External system interacts with SOFI as an on-line client. SOFI provides SOAP interfaces which should be used. Data interchange is organized via HTTPS with trusted SSL certificates. Authorization with login/password is used.
The following root certificates have to be installed on the requester side for correct work with WEB-services:
- root certificate Thawte: Comodo: COMODO RSA Certification Authority (https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/969/108/root-comodo-rsa-certification-authority-sha-2);
- root certificate GlobalSign: GlobalSign Root CA R1 (https://www.globalsign.com/repository/ca-certificates/).
Before to start, check the presence of these certificates and add them if necessary.
API interface URL is https://afs-api.paysecure.ru/antifraudapi.
WSDL for SOAP protocol can be obtained by the following link: https://afs-api.paysecure.ru/antifraudapi?wsdl.
There are two possible modes of SOFI usage during checking a payment through the SOFI:
- The external system collects all possible data about payment operation and after that sends it to SOFI by calling SOAP procedure check and passing all the collected data. In this case SOFI uses all possible checking mechanisms to check the payment.
- The external system calls check several times passing the data in process of collection. Each new call of check should be performed with all collected at the moment data. Note that if in some future call of check some parameters are missed (that were passed before) then this data will be removed from the data pool, which SOFI uses for checking the payment.
After the decision of external system to authorize or reject the payment, the external system has to notify the SOFI about the decision by calling setPaymentStatus procedure. After this calling all calls of check will return the current fraud-status and SOFI don't perform any additional checks.
Procedure getFraudStatus can be used to receive the current fraud-status of the payment that was already checked by SOFI.
A merchant can be registered within the SOFI by calling setMerchantData procedure. This procedure can be also used to update a data of the merchant (when registered name or E-mail changes).
If a merchant which is indicated in a call of check procedure is not registered yet then SOFI automatically creates the merchant profile and notify the external system about this merchant profile creation. As a reaction on this notification the external system must update the merchant profile within the SOFI by calling the setMerchantData procedure.
If the payers make payments using web-pages, then it is desirable to place (on the web-page where payment verified via SOFI) the call of the following JavaScript code:
<script type="text/javascript">
window.collect_afs_data_func = function() {
try {
var url = "https://afs-api.paysecure.ru/antifraudapi/rest/afs_data_collector.js?outSystemId=...&outPaymentId=...";
var method = "GET";
var xhr = window.XMLHttpRequest ? new XMLHttpRequest() : new XDomainRequest();
if ("withCredentials" in xhr) {
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
if (xhr) {
xhr.onreadystatechange=function() {
if (xhr.readyState==4 || xhr.readyState=="complete") {
try {
eval(xhr.responseText);
} catch (e) {alert(e);}
}
};
try {
xhr.withCredentials = true;
} catch (e) {
}
xhr.send('');
}
} catch (e) {
alert(e);
}
};
if (window.addEventListener) {
window.addEventListener('load', function(){window.collect_afs_data_func(); }, false);
} else if (window.attachEvent) {
window.attachEvent('onload', function(){window.collect_afs_data_func();});
}
</script>
Parameters outSystemId and outPaymentId should be assigned to the corresponding ID values (see table 5.1.1.1).
Payment check procedure
Payment check procedure name is check.