When Cardholder is logged in to the merchant’s e-shop, a ‘One click Payment’ button is presented for easy payment with just one click.
The Card token is detokenized, and the one click payment context is validated before the transaction is presented to IPS with a reference to the initial transaction. This allows the authentication flow to be bypassed.
How it works
To perform a payment with 3DS authorization, first create the order as detailed in API Integration guide.
Note that you should include the additional OneClick and Tokenization parameters to the Order Request, as shown below:
| Location | Data Element | Type | Condition | Description |
| Request Body | tokenInfo | TokenInfo | Mandatory | Token Information. |
| Request Body.tokenisation.paymentTokens.paymentTokenItem | tokenType | String | Mandatory | Token Type. Possible values are ( “Card”, “Email”, “MobilePhone” ). |
| Request Body.tokenisation.paymentTokens.paymentTokenItem | value | String | Mandatory | Token value. |
Request example:
{
"merchant": {
"terminalId": {{TerminalID}},
"channel": "web",
"merchantTransactionId": "Order Id: r7cxvi0saj"
},
"transaction": {
"transactionTimestamp": "{{trxDatetime}}",
"description": "Transaction for order number 4908 terminalId 100886",
"moto": false,
"paymentType": "PURS",
"amount": {
"value": 50.50,
"currency": "PLN"
},
"paymentMethod": [
"CARD"
]
},
"tokenisation": {
"paymentTokens": [{
"tokenType": "Card",
"value": "{{purchaseTokenValue}}"
}
]
}
}After completing the Order Creation, you may proceed to make a payment.
Note that the following request needs an Authorization Header with the transactionSignature returned from payment order operation.
In this purchase request, include the additional DeviceInfo, OneClick and TokenInfo parameters, as shown below.
| Location | Data Element | Type | Condition | Description |
| Request Body.info | deviceInfo | DeviceInfo | Mandatory | Object that defines the customer device information. |
| Request Body.info.deviceInfo | browserAcceptHeader | String | Optional | Browser Accept Header. |
| Request Body.info.deviceInfo | browserJavaEnabled | String | Optional | Browser Java Enabled. |
| Request Body.info.deviceInfo | browserJavascriptEnabled | string | Optional | Browser Javascript Enabled. |
| Request Body.info.deviceInfo | browserLanguage | String | Optional | browser Language. |
| Request Body.info.deviceInfo | browserColorDepth | String | Optional | browser Color Depth. |
| Request Body.info.deviceInfo | browserScreenHeight | String | Optional | browser Screen Height. |
| Request Body.info.deviceInfo | browserScreenWidth | String | Optional | browser Screen Width. |
| Request Body.info.deviceInfo | browserTZ | String | Optional | Browser Time Zone. |
| Request Body.info.deviceInfo | browserUserAgent | String | Optional | Browser User Agent. |
| Request Body.info.deviceInfo | systemFamily | String | Optional | System Family. |
| Request Body.info.deviceInfo | systemVersion | String | Optional | System Version. |
| Request Body.info.deviceInfo | systemArchitecture | String | Optional | System Architecture. |
| Request Body.info.deviceInfo | deviceManufacturer | String | Optional | Device Manufacturer. |
| Request Body.info.deviceInfo | deviceModel | String | Optional | Device Model. |
| Request Body.info.deviceInfo | deviceID | String | Optional | Device Unique Identification. |
| Request Body.info.deviceInfo | applicationName | String | Optional | Application Name. |
| Request Body.info.deviceInfo | applicationVersion | String | Optional | Application Version. |
| Request Body.info.deviceInfo | geoLocalization | String | Optional | Geolocation. |
| Request Body.info.deviceInfo | ipAddress | String | Optional | IP Address. |
| Request Body | oneClick | OneClick | Mandatory | Object that defines a One Click Payment. |
| Request Body.oneClick | oneClickApplication | Boolean | Mandatory | For use of already created One Click. Indicates if a One Click Payment is requested to be applied. The absence indicates the value ‘False‘. |
| Request Body | tokenInfo | TokenInfo | Mandatory | Token Information. |
| Response Body.tokenList | tokenType | String | Mandatory | Token Type Possible values are: – MobilePhone – QRCodeMBWAY1 – Card default: Card |
| Response Body.tokenList | value | String | Mandatory | Token Value |
Request example:
{
"info": {
"deviceInfo": {
"browserAcceptHeader": "application/json, text/plain, */*",
"browserJavaEnabled": "false",
"browserLanguage": "en",
"browserColorDepth": "24",
"browserScreenHeight": "1080",
"browserScreenWidth": "1920",
"browserTZ": "-60",
"browserUserAgent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36",
"geoLocalization": "Lat: 38.7350528 | Long: -9.2143616",
"systemFamily": "Windows",
"systemVersion": "Windows",
"deviceID": "498bfd4c3a3645b38667a7037b616c18",
"applicationName": "Chrome",
"applicationVersion": "106"
},
"customerInfo": [
{
"key": "customerName",
"value": "User X"
},
{
"key": "customerEmail",
"value": "testingemail@gmail.com"
}
]
},
"tokenInfo": {
"value": "{{purchaseTokenValue}}",
"tokenType": "Card"
},
"oneClick": {
"oneClickApplication": true
}
}Expected response:
You will receive a response comprising a paymentStatus in the message. It informs whether the transaction was accepted, declined, still pending a final result, or requires additional action.
- Success: The purchase has been processed successfully and the customer has been debited.
- Declined: The purchase has been declined.
- Pending: The final result of the purchase is not yet known. You will need to inquiry on the status of this transaction until it reaches a final state, or you decide to cancel it.
- Partial: The purchase is partially accepted, but requires additional actions to the completed (e.g. 3D Secure authentication). The actionResponse element is provided for instructions on how to proceed.
Perform a Get Status
After the payment has been fully processed, you can check the status of your transaction by sending a GET request.
Ensure that the Authorization HTTP header is set to the same Bearer token that was used in the initial Payment Order.
Request URL:
https://stargate-cer.qly.site1.sibs.pt/api/v1/payments/{transactionID}/statusRequest Headers:
Authorization: ‘Bearer <AuthToken>’
X-IBM-Client-Id: ‘<ClientId>’
Content-Type: application/jsonA successful technical response comprises of an HTTP-200 status and a returnStatus.statusCode=”000″.
Here are some examples of the possible result codes:
| Result Code | statusMsg | Description | Action |
|---|---|---|---|
| HTTP-200 | Success | Success response | N/A |
| HTTP-400 | Bad Request | The JSON payload is not matching the API definition or some mandatory HTTP headers are missing. | Please check in API Market for the correct syntax. |
| HTTP-401 | Unauthorized | On the Authorization, Bearer token is invalid/expired or not associated with the Terminal used. | Please check in SIBS Backoffice under the Credentials if the token is valid and create a new one if needed. |
| HTTP-403 | Forbidden | The ClientID set on the X-IBM-Client-Id HTTP header is not valid or does not possess a valid subscription to the API. | Please check in SIBS Backoffice under the SPG APP 2.0 if the ClientID is correct. If the problem persists contact SIBS Gateway support for a ClientID reset. |
| HTTP-405 | Method Not Allowed | The HTTP Method used is not matching any of the API definitions available. | Please check in API Market for the correct HTTP Method. |
| HTTP-429 | Too Many Requests | The API calls rate limit has been exceeded. | Please check in API Market for information on the rate limits that apply to the API. |
| HTTP-500 | Internal Server Error | The API call has failed… and its most likely on our side. | You should retry the operation, and if the problem persists contact SIBS Gateway support for assistance. |
| HTTP-503 | Service Unavailable | The API call is not currently available. Usually we are always on, but short availability issues may occur during scheduled maintenance. | You should wait and try again later. |