Authorize Payment
The Authorize Payment request is used to authorize a payment.
Resource Endpoint
| Path Name | Path Details |
|---|---|
| Endpoint | [Velocity URL]/mpoint/authorize-payment |
| Request Method | POST |
| Format/Content Type | text/xml |
| Authentication | HTTP basic access authentication |
Request
This page contains information on sending an Authorize Payment request using Velocity API. There are alternative request formats depending on the payment methods selected during a payment.
New Card Request
The following is an example of an Authorize Payment request for a payment using a new card:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<authorize-payment account="100101" client-id="10002">
<transaction id="1832214" store-card="false" type-id="30">
<card type-id="7">
<amount country-id="200">100</amount>
<card-holder-name>CardHolder Name</card-holder-name>
<card-number>”card_number”</card-number>
<expiry>01/23</expiry>
<cvc>009</cvc>
</card>
<additional-data>
<param name="BrowserScreenHeight">1066</param>
<param name="BrowserScreenWidth">2144</param>
<param name="BrowserLanguage">en-US</param>
<param name="BrowserJavaEnabled">false</param>
<param name="BrowserJavascriptEnabled">true</param>
<param name="BrowserColorDepth">24</param>
<param name="BrowserTimeZoneOffset">300</param>
<param name="UserAgent">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0</param>
</additional-data>
</transaction>
<client-info language="en" platform="iOS/9.0" version="1.28">
<mobile country-id="[integer]" operator-id="10000">[phone number]</mobile>
<email>[email id]</email>
<device-id>3432444444444444444FFFFFf03</device-id>
</client-info>
</authorize-payment>
</root>
Credit or Debit Card Request
The following is an example request for a payment using a credit or debit card:
<?xml version="1.0" encoding="UTF-8"?>
<authorize-payment account="100691" client-id="10069">
<transaction type-id="10091" id="1935288">
<card type-id="8">
<amount country-id="603">85556</amount>
<card-holder-name>CellPointMobie</card-holder-name>
<card-number>”card_number”</card-number>
<expiry>11/18</expiry>
</card>
</transaction>
<client-info language="da" version="1.28" platform="iOS/9.0">
<mobile operator-id="10000" country-id="200">[phone number]</mobile>
<email>[email id]</email>
<device-id>B4D54A3A4F5E4E1595F7A3BF16249F6D14555303</device-id>
</client-info>
</authorize-payment>
Third-party Wallet Request
The following is a sample request for a payment using a third-party wallet:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<authorize-payment account="[integer]" client-id="[integer]">
<transaction type-id="[integer]" id="[integer]">
<card network="mastercard" type-id="[integer]">
<address country-id="[integer]">
<full-name>test name</full-name>
<street>Gl. test street 8</street>
<postal-code>7766</postal-code>
<city>testCity</city>
<state>CA</state>
</address>
<amount country-id="[integer]">10025</amount>
<token>dasdlkjasl31232123231dkdlsakldfmggmmggm........</token>
</card>
</transaction>
<client-info language="en" version="1.20" platform="iOS/8.1.3">
<mobile operator-id="[integer]" country-id="[integer]">[phone number]</mobile>
<device-id>32E2C0FAF455915D14298774</device-id>
</client-info>
</authorize-payment>
</root>
Voucher Request
The following is a sample request for a payment using a voucher:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<authorize-payment account="100101" client-id="10002">
<transaction type-id="30" id="1832214" store-card="false">
<voucher id=”[string]” order-no=”[string]”>
<amount currency-id=”840” country-id="200">100</amount>
</voucher>
</transaction>
<client-info language="en" version="1.28" platform="iOS/9.0">
<mobile operator-id="10000" country-id="[integer]">[phone number]</mobile>
<email>[email id]</email>
<device-id>3432444444444444444FFFFFf03</device-id>
</client-info>
</authorize-payment>
</root>
3D Secure Authenticated Card Request
The following is a sample request for a payment using a credit or debit card with 3D Secure information:
<?xml version="1.0" encoding="UTF-8"?>
<authorize-payment account="100691" client-id="10069">
<transaction id="1935288" type-id="10091">
<card type-id="8">
<amount country-id="603">85556</amount>
<card-holder-name>CellPointMobie</card-holder-name>
<card-number>”card_number”</card-number>
<expiry>11/18</expiry>
<pre_authenticated>true/false</pre_authenticated>
<info-3d-secure>
<provider>{{provider_which_is_used_for_authentication}}</provider>
<version>{{3DS Version}}</version>
<cryptogram algorithm-id="{{algorithm}}" eci="{{eci}}" xid="{{xid}}">{{cryptogram}}</cryptogram>
<additional-data>
<param name="status">{{status}}</param>
<param name="msg">{{msg}}</param>
<param name="veresEnrolledStatus">{{veres enrolled status}}</param>
<param name="paresTxStatus">{{paresTxStatus}}</param>
<param name="PAResVerified">{{PAResVerified}}</param>
<param name="PAResSyntaxOK">{{PAResSyntaxOK}}</param>
<param name="cardType">{{cardType}}</param>
<param name="accessControlServerTransactionId">{{accessControlServerTransactionId}}</param>
<param name="threeDSServerTransID">{{threeDSServerTransID}}</param>
<param name="directoryServerTransactionId">{{directoryServerTransactionId}}</param>
</additional-data>
</info-3d-secure>
</card>
</transaction>
<client-info language="da" platform="iOS/9.0" version="1.28">
<mobile country-id="200" operator-id="10000">[phone number]</mobile>
<email>[email id]</email>
<device-id>B4D54A3A4F5E4E1595F7A3BF16249F6D14555303</device-id>
</client-info>
</authorize-payment>
Request Parameters
Request Parameters
Authorize Payment request parameters are described in the tables below.
card
card| Parameter | Type | Required | Description |
|---|---|---|---|
| pre_authenticated | String | No | True: In the case of 3DS already done at the merchant end. |
info-3d-secure Parameters
info-3d-secure Parameters| Parameter | Type | Required | Description |
|---|---|---|---|
| version | String | Yes | The version of 3DS used to process the transaction. • For 3DS1 - 1.0.2 • For 3DS2 - 2.1.0 or 2.2.0 |
| provider | String | No | The provider’s name, which is used for authentication. |
| cryptogram | String | Conditional | Required, if eci value is 01, 02, 05 or 06. A cryptographic value that provides evidence of the outcome of a 3DS verification. • Visa - Cardholder Authentication Verification Value (CAVV) • Mastercard - Universal Cardholder Authentication Field (UCAF) |
| eci | String | Yes | Electronic Commerce Indicator (ECI). It indicates the outcome of the 3DS verification. • 02 or 05 - Fully Authenticated Transaction • 01 or 06 - Attempted Authentication Transaction • 00 or 07 - Non 3-D Secure Transaction • Mastercard - 02, 01, 00 • Visa - 05, 06, 07 • Amex - 05, 06, 07 • JCB - 05, 06, 07 • Diners - 05, 06, 07 |
| xid | String | Conditional | This is mandatory for 3DS Version 1. |
| algorithm-id | String | No | A cryptographic algorithm used for cryptograms. |
| additional-data | Node | No In the case of 3DS version 2 directoryServerTransactionId param, it is mandatory. | An optional node that contains additional information about the 3DS authentication transaction provided by an external authentication service. It includes a list of parameters with values. For example: • accessControlServerTransactionId : ACS server transaction ID • directoryServerTransactionId: Directory server trasnaction id (Mandatory for 3DS version 2.0) |
Response
The Velocity server sends the Authorize Payment response confirming if the transaction authorization was a success or a failure.
Success Example
<?xml version="1.0" encoding="UTF-8"?>
<root>
<status code="2000">Payment authorized</status>
</root>
Failed Example
<?xml version="1.0" encoding="UTF-8"?>
<root>
<status code="2010" sub-code="2010205"> Unable to authorize</status>
</root>
Response Parameters
Response Parameters
The Authorize Payment response parameters are listed and defined in the table below:
| Parameter | Type | Required | Description |
|---|---|---|---|
| status | String | Yes | Describes the status code. |
| code | Integer | Yes | A status code for the authorizing processes. |
| sub-code | Integer | Yes | The granular-level status code which shows the reason for a failed authorization. |
3DS 1.0 Authentication Required
The following is a sample response received when 3DS 1.0 authentication is required:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<status code="2005">3d verification required</status>
<parsed-challenge>
<action type-id="11">
<url content-type="application/x-www-form-urlencoded" method="post">https://3ds-acs.test.modirum.com/mdpayacs/creq?token=220646651.1670842886.KJTk10b79hUunC4uy7erl0gOsaZW7UHoEh56a0-9Un4</url>
<hidden-fields>
<creq>ewogICAiYWNzVHJhbnNJRCIgOiAiZjEyZjUxMDItOTI4ZC00N2I3LTg1YjAtZTM5NDhjYjIzZDY1IiwKICAgImNoYWxsZW5nZVdpbmRvd1NpemUiIDogIjAzIiwKICAgIm1lc3NhZ2VUeXBlIiA6ICJDUmVxIiwKICAgIm1lc3NhZ2VWZXJzaW9uIiA6ICIyLjIuMCIsCiAgICJ0aHJlZURTU2VydmVyVHJhbnNJRCIgOiAiMzIwYmUxM2MtYmQ4ZC01YzliLTgwMDAtMDAwMDAxMjRiYTM1Igp9</creq>
<TermUrl>https://5j.mesb.sit.cpm.dev/mpoint/first-data/threed-redirect?referencedTransactionId=5721077</TermUrl>
</hidden-fields>
</action>
</parsed-challenge>
</root>
The steps to process the Authorize Payment response for the 3DS 1.0 authentication are as follows:
- Extract the content of tags .
- Do a form post of all the fields hidden-fields to the URL in the action tag using browser.
- Follow the instruction to complete authentication.
- After the authentication is complete, it is redirected to your Accept or Decline URL.
- The Callback notification with the authorization status is sent to your Callback URL.
3DS 2.0 Authentication Required
The following is an example of a response received when 3DS 2.0 authentication is required:
<?xml version="1.0" encoding="UTF-8"?>
<root>
<status code="2005" sub-code="2005002">3D Secure Verification Required</status>
<web-method><html class="no-js" lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <META http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta charset="utf-8"> <title>3D Secure Processing</title> <link href="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/mpi.css" rel="stylesheet" type="text/css"> </head> <body> <div id="main"> <div id="content"> <div id="order"> <h2>3D Secure Processing</h2> <script src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/red.js" defer>/* needed for xsl to xhtml */</script> <div id="spinner"> <img src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/preloader.gif" alt="Please wait.."></div> <img src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/mc_idcheck_hrz_ltd_pos_103px.png" alt="MasterCard ID Check"><iframe id="tdsMmethodTgtFrame" name="tdsMmethodTgtFrame" xmlns="http://www.w3.org/1999/xhtml"><!--.--> </iframe><form id="tdsMmethodForm" name="tdsMmethodForm" action="https://3ds-acs.test.modirum.com/mdpayacs/3ds-method" method="post" target="tdsMmethodTgtFrame"> <input type="hidden" name="3DSMethodData" value="eyAidGhyZWVEU1NlcnZlclRyYW5zSUQiIDogImRkZjQ5MTYxLTZiYjgtNWY5YS04MDAwLTAwMmVhNzE4N2E0ZCIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIiA6ICJodHRwczovLzNkcy1tcGktY2VsbHBvaW50bW9iaWxlLnRlc3QubW9kaXJ1bS5jb20vbWRwYXltcGkvTWVyY2hhbnRTZXJ2ZXI_bW49WSZ0eGlkPTIwMDM3MTg5NDg2MSZkaWdlc3Q9UFVyQ3ZnWnZZeHp0cVU1a1N2MTdTdnhjUlVXaTAwWVByNlh5MmttWCUyQkg0JTNEIiB9"><input type="hidden" name="threeDSMethodData" value="eyAidGhyZWVEU1NlcnZlclRyYW5zSUQiIDogImRkZjQ5MTYxLTZiYjgtNWY5YS04MDAwLTAwMmVhNzE4N2E0ZCIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIiA6ICJodHRwczovLzNkcy1tcGktY2VsbHBvaW50bW9iaWxlLnRlc3QubW9kaXJ1bS5jb20vbWRwYXltcGkvTWVyY2hhbnRTZXJ2ZXI_bW49WSZ0eGlkPTIwMDM3MTg5NDg2MSZkaWdlc3Q9UFVyQ3ZnWnZZeHp0cVU1a1N2MTdTdnhjUlVXaTAwWVByNlh5MmttWCUyQkg0JTNEIiB9"> </form><div id="formdiv"> <div> <form id="webform0" name="ddcoll" method="POST" action="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/MerchantServer" accept_charset="UTF-8"> <input type="hidden" name="txid" value="200371894861"><input type="hidden" name="TDS2_Navigator_language" value=""><input type="hidden" name="TDS2_Navigator_javaEnabled" value=""><input type="hidden" name="TDS2_Navigator_jsEnabled" value=""><input type="hidden" name="TDS2_Screen_colorDepth" value=""><input type="hidden" name="TDS2_Screen_height" value=""><input type="hidden" name="TDS2_Screen_width" value=""><input type="hidden" name="TDS2_Screen_PixelDepth" value=""><input type="hidden" name="TDS2_TimezoneOffset" value=""><input type="hidden" name="digest" value="5woOk3ql1bNMosc5yuyLXdk8k47KCTR+uVloWvAA/XQ=" readonly="true"><input type="submit" name="submitBtn" id="submitBtn" value="Please click here to continue"> </form> </div> </div> <noscript> <div align="center"> <b>Javascript is turned off or not supported!</b> <br> </div> </noscript> </div> <div id="content-footer"></div> </div> </div> </body> </html></web-method>
<return-url>https://av.uat-01.cellpointmobile.net/mpi/modirum/threed-redirect</return-url>
<card-mask>553571******3561</card-mask>
<expiry>01/23</expiry>
<token>4eeb155fc20fa07a7c01d82aa68f9d22cab6257c57b6694d722cfdc8b95dce4d2f8f44e0a5c9aab14065e1f2016fc95eb0185cb62689b78e8e06346429c1aedc</token>
</root>
The steps to process the Authorize Payment response for the 3DS 2.0 authentication are as follows:
- Extract the content of tag .
- HTML decode the web-method content to get the HTML.
- Load the HTML on the browser and follow the instruction to complete authentication.
- After the authentication is complete, it is redirected to your Accept or Decline URL.
- The Callback notification with authorization status is sent to your Callback URL.
Updated 14 days ago