Skip to main content
Version: Lastest

Integration model

Introduction

When your business integrates Merchant hosted model, you can allow your customer to input payment information in your page and then make payment this transaction easily. This document provides details on how you can integrate Credit Card Payments.

Work Flow

Ảnh kết nối thanh toán
NoPICMain stepDescription
1End userMake paymentUser orders and makes payment, then choosing to pay by Credit Card
2MerchantThe merchant system displays the card screen to input information
3End userInput card information to make payment
4MerchantCreate tokenMerchant sends request to AppotaPay to create token with the card information that the end user sent
5AppotaPayAppotaPay creates tokens and responds token information to partners
6MerchantAuthenticateAfter receiving the token response from AppotaPay, the Merchant saves the information
- Check if the transaction needs to be done with 3DS
- If the payment includes a 3DS, go to Step 7 If paid without 3DS, go to Step 15
7MerchantMerchant sends request to check 3DS enrollment
AppotaPay system checks 3DS enrollment
If the card doesn’t support 3DS or AppotaPay can't check 3DS enrollment → go to step 18
(AppotaPay recommends that if the merchant makes payment with 3DS; in case the card doesn't support 3DS, the transaction should be stopped)
- If the card supports 3DS and requires authentication → go to step 9
- If the 3DS support card doesn't require authentication → go to step 14
9MerchantAuthenticateWhen the card supports 3DS and requires authentication, AppotaPay will respond with additional Redirect URL information
→ the merchant uses Redirect URL to embed on the merchant's page or navigate to authenticate
10. The AppotaPay system determines the authentication type with the 3DS-enabled card that needs authentication
- If authentication requires OTP → Go to step 11
- If authentication doesn't require OTP → Go to step 14
11AppotaPayAuthenticateAppotaPay's processing system (Issuing bank) sends OTP to the end user and displays the OTP on Redirect URLs
12End userInput OTP and submit
13AppotaPayAppota's processing system (Issuing bank) checks the OTP
14AppotaPayNotify the 3DS results to the Merchant, navigate to the merchant's page with authentication status
15MerchantChargeSend charge request to AppotaPay (currently AppotaPay supports Authorization and Capture immediately)
16AppotaPayCheck the 3DS configuration with the 3DS status
- Merchant and AppotaPay have agreement each other about the implementation of 3DS when performing transaction: either the transaction always has 3DS or the transaction with 3DS is depended on the merchant
If the configuration finds that:
- AppotaPay and Merchant: transactions always require 3DS; but merchant calls charge without the steps 3DS → mismatch between 2 party → merchant goes to step 17
- The remaining cases → Merchant moves to step 18
17MerchantMerchant receives an error message when charging and then going to step 7
18AppotaPayCheck merchant's request if it performs capture immediately
- if ‘capture’ field is true → move on step 19
- If ‘capture’ field is false → move on step 21
19AppotaPayPerform both Authorization and Capture in a transaction, then responding transaction result to the merchant
20MerchantCharge/ AuthorizeDisplay transaction result to end users
21AppotaPayAuthorizePerform Authorization in a transaction, then responding transaction result to the merchant, move on step 20
22MerchantCaptureFor authorization transactions, merchant can perform capture to complete transaction.
23AppotaPayCheck status of transaction to ensure that the transaction is eligible to perform capture
- If transaction's status isn't AUTHORIZED → move on step 24
- If transaction's status is AUTHORIZED → move on step 25
24AppotaPayInform error message to merchant
25AppotaPayPerform capture the authorization transaction, then responding capture result to merchant
26MerchantResult capture result and display it to end users

Payment flow

Ảnh kết nối thanh toán

1. [Optional] You can create and use AppotaPay Token for payment or pass full card information to make payment Create token

Note

You should use AppotaPay tokens for payment instead of passing card information for more security

2. You can authenticate cardholder information with 3DS (3D-Secure) before making a payment. To check if the card is valid for the 3DS Enrollment or not, you need to submit a Check 3DS Enrollment request Check 3DS Enrollment

3. If the Check 3DS Enrollment response is NEGATIVE, you can choose to:

  • End the process, if you don't want to charge with a non-3DS enabled card
  • Try the Check 3DS Enrollment again: Check 3DS Enrollment
  • Continue payment Create Charge without 3DS authentication

4. If the Check 3DS Enrollment response is POSITIVE, the response contains an authentication page, requiring you to navigate to the authentication page, the most common form will be authenticated by OTP (sent from the issuing bank).

5. You will receive the 3DS authentication result from the issuing bank, and you need to confirm with AppotaPay again by getting the 3DS authentication status with Get Authentication

6. If the 3DS result is NEGATIVE, you can choose to:

  • End the process, if you don’t want to charge with a non-3DS enabled card
  • Try the 3DS process again (Enrollment Check and Verification)
  • Continue to send a Create Charge although 3DS verification failed

7. If the 3DS result is POSITIVE, you can proceed to send a Create Charge to process a payment.

8. When a charge succeeds, settlement of the funds will be initiated to AppotaPay, and we then settle those funds for you.

9. Sometimes, after a Charge has succeeded, you may need to cancel a transaction and return the funds to the cardholder. You can request a Refund, before or after the settlement - if successful, the Refund request will be made to the issuing bank who will be responsible for processing it.

10. Sometimes, if you need to hold the funds of the cardholder in advance, you can perform authorization through Create Charge with “capture”: true

  • The next step you can proceed to make payment with the authorized amount is sending an API Capture Charge
  • After the authorization transaction is completed, you may reverse the transaction by requesting an API Reverse Authorization