Integration Guide
Version 6.9
Contents
| Table of Contents |
|---|
Document history
Date
Name
Change
01.09.2019
Peter Posse
Original version
Payment platform interface
| Multiexcerpt include | ||||||
|---|---|---|---|---|---|---|
|
| Note |
|---|
→ Updated version will be provided end of 2023 |
About Mobile SDK Authentication
General information about Mobile SDK Authentication
This document describes the BNP SDK authentication method and the corresponding parameters for the request and the responses passed back. If a merchant develops an app of its own, this method is necessary so that secure authentication takes place via the BNP interface, independently of the app. The authentication is based on a one-off token that is exchanged between BNP and the merchant.
Further information about integration of the SDK can be found within GitHub repository at https://github.com/axepta.
Process flow chart
Payment platform interface
| Multiexcerpt include | ||||||
|---|---|---|---|---|---|---|
|
Mobile SDK authentication process
High level process overview:
- Mobile SDK creates authentication request to merchant’s URL endpoint
- Merchant’s URL endpoint generates AuthToken and AuthLabel
- Merchant’s URL endpoint calls BNP interface with below defined parameters
- Merchant’s URL endpoint receives BNP response
- Merchant’s URL endpoint responds to Mobile SDK authentication request
For the authentication request, the merchant’s endpoint should accept a POST request with Content-Type: application/json and a JSON body like this:
{
"merchantID" : <BNP_MerchantID>
}
The Mobile SDK expects a JSON object as response from merchant’s endpoint, so merchant’s endpoint needs to create a JSON object with attributes from the response and also the generated AuthToken and AuthLabel like this:
{
"AuthToken“: <generated_token>,
"AuthLabel": <generated_label>,
“ExpiryDate”: <expiry_date_of_token>
"Description": <description_from_axepta_response>,
"Status": <status_from_axepta_response>,
"Code": <code_from_axepta_response>
}
Calling the interface
In order to register a one-off token for encryption on BNP Payment platform, the merchant must transmit the following parameters to BNP via a server-to-server connection. Use the following URL to do this
Status inquiries via socket connections
Status inquiries based on PayID
Status inquiries within Payment platform give detailed information about the amounts that are actually authorized, captured or credited. Especially before executing reversals via the interface reverse.aspx it is recommended to check the transaction status with inquire.aspx, because Reverse.aspx reverses not only authorizations but ALWAYS THE LAST TRANSACTION STEP.
Inquiries of transaction status based on PayID are possible via a Server-to-Server connection. In order to inquire about the status of a transaction via a Server-to-Server connection, please use the following URL:
Notice: For security reasons, Payment platform rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.
The following table describes the encrypted payment request parameters:
Parameter
Format
CND
Description
MerchantID
ans..30
M
ID of merchant. Additionally this parameter has to be passed in plain language too.
PayID
an32
M
ID for identifying a transaction given by Payment platform
TransID
ans..64
M
TransactionID which should be unique for each payment
Parameters for status inquiries via socket connections
The following table describes the Payment platform response parameters:
Parameter
Format
CND
Description
MID
ans..30
M
ID of merchant
PayID
an32
M
ID assigned by Payment platform for the payment, e.g. for referencing in batch files.
XID
an32
M
ID for all single transactions (authorisation, capture, credit note) for one payment assigned by Payment platform
TransID
ans..64
M
Merchant’s transaction number
Status
a..50
M
OK or FAILED
Description
ans..1024
M
Further details in the event that payment is rejected. Please do not use the Description but the Code parameter for the transaction status analysis!
Code
n8
M
Error code according to Payment platform Response Codes Excel file
AmountAuth
n..10
O
Approved amount
AmountCap
n..10
O
Captured amount
AmountCred
n..10
O
Credited amount
LastStatus
a..50
O
Status of last transaction (Authorisation, Capture or Credit)
Response parameters in the case of status inquiries via socket connections
Notice: The LastStatus parameter is not sufficient to determine the status because it supplies the status of only the last transaction. For example LastStatus delivers the status Failed if a credit has failed although the previous authorisation and capture were successful. The fields AmountAuth, AmountCap and AmountCred give the precise status.
Status inquiries based on TransID
Inquiries of transaction status based on TransID are possible via a Server-to-Server connection. In order to inquire about the status of a transaction via a Server-to-Server connection, please use the following URL:
https://paymentpage.epaymentaxepta.bnpparibas/inquire24authtoken.aspx |
Notice: For security reasons, Payment platform rejects all payment requests with formatting errors. Therefore , please use the correct data type for each parameter.
The following table describes the encrypted payment request parameters:
Parameter | Format | CND | Description | ||||
|---|---|---|---|---|---|---|---|
MerchantID | ans..30 | M | ID of merchant. Additionally this parameter has to be passed in plain language too. | ||||
AuthToken | an16..56 | M | Unique token generated by merchant which is used to decrypt the payment request | ||||
AuthLabel | an32 | TransID | ans..64 | M | TransactionID which should be unique for each payment | ||
Identifier for the AuthToken used to decrypt the payment request | ||||
ExpiryDate | dttm | O | End time of token validity. The maximum period of validity amounts 24 hours. If the value is not specified the token expires after 15 minutes by default. | |
The following table describes the Payment platform response parameters:
Parameter | Format | CND | Description | |||
|---|---|---|---|---|---|---|
MID | ans..30 | M | ID of merchant | |||
PayID | an32 | M | ID assigned by Payment platform for the payment, e.g. for referencing in batch files | |||
XID | an32 | M | ID for all single transactions (authorisation, capture, credit note) for one payment assigned by Payment platform | |||
TransID | ans..64 | M | Merchant’s transaction number | |||
Status | a.. | 5030 | M | OK or FAILED as status of inquiry and not of the requested transaction | ||
Description | ans..1024 | M | Further details in the event that payment is rejectedMore detailed description of the values for Status and Code. Please do not use the Description but the Code parameter for the transaction status analysis! | |||
Code | n8 | M | Error code of inquiry not of the requested transaction according to Paygate Response Codes Excel file | |||
AmountAuth | n..10 | O | Approved amount | |||
AmountCap | n..10 | O | Captured amount | |||
AmountCred | n..10 | O | Credited amount | |||
LastStatus | a..50 | O | Status of last transaction (Authorisation, Capture or Credit) | |||
LastXCode | n8 | O | Error code of last transaction according to Payment platform Response Codes Excel file | |||
LastXAmount | n..10 | O | Amount in the smallest currency unit (e.g. EUR Cent) | |||
Response parameters in the case of status inquiries via socket connections
Notice: The LastStatus parameter is not sufficient to determine the status because it supplies the status of only the last transaction. For example LastStatus delivers the status Failed if a credit has failed although the previous authorisation and capture were successful. The fields AmountAuth, AmountCap and AmountCred give the precise status
ExpiryDate | dttm | M | End time of token validity. Either default value or return of the value of request. | |