This documentation is for merchants using iDEAL with BNPP NL as an acquirer.
Contents
About iDEAL
General information about iDEAL
Like giropay in Germany, Dutch banks established the iDEAL money transfer standard. Approximately 50% of all e-commerce payments in the Netherlands are processed with iDEAL. Offering iDEAL is a vital success factor for e-commerce business wanting to sell in the Netherlands. The customer is using the familiar and trusted online banking of its own credit institution, just the same as with online banking.
With online banking, the data disclosed in the online transfer is encrypted with SSL (Secure Sockets Layer) to prevent manipulation.
| Bank transfers with iDEAL are a guarantee of success in the Netherlands: About 100.000 webshops and organizations offers iDEAL with approximately 50% of all e-commerce payments being processed with iDEAL. Monthly there are about 13 million transactions. |
Further information can be found iDEAL-website in Dutch and English (www.ideal.nl).
Specific requirement iDEAL Mobile: Redirect to Issuer (no in-app browser)
The Merchant needs to provide the redirect to the Issuer from the browser window or Merchant app where the Consumer selected the Issuing bank. If it is not possible to keep the Consumer in the same browser window then this should be communicated to the Consumer (e.g. ‘You will now be redirected to the app or mobile website of your bank’).
In case of a payment initiated in the Merchant app, it is not allowed to present the Issuer approval screens in a webview component within the Merchant’s own app (in-app browser). The complete payment flow, up to the redirect back to the Merchant’s app, must take place in an app that is trusted by the Consumer, either the Consumer’s chosen browser or the Issuer’s mobile app. Thus, for execution the issuerAuthentionURL must be offered to the operating system at all times. During the payment flow it must not be possible for the Consumer to initiate another payment through the Merchant’s original app.
Relevant details about the redirect from the Merchant to the Issuer’s mobile channel:
- The Issuer decides which Consumers to redirect to which channel. For example some Issuers may treat users of tablet devices the same as mobile users while others will treat them like PC users;
- The Merchant should not intervene with the redirect. There is only one issuerAuthenticationURL for the Merchant to use in all transactions, not a separate URL for mobile iDEAL transactions. The issuerAuthenticationURL should be executed by the operating system at all times;
- If the Issuing bank has integrated iDEAL mobile in its mobile banking app, the Consumer is offered the option, on a ‘landing page’, to open the app or pay via the (mobile) web page. On this ‘landing page’ the Consumer might be offered the option to download the latest version of the mobile banking app, if it is not yet installed on the Consumer’s device.
Process flow chart
Advice
Customer journey in a merchant webshop
To create an iDEAL payment, the merchant should provide the issuer bank (issuerID) in the request.
It means the consumer has to choose his bank.
The bank list can be retrieved via a call to Axepta (idealIssuerList.aspx).
Payment platform interface
Data formats: Format Description a alphabetical as alphabetical with special characters n numeric an alphanumeric ans alphanumeric with special characters ns numeric with special characters bool boolean expression (true or false) 3 fixed length with 3 digits/characters ..3 variable length with maximum 3 digits/characters enum enumeration of allowed values dttm ISODateTime (YYYY-MM-DDThh:mm:ss) Abbreviations: Abbreviation Description CND condition M mandatory O optional C conditional Notice: Please note that the names of parameters can be returned in upper or lower case.Definitions
Calling the iDEAL interface
To process a payment with online transfer with iDEAL, please use the following URL:
Notice: For security reasons, Payment platform rejects all payment requests with formatting errors. Therefore please use the correct data type for each parameter.
The following table describes the encrypted payment request parameters:
Parameter | Format | CND | Description |
|---|---|---|---|
MerchantID | ans..30 | M | ID of merchant. Additionally this parameter has to be passed in plain language too. |
TransID | ans..64 | M | TransactionID which should be unique for each payment |
RefNr | an12 | M | Merchant's unique reference number. In case of using the EMS interface the length is limited to 15 chars. |
Amount | n..10 | M | Amount in the smallest currency unit (e.g. EUR Cent) Please contact the helpdesk, if you want to capture amounts < 100 (smallest currency unit). |
Currency | a3 | M | Currency, three digits DIN / ISO 4217 |
OrderDesc | ans..384 | M | Description of purchased goods, unit prices etc. Please note: The first 27 characters appear on the customer-account statement. You can view the full data in Analytics. |
MAC | an64 | M | Hash Message Authentication Code (HMAC) with SHA-256 algorithm |
UserData | ans..1024 | O | If specified at request, Payment platform forwards the parameter with the payment result to the shop |
URLSuccess | ans..256 | M | Complete URL which calls up Payment platform if payment has been successful. The URL may be called up only via port 443 This URL may not contain parameters: In order to exchange values between Payment platform and shop, please use the parameter UserData. |
URLFailure | ans..256 | M | Complete URL which calls up Payment platform if payment has been unsuccessful. The URL may be called up only via port 443 This URL may not contain parameters: In order to exchange values between Payment platform and shop, please use the parameter UserData. |
Response | a7 | O | Status response sent by Payment platform to URLSuccess and URLFailure, should be encrypted. For this purpose, transmit Response=encrypt parameter. |
URLNotify | ans..256 | M | Complete URL which Payment platform calls up in order to notify the shop about the payment result. The URL may be called up only via port 443 It may not contain parameters: Use the UserData parameter instead. |
ReqID | ans..32 | O | To avoid double payments, enter an alphanumeric value which identifies your transaction and may be assigned only once. If the transaction is submitted again with the same ReqID, the payment platform will not carry out the payment, but will just return the status of the original transaction. Please note that the payment platform must have a finalized transaction status for the first initial action. Submissions with identical ReqID for an open status will be processed regularly. |
IssuerID | ans..11 | MC | BIC for the selected bank (see querying the stored iDEAL banks) |
Plain | ans..50 | O | A value to be set by the merchant to return some information unencrypted, e.g. the MID |
Custom | ans..1024 | O | The merchant can submit several values separated by | which are returned unencrypted and separated by &. Custom=session=123|id=456 will change in the answer to Session=123&id=456 |
The following table gives the result parameters which the Payment platform transmits to URLSuccess or URLFailure and URLNotify. If you have specified the Response=encrypt parameter, the following parameters are forwarded Blowfish encrypted to your system:
Parameter | Format | CND | Description | |
|---|---|---|---|---|
MID | ans..30 | M | ID of merchant | |
PayID | an32 | M | ID assigned by Payment platform for the payment, e.g. for referencing in batch files | |
XID | an32 | M | ID for all single transactions (authorisation, capture, credit note) for one payment assigned by Payment platform | |
TransID | ans..64 | M | Merchant’s transaction number | |
Status | a..50 | M | OK (URLSuccess) or FAILED (URLFailure) | |
Description | ans..1024 | M | Further details in the event that payment is rejected. Please do not use the Description but the Code parameter for the transaction status analysis! | |
Code | n8 | M | Error code according to Payment platform Response Codes Excel file | |
RefNr | an12 | M | Merchant’s unique reference number | |
UserData | ans..1024 | O | If specified at request, Payment platform forwards the parameter with the payment result to the shop | |
MAC | an64 | M | Hash Message Authentication Code (HMAC) with SHA-256 algorithm | |
AccBank | ans..20 | MC | Identification of the financial institution of the account holder | |
AccOwner | a..50 | MC | Name of the account holder | |
IBAN | ans..34 | MC | IBAN of the account holder | |
BIC | ans..11 | MC | BIC of the account holder | |
Plain | ans..50 | O | A value to be set by the merchant to return some information unencrypted, e.g. the MID | |
Custom | ans..1024 | O | The merchant can submit several values separated by | which are returned unencrypted and separated by &. Custom=session=123|id=456 will change in the answer to Session=123&id=456 | |
Querying the stored iDEAL banks
Payment platform offers merchants the possibility to query which banks are stored for the merchant before the actual payment process. Since the configured bank list rarely changes, this does not need to be queried for each bank transfer. For this verification call up the following URL:
The following table describes the encrypted payment request parameters: Please note that the Merchant-ID plus Len and Data must be transferred every time as with all Payment platform requests:
Parameter | Format | CND | Description |
|---|---|---|---|
MerchantID | ans..30 | M | ID of merchant, assigned by BNP. Additionally this parameter has to be passed in plain language too. |
Please transfer the Merchant-ID both in the unencrypted as well as the encrypted string.
The following table describes the result parameters, which Payment platform sends in response:
Parameter | Format | CND | Description |
|---|---|---|---|
MerchantID | ans..30 | M | ID of merchant, assigned by BNP. Additionally this parameter has to be passed in plain language too. |
IdealIssuerList | ans.. | M | The IdealIssuerList contains all banks stored for the merchant at the time of the query in the format IssuerID,Name,Country|… IssuerID = BIC of the bank Name = name of the bank Country = Name of the country for the bank (max. 128 charachters) |