Menu

Rules engine action

Manage a HTTP 307 response

If a transaction request is returned with a HTTP code 307 the merchant should request either a CVC (card verification code), an OTP (one time password) or send a request for 3DSecure.

  • For CVC requested:
    • Add the field cvcValidation with the value submited by cardholder to the transaction.
  • For OTP requested:
    • Add the field otp with the value submitted by cardholder to the transaction.
  • For 3DS requested:
    • Use the checkEnrollment object recieved in the HTTP 307 response to load the URL received in the field checkEnrollment.acsURLwith th following POST parameters:
      • PaReq: use the value of checkEnrollment.paReq.
      • MD: use the value of the checkEnrollment.merchantName.
      • TermUrl: the URL that will be loaded after 3DS validation, it has to read and manage the response from the 3DS bank page.
    • Read the 3DS response and make another transaction request adding the following parameters to the attempted previously:
      • 3ds[paRes] use the value of paRes from the 3DS response.
      • 3ds[enrollmentId] use the value of checkEnrollment.enrollmentId from the previous transaction object

Example of transaction requests after 3DS rule engine action

First transaction request:

curl -v https://test-api.centralpay.net/v2/rest/transaction \
-u 'DEMOPSC:eUZG&DVD6cCD' \
-d merchantTransactionId=00201806876 \
-d pointOfSaleId=95f83a22-e0a2-4a57-9457-6fcd8198b82b \
-d amount=2500 \
-d currency=EUR \
-d receiptEmail=john.doe@outlook.fr \
-d customerId=20f26fd6-56a2-492a-9a87-2603c9a77ca5 \
-d cardId=943ed87f-92c6-4546-a312-c187453a9a86 \
-d endUserIp=172.24.72.54 \
-d order[firstName]=JOHN \
-d order[lastName]=DOE \
-d order[country]=GB 

 

Response after rule engine action (HTTP response code 307):

{
  "checkEnrollment": {
    "enrollmentId": "d43fa45f-e7c3-4b40-a886-cffc76d56fa7",
    "creationDate": "2018-02-14T12:50:41.591+01:00",
    "additionalData": {},
    "acsURL": "https://test-threedsecure.centralpay.net/acs",
    "amount": 2500,
    "cardFingerprint": "b384a276872de0bc02bb858cab0a76d0dc9a607e",
    "currency": "EUR",
    "first6": "400000",
    "last4": "0002",
    "merchantCountry": "FR",
    "merchantName": "Live Demo",
    "merchantTransactionIdentifier": "180214125040048",
    "merchantURL": "https://centralpay.net",
    "paReq": "eJxVUttuwjAM/ZWq7yVJSUuL3CA... ...J+b6RfubH+fYVvye+/+Q==",
    "status": "SUCCESS"
  },
  "otp": false,
  "cvc": false
}

 

Transaction request after 3DS successful validation:

curl -v https://test-api.centralpay.net/v2/rest/transaction \ 
-u 'DEMOPSC:eUZG&DVD6cCD' \ 
-d merchantTransactionId=00201806876-#act \ 
-d pointOfSaleId=95f83a22-e0a2-4a57-9457-6fcd8198b82b \ 
-d amount=2500 \ 
-d currency=EUR \ 
-d receiptEmail=john.doe@outlook.fr \ 
-d customerId=20f26fd6-56a2-492a-9a87-2603c9a77ca5 \ 
-d cardId=943ed87f-92c6-4546-a312-c187453a9a86 \ 
-d endUserIp=172.24.72.54 \ 
-d order[firstName]=JOHN \ 
-d order[lastName]=DOE \ 
-d order[country]=GB \ 
-d 3ds[enrollmentId]=d43fa45f-e7c3-4b40-a886-cffc76d56fa7 \ 
-d 3ds[paRes]=eJydVlmzosgSfvdXnDjzaNvsKhPoRLEpss... ...mRz+79T1//eFx+PIif76GvD+W/AatUt1c= 

 

Mind new fields 3ds[enrollmentId] and 3ds[paRes] added in the second transaction request and the difference in the value of field merchantTransactionId:

  • First transaction request: 00201806876.
  • Second transaction request: 00201806876-#act.

The transaction response returned will contain, among others, the following details:

{
  "transactionId": "14b7b7ef-3411-495a-b322-d1a77520b848",
  "merchantTransactionId": "00201806876-#act",
  "creationDate": "2018-02-14T12:50:52.752+01:00",
  "totalAmount": 2500,
  "customerId": "20f26fd6-56a2-492a-9a87-2603c9a77ca5",
  "card": {
    "cardId": "943ed87f-92c6-4546-a312-c187453a9a86",
    "customerId": "20f26fd6-56a2-492a-9a87-2603c9a77ca5",
    "fingerprint": "b384a276872de0bc02bb858cab0a76d0dc9a607e"
  },
  "3ds": true,
  "endUserIp": "172.24.72.54",
  "receiptEmail": "john.doe@outlook.fr",
  "pointOfSaleId": "95f83a22-e0a2-4a57-9457-6fcd8198b82b",
  "enrollmentId": "d43fa45f-e7c3-4b40-a886-cffc76d56fa7",
  "additionalData": {}
}

Match successful order reference

After receiving a transaction response from the API you may want to update your order reference in your backoffice/database.

Mind the following note if you set any acceptance rule to verify the transaction either with 3DSCVC or OTP:

If you used this order reference to submit the merchantTransactionId mind to substract the string added (prefixed or suffixed) before matching it with your original order reference.

Mind that you are free to submit additional fields using the additionalData parameter, e.g. additionalData=[referenceId]00032051. All the data sent into the additionalData object will be returned in the transaction response.