Authorize Payment

The Authorize Payment request is used to authorize a payment.

Resource Endpoint

Path NamePath Details
Endpoint[Velocity URL]/mpoint/authorize-payment
Request MethodPOST
Format/Content Typetext/xml
AuthenticationHTTP basic access authentication

Request

This page contains information on sending an Authorize Payment request using Velocity API. There are alternative request formats depending on the payment methods selected during a payment.

New Card Request

The following is an example of an Authorize Payment request for a payment using a new card:

<?xml version="1.0" encoding="UTF-8"?>
<root>
	<authorize-payment account="100101" client-id="10002">
		<transaction id="1832214" store-card="false" type-id="30">
			<card type-id="7">
				<amount country-id="200">100</amount>
				<card-holder-name>CardHolder Name</card-holder-name>
				<card-number>”card_number”</card-number>
				<expiry>01/23</expiry>
				<cvc>009</cvc>
			</card>
			<additional-data>
				<param name="BrowserScreenHeight">1066</param>
				<param name="BrowserScreenWidth">2144</param>
				<param name="BrowserLanguage">en-US</param>
				<param name="BrowserJavaEnabled">false</param>
				<param name="httpAcceptContent">payment.test.ink</param>
				<param name="BrowserJavascriptEnabled">true</param>
				<param name="BrowserColorDepth">24</param>
				<param name="BrowserTimeDifference">300</param>
				<param name="UserAgent">Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0</param>
			</additional-data>
		</transaction>
		<client-info language="en" platform="iOS/9.0" version="1.28">
			<mobile country-id="[integer]" operator-id="10000">[phone number]</mobile>
			<email>[email id]</email>
			<device-id>3432444444444444444FFFFFf03</device-id>
		</client-info>
	</authorize-payment>
</root>

Credit or Debit Card Request

The following is an example request for a payment using a credit or debit card:

<?xml version="1.0" encoding="UTF-8"?>
<authorize-payment account="100691" client-id="10069">
	<transaction type-id="10091" id="1935288">
		<card type-id="8">
			<amount country-id="603">85556</amount>
			<card-holder-name>CellPointMobie</card-holder-name>
			<card-number>”card_number”</card-number>
			<expiry>11/18</expiry>
		</card>
	</transaction>
	<client-info language="da" version="1.28" platform="iOS/9.0">
		<mobile operator-id="10000" country-id="200">[phone number]</mobile>
		<email>[email id]</email>
		<device-id>B4D54A3A4F5E4E1595F7A3BF16249F6D14555303</device-id>
	</client-info>
</authorize-payment>

Third-party Wallet Request

The following is a sample request for a payment using a third-party wallet:

<?xml version="1.0" encoding="UTF-8"?>
<root>
	<authorize-payment account="[integer]" client-id="[integer]">
		<transaction type-id="[integer]" id="[integer]">
			<card network="mastercard" type-id="[integer]">
				<address country-id="[integer]">
					<full-name>test name</full-name>
					<street>Gl. test street 8</street>
					<postal-code>7766</postal-code>
					<city>testCity</city>
					<state>CA</state>
				</address>
				<amount country-id="[integer]">10025</amount>
				<token>dasdlkjasl31232123231dkdlsakldfmggmmggm........</token>
			</card>
		</transaction>
		<client-info language="en" version="1.20" platform="iOS/8.1.3">
			<mobile operator-id="[integer]" country-id="[integer]">[phone number]</mobile>
			<device-id>32E2C0FAF455915D14298774</device-id>
		</client-info>
	</authorize-payment>
</root>

Voucher Request

The following is a sample request for a payment using a voucher:

<?xml version="1.0" encoding="UTF-8"?>
<root>
	<authorize-payment account="100101" client-id="10002">
		<transaction type-id="30" id="1832214" store-card="false">
			<voucher id=”[string]” order-no=”[string]”>
			<amount currency-id=”840” country-id="200">100</amount>
		</voucher>
	</transaction>
	<client-info language="en" version="1.28" platform="iOS/9.0">
		<mobile operator-id="10000" country-id="[integer]">[phone number]</mobile>
		<email>[email id]</email>
		<device-id>3432444444444444444FFFFFf03</device-id>
	</client-info>
</authorize-payment>
</root>

3D Secure Authenticated Card Request

The following is a sample request for a payment using a credit or debit card with 3D Secure information:

<?xml version="1.0" encoding="UTF-8"?>
<authorize-payment account="100691" client-id="10069">
	<transaction id="1935288" type-id="10091">
		<card type-id="8">
			<amount country-id="603">85556</amount>
			<card-holder-name>CellPointMobie</card-holder-name>
			<card-number>”card_number”</card-number>
			<expiry>11/18</expiry>
			<pre_authenticated>true/false</pre_authenticated>
			<info-3d-secure>
				<provider>{{provider_which_is_used_for_authentication}}</provider>
				<version>{{3DS Version}}</version>
				<cryptogram algorithm-id="{{algorithm}}" eci="{{eci}}" xid="{{xid}}">{{cryptogram}}</cryptogram>
				<additional-data>
					<param name="status">{{status}}</param>
					<param name="msg">{{msg}}</param>
					<param name="veresEnrolledStatus">{{veres enrolled status}}</param>
					<param name="paresTxStatus">{{paresTxStatus}}</param>
					<param name="PAResVerified">{{PAResVerified}}</param>
					<param name="PAResSyntaxOK">{{PAResSyntaxOK}}</param>
					<param name="cardType">{{cardType}}</param>
					<param name="accessControlServerTransactionId">{{accessControlServerTransactionId}}</param>
					<param name="threeDSServerTransID">{{threeDSServerTransID}}</param>
					<param name="directoryServerTransactionId">{{directoryServerTransactionId}}</param>
				</additional-data>
			</info-3d-secure>
		</card>
	</transaction>
	<client-info language="da" platform="iOS/9.0" version="1.28">
		<mobile country-id="200" operator-id="10000">[phone number]</mobile>
		<email>[email id]</email>
		<device-id>B4D54A3A4F5E4E1595F7A3BF16249F6D14555303</device-id>
	</client-info>
</authorize-payment>

Request Parameters

Request Parameters

Authorize Payment request parameters are described in the tables below.

card

ParameterTypeRequiredDescription
pre_authenticatedStringNoTrue: In the case of 3DS already done at the merchant end.

info-3d-secure Parameters

ParameterTypeRequiredDescription
versionStringYesThe version of 3DS used to process the transaction.

• For 3DS1 - 1.0.2
• For 3DS2 - 2.1.0 or 2.2.0
providerStringNoThe provider’s name, which is used for authentication.
cryptogramStringConditionalRequired, if eci value is 01, 02, 05 or 06.

A cryptographic value that provides evidence of the outcome of a 3DS verification.

• Visa - Cardholder Authentication Verification Value (CAVV)
• Mastercard - Universal Cardholder Authentication Field (UCAF)
eciStringYesElectronic Commerce Indicator (ECI).

It indicates the outcome of the 3DS verification.

• 02 or 05 - Fully Authenticated Transaction
• 01 or 06 - Attempted Authentication Transaction
• 00 or 07 - Non 3-D Secure Transaction
• Mastercard - 02, 01, 00
• Visa - 05, 06, 07
• Amex - 05, 06, 07
• JCB - 05, 06, 07
• Diners - 05, 06, 07
xidStringConditionalThis is mandatory for 3DS Version 1.
algorithm-idStringNoA cryptographic algorithm used for cryptograms.
additional-dataNodeNo

In the case of 3DS version 2 directoryServerTransactionId param, it is mandatory.
An optional node that contains additional information about the 3DS authentication transaction provided by an external authentication service. It includes a list of parameters with values.

For example:
• accessControlServerTransactionId : ACS server transaction ID
• directoryServerTransactionId: Directory server trasnaction id (Mandatory for 3DS version 2.0)

Response

The Velocity server sends the Authorize Payment response confirming if the transaction authorization was a success or a failure.

Success Example

<?xml version="1.0" encoding="UTF-8"?>
<root>
    <status code="2000">Payment authorized</status>
</root>

Failed Example

<?xml version="1.0" encoding="UTF-8"?>
<root>
    <status code="2010" sub-code="2010205"> Unable to authorize</status>
</root>

Response Parameters

Response Parameters

The Authorize Payment response parameters are listed and defined in the table below:

ParameterTypeRequiredDescription
statusStringYesDescribes the status code.
codeIntegerYesA status code for the authorizing processes.
sub-codeIntegerYesThe granular-level status code which shows the reason for a failed authorization.

3DS 1.0 Authentication Required

The following is a sample response received when 3DS 1.0 authentication is required:

<?xml version="1.0" encoding="UTF-8"?>
<root>
	<status code="2005">3d verification required</status>
	<parsed-challenge>
		<action type-id="11">
			<url content-type="application/x-www-form-urlencoded" method="post">https://3ds-acs.test.modirum.com/mdpayacs/creq?token=220646651.1670842886.KJTk10b79hUunC4uy7erl0gOsaZW7UHoEh56a0-9Un4</url>
			<hidden-fields>
				<creq>ewogICAiYWNzVHJhbnNJRCIgOiAiZjEyZjUxMDItOTI4ZC00N2I3LTg1YjAtZTM5NDhjYjIzZDY1IiwKICAgImNoYWxsZW5nZVdpbmRvd1NpemUiIDogIjAzIiwKICAgIm1lc3NhZ2VUeXBlIiA6ICJDUmVxIiwKICAgIm1lc3NhZ2VWZXJzaW9uIiA6ICIyLjIuMCIsCiAgICJ0aHJlZURTU2VydmVyVHJhbnNJRCIgOiAiMzIwYmUxM2MtYmQ4ZC01YzliLTgwMDAtMDAwMDAxMjRiYTM1Igp9</creq>
				<TermUrl>https://5j.mesb.sit.cpm.dev/mpoint/first-data/threed-redirect?referencedTransactionId=5721077</TermUrl>
			</hidden-fields>
		</action>
	</parsed-challenge>
</root>

The steps to process the Authorize Payment response for the 3DS 1.0 authentication are as follows:

  1. Extract the content of tags .
  2. Do a form post of all the fields hidden-fields to the URL in the action tag using browser.
  3. Follow the instruction to complete authentication.
  4. After the authentication is complete, it is redirected to your Accept or Decline URL.
  5. The Callback notification with the authorization status is sent to your Callback URL.

3DS 2.0 Authentication Required

The following is an example of a response received when 3DS 2.0 authentication is required:

<?xml version="1.0" encoding="UTF-8"?>
<root>
	<status code="2005" sub-code="2005002">3D Secure Verification Required</status>
	<web-method>&lt;html class="no-js" lang="en" xmlns="http://www.w3.org/1999/xhtml"&gt; &lt;head&gt; &lt;META http-equiv="Content-Type" content="text/html; charset=utf-8"&gt; &lt;meta http-equiv="Content-Type" content="text/html; charset=utf-8"&gt; &lt;meta charset="utf-8"&gt; &lt;title&gt;3D Secure Processing&lt;/title&gt; &lt;link href="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/mpi.css" rel="stylesheet" type="text/css"&gt; &lt;/head&gt; &lt;body&gt; &lt;div id="main"&gt; &lt;div id="content"&gt; &lt;div id="order"&gt; &lt;h2&gt;3D Secure Processing&lt;/h2&gt; &lt;script src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/red.js" defer&gt;/* needed for xsl to xhtml */&lt;/script&gt; &lt;div id="spinner"&gt; &lt;img src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/preloader.gif" alt="Please wait.."&gt;&lt;/div&gt; &lt;img src="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/static/mc_idcheck_hrz_ltd_pos_103px.png" alt="MasterCard ID Check"&gt;&lt;iframe id="tdsMmethodTgtFrame" name="tdsMmethodTgtFrame" xmlns="http://www.w3.org/1999/xhtml"&gt;&lt;!--.--&gt; &lt;/iframe&gt;&lt;form id="tdsMmethodForm" name="tdsMmethodForm" action="https://3ds-acs.test.modirum.com/mdpayacs/3ds-method" method="post" target="tdsMmethodTgtFrame"&gt; &lt;input type="hidden" name="3DSMethodData" value="eyAidGhyZWVEU1NlcnZlclRyYW5zSUQiIDogImRkZjQ5MTYxLTZiYjgtNWY5YS04MDAwLTAwMmVhNzE4N2E0ZCIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIiA6ICJodHRwczovLzNkcy1tcGktY2VsbHBvaW50bW9iaWxlLnRlc3QubW9kaXJ1bS5jb20vbWRwYXltcGkvTWVyY2hhbnRTZXJ2ZXI_bW49WSZ0eGlkPTIwMDM3MTg5NDg2MSZkaWdlc3Q9UFVyQ3ZnWnZZeHp0cVU1a1N2MTdTdnhjUlVXaTAwWVByNlh5MmttWCUyQkg0JTNEIiB9"&gt;&lt;input type="hidden" name="threeDSMethodData" value="eyAidGhyZWVEU1NlcnZlclRyYW5zSUQiIDogImRkZjQ5MTYxLTZiYjgtNWY5YS04MDAwLTAwMmVhNzE4N2E0ZCIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIiA6ICJodHRwczovLzNkcy1tcGktY2VsbHBvaW50bW9iaWxlLnRlc3QubW9kaXJ1bS5jb20vbWRwYXltcGkvTWVyY2hhbnRTZXJ2ZXI_bW49WSZ0eGlkPTIwMDM3MTg5NDg2MSZkaWdlc3Q9UFVyQ3ZnWnZZeHp0cVU1a1N2MTdTdnhjUlVXaTAwWVByNlh5MmttWCUyQkg0JTNEIiB9"&gt; &lt;/form&gt;&lt;div id="formdiv"&gt; &lt;div&gt; &lt;form id="webform0" name="ddcoll" method="POST" action="https://3ds-mpi-cellpointmobile.test.modirum.com/mdpaympi/MerchantServer" accept_charset="UTF-8"&gt; &lt;input type="hidden" name="txid" value="200371894861"&gt;&lt;input type="hidden" name="TDS2_Navigator_language" value=""&gt;&lt;input type="hidden" name="TDS2_Navigator_javaEnabled" value=""&gt;&lt;input type="hidden" name="TDS2_Navigator_jsEnabled" value=""&gt;&lt;input type="hidden" name="TDS2_Screen_colorDepth" value=""&gt;&lt;input type="hidden" name="TDS2_Screen_height" value=""&gt;&lt;input type="hidden" name="TDS2_Screen_width" value=""&gt;&lt;input type="hidden" name="TDS2_Screen_PixelDepth" value=""&gt;&lt;input type="hidden" name="TDS2_TimezoneOffset" value=""&gt;&lt;input type="hidden" name="digest" value="5woOk3ql1bNMosc5yuyLXdk8k47KCTR+uVloWvAA/XQ=" readonly="true"&gt;&lt;input type="submit" name="submitBtn" id="submitBtn" value="Please click here to continue"&gt; &lt;/form&gt; &lt;/div&gt; &lt;/div&gt; &lt;noscript&gt; &lt;div align="center"&gt; &lt;b&gt;Javascript is turned off or not supported!&lt;/b&gt; &lt;br&gt; &lt;/div&gt; &lt;/noscript&gt; &lt;/div&gt; &lt;div id="content-footer"&gt;&lt;/div&gt; &lt;/div&gt; &lt;/div&gt; &lt;/body&gt; &lt;/html&gt;</web-method>
	<return-url>https://av.uat-01.cellpointmobile.net/mpi/modirum/threed-redirect</return-url>
	<card-mask>553571******3561</card-mask>
	<expiry>01/23</expiry>
	<token>4eeb155fc20fa07a7c01d82aa68f9d22cab6257c57b6694d722cfdc8b95dce4d2f8f44e0a5c9aab14065e1f2016fc95eb0185cb62689b78e8e06346429c1aedc</token>
</root>

The steps to process the Authorize Payment response for the 3DS 2.0 authentication are as follows:

  1. Extract the content of tag .
  2. HTML decode the web-method content to get the HTML.
  3. Load the HTML on the browser and follow the instruction to complete authentication.
  4. After the authentication is complete, it is redirected to your Accept or Decline URL.
  5. The Callback notification with authorization status is sent to your Callback URL.