved for offline payment transaction completion.
Note: The information is shown on HPP only.

stepper

Integer

The default value = 1 It depends on merchant specification related to breadcrumbs for HPP UI.
Note: Merchants can request for specific breadcrumbs shown to customers on the top of HPP payment page. Such as booking, add-ons, payment, and so on.

5.3 Response of Velocity HPP

Velocity HPP sends a response to merchants to accept or cancel URL. After your customers make a payment, they are redirected back to your website. They receive one of the following notifications about the payment processing:

Payment was successful
Payment was a failure
Customer cancelled the payment

After the completion of the payment, the control is passed back to the merchant URL. The customers are redirected to one of the following merchant URLs:

Merchant URL	Transaction status
Accept-URL	Payment is successful
Cancel-URL	Payment fails or customers cancels a transaction

Note: Velocity accepts the parameters if they are lowercase only.

When Velocity receives a payment request, it performs an extensive validation of the received data. The validation ensures that the

Payment page is rendered correctly on a customer’s mobile device.
Transaction has the maximum chance of succeeding when sent to the PSP or Acquirer for clearance.

The callback request informs you about the payment status as an HTTP POST. Your technical team can customize the transaction details that you view. This is an asynchronous message in a separate HTTP transaction initiated from Velocity. The message is in addition to the original synchronous response to the payment request and the user redirect to confirmation page

Note: Consider the following:

The callback response parameter is customizable.
Velocity sends parameters in lowercase. The request contains body with URL encoded format. Therefore, all the parameters may not be visible in the URL.
The legacy version of HPP redirect parameters is deprecated and will be removed soon; it will not be supported in subsequent releases.

5.3.1 HPP Redirect Parameters: Legacy Version

The following is a sample POST data sent from Velocity HPP to accept or cancel URL:

transaction_id = 9018273
transaction_status = 1
order_id = SAWEQD1
amount = 100965
state_id = 2000
sign = 7d777e2f338c8db976e39312445484f3
session_id = 50787
currency = 840
decimals = 2
payment_method = Card
card_name = VISA
masked_card = 411234******4113
dcc_card_currency = 123
dcc_card_amount = 100
dcc_card_decimals = 2
dcc_exchange_rate = 45.78
fraud_status_code = 3115
fraud_status_desc = Rejected
pre_auth_ext_id = 5900006009536418604009
pre_auth_ext_status_code = 105
post_auth_ext_id = 5900006009536418604009
post_auth_ext_status_code = REJECT
approval_code = 776441
psp_name = Wire-Card
psp_ref_id=34535343
expiration_date = 01/21
first_name = Chris
last_name = Ryan
street_address = 253 M.L. Quezon Street
city = Makati City
country = Philippines
province = CEB
postal_code = 12345
ip_address = 192.158. 1.38
date_time = 2021-02-03T21:32:59+08:00
CUS = {Payment Reference Number from SafetyPay}
NIT = {Merchants Code at PSE}
coupon_issue_timestamp = 2021-02-03T21:32:59+08:00
coupon_expiry = 2021-02-04T21:32:59+08:00
coupon_id = AHG7888B
issuing_bank = {Bank name for PSE / Onsite Center name for Onsite Payment}
 
session_token = 2A6A4A09B52213D5CD9829D1
hold_fee_amount = 100.20
hold_fee_currency_code = 608
hold_period = 8

Velocity sends the following parameters to the accept or cancel URL of a merchant server.

Parameter	Type	Required
transaction_id	Integer	The unique ID of Velocity for a payment transaction.
transaction_status	Integer	An integer code indicating the status of the transaction, where 1 = Success and 0 = Fail.
order_id	String	The order ID which a merchant provides after initializing a transaction.
currency	Integer	The currency ID in which a customer was charged for non-dynamic currency conversion (non-DCC) transactions. If DCC was selected, this parameter provides pricing currency, the charged currency would be provided in dcc_card_currency.
amount	Integer	The total amount that the customer was charged for the payment transaction in a country’s currency. If you opt for DCC, this parameter provides the pricing amount. The amount charged is in dcc_card_amount.
state_id	Integer	The status of the transaction. Note: If payment status is “timeout”, state_id = 0 is sent in response
sign	String	The Unique MD5 string for the transaction combination of (clientid+transaction_id+order_id+currency+amount+state_id+salt) Salt can be share separately if you want this to be validated.
session_id	Integer	The Velocity HPP session used for processing the transaction.
decimals	Integer	The currency precision. For example, 2 is used for USD for the currency parameter.
payment_methodString	String	The payment method of the transaction. For example, Card or APM.card_name
card_name	String	The card scheme/network of the transaction. For example, Visa or Mastercard. For APM transactions, this parameter is not sent in the redirect callback.
masked_card	Integer	The masked card used for a transaction. For example, 4444XXXXXXX1111. For APM transactions, this parameter is not sent in the redirect callback.
dcc_card_currency	Integer	The card currency if DCC is selected for a transaction. If a merchant does not select DCC, this parameter is not sent in the redirect callback.
dcc_card_amount	Integer	The total amount that the customer was charged for a payment transaction if DCC is selected for the transaction. If a merchant does not opt for DCC, this parameter is not sent in the redirect callback.
dcc_card_decimals	Integer	The DCC currency precision. For example, use 2 for GBP for dcc_card_currency. If a merchant does not opt for DCC, this parameter is not sent in the redirect callback.
dcc_exchange_rate	Integer	The DCC currency exchange rate as returned by DCC provider. (Example 54.777) If you opt for DCC, this parameter is sent in the redirect callback.
fraud_status_code	Integer	The final fraud status code. For example, 3011 or 3111. If you do not enable fraud check, this parameter is not sent in the redirect callback. Refer to Fraud Status Codes for details
fraud_status_desc	String	The final fraud status description. For example, accepted or review. If you do not enable fraud check, this parameter is not be sent in the redirect callback.
pre_auth_ext_status_code	Integer	The pre-auth fraud check system response code, if available.
pre_auth_ext_id	Integer	The pre-auth fraud check system transaction ID, if available.
post_auth_ext_id	Integer	The post-auth fraud check system transaction ID, if available.
post_auth_ext_status_code	Integer	The post-auth fraud check system response code, if available.
approval_code	Integer	This is the Acquirer approval code for the transaction. Note:This is optional and provided, if available.
psp_name	String	The acquirer or processor name through which the transaction was processed. For example, AUB for AliPay and 2C2P.
expiration_date		The card expiration date of the transaction. For example, 01/21.
first_name	String	The first name in the billing address, if available.
last_name	String	The last name in the billing address, if available.
street_address	String	The street address in the billing address, if available.
city	String	The name of a city in the billing address, if available.
country	String	The country name in the billing address, if available.
province	String	The state or region value in the billing address, if available.
postal_code	Integer	The zip or postal code in the billing address, if available.
ip_address	Integer	The IP address of a transaction.
date_time		The date and time when a transaction was initiated in UTC.
CUS	Integer	The Payment Reference Number issued by SafetyPay. Note: This parameter is sent for Safety Pay transactions only.
NIT	Integer	The Merchants Code at PSE. Note: This parameter is sent for net banking transactions only.
coupon_issue_timestamp	String	The date and time of coupon issued by Safety Pay. Note: This parameter is sent for Safety Pay onsite transactions only.
coupon_expiry	String	The date and time of coupon of expiry issued by Safety Pay. Note: This parameter is sent for Safety Pay onsite transactions only.
coupon_id	String	The AgreementCode issued by SafetyPay. Note: This parameter is sent for Safety Pay onsite transactions only.
issuing_bank	String	The bank name for net banking or onsite centre name for onsite payment. Note: This parameter is • Sent for Safety Pay transactions only. • Not sent for card transactions.
session_token	String	The additional data parameters, which are sent in a request.
hold_fee_amount hold_fee_currency_code hold_period		For example, {"additional_data":{"param": [{"name": "session_token","text": "2A6A4A09B52213D5CD9829D1"}]}}

5.3.2 HPP Redirect Parameters: Array Format

Following is a sample POST data to accept or cancel URL in HPP redirect callback for split payment. It is not visible in URL.

session_id = 50787
session_type = 2
order_id = SAWEQD1
transaction_status = 1
 
transaction_data[9018273][state_id] = 2000
transaction_data[9018273][amount] = 100965
transaction_data[9018273][sign] = 7d777e2f338c8db976e39312445484f3
transaction_data[9018273][currency] = 840
transaction_data[9018273][decimals] = 2
transaction_data[9018273][payment_method] = Card
transaction_data[9018273][card_name] = VISA
transaction_data[9018273][masked_card] = 411234******4113
transaction_data[9018273][dcc_card_currency] = 123
transaction_data[9018273][dcc_card_amount] = 100
transaction_data[9018273][dcc_card_decimals] = 2
transaction_data[9018273][dcc_exchange_rate] = 45.78
transaction_data[9018273][fraud_status_code] = 3111
transaction_data[9018273][fraud_status_desc] = Accepted
transaction_data[9018273][pre_auth_ext_id] = 5900006009536418604009
transaction_data[9018273][pre_auth_ext_status_code] = 105
transaction_data[9018273][post_auth_ext_id] = 5900006009536418604009
transaction_data[9018273][post_auth_ext_status_code] = ACCEPT
transaction_data[9018273][approval_code] = 776441
transaction_data[9018273][psp_name] = Wire-Card
transaction_data[9018273][psp_ref_id]=34535343
transaction_data[9018273][expiration_date] = 01/21
transaction_data[9018273][first_name] = Sam
transaction_data[9018273][last_name] = Ryan
transaction_data[9018273][street_address] = 253 M.L. Quezon Street
transaction_data[9018273][city] = Makati City
transaction_data[9018273][country] = Philippines
transaction_data[9018273][province] = CEB
transaction_data[9018273][postal_code] = 12345
transaction_data[9018273][session_token] = 2A6A4A09B52213D5CD9829D1
transaction_data[9018273][hold_fee_amount] = 100.20
transaction_data[9018273][hold_fee_currency_code] = 608
transaction_data[9018273][hold_period] = 8
transaction_data[9018274][state_id] = 2000
transaction_data[9018274][amount] = 100
transaction_data[9018274][sign] = 7d777e2f338c8db976e39312445484f3
transaction_data[9018274][currency] = 840
transaction_data[9018274][decimals] = 2
transaction_data[9018274][payment_method] = Voucher
transaction_data[9018274][card_name] = Voucher
transaction_data[9018274][approval_code] = 776441
transaction_data[9018274][psp_name] = Travel-Fund

The following is a description of the parameters.

Parameter	Description
order_id	The order ID that a merchant provides after initializing a transaction.
transaction_status	An integer code indicating the status of the transaction, where 1 = Success and 0 = Fail.
transaction_data[transaction_id][state_id]	The status of the transaction. Refer to Transaction Status Codes for details. For the payment status timeout scenario, state_id = 0 is sent in the response.
transaction_data[transaction_id][currency]	The numeric ISO currency code in which the customer was charged for non-DCC transactions. If DCC was selected this parameter provides the pricing currency, the charged currency is provided in dcc_card_currency. Note: See https://en.wikipedia.org/wiki/ISO_4217 for details.
transaction_data[transaction_id][amount]	The total amount that the customer was charged for the payment transaction in a country’s currency. If DCC was selected, this parameter provides the pricing amount, the amount charged is in dcc_card_amount.
transaction_data[transaction_id][sign]	The Unique MD5 string for the transaction combination of (orderid+stateid+currency+ and so on).
transaction_data[transaction_id][decimals]	The currency decimal precision. For example, 2 for USD for the currency parameter.
transaction_data[transaction_id][payment_method]	The payment method used for a transaction. For example, Card, or PayPal.
transaction_data[transaction_id][card_name]	The card scheme or network of the transaction. For example, Visa or Mastercard. For APM transactions, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][masked_card]	Masked card of the transaction. For example, 4444XXXXXXX1111. For APM transactions, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][dcc_card_currency]	The ISO numeric card currency number if DCC is selected for a transaction. If DCC is not selected, this parameter is not sent in the redirect callback. Note: See https://en.wikipedia.org/wiki/ISO_4217 for details.
transaction_data[transaction_id][dcc_card_amount]	The total amount that a customer was charged for a payment transaction if DCC is selected for the transaction. If DCC is not selected, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][dcc_card_decimals]	DCC currency decimal precision. For example, 2 for GBP for dcc_card_currency. If DCC is not selected, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][dcc_exchange_rate]	The DCC currency exchange rate as returned by a DCC provider. For example, 54.777. If DCC is selected, this parameter is sent in the redirect callback.
transaction_data[transaction_id][fraud_status_code]	The final fraud status code. For example, 3011, 3111. Refer to Transaction Status Codes for details. If Fraud is not enabled, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][fraud_status_desc]	The final fraud status. For example, Accepted or Review. If Fraud is not enabled, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][pre_auth_ext_status_code]	The pre-auth fraud check system response code.
transaction_data[transaction_id][pre_auth_ext_id]	The pre-auth fraud check system transaction ID.
transaction_data[transaction_id][card_name]	The card scheme or network of the transaction. For example, Visa or Mastercard. For APM transactions, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][masked_card]	The masked card number of a transaction. For example, 4444XXXXXXX1111. For APM transactions, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][dcc_card_currency]	The ISO numeric card currency code if DCC is selected for a transaction. If DCC is not selected, this parameter is not sent in the redirect callback. Note: See https://en.wikipedia.org/wiki/ISO_4217 for details.
transaction_data[transaction_id][dcc_card_amount]	The total amount that a customer is charged for a payment transaction if DCC is selected. If DCC is not selected, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][dcc_card_decimals]	The DCC currency precision. For example, 2 for GBP for dcc_card_currency. If DCC is not selected, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][dcc_exchange_rate]	The DCC currency exchange rate as returned by a DCC provider. For example, 54.777. If DCC is selected, this parameter is sent in the redirect callback.
transaction_data[transaction_id][fraud_status_code]	Final fraud status code. For example, 3011 or 3111. Refer to Fraud Status Codes for details. If Fraud is not enabled, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][fraud_status_desc]	The final fraud status. For example. Accepted or Review. If Fraud is not enabled, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][pre_auth_ext_status_code]	The pre-auth fraud check system response code.
transaction_data[transaction_id][pre_auth_ext_id]	The pre-auth fraud check system transaction ID.
transaction_data[transaction_id][card_name]	The card scheme or network of the transaction. For example, Visa or Mastercard. For APM transactions, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][masked_card]	The masked card number of a transaction. For example, 4444XXXXXXX1111. For APM transactions, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][dcc_card_currency]	The ISO numeric card currency code, which is shown only if DCC is selected for a transaction. If DCC is not selected, this parameter is not sent in the redirect callback. Note: See https://en.wikipedia.org/wiki/ISO_4217 for details.
transaction_data[transaction_id][dcc_card_amount]	The total amount that a customer was charged for a payment transaction if DCC is selected. If DCC is not selected, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][dcc_card_decimals]	The DCC currency precision. For example, 2 for GBP for dcc_card_currency . If DCC is not selected, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][dcc_exchange_rate]	The DCC currency exchange rate as returned by a DCC provider. For example, 54.777. If DCC is selected, this parameter is sent in the redirect callback.
transaction_data[transaction_id][fraud_status_code]	The final fraud status code. For example, 3011 or 3111. Refer to Fraud Status Codes for details. If Fraud is not enabled, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][fraud_status_desc]	The final fraud status description. For example, Accepted or Review. If Fraud is not enabled, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][pre_auth_ext_status_code]	The Pre-auth fraud check system response code.
transaction_data[transaction_id][pre_auth_ext_id]	The Pre-auth fraud check system transaction ID.
transaction_data[transaction_id][post_auth_ext_id]	The Post-auth fraud check system transaction ID.
transaction_data[transaction_id][post_auth_ext_status_code]	The Post-auth fraud check system response code.
transaction_data[transaction_id][approval_code]	The Acquirer approval code for the transaction. Note: It is provided, if available.
transaction_data[transaction_id][psp_name]	Acquirer or processor name through which this transaction was processed. For example, AUB for AliPay and 2C2P for some cards.
transaction_data[transaction_id][psp_ref_id]	Acquirer or processor reference ID through which this transaction was processed.
transaction_data[transaction_id][expiration_date]	The card expiration date of the transaction. For example, 01/21. For APM transactions, this parameter is not sent in the redirect callback.
transaction_data[transaction_id][first_name]	The billing address first name. Note: The parameters related to billing address and contact details are sent only if they are available.
transaction_data[transaction_id][last_name]	The billing address last name.
transaction_data[transaction_id][street_address]	The billing address street address.
transaction_data[transaction_id][city]	The billing address city name.
transaction_data[transaction_id][country]	The billing address country name.
transaction_data[transaction_id][province]	The billing address state/region value.
transaction_data[transaction_id][postal_code]	The billing address zip code.
transaction_data[transaction_id][email]	The card holder's email address.
transaction_data[transaction_id][mobile]	The card holder's mobile number.
transaction_data[transaction_id][dialing_country_code]	The card holder's mobile dialling country code.
transaction_data[transaction_id][session_token] transaction_data[transaction_id][hold_fee_amount] transaction_data[transaction_id][hold_fee_currency_code] transaction_data[transaction_id][hold_period]	The parameter contains additional information, which is sent in the request. Examples are {"additional_data":{"param": [{"name": "session_token","text":"2A6A4A09B52213D5CD9829D1"}]}}

5.3.3 HPP Redirect Parameters: JSON Forma

The following JSON format is sent from HPP to a merchant's Accept/Cancel URL in the POST method.
The following JSON response is sent as a value of a redirect parameter in a HTML form post.

[redirect] => {
  "order_status": {
    "code": "1/0"
  },
  "session_id": "21465",
  "session_type": "1",
  "sale_amount": {
    "value": "8716000",
    "currency_id": "170",
    "decimals": "2",
    "alpha3code": "COP",
},
  "status": {
    "code": "4030",
    "message": "Session Complete"
  },
  "additional_data": {
    "params": [
      {
        "name": "platform",
        "text": "WEBB2C"
      },
      {
        "name": "hold_fee_currency_code",
        "text": "COP"
      }
    ]
  },
  "transactions": {
    "transaction": [
      {
        "id": "32629",
				"order_id": "3J6POZ",
        "hmac": "f7ef5a949c37068bad50e9e15d735eef827b108009825c0ee630db257ac58dacb91fe3cebdcec39d5549e0b1bcc39297f752d29a512e09815805e20219b4cfd1",
        "payment_method": "CASH",
        "payment_type": "8",
        "date_time": "2021-07-12T05:25:15+00:00",
        "issuing_bank": "Efecty",
        "installment": "2",
        "ip_address": "123.203.28.127",
        "service_type_id": "1",
        "amount": {
          "text": "8716000",
          "currency_id": "170",
          "decimals": "2",
          "alpha3code": "COP",
          "conversion_rate": "1"
        },
        "status": {
          "code": "2001",
          "message": "Payment captured by PSP"
        },
        "psp": {
          "id": "70",
          "name": "SafetyPay",
          "external_id": "469537"
        },
        "card": {
          "id": "7",
          "name": "VISA",
          "mask_card_number": "4444********1111",
          "expiry": "12/24"
        },
        "additional_data": {
          "params": [
            {
              "name": "platform",
              "text": "WEBB2C"
            },
            {
              "name": "_ga",
              "text": "2.164258751.1803897181.1625637105-1001259588.1622795959"
            },
            {
              "name": "office_id",
              "text": "BOGAV08AK"
            },
            {
              "name": "hold_fee_currency_code",
              "text": "COP"
            },
            {
              "name": "kpi_used",
              "text": "true"
            },
            {
              "name": "Response_Code",
              "text": "101"
            },
            {
              "name": "CUS",
              "text": "469537"
            },
            {
              "name": "NIT",
              "text": "9006166521"
            },
            {
              "name": "coupon_issue_timestamp",
              "text": "2021-07-12T05:27:14"
            },
            {
              "name": "coupon_expiry",
              "text": "2021-07-13T03:01:10"
            },
            {
              "name": "coupon_id",
              "text": "110924"
            },
            {
              "name": "receipt_filename",
              "text": "prdcpr_8f64d5c3-8575-460a-994b-52eeddd01702.pdf"
            }
          ]
        },
        "billing_address": {
          "first_name": "deb",
          "last_name": "de",
          "street": "reotuhesdfdss",
          "city": "sdfds",
          "state": "Abra",
          "country": "Philippines",
          "postal_code": "12345"
        },
        "fraud": {
          "status_code": "Post Auth Success",
          "status_desc": "Post Auth Success",
          "post_auth_ext_id": "6255590973676885104011",
          "post_auth_ext_status_code": "ACCEPT"
        }
      }
    ]
  }
}

The following is a description of the parameters.

Transactions

Sub-parameter

Description

order_status

code

An integer code indicating the status of the transaction,
where 1 = success and 0 = failed.

session_id

The Velocity session ID for a transaction.

session_type

An integer that defines payment type. The following can be the possible values. If a customer selects

Split payment, session_type = 2 is returned in the redirect response.
Does not select split payment, session_type = 1 is returned in the redirect response.

sale_amount

text

The total amount that the customer was charged for the payment transaction in a country’s currency.

currency_id

The currency ID , in which the customer was charged for the payment.

alpha3code

Three-letter country codes

decimals

The currency precision. For example, 2 for USD for the currency parameter.

status

code

An integer code indicating the status of the session.

message

The status message of a session

session_token

A merchant's unique token.

hold_fee_amount

The holding fee amount

hold_fee_currency_code

The holding fee currency.

hold_period

The hold period.

Transactions

Velocity’s unique ID for the payment transaction.

order_id

The order ID, which a merchant provides when a transaction is initiated. It is the PNR for airlines.

hmac

The Message Authentication Code. It is calculated by creating a SHA512 hash comprising the following input fields in the listed order:

Parameter	Mandatory (Yes/No)
Clientid	Yes
ordered	Yes
amount	Yes
country	No
mobile	No
mobile-country	No
email	No
deviceid	No
salt	Yes

Using MAC calculation secures the information sent by the velocity to the merchant by applying the SHA-512 encryption algorithm on key parts of the information sent to protect against tampering. The “salt” is a merchant's shared secret string used to ensure that the provided MAC is unique.

payment_method

The type of method used for payment. The values are

Direct Debit (Online payment) - DD
Credit/Debit Card (Card payment) - CD
Wallet - eWallet
Other payment methods - CASH

payment_type

The type of payment. The possible values are

1 = Card
2 = Voucher
3 = Wallet
4 = APM
5 = Card Token
6 = Virtual
7 = Online Banking
8 = Offline Payment

ip_address

The IP address of a transaction initiated.

date_time

The date and time when a transaction was initiated in UTC.

installment

The number of instalments opted by a customer.

issuing_bank

The bank name for PSE or Onsite Center name for Onsite Payment. This parameter is sent for Safety Pay transactions only.
Note: For card transactions, this parameter is not sent in the redirect callback.

approval_code

The issuer approval code provided by a PSP for a transaction.
Note: It is available for card payments only.

status_code

The final fraud status code, for example, 3011 or 3111. Refer to the Fraud Status Codes section for details.
Note: If Fraud is not enabled, this parameter will not be sent in the redirect callback.

status_desc

The final fraud status description. For example, Accepted or Review.
Note: If Fraud is not enabled, this parameter is not sent in the redirect callback.

pre_auth_ext_status_code

The pre-auth fraud check system response code, if available.

pre_auth_ext_id

The pre-auth fraud check system transaction ID, if available

post_auth_ext_id

The post-auth fraud check system transaction ID, if available.

post_auth_ext_status_code

The post-auth fraud check system response code, if available.

service_type_id

The value to indicate the type of exchange services used for a transaction. The ID indicates if the Foreign Exchange (FX) services such as DCC or PCC are opted. The ID is a two-digit number XY in which:

X - Represents the type of exchange service used in a transaction.
Y - Represents the exchange usedꟷ it can be opt-in or opt-out.

The following table shows the possible values of exchange service ID:

ID (XY)	Service (X)	Opted
11	DCC	Opted
12	DCC	Not opted
41	PCC	Opted
42	PCC	Not opted

billing_address

first_name

The billing address first name, if available.

last_name

The billing address last name, if available.

street

The billing address street address, if available.

city

The billing address city name, if available.

country

The billing address country name, if available.

state

The billing address state/region value, if available.

amount

text

The total amount that a customer was charged for the payment transaction in a country’s currency.

currency_id

The currency ID , which the customer was charged for the payment.

decimals

The currency precision. For example, 2 for USD for the currency parameter.

alpha3code

The three-letter country codes

conversion_rate

The default value = 1
This field contains the conversion rate given by the FX service in decimals. If FX service is not opted, the value of this field is 1.

status

code

The status code of the transaction. Refer to the Transaction Status Codes section for details.
Note: For payment status timeout scenario, state_id = 0 is sent in response.

message

The status message of a transaction.

psp

Velocity’s unique ID for the PSP.

name

The name of the PSP or ACQ used for completing the transaction. This is present in the callback only if configured during onboarding.
For example – 2C2P, 2C2P-ALC, Global Payment, Worldpay, or Chase Payment.

reference_id

The transaction ID received from a PSP or ACQ. This is present in the redirect only if configured during onboarding.

The Velocity card ID to identify the card scheme. For example, Mastercard or Visa. If the transaction is abandoned then this attribute is not present.

mask_card_number

The masked card of the transaction. For example, 4444XXXXXXX1111.
Note: For APM, PSE and Onsite transactions, this parameter is not sent in the redirect callback.

expiry

The card expiration date of the transaction. For example, 01/21.
Note: For APM, PSE and Onsite transactions, this parameter is not sent in the redirect callback.

name

The card scheme/network of the transaction. For example, Visa or Mastercard.
Note: For APM, PSE and Onsite transactions, this parameter is not sent in the redirect callback.

additional_data

CUS

The payment Reference Number from SafetyPay.
Note: This parameter is sent for Safety Pay transactions only.

NIT

The merchant’s code at PSE.
Note: This parameter is sent for PSE transactions only.

coupon_issue_timestamp

The date and time of coupon issue by Safety Pay.
Note: This parameter will be sent for Safety Pay onsite payment transactions only.

coupon_expiry

The date and time of coupon expiry by Safety Pay.
Note: This parameter will be sent for Safety Pay onsite payment transactions only.

coupon_id

The AgreementCode sent by SafetyPay.
Note: This parameter will be sent for Safety Pay onsite payment transactions only.

receipt_filename

The filename of the coupon generated.