External system interacts with SOFI as an on-line client. SOFI provides SOAP interfaces which should be used. Data interchange is organized via HTTPS with trusted SSL certificates. Authorization with login/password is used.
The following root certificates have to be installed on the requester side for correct work with WEB-services:
Before to start, check the presence of these certificates and add them if necessary. |
API interface URL is https://afs-api.paysecure.ru/antifraudapi.
WSDL for SOAP protocol can be obtained by the following link: https://afs-api.paysecure.ru/antifraudapi?wsdl.
There are two possible modes of SOFI usage during checking a payment through the SOFI:
After the decision of external system to authorize or reject the payment, the external system has to notify the SOFI about the decision by calling setPaymentStatus procedure. After this calling all calls of check will return the current fraud-status and SOFI don't perform any additional checks.
Procedure getFraudStatus can be used to receive the current fraud-status of the payment that was already checked by SOFI.
A merchant can be registered within the SOFI by calling setMerchantData procedure. This procedure can be also used to update a data of the merchant (when registered name or E-mail changes).
If a merchant which is indicated in a call of check procedure is not registered yet then SOFI automatically creates the merchant profile and notify the external system about this merchant profile creation. As a reaction on this notification the external system must update the merchant profile within the SOFI by calling the setMerchantData procedure.
If the payers make payments using web-pages, then it is desirable to place (on the web-page where payment verified via SOFI) the call of the following JavaScript code:
<script type="text/javascript">
window.collect_afs_data_func = function() {
try {
var url = "https://afs-api.paysecure.ru/antifraudapi/rest/afs_data_collector.js?outSystemId=...&outPaymentId=...";
var method = "GET";
var xhr = window.XMLHttpRequest ? new XMLHttpRequest() : new XDomainRequest();
if ("withCredentials" in xhr) {
xhr.open(method, url, true);
} else if (typeof XDomainRequest != "undefined") {
xhr = new XDomainRequest();
xhr.open(method, url);
} else {
xhr = null;
}
if (xhr) {
xhr.onreadystatechange=function() {
if (xhr.readyState==4 || xhr.readyState=="complete") {
try {
eval(xhr.responseText);
} catch (e) {alert(e);}
}
};
try {
xhr.withCredentials = true;
} catch (e) {
}
xhr.send('');
}
} catch (e) {
alert(e);
}
};
if (window.addEventListener) {
window.addEventListener('load', function(){window.collect_afs_data_func(); }, false);
} else if (window.attachEvent) {
window.attachEvent('onload', function(){window.collect_afs_data_func();});
}
</script> |
Parameters outSystemId and outPaymentId should be assigned to the corresponding ID values (see table "Mandatory fields of CheckPaymentParams").
Payment check procedure name is check.
The only input parameter that is transmitted from external system for SOFI analysis of the payment transaction is parameter params, which is a data structure called CheckPaymentParams.
Mandatory fields of CheckPaymentParams
Required fields of CheckPaymentParams are transferred as simple data types (integer, string, boolean).
Mandatory fields of CheckPaymentParams
Field | Description | Type |
outPaymentId | Payment operation identity number, which is assigned to the operation within the external system. | Integer (15) |
outSystemId | External system ID. | Integer (15) |
outMerchantId | Merchant identity number (external merchant ID). | Integer (15). |
domainId | Application/service code. | Integer (15) |
paymentTypeId | Payment type. | Integer (15) Integer code from the table "Payment types". |
Payment types
Name | Код |
e-commerce | 1 |
MO/TO | 2 |
POS | 3 |
Optional fields of CheckPaymentParams