Integration model
- Merchant hosted
- Checkout page
Introduction
When your business integrates Merchant hosted model, you can allow your customer to input payment information in your page and then make payment this transaction easily. This document provides details on how you can integrate Credit Card Payments.
Work Flow
| Step | PIC | Description |
|---|---|---|
| 1 | End user | User orders and makes payment, then choosing to pay by Credit Card |
| 2 | Merchant | The merchant system displays the card screen to input information |
| 3 | End user | Input card information to make payment |
| 4 | Merchant | Merchant sends request to AppotaPay to create token with the card information that the end user sent |
| 5 | AppotaPay | AppotaPay creates tokens and responds token information to partners |
| 6 | Merchant | After receiving the token response from AppotaPay, the Merchant saves the information - Check if the transaction needs to be done with 3DS - If the payment includes a 3DS, go to Step 7 If paid without 3DS, go to Step 15 |
| 7 | Merchant | Merchant sends request to check 3DS enrollment |
| AppotaPay system checks 3DS enrollment If the card doesn’t support 3DS or AppotaPay can't check 3DS enrollment → go to step 18 (AppotaPay recommends that if the merchant makes payment with 3DS; in case the card doesn't support 3DS, the transaction should be stopped) - If the card supports 3DS and requires authentication → go to step 9 - If the 3DS support card doesn't require authentication → go to step 14 | ||
| 9 | Merchant | When the card supports 3DS and requires authentication, AppotaPay will respond with additional Redirect URL information → the merchant uses Redirect URL to embed on the merchant's page or navigate to authenticate |
| 10 | The AppotaPay system determines the authentication type with the 3DS-enabled card that needs authentication - If authentication requires OTP → Go to step 11 - If authentication doesn't require OTP → Go to step 14 | |
| 11 | AppotaPay | AppotaPay's processing system (Issuing bank) sends OTP to the end user and displays the OTP on Redirect URLs |
| 12 | End user | Input OTP and submit |
| 13 | AppotaPay | Appota's processing system (Issuing bank) checks the OTP |
| 14 | AppotaPay | Notify the 3DS results to the Merchant, navigate to the merchant's page with authentication status |
| 15 | Merchant | Send charge request to AppotaPay (currently AppotaPay supports Authorization and Capture immediately) |
| 16 | AppotaPay | Check the 3DS configuration with the 3DS status - Merchant and AppotaPay have agreement each other about the implementation of 3DS when performing transaction: either the transaction always has 3DS or the transaction with 3DS is depended on the merchant If the configuration finds that: - AppotaPay and Merchant: transactions always require 3DS; but merchant calls charge without the steps 3DS → mismatch between 2 party → merchant goes to step 17 - The remaining cases → Merchant moves to step 18 |
| 17 | Merchant | Merchant receives an error message when charging and then going to step 7 |
| 18 | AppotaPay | Check merchant's request if it performs capture immediately - if ‘capture’ field is true → move on step 19 - If ‘capture’ field is false → move on step 21 |
| 19 | AppotaPay | Perform both Authorization and Capture in a transaction, then responding transaction result to the merchant |
| 20 | Merchant | Display transaction result to end users |
| 21 | AppotaPay | Perform Authorization in a transaction, then responding transaction result to the merchant, move on step 20 |
| 22 | Merchant | For authorization transactions, merchant can perform capture to complete transaction. |
| 23 | AppotaPay | Check status of transaction to ensure that the transaction is eligible to perform capture - If transaction's status isn't AUTHORIZED → move on step 24 - If transaction's status is AUTHORIZED → move on step 25 |
| 24 | AppotaPay | Inform error message to merchant |
| 25 | AppotaPay | Perform capture the authorization transaction, then responding capture result to merchant |
| 26 | Merchant | Result capture result and display it to end users |
Payment flow
1. [Optional] You can create and use AppotaPay Token for payment or pass full card information to make payment
You should use AppotaPay tokens for payment instead of passing card information for more security
2. You can authenticate cardholder information with 3DS (3D-Secure) before making a payment. To check if the card is valid for the 3DS Enrollment or not, you need to submit a Check 3DS Enrollment request Check 3DS Enrollment
3. If the Check 3DS Enrollment response is NEGATIVE, you can choose to:
- End the process, if you don't want to charge with a non-3DS enabled card
- Try the Check 3DS Enrollment again: Check 3DS Enrollment
- Continue payment Create Charge without 3DS authentication
4. If the Check 3DS Enrollment response is POSITIVE, the response contains an authentication page, requiring you to navigate to the authentication page, the most common form will be authenticated by OTP (sent from the issuing bank).
5. You will receive the 3DS authentication result from the issuing bank, and you need to confirm with AppotaPay again by getting the 3DS authentication status with Get Authentication
6. If the 3DS result is NEGATIVE, you can choose to:
- End the process, if you don’t want to charge with a non-3DS enabled card
- Try the 3DS process again (Enrollment Check and Verification)
- Continue to send a Create Charge although 3DS verification failed
7. If the 3DS result is POSITIVE, you can proceed to send a Create Charge to process a payment.
8. When a charge succeeds, settlement of the funds will be initiated to AppotaPay, and we then settle those funds for you.
9. Sometimes, after a Charge has succeeded, you may need to cancel a transaction and return the funds to the cardholder. You can request a Refund, before or after the settlement - if successful, the Refund request will be made to the issuing bank who will be responsible for processing it.
10. Sometimes, if you need to hold the funds of the cardholder in advance, you can perform authorization through Create Charge with “capture”: true
- The next step you can proceed to make payment with the authorized amount is sending an API Capture Charge
- After the authorization transaction is completed, you may reverse the transaction by requesting an API Reverse Authorization
Overview
- On the website or the application of the partner, the customer selects a product or a service, then chooses to make a payment via AppotaPay's payment gateway
- The partner's server calls AppotaPay's API to create a transaction and get the payment link
- After receiving the results, the website or application redirects the customer to the payment link.
Integration model
Explanation
- Step 1: Customers select services and products and then choose one of payment methods (ATM / Visa card)
- Step 2: The Partner server calls the AppotaPay server to request payment
- Step 3: AppotaPay PayGate responses payment link
- Step 4: The Partner's website or application redirects the customer to the payment link
- Step 5: Customers make the payment
- Step 6: AppotaPay PayGate sends payment request
- Step 7: Bank/Provider processes payment and return transaction result
- Step 8, 9: AppotaPay processes the transaction then redirect to the
redirectUrl. At the same time, the AppotaPay server calls the IPN API (notifyUrl) of the partner server to notify the transaction result. - Step 10: Partner server processes transaction and return result
- Step 11: The Partner's website or application shows the results to customers.