Page History
...
Name | Manda- | Accepted values | Default value | Description | ||
Merchant_ID | Yes | Number | Merchant identification number in IPS Assist | |||
Login | Yes | String | Service Login | |||
Password | Yes | String | Password | |||
OrderNumber | Yes/No | 128 symbols | Order number (order identification on the merchant side) | |||
OrderAmount | Yes | Number, 15 digits, two digits after the delimiter (delimiter '.') | Payment amount (ex.: 10.34) | |||
OrderCurrency | No | 3 symbols | Default currency of enterprise or merchant | Order currency code (for OrderAmount value) Ex.: RUB, USD, EUR and so on. | ||
OrderComment | No | 4000 symbols | Order comment | |||
Delay | No | 0 – - one stage payment, | 0 | Flag for selection of one or two payment stages | ||
Language | No | RU – - Russian | Enterprise or merchant language | Language of payment pages | ||
ClientIP | No/Yes | IP-address of customer. IP-address of customer. The parameter is mandatory for the 3-D Secure protocol version 2. | ||||
Cardtype | No | 1 – - VISA | Card type | |||
Cardnumber | Yes | Card number | ||||
Cardholder | No* | 70 letters (no digits). Space as delimiter | Card-holder | |||
Expiremonth | Yes | 1-12 | Card expiration month | |||
Expireyear | Yes | Year in YYYY format | Card expiration year | |||
Cvc2 | Yes | CVC2 code | ||||
Lastname | No* | 70 letters (no digits) | Customer second name | |||
Firstname | No* | 70 letters (no digits) | Customer first name | |||
Middlename | No | 70 letters (no digits) | Customer middle name | |||
No* | 128 symbols | E-mail of customer | ||||
Address | No | 256 symbols | Customer address | |||
HomePhone | No | 64 symbols | Customer home phone | |||
WorkPhone | No | 20 symbols | Customer work phone | |||
MobilePhone | No | 20 symbols | Customer mobile phoneFax | No | 20 symbols | |
Customer fax number | Country | No | 3 symbols | Customer's country code | ||
State | No | 3 symbols | Customer's region code | |||
City | No | 70 symbols | Customer's city | |||
Zip | No | 25 symbols | Customer's postal index | |||
isConvert | No | 0 – - don't convert to the base currency 1 - don't convert to the base currency if possible 2 – - always convert to the base currency | 1 | Currency conversion indicator | ||
Format | No | 1 – - CSV | 1 | Results format. If the request is sent in SOAP or in JSON format, then the response will also be in SOAP or in JSON respectively, in other cases, in accordance with the passed format value. | ||
Signature | No | String | The string is joined according to determined rules. Then the MD5 hash prepared from this string. Hash is signed by private RSA key of the merchant. Key length - 1024. Received bit sequence is a signature. Signature is transferred BASE64 coded string.
| |||
RecurringIndicator | No | 1 –recurring - recurring payment 0 – - standard payment | 0 | Recurring payment indicator | ||
RecurringMinAmount | No/Yes | Number, 15 digits, two digits after the delimiter (delimiter '.') | Minimum payment amount for recurring payments Mandatory when RecurringIndicator = 1 | |||
RecurringMaxAmount | No/Yes | Number, 15 digits, two digits after the delimiter (delimiter '.') | Maximum payment amount for recurring payments Mandatory when RecurringIndicator = 1 | |||
RecurringPeriod | No/Yes | 3 digits number | Recurring interval in days Mandatory when RecurringIndicator = 1 | |||
RecurringMaxDate | No/Yes | Date in string representation DD.MM.YYYY | Finish date of recurring payments Mandatory when RecurringIndicator = 1 | |||
CustomerNumber | No | 32 symbols | Merchant's internal customer identification | |||
SaveCard | No | 1 - the card is stored to this customer number; 0 - the card is not stored. | 0 | This parameter permits to store the card to this client number for subsequent payments, if the current payment is successful. If this card for this client number already has been saved before, the parameter is ignored. | ||
Disable3DS | No | 0 - perform 3D-Secure authorization according to the merchant settings; 1 - fulfill payment without 3-D Secure. | 0 | Flag of disabling 3-D Secure. The use of this operating mode is possible in agreement with Assist. To configure it, you need to contact the support service (support@belassist.by). When using this parameter, it must also be added to the order signature, which is built according to determined rules . |
...
In case of unsuccessful payment the responsecode is one of AS100-AS998 values (except AS110 code that is returned when 3-D Secure authorization required – - see here, for details).
If the request can't be processed the firstcode and secondcode parameters have non-zero values.
...
Name | Accepted values | Description |
HEADER_HTTP_USER_AGENT | String (255 chars) | Header User Agent http from http request |
HEADER_HTTP_ACCEPT | String (255 chars) | Header Accept http from http request |
HEADER_HTTP_ACCEPT_LANGUAGE | String (128 chars) | Header Accept Language http from http request |
HEADER_HTTP_REFERER | String (255 chars) | Header Referer http from http request |
HEADER_REMOTE_HOST | String (16 chars) | Customer IP-address |
HEADER_HTTP_FORWARDED | String (16 chars) | Header Forwarded http from http request |
HEADER_HTTP_X_FORWARDED_FOR | String (16 chars) | Header Xforwarded-For http from http request |
HEADER_HTTP_VIA | String (128 chars) | Header Via http from http request |
CLIENT_JS_VER | String (16 chars) | Java script interpreter version |
CLIENT_LOCAL_TIME | String (128 chars) | Customer local time |
CLIENT_SCREEN_RES | String (16 chars) | Customer screen resolution (<width>x< high>) |
CLIENT_SCREEN_COLORS | Decimal (numbers from 1 to 24) | Color depth of customer screen |
CLIENT_JS_BROWSER_NAME | String (255 chars) | Customer browser name |
CLIENT_TIME_ZONE | Decimal (5) | Customer time zone GMT offset in hours. Conversion formula is (- GMT_H). For example, offset GMT+2 is equal to – - 2. |
CLIENT_COOKIES | String (16 chars) | Unique browser identity from external system |
CLIENT_JAVA | Logical (true, false) | Java script support enabled indicator |
CLIENT_STYLESHEETS | Logical (true, false) | css styles support |
CLIENT_BROWSER_PLATFORM | String (64 chars) | Browser platform name |
CLIENT_SYSTEM_LANGUAGE | String (5 chars) | Language code of customer operational system |
CLIENT_BROWSER_LANGUAGE | String (5 chars) | Language code of the browser |
CLIENT_USER_LANGUAGE | String (5 chars) | Customer language code |
CLIENT_PROCESSOR | String (16 chars) | Processor name of customer computer |
CLIENT_CONNECTION | String (16 chars) | HTTP connection type |
CLIENT_HOSTADDRESS | String (16 chars) | DNS lookup based on HOST_ADDRESS |
CLIENT_HOSTNAME | String (70 chars) | Customer host name |
...
The additional fields are also added in the silentpay response packet. These fields allow the merchant to provide additional payer authentication using 3-D Secure technologies (VISA cards) and Mastercard SecureCode (Mastercard catds).
Currently, for For cards of international payment systems VISA and Mastercard in most cases version 2 of the 3D-Secure protocol is used by additional authentication of the customer, the most issuing banks operate according to the 3-D Secure protocol version 1 for all types of cards.For a more secure authentication process, issuing banks and payment systems are switching to a new version 2 of protocol for all types of cards (VISA, Mastercard). To support a new generation protocol, a merchant has to make changes to the customer authentication processsame version of the protocol is also used for UPI cards. For cards of the BELKART payment system, authentication is carried out according to version 1 of the protocol.
To start the order payment, the merchant sends an authorization request to the IPS Assist server. The following data about the customer device and browser must be added to the usual request parameters, if this has not been done before for operating with the SOFI. This data is required in the new 3-D Secure protocol version 2.
Name | Accepted values | Description |
HEADER_HTTP_ACCEPT | String (255 chars) | Header Accept http from http request |
HEADER_HTTP_USER_AGENT | String (255 chars) | Header User Agent http from http request |
CLIENT_JAVA | Logical (true, false) | Java script support enabled indicator navigator.javaEnabled() |
CLIENT_BROWSER_LANGUAGE | String (5 chars) | Language code of the browser navigator. language |
CLIENT_SCREEN_COLORS | Decimal (15) | Color depth of customer screen Screen.pixelDepth |
CLIENT_SCREEN_RES | String (16 chars) | Customer screen resolution Screen.width + 'x' + screen.height |
ChallengeWindowSize | 2 chars (01 – - 250x400, 02 – - 390x400, 03 – - 500x600, 04 – - 600x400, 05 – - Full screen) | IFrame size for cardholder verification |
ClientIP | Maximum of 15 digits, 4 delimiters «.» | IP-address of the customer |
...
After the receiving of the reply from Issuer-Bank the shop has to transfer the 3D-Secure authorization result (pares value) to the IPS Assist. Web-service get3DSec can be used for it.
Get3DSec – - transfer of the 3D-Secure authorization result
...
Code Block | ||
---|---|---|
| ||
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <s:Body> <send3dsparams xmlns="urn:assist-processor"> <merchant_id>Merchant ID</merchant_id> <login>Login</login> <password>Password</password> <ordernumber>Order number</ordernumber> <language>Language</language> <pares>value pares which is received from issuer-bank</pares> </send3dsparams> <s:Body> <s:Envelope> |
Return values – - the same as in the silentpay request result.
...
Name | Accepted values | Description | In the response of the service1 |
version | 3-D Secure Protocol version | 1,2 | |
threeDSServerTransID | String | 3DS Server transaction ID | 1,2 |
threeDSMethodURL | String (255 chars) | The ACS URL that will be used by the 3DS Method | 1 |
threeDSMethodData | String (255 chars) | Request body (Base64 encoded) | 1 |
alphaauthresult | Y - success, N - faifail, A - Attempt, U – - unable to authenticate, R - rejected, E - error, I - Informational Only | Authentication result will be received in case of Frictionless Flow authentication. | 1,2 |
challenge | F - Frictionless Flow | Interaction with the customer (C – - required, F – - not needed, D - decoupled authentication) | 1,2 |
challengeurl2 | Full URL like https://acs.... 2048 symbols maximum | The ACS URL for payer verification | 1,2 |
challengerequest2 | String | Request body (Base64 encoded) for challengeurl request | 1,2 |
...
1The parameter may be contained in the response of the service: 1- silentpay; 2 –- get3dserver2.
Anchor | ||||
---|---|---|---|---|
|
2 In case of authorization without additional interaction with the customer (Frictionless Flow), the parameters challengeurl and challengerequest will not be returned.
...
In those work scenarios that require the generation of a hidden HTML iFrame, at step 7 in the threedsdata unit, the merchant will receive the necessary threeDSMethodData and threeDSMethodURL parameters for generating a POST request (unit 9). The result of sending the request can be positive (HTTP code 200), negative (any other HTTP code), or the request sending timeout value will be exceeded (set to 10 seconds). After receiving the HTTP code or the timeout has expired, a request must be sent to the get3dsecver2 service (unit 10) to continue the authentication process.
get3dserver2 –- web service of the 3D-Secure authentication continuation
...
The response to the request in this case will contain one of the final response codes (AS000 - operation completed successfully, AS100-AS109 – - denial of authorization), all response fields described above, and an additional threedsdata data block in which the challenge parameter is F, and the alphaauthresult field contains the authentication result (Y, N, U, R, I).
...