Guides
WebsiteLog InSign UpContacts

Create Payment (PCIDSS Merchants)

Suggest Edits

For PCIDSS-compliant merchants, the Create Payment process involves two endpoints with host-to-host interaction for enhanced security. This process ensures the safe handling of cardholder data during transactions. The steps below guide you in generating requests and processing responses for 3DSecure-enrolled and non-enrolled cards.

Before proceeding to the step-by-step guide, make sure you know how to use your Signature and that you have your Merchant ID (merchant_id). To get your Merchant ID, go to the Fondy Dashboard and log in. In the left sidebar, select Merchant Settings and then Technical. You can copy the Merchant ID by clicking the green button to the right of the number.

Creating a Payment

Below, you find a diagram representing this process.

To create a PCIDSS-compliant payment, follow these steps:

  1. Send the request data to the first endpoint, Enroll Card in 3DSecure Service, to check whether the card is enrolled in the 3DSecure program. The required fields are as follows:
    • order_id: Unique order identifier.
    • merchant_id: Your merchant ID.
    • order_desc: Order description.
    • signature: The request signature.
    • amount: Payment amount.
    • currency: Payment currency.
    • card_number: Visa or MasterCard card number.
    • cvv2: Card CVV2/CVC2 code.
    • expiry_date: Card expiry date.
    • client_ip: Client IP address.

📘

Supported Protocols

The supported protocols for this process are:

  • URL-encoded form
  • XML
  • JSON
  1. If the card is enrolled in 3DSecure, the following parameters will be returned:
    • response_status: Indicates the status of the request. Will return success if no error occurred.
    • acs_url: URL of the cardholder's issuing bank's Access Control Server (ACS).
    • pareq: Parameters to be submitted to the ACS URL.
    • md: Unique 3DSecure request ID generated by the FONDY Gateway.

👍

Not Enrolled

If the card is not enrolled in the 3DSecure service, the payment will be processed without the security check. In this case, the response to this request will be like the one in Step 6 below.

  1. With these parameters, submit an HTML form to acs_url. The form should follow this format:
<form name="MPIform" action='${acs_url}' method="POST">
  <input type="hidden" name="PaReq" value='${pareq}'>
  <input type="hidden" name="MD" value='${md}'>
  <input type="hidden" name="TermUrl" value='${TempUrl}'>
</form>

❗️

Redirecting

${TempUrl} is the merchant's URL where the customer will be redirected after 3DSecure password verification.

  1. The following parameters are returned to URLTempUrl after cardholder password verification:
    • pares: Payer authentication result.
    • md: Unique 3DSecure request ID generated by the FONDY Gateway.
  2. After the authentication, you submit the results to the second endpoint, Accept 3DSecure Payment, to complete the transaction. The parameters of this request should be:
    • order_id: Unique order identifier.
    • merchant_id: Your merchant ID.
    • pares: Payer authentication result.
    • md: Unique 3DSecure request ID generated by the FONDY Gateway.
    • version: Protocol version. Default is 1.0.
    • signature: The request signature.
  3. You will receive a final response, which will look like this:
{
  "response": {
    "order_id": "ID1234",
    "merchant_id": 1,
    "amount": 1020,
    "currency": "EUR",
    "order_status": "approved",
    "response_status": "success",
    "signature": "1773cf135bd89656131134b98637894dad42f808",
    "tran_type": "purchase",
    "sender_cell_phone": "+1234567890",
    "sender_account": "customer_account",
    "masked_card": "444444XXXXXX5555",
    "card_bin": 444444,
    "card_type": "VISA",
    "rrn": "123456789",
    "approval_code": "654321",
    "response_code": 100,
    "response_description": "Transaction approved",
    "reversal_amount": 0,
    "settlement_amount": 1020,
    "settlement_currency": "EUR",
    "order_time": "21.12.2014 11:21:30",
    "settlement_date": "21.12.2014",
    "eci": 5,
    "fee": 10,
    "payment_system": "card",
    "sender_email": "[email protected]",
    "payment_id": 123456789012345,
    "actual_amount": 1020,
    "actual_currency": "EUR",
    "product_id": "hotel_booking_1234",
    "merchant_data": "custom_data",
    "verification_status": "verified",
    "rectoken": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
    "rectoken_lifetime": "01.01.2018 00:00:00",
    "additional_info": {
      "bank_name": "Some bank in US country",
      "bank_country": "US",
      "bank_response_code": "decln_1000",
      "card_product": "DEBIT",
      "card_category": "CLASSIC",
      "settlement_fee": 0.2,
      "capture_status": "captured",
      "client_fee": 0.3,
      "ipaddress_v4": "8.8.8.8",
      "capture_amount": 200,
      "card_type": "VISA",
      "reservation_data": null,
      "bank_response_description": "Accepted",
      "transaction_id": 1058755083,
      "timeend": "10.01.2018 11:21:30",
      "card_number": "4444555566661111",
      "payment_method": "apple"
    }
  }
}

{
  "response": {
    "response_status": "failure",
    "error_message": "General decline",
    "error_code": 1000
  }
}

Updated 8 days ago