External system interacts with SOFI as an on-line client. SOFI provides SOAP interfaces which should be used. Data interchange is organized via HTTPS with trusted SSL certificates. Authorization with login/password is used.
The following root certificates have to be installed on the requester side for correct work with WEB-services:
- root certificate Thawte: Comodo: COMODO RSA Certification Authority (https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/969/108/root-comodo-rsa-certification-authority-sha-2);
- root certificate GlobalSign: GlobalSign Root CA R1 (https://www.globalsign.com/repository/ca-certificates/).
Before to start, check the presence of these certificates and add them if necessary.
API interface URL is https://afs-api.paysecure.ru/antifraudapi.
WSDL for SOAP protocol can be obtained by the following link: https://afs-api.paysecure.ru/antifraudapi?wsdl.
There are two possible modes of SOFI usage during checking a payment through the SOFI:
- The external system collects all possible data about payment operation and after that sends it to SOFI by calling SOAP procedure check and passing all the collected data. In this case SOFI uses all possible checking mechanisms to check the payment.
- The external system calls check several times passing the data in process of collection. Each new call of check should be performed with all collected at the moment data. Note that if in some future call of check some parameters are missed (that were passed before) then this data will be removed from the data pool, which SOFI uses for checking the payment.
After the decision of external system to authorize or reject the payment, the external system has to notify the SOFI about the decision by calling setPaymentStatus procedure. After this calling all calls of check will return the current fraud-status and SOFI don't perform any additional checks.
Procedure getFraudStatus can be used to receive the current fraud-status of the payment that was already checked by SOFI.
A merchant can be registered within the SOFI by calling setMerchantData procedure. This procedure can be also used to update a data of the merchant (when registered name or E-mail changes).
If a merchant which is indicated in a call of check procedure is not registered yet then SOFI automatically creates the merchant profile and notify the external system about this merchant profile creation. As a reaction on this notification the external system must update the merchant profile within the SOFI by calling the setMerchantData procedure.
If the payers make payments using web-pages, then it is desirable to place (on the web-page where payment verified via SOFI) the call of the following JavaScript code:
<script type="text/javascript">
window.collect_afs_data_func = function() {
try {
var url = "https://afs-api.paysecure.ru/antifraudapi/rest/afs_data_collector.js?outSystemId=...&outPaymentId=...";
var method = "GET";
var xhr = window.XMLHttpRequest ? new XMLHttpRequest() : new XDomainRequest();
if ("withCredentials" in xhr) {
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
if (xhr) {
xhr.onreadystatechange=function() {
if (xhr.readyState==4 || xhr.readyState=="complete") {
try {
eval(xhr.responseText);
} catch (e) {alert(e);}
}
};
try {
xhr.withCredentials = true;
} catch (e) {
}
xhr.send('');
}
} catch (e) {
alert(e);
}
};
if (window.addEventListener) {
window.addEventListener('load', function(){window.collect_afs_data_func(); }, false);
} else if (window.attachEvent) {
window.attachEvent('onload', function(){window.collect_afs_data_func();});
}
</script>
Parameters outSystemId and outPaymentId should be assigned to the corresponding ID values (see table "Mandatory fields of CheckPaymentParams").
Payment check procedure
Payment check procedure name is check.
Input parameters
The only input parameter that is transmitted from external system for SOFI analysis of the payment transaction is parameter params, which is a data structure called CheckPaymentParams.
Mandatory fields of CheckPaymentParams
Required fields of CheckPaymentParams are transferred as simple data types (integer, string, boolean).
Mandatory fields of CheckPaymentParams
Field | Description | Type |
outPaymentId | Payment operation identity number, which is assigned to the operation within the external system. | Integer (15) |
outSystemId | External system ID. | Integer (15) |
outMerchantId | Merchant identity number (external merchant ID). | Integer (15). |
domainId | Application/service code. | Integer (15) |
paymentTypeId | Payment type. | Integer (15) Integer code from the table "Payment types". |
Payment types
Name | Код |
e-commerce | 1 |
MO/TO | 2 |
POS | 3 |
Optional fields of CheckPaymentParams
The optional fields also can be transferred via parameter.
When fields of CheckPaymentParams are passed to SOFI by several calls of check, the fields of CheckPaymentParams, which were provided in previous call of check should be also provided in the next call. Fields that are not known on the time of calling check are passed as null value.
If in some future calls of check some fields of CheckPaymentParams are missed (that were passed before) then this data will be removed from the data pool that SOFI uses for checking the payment.
Optional fields of CheckPaymentParams
Field | Description | Type |
paymentAttributes | Payment data (see table 5.1.1.5 for details). | List of structures |
clientAttributes | Data of client browser, which is used for payment. | List of structures |
httpAttributes | Headers of HTTP-request from client browser to external system during the payment. | List of structures |
serverAttributes | Variables of environment. | List of structures |
timeOut | SOFI response time out (in milliseconds). If this parameter is not set then the default value 10 seconds is used. Negative value will indicate that there is no time-out. NOTE. There is a possibility to switch off the SOFI notification about fraud-status when time-out expired (by default SOFI sends notifications even if time-out expired). Please, contact the support team to change this behavior. | Integer |
sendNotification | True value enforces SOFI to mandatory notify the external system about payment fraud-status after the check finishes its work. By default notification is not send. | Logical (true, false) |
paymentStatus | Data for payment status change (see more sect.5.4.1) | Structure of data |