Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
developer:api_specification:hpp_payment_features [2018/11/01 05:24] thiago123 [Notes and Details on the Response] |
developer:api_specification:hpp_payment_features [2019/06/04 14:27] vinayh [Notes and Details on the Response] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Hosted Page Payment Features ====== | ||
| + | |||
| + | ~~TOC~~ | ||
| + | |||
| + | \\ | ||
| + | This feature has two subfeatuers: the Payment and Pre-Authorization. | ||
| + | |||
| + | Use the Request URL and the Request Body Fields to perform a request for those subfeatures, then put in place your Receipt URL so the gateway can use the Response Body Fields to send the transaction's receipt. | ||
| + | |||
| + | ===== Payment and Pre-Authorization ===== | ||
| + | |||
| + | These features enables you to perform a Payment transaction or a Pre-authorization transaction, using a hosted page at the Payment Gateway. | ||
| + | |||
| + | This page is built to allow merchants to easily integrate with the Nuvei system for processing one-off payments. | ||
| + | |||
| + | Using this solution, the Card Holders are redirected to the Gateway's payment page once they have made the decision to buy something at the Merchant's solution. All payment details are collected by Gateway's payment page to be sent to the Acquirer's Server once the submit button is pressed. The payment is then processed by Gateway and the Card Holder is redirected to the Merchant's Receipt page. | ||
| + | |||
| + | The above is accomplished by means of a simple HTML form post with a number of defined form fields, as you will see at the following subsections. | ||
| + | |||
| + | Both requests (Payment and Pre-auth) have the same body, but different Request URLs to be used. | ||
| + | |||
| + | ^ **TYPE** ^ **REQUEST URL** ^ | ||
| + | | Payment (Authorization) | https://testpayments.nuvei.com/merchant/paymentpage | | ||
| + | | Pre-Authorization | https://testpayments.nuvei.com/merchant/preauthpage | | ||
| + | \\ | ||
| + | \\ | ||
| + | |||
| + | ==== Request Body Fields ==== | ||
| + | |||
| + | <searchtable> | ||
| + | ^ **FIELD** ^ **REQUIRED** ^ **DESCRIPTION** ^ | ||
| + | | TERMINALID | Y | A TerminalID provided by Nuvei. | | ||
| + | | ORDERID | Y | A unique identifier for the order created by the merchant. Maximum of 24 Characters. | | ||
| + | | CURRENCY | Y | Currency of the transaction. A 3 character code following the ISO 4217 Currency Code. | | ||
| + | | AMOUNT | Y | The amount of the transaction. A 2 digit decimal or an integer value for JPY amounts. | | ||
| + | | DATETIME | Y | Transaction date and time. Format: DD-MM-YYYY:HH:MM:SS:SSS. | | ||
| + | | HASH | Y | A HASH code formed by part of the request fields. The formation rule is given at the **ND001 - Hash Formation**, in the next section. | | ||
| + | | CARDHOLDERNAME | N | This will pre-populate the Cardholder Name field on the payment page. This will be editable on the payment page. It should be as displayed on the front of the card. | | ||
| + | | AUTOREADY | N | Values can be: Y or N. Automatically set the transaction to Ready in the batch. If not present, the terminal default will be used. | | ||
| + | | DESCRIPTION | N | A description of the transaction. | | ||
| + | | EMAIL | N | An email address to send a confirmation email to. Normally this is cardholder email address. | | ||
| + | | RECEIPTPAGEURL | N | This is the URL of the page on your site that will display the result of the transaction. If sent this will override the terminal setting in the SelfCare System. | | ||
| + | | VALIDATIONURL | N | This will overwrite the default Background Validation URL and will display an error if this feature is not enabled and sent. The next section's subfeature uses this URL (or the one configured at the Terminal) to send a request to validate the transaction. If sent this will override the terminal setting in the SelfCare System. | | ||
| + | | TERMINALTYPE | N | Defines how the transaction is to be processed. Values can be:\\ **1**: As Mail Order/Telephone Order.\\ **2**: eCommerce.\\ Mail Order transactions can have a separate payment Page Layout. | | ||
| + | | TRANSACTIONTYPE | N | Values can be:\\ **4**: Normal Mail order/Telephone Oder trans (Mail Order for first Data Latvia).\\ **5**: 3DS fully authenticated trans.\\ **6**: 3DS attempted trans.\\ **7**: Normal eCommerce trans.\\ **9**: Telephone Order (First Data Latvia only). | | ||
| + | | ADDRESS1 | N | First line of address. This field will pre-populate the ADDRESS1 field on the Hosted Payment Page, if there is also a valid POSTCODE sent and AVS is enabled for the terminal. Handling of display is managed by Nuvei and can be to display (read only or editable) or to hidden on the page. | | ||
| + | | ADDRESS2 | N | Second line of address. Same behavior as ADDRESS1. | | ||
| + | | POSTCODE | N | Post code for the address. If sent, then AVS data will be populated. Required for MaxMind MinFraud fraud scoring complementary service. | | ||
| + | | CITY | N | City for the address. Required for MaxMind MinFraud fraud scoring complementary service. | | ||
| + | | REGION | N | Region for the address. Required for MaxMind MinFraud fraud scoring complementary service. | | ||
| + | | COUNTRY | N | Country code for the address. Following the ISO 3166-1-alpha-2 Country Code . Required for MaxMind MinFraud fraud scoring complementary service. | | ||
| + | | PHONE | N | Customer phone number, to be stored against transaction. International format and numeric. | | ||
| + | | PAYMENTTYPE | N | Set to CUP_SECUREPAY in order to forward directly to China Union Pay. | | ||
| + | | CUSTOMER_REF_NUMBER | N | Text type field with max length of 48 characteres. This number is defined by the cardmember. It is entered by the merchant at the point of sale. Also, see Notes 4 and 5 below. | | ||
| + | | TAX_AMOUNT | N | Value type field, with max length of 13 algarisms. A value of zero is required in order to indicate tax exempt transactions. Also, see Notes 4 and 5 below. | | ||
| + | | SHIPPING_FULL_NAME | N | Text type field with max length of 50 characteres. See **ND004 - Level II Data Validation** for more details. | | ||
| + | | SHIPPING_ADDRESS1 | N | Text type field with max length of 50 characteres. See **ND004 - Level II Data Validation** for more details. | | ||
| + | | SHIPPING_ADDRESS2 | N | Text type field with max length of 50 characteres. Always optional regardless compulsory setting. See **ND004 - Level II Data Validation** for more details. | | ||
| + | | SHIPPING_CITY | N | Text type field, between 1 and 128 characteres. See **ND004 - Level II Data Validation** for more details. | | ||
| + | | SHIPPING_REGION | N | Text type field, between 1 and 128 characteres. See **ND004 - Level II Data Validation** for more details. | | ||
| + | | SHIPPING_POSTCODE | N | Text type field, between 1 and 50 characteres. See **ND004 - Level II Data Validation** for more details. | | ||
| + | | SHIPPING_COUNTRY | N | Text type field, with 2 characteres. ISO ALPHA-2 Country Code. Also, see Notes 4 and 5 below. | | ||
| + | | TOTAL_DISCOUNT_AMOUNT | N | Total discount amount provided to the sale. Max of 13 characters and 3 decimal points, depending on your terminal's currency. See **ND006** for more details.| | ||
| + | | TOTAL_FREIGHT_AMOUNT | N | Total freight amount applied to the sale. Max of 13 characters and 3 decimal points, depending on your terminal's currency. See **ND006** for more details.| | ||
| + | | TOTAL_DUTY_AMOUNT | N | Total discount amount applied to the sale. Max of 13 characters and 3 decimal points, depending on your terminal's currency. See **ND006** for more details.| | ||
| + | | LINE_ITEM_'N'_PRODUCT_CODE | N | This is the merchant's identifier for the product. Also known as Universal Product Code (UPC). Subfield of a line item. You can add as many items as you see fit, using a sequential instead of 'N' to identify its fields. Its value can be up to 45 characters. See **ND006** for more details.| | ||
| + | | LINE_ITEM_'N'_COMMODITY_CODE | N | Item's commodity code, defined for trade tariff. Widely used by corporate purchasing organizations to segment and manage their total spend across diverse product line . Defined at government or commercial aggrements level. Consult your Acquirer for more details. Subfield of a line item. You can add as many items as you see fit, using a sequential instead of 'N' to identify its fields. Its value can be up to 45 characters. See **ND006 - Level 3 Data Validation**.| | ||
| + | | LINE_ITEM_'N'_DESCRIPTION | N | This is the merchant's description for the product. Subfield of a line item. You can add as many items as you see fit, using a sequential instead of 'N' to identify its fields. Its value can be up to 250 characters. See **ND006** for more details.| | ||
| + | | LINE_ITEM_'N'_QUANTITY | N | Quantity of the specific item for the sale. See **ND006** for more details.| | ||
| + | | LINE_ITEM_'N'_UNIT_OF_MEASURE | N | Measure unit used for this specific type to sell it in parts, units, or sets. Subfield of a line item. You can add as many items as you see fit, using a sequential instead of 'N' to identify its fields. Its value can be up to 45 characters. See **ND006** for more details.| | ||
| + | | LINE_ITEM_'N'_UNIT_PRICE | N | Unit price applied for that specific type of item and measure unity, within the sale. Max of 13 characters and 3 decimal points, depending on your terminal's currency. See **ND006** for more details.| | ||
| + | | LINE_ITEM_'N'_DISCOUNT_RATE | N | A % of discount applied to the item total (quantity x unit price) before taxes. Max of 100%. See **ND006** for more details.| | ||
| + | | LINE_ITEM_'N'_TAX_RATE | N | A % of tax applied to the item total (quantity x unit price) after discounts. Max of 100%. See **ND006** for more details.| | ||
| + | | LINE_ITEM_'N'_TOTAL_AMOUNT | N |Final item value based on total (quantity x unit price) after discount and tax applied. Max of 13 characters and 3 decimal points, depending on your terminal's currency. See **ND006** for more details.| | ||
| + | | CUSTOMFIELD | N | Any of the available Custom Fields for the Terminal. If there are Custom Fields enabled for the particular Terminal in use, the Hosted Page is gonna show the ones not sent on request and hide the ones sent, pre-populating them with the informed values. Their values are going to be stored and used by the Payment Gateway for the requests sent to the Receipt URL and the Validation URL. To understand more visit the section regarding **[[developer:api_specification:special_fields_and_parameters|Special Fields and Parameters]]**. | | ||
| + | | OTHERFIELD | N | Any other fields sent in the request will be treated as a custom field. They are not going to be stored, but they are going to be used by the Payment Gateway for the request sent to the Receipt URL. Note that this is subject to the max length of a HTTP GET request which we would conservatively recommend considering to be 2000 characters. | | ||
| + | </searchtable> | ||
| + | |||
| + | \\ | ||
| + | |||
| + | ==== Notes and Details About the Request ==== | ||
| + | |||
| + | **ND001 - Hash Formation** | ||
| + | |||
| + | The gerenal rule to build HASH field is given at the **[[developer:api_specification:special_fields_and_parameters|Special Fields and Parameters]]** page. For this specific feature, you should use the following formats: | ||
| + | |||
| + | When using a Single Currency Terminal, the string to generate the HASH field is going to formed using: | ||
| + | <WRAP center box 100%> | ||
| + | TERMINALID:ORDERID:AMOUNT:DATETIME:RECEIPTPAGEURL:VALIDATIONURL:SECRET | ||
| + | </WRAP> | ||
| + | When using a Multi Currency Terminal, the string to generate the HASH field is going to formed using: | ||
| + | <WRAP center box 100%> | ||
| + | TERMINALID:ORDERID:CURRENCY:AMOUNT:DATETIME:RECEIPTPAGEURL:VALIDATIONURL:SECRET | ||
| + | </WRAP> | ||
| + | |||
| + | \\ | ||
| + | |||
| + | **ND002 - Hosted Page in an iFrame** | ||
| + | |||
| + | It is also possible to process transactions using an iFrame rather than a full redirect. All the same fields are required as the standard full redirect integration. However, the implementation for the iFrame is slightly different. There are two methods of implementing it on an iFrame: | ||
| + | * **1**. Build and submit the form as with standard integration, but within the iFrame. | ||
| + | * **2**. Build the POST query string within the main page and then create an iFrame with the string as it's SRC value. | ||
| + | |||
| + | In either case, the following extra parameter should also be included at the request body: | ||
| + | |||
| + | ^ **FIELD** ^ **REQUIRED** ^ **VALUE** ^ **DESCRIPTION** ^ | ||
| + | | INIFRAME | YES | Y | Ensures that all redirects performed by our system do not break out of the iFrame. | | ||
| + | |||
| + | \\ | ||
| + | |||
| + | **ND003 - Secure Card Registration by Payment Request** | ||
| + | |||
| + | It is also possible to take advantage of a Payment Request to register a Secure Card. In this case, the following extra parameter should also be included at the request body: | ||
| + | |||
| + | ^ **FIELD** ^ **REQUIRED** ^ **DESCRIPTION** ^ | ||
| + | | SECURECARDMERCHANTREF | Y | Unique Reference assigned by the merchant site/software to identify the stored card details. Its length is limited to 48 characters. | | ||
| + | |||
| + | \\ | ||
| + | |||
| + | **ND004 - Level II Data Validation** | ||
| + | |||
| + | This field is associate with the feature “Level II Data”, and to be used is necessary to set the “Allow Level II Data” option, on a Processing Terminal “Features” section. And this feature is only available for specific acquirers (contact our support team for more details). All the fields associated with the feature “Level II Data”, except for SHIPPING_ADDRESS2, are mandatory when the “Level II Data Compulsory” is checked in the Processing Terminal “Features” section. | ||
| + | |||
| + | \\ | ||
| + | |||
| + | **ND005 - Multi Language Support** | ||
| + | |||
| + | Depending on your customer's browser definitions and if there's a language template defined for his/ her language priority, the Payment Gateway is going to send the payment receipt translated. If the language is not supported by the gateway, the receipt is going to be sent using the gateway's language. | ||
| + | |||
| + | |||
| + | ==== Examples for a Request ==== | ||
| + | |||
| + | * **Scenario**: Minimum request, with only mandatory data. | ||
| + | * **Terminal Currency Type**: Single Currency Terminal. | ||
| + | * **Terminal Secret**: x4n35c32RT. | ||
| + | |||
| + | <code html> | ||
| + | <html> | ||
| + | <body> | ||
| + | <form action="https://testpayments.nuvei.com/merchant/paymentpage" method="post"> | ||
| + | <input type="hidden" name="TERMINALID" value="6491002" /> | ||
| + | <input type="hidden" name="ORDERID" value="3281" /> | ||
| + | <input type="hidden" name="CURRENCY" value="EUR" /> | ||
| + | <input type="hidden" name="AMOUNT" value="10.00" /> | ||
| + | <input type="hidden" name="DATETIME" value="15-3-2006:10:43:01:673" /> | ||
| + | <input type="hidden" name="HASH" value="56083f2c6aa3d233dade436b1308805a" /> | ||
| + | <input type="submit" value="Pay Now" /> | ||
| + | </form> | ||
| + | </body> | ||
| + | </html> | ||
| + | </code> | ||
| + | |||
| + | \\ | ||
| + | |||
| + | * **Scenario**: Minimum request, with only mandatory data. | ||
| + | * **Terminal Currency Type**: Multi Currency Terminal. | ||
| + | * **Transaction Processing Currency**: EUR. | ||
| + | * **Terminal Secret**: x4n35c32RT. | ||
| + | |||
| + | <code html> | ||
| + | <html> | ||
| + | <body> | ||
| + | <form action="https://testpayments.nuvei.com/merchant/paymentpage" method="post"> | ||
| + | <input type="hidden" name="TERMINALID" value="6491002" /> | ||
| + | <input type="hidden" name="ORDERID" value="3281" /> | ||
| + | <input type="hidden" name="CURRENCY" value="EUR" /> | ||
| + | <input type="hidden" name="AMOUNT" value="10.00" /> | ||
| + | <input type="hidden" name="DATETIME" value="15-3-2006:10:43:01:673" /> | ||
| + | <input type="hidden" name="HASH" value="e19685ec07de954398e971d237654e71" /> | ||
| + | <input type="submit" value="Pay Now" /> | ||
| + | </form> | ||
| + | </body> | ||
| + | </html> | ||
| + | </code> | ||
| + | \\ | ||
| + | |||
| + | <WRAP center important 100%> | ||
| + | **REMEMBER** to change the Terminal Id and Terminal Secret for valid values. | ||
| + | Verify the **[[developer:integration_docs|Integration Docs]]** for viable examples or contact our support team. | ||
| + | </WRAP> | ||
| + | |||
| + | \\ | ||
| + | |||
| + | ==== Response Body Fields ==== | ||
| + | |||
| + | Remember that, when using the HPP integration method, the Payment Gateway is going to use the **Receipt URL**, configured at the Terminal or sent on request, to perform another request, but this time, as the response for the transaction processed by the Terminal. The response body field will be: | ||
| + | |||
| + | <searchtable> | ||
| + | ^ **FIELD** ^ **DESCRIPTION** ^ | ||
| + | | ORDERID | Same as informed at the transaction's request. | | ||
| + | | APPROVALCODE | A six digit AuthCode. | | ||
| + | | RESPONSECODE | **A**: (APPROVED/ AUTHORIZED/ ACCEPTED, respectively). \\ **E**: (ACCEPTED for later processing, but result currently unknown - specifically for China Union Pay). \\ **D**: (DECLINED). \\ **R**: (REFERRED, also considered as PICKUP). \\ **C**: (PICKUP, also known as Referral A or Referral B). \\ For more details, visit **[[merchant:existing_merchant:other_information:transaction_responses|Transaction Responses]]**. | | ||
| + | | RESPONSETEXT | The text of the authorization. | | ||
| + | | DATETIME | The time of the transaction created by the bank. Format: **YYYY-MM-DDTHH:MM:SS**. | | ||
| + | | AVSRESPONSE | The result of the AVS check. Check **[[merchant:existing_merchant:other_information:transaction_responses|Transaction Responses]]**. | | ||
| + | | CVVRESPONSE | The result of the CVV check. See Appendix A for more information. | | ||
| + | | UNIQUEREF | Generated reference that should be stored for tracking and remote XML refunding. | | ||
| + | | EMAIL | Same as informed at the transaction's request. Returned if informed on request. | | ||
| + | | PHONE | Same as informed at the transaction's request. Returned if informed on request. | | ||
| + | | COUNTRY | Same as informed at the transaction's request. Returned if informed on request. | | ||
| + | | CARDNUMBER | The card number (obfuscated) that was used for the transaction. | | ||
| + | | HASH | A HASH code formed by part of the response fields. The formation rule is given at the **ND001 - Hash Formation**, in the next section. | | ||
| + | | FRAUDREVIEWSTATUS | Values can be: **PASS**, **REVIEW** or **REJECT**. \\ Consider the notes **ND002** and **ND003**, in the next section. | | ||
| + | | FRAUDREVIEWRISKRATING | Values can be: **HIGH**, **MEDIUM**, **LOW**, **NEUTRAL** or **TRUST**. \\Consider the note **ND002**, in the next section. | | ||
| + | | FRAUDREVIEWSCORE | Number value, between **-100** (highest risk) and **+100** (lowest risk).\\Consider the note **ND002**, in the next section. | | ||
| + | | FRAUDREVIEWREASONCODE | Empty String, or a list of comma separated reasons of why this transaction is a risk. \\Consider the note **ND002**, in the next section. | | ||
| + | | CUSTOMFIELD | Same as informed at the transaction's request. Returns all custom fields informed on request. | | ||
| + | | OTHERFIELD | Same as informed at the transaction's request. Returns all additional fields informed on request. | | ||
| + | </searchtable> | ||
| + | \\ | ||
| + | \\ | ||
| + | |||
| + | ==== Notes and Details on the Response ==== | ||
| + | |||
| + | **ND001 - Hash Formation** | ||
| + | |||
| + | The gerenal rule to build HASH field is given at the **[[developer:api_specification:special_fields_and_parameters|Special Fields and Parameters]]** page, under the **[[developer:api_specification:special_fields_and_parameters#the_hash_parameter|Special Fields and Parameters]]** section.For this specific feature, you should use the following formats: | ||
| + | |||
| + | * __Common case__: | ||
| + | |||
| + | <WRAP center box 100%> | ||
| + | TERMINALID:ORDERID:AMOUNT:DATETIME:RESPONSECODE:RESPONSETEXT:SECRET | ||
| + | </WRAP> | ||
| + | |||
| + | * __When the original request also requested the registering of a Secure Card__: | ||
| + | |||
| + | <WRAP center box 100%> | ||
| + | TERMINALID:ORDERID:AMOUNT:DATETIME:RESPONSECODE:RESPONSETEXT:SECRET:MERCHANTREF:CARDREFERENCE:CARDTYPE:CARDNUMBER:CARDEXPIRY | ||
| + | </WRAP> | ||
| + | |||
| + | When using a Multi Currency Terminal, the string to generate the HASH field is going to formed using: | ||
| + | |||
| + | * __Common case__: | ||
| + | |||
| + | <WRAP center box 100%> | ||
| + | TERMINALID:ORDERID:CURRENCY:AMOUNT:DATETIME:RESPONSECODE:RESPONSETEXT:SECRET | ||
| + | </WRAP> | ||
| + | |||
| + | * __When the original request also requested the registering of a Secure Card__: | ||
| + | |||
| + | <WRAP center box 100%> | ||
| + | TERMINALID:ORDERID:CURRENCY:AMOUNT:DATETIME:RESPONSECODE:RESPONSETEXT:SECRET:MERCHANTREF:CARDREFERENCE:CARDTYPE:CARDNUMBER:CARDEXPIRY | ||
| + | </WRAP> | ||
| + | \\ | ||
| + | |||
| + | **ND002 - Treat Metrix Enabling** | ||
| + | |||
| + | Threat Metrix must be enabled for your Gateway and on the Terminal used for processing the request needs to be also enabled for Threat Metrix feature so your response contains these fields. | ||
| + | |||
| + | \\ | ||
| + | |||
| + | **ND003 - Treat Metrix REVIEW status** | ||
| + | |||
| + | If a transaction is returned with "FRAUDREVIEWSTATUS" as "REVIEW", this transaction can be changed manually, using the new report feature on Selfcare System, or using the transaction update XML gateway service, to "APPROVE" or "REJECT" the transaction. Transactions with this status are not going to be settled until the transaction status is changed. See the XML Gateway method for more details, more specifically, its **Transaction Update** feature, to change the transaction returned as "REVIEW" to "REJECT" or "APPROVE". | ||
| + | |||
| + | \\ | ||
| + | |||
| + | **ND004 - Secure Card Registration by Payment Request** | ||
| + | |||
| + | When the **SECURECARDMERCHANTREF** field is sent on request, the Payment Gateway understands that you desire to create a Secure Card from the | ||
| + | card data used for the transaction. In this case, the following extra parameter are going to be added to the response body: | ||
| + | |||
| + | ^ **FIELD** ^ **DESCRIPTION** ^ | ||
| + | | ISSTORED | Values can be: true or false. | | ||
| + | | SCERROR | Description of storage error if ISSTORED is “false” .| | ||
| + | | MERCHANTREF | Original SECURECARDMERCHANTREF provided by the Merchant on request. | | ||
| + | | CARDREFERENCE | Generated card reference. | | ||
| + | | CARDTYPE | Card Type used for the transaction.\\ For more details on this, visit **[[developer:api_specification:special_fields_and_parameters#the_card_types|Special Fields and Parameters - Card Types]]**. | | ||
| + | | CARDEXPIRY | Expiry date of the card. | | ||
| + | |||
| + | |||
| + | For more details on this feature, visit the **[[merchant:new_merchant:products#secure_card|Products - Secure Card]]** section. | ||
| + | |||
| + | \\ | ||
| + | |||
| + | ==== General Constraints and Rules Related to the Feature ==== | ||
| + | |||
| + | <searchtable> | ||
| + | ^ **CONSTRAINT** ^ **DESCRIPTION** ^ | ||
| + | | C001 | The hosted Pre-Auth page allows for pre-authorization where the merchant account allows such requests. | | ||
| + | | C002 | Pre-auth transactions don't have the concept of Auto Ready, so to go into the **READY** state, they need to be completed using SelfCare System or via an XML Completion request before they will be settled. | | ||
| + | | C003 | The final amount of a pre-auth transaction can be adjusted on completion. | | ||
| + | </searchtable> | ||
| + | \\ | ||
| + | \\ | ||
| + | |||
| + | |||