Mobile App integration
VERY IMPORTANT: Before you start integrating this flow, make sure, you have read the the Introduction and Licenses and Interfaces chapters. They contain general and vital information, not only about the JSON-API, but also for you, the merchant! Furthermore, also make make sure, whether, or not PSD2 does apply to you!
Payments done via a smartphone through a mobile app, are becoming more and more important. Saferpay offers the tools needed to be integrated via a mobile app. The following guide is an extension, to the standard integration methods for the Transaction interface and Secure Alias Store.
The Integration centers around a client-server model (the app being the client), in which a merchant server hosts all the necessary data, to do the requests itself and store any vital data, the app and therefore the customer/card holder, does not need to know.
The general process is as follows:
- The app calls the server to make a payment.
- The Server calls Saferpay, doing either a, Transaction Initialize, or Alias Insert.
- Saferpay responds with a Token and the RedirectUrl.
- The server saves the Token and forwards the RedirectUrl to the app.
- The app opens up a native card-form.
- The card holder enters his card details and submits the form.
- The card details are posted to saferpay directly, using the RedirectUrl as the endpoint.
- Saferpay responds with a new RedirectUrl for 3D Secure and DCC, if applicable.
- The App either opens the Url inside a Webview, or opens the phone browser.
- The user may authenticate him/herself through 3DS and perform DCC.
- Once the external process is completed, the card holder gets redirected to the ReturnUrls
- The App intercepts the Redirect, through the Webview-handler
- The app instead opens up the In-App return-page, while asking the server for the final outcome.
- The Server executes the Authorization and forwards the result to the app.
- The app confirms the recipience, so the server may finalize and capture the payment, while the app either displays a success, or a failure.
Request and response of Card-Post
The following parameters need to be posted from the app to the RedirectUrl (See step 7):
|RedirectUrl||URL||M||The RedirectUrl will be the endpoint, the card details are posted to!|
|HolderName||String||M||Input for the card-holder name.|
|CardNumber||String||M||Input for the card-number (PAN).|
|ExpMonth||String||M||Input for the expiration-month.|
|ExpYear||String||M||Input for the expiration-year.|
|VerificationCode||String||M||Input for the Card Verification Code (CVC).|
|FromAjax||Boolean||O||Must be set to "true", in order to recieve a JSON-response!|
The Response will be a JSON-Object.
Success-Response in case of an http-200 response:
|RedirectUrl||URL||mandatory||RedirectUrl to open up inside a webview!|
Error-Response in case of an http-4xx response:
|ErrorName||String||mandatory||Description, or ID of the error|
|Behavior||String||mandatory||Further details on how to proceed (RETRY_LATER, RETRY, ABORT...).|
|ErrorDetail||String||optional||Further details on the error itself, if available. For example, if the ErrorName=VALIDATION_FAILED, the ErrorDetail contains a list of the invalid input-fields (“CardNumber”, “ExpYear”, “Ex-pMonth”, etc.)|