Onboarding Process
If there is a limited number of merchants, they can be onboarded in a manual process. Otherwise the onboarding needs to be automated.
The automated merchant onboarding consists of three steps:
- You create a contract for your merchant. This initiates the onboarding process.
- We conduct the further steps of registration with the merchant until they become eligible to receive payments.
- We mark the contract active, and send a push notification to your system.
Optionally, you upload the registration documents of the merchant to save them double effort. The upload can be automated, or done in secuOffice.
The above steps are described in more detail at the next pages.
Create a Merchant Contract
The first step is to create a contract for the new merchant/platform participant. This contract will be closed between the merchant/participant and us to the conditions of your framework contract. It authorises the merchant/participant to receive payments for sales/services at your marketplace/platform.
This contract is derived from a master contract, using the endpoint POST /api/v2/Payment/Contracts/{id}/requestId. The master contract ID in our example has the ID GCR_33V83WAUVJ8QHC226N3N9KM8Y0DSOH:
POST /api/v2/Payment/Contracts/GCR_33V83WAUVJ8QHC226N3N9KM8Y0DSOH/RequestId HTTP/1.1Host: connect-testing.secuconnect.comAuthorization: Bearer qb56tjj1bcvo9n2nj4u38k84loContent-Type: application/jsonAccept: application/json{ "contact": { "salutation": "Mr.", "title": "Dr.", "forename": "Max", "surname": "Mustermann", "companyname": "Musterfirma GmbH", "dob": "1981-02-03", "email": "muster@example.com", "phone": "+49 555 5555555", "mobile": "+49 170 5555555", "address": { "street": "Musterstr.", "street_number": "1a", "postal_code": "09999", "city": "Musterstadt", "country": "DE" } }, "project": "Musterfirma GmbH", "payout_account": { "iban": "DE27100777770209299700", "owner": "Musterfirma GmbH" } "payin_account": true, "payout_purpose": "Auszahlung example.com"}Request parameters in detail:
Field | Type | Meaning |
|---|---|---|
project | string | Projekt name; must be unique per marketplace or platform |
payout_account | object | Bank account of the merchant or the platform participant |
payout_account.owner | string | Account holder name in correct spelling |
payout_account.iban | string | Account IBAN |
payout_account.bic | string | Account BIC (only required for accounts not starting with βDEβ¦β) |
payin_account | boolean | Whether to create a |
payout_purpose | string | (Optional but recommended) Purpose that appears at the bank statement of the merchant or the platform participant Up to 100 characters; accepts only:
Regex: ^[0-9A-Za-z \/?:().,'+\-]{1,100}$ |
If everything is fine, the API responds with 200 OK and the needed details:
HTTP/1.1 200 OKContent-Type: application/json{ "merchant": { "object": "general.merchants", "id": "MRC_EDFUVDKYKY58CH0B70U73SFAGW0XOK" }, "contract": { "object": "general.contracts", "id": "GCR_7GDYFMMJ9SK75P2BJRRN6JA8Y0DSOJ" }, "apikey": "fc1aa3bed1b1608b2253fc407b96858d55121210"}After creation, the contract is locked for payouts. When the KYC process is finished and the contract is unlocked, you receive an automated push notification. This notification is described in the Reference section for Push Notifications.
The response object contains a contract ID (contract/id). You need to store this ID in the system. It is needed when you create transactions the orders.
Upload the Registration Documents
The documents accompanying the request can be uploaded with the HTTP multipart form-data method, or using a regular API request.
The Document Uploads can be accessed for up to twenty minutes. Please ensure that your application performs the file upload shortly before using the IDs in the following request.
Document Upload with Multipart Message
The endpoint for multipart message uploads is POST /api/v2/Document/Uploads with Content-Type: multipart/form-data:
POST /api/v2/Document/Uploads HTTP/1.1Host: connect-testing.secuconnect.comAuthorization: Bearer qb56tjj1bcvo9n2nj4u38k84loContent-Type: multipart/form-data; boundary=----Boundary7MA4YWxkTrZu0gWAccept: application/json----Boundary7MA4YWxkTrZu0gWContent-Disposition: form-data; name="Dummy file"; filename="dummy.pdf"Content-Transfer-Encoding: base64Content-Type: application/pdfJVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMg...GCg==----Boundary7MA4YWxkTrZu0gWIf you need to understand more about multipart data transmission, you can refer to https://en.wikipedia.org/wiki/MIME#Form-Data.
{ "object": "document.uploads", "id": "DUP_8Z092GGNK60KD94JPZFKYDS6C67X4C", "created": "2018-08-01T08:00:30+02:00"}Response parameters:
Field | Type | Meaning |
|---|---|---|
| string | Always |
| string | ID of uploaded file; needed for subsequent API requests |
| string | Date and time of the upload (ISO 8601) |
The file content is not contained in the object representation.
Document Upload with JSON Request
The endpoint for JSON uploads is POST /api/v2/Document/Uploads with Content-Type: application/json:
POST /api/v2/Document/Uploads HTTP/1.1Host: connect-testing.secuconnect.comAuthorization: Bearer qb56tjj1bcvo9n2nj4u38k84loContent-Type: application/jsonAccept: application/json{ "name": "Gewerbeanmeldung", "type": "application/pdf", "content": "JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMg...GCg=="}The parameters name and type are optional but recommended. The field content takes the Base64 encoded file.
The API responds with an representation of the created file object.
HTTP/1.1 200 OKContent-Type: application/json{ "object": "document.uploads", "id": "DUP_8Z092GGNK60KD94JPZFKYDS6C67X4C", "created": "2018-08-01T08:00:30+02:00"}Response parameters:
Field | Type | Meaning |
|---|---|---|
|
| Always |
|
| ID of uploaded file; needed for subsequent API requests |
|
| Date and time of the upload (ISO 8601) |
The file content is not contained in the object representation.
Create a Service Case
Having uploaded the files, we create the Service Case.
The endpoint for this is POST /api/v2/Services/Uploadidents:
POST /api/v2/Services/Uploadidents HTTP/1.1Host: connect-testing.secuconnect.comAccept: application/jsonContent-Type: application/jsonAccept-Charset: utf-8Authorization: Bearer b7ekfehla82elit67jk7n1ng00 { "contract_id": "GCR_7GDYFMMJ9SK75P2BJRRN6JA8Y0DSOJ", "documents": [ "DUP_8Z092GGNK60KD94JPZFKYDS6C67X4C", "DUP_37L1T9B3BYGVTJ759FOKXFFPJY0NVG" ]}If everything is fine, the API responds with 200 OK and the ticket ID:
HTTP/1.1 200 OKContent-Type: application/json{ "service_issue_id": 12345678}The response contains a service issue ID. It should be saved in your system. So it can be used to identify the ticket at secupay.
Check the Activation Status
Depending on the project setup, two push messages may be sent, one for the General Contract (GCR), and one for the Payment Contract (PCR). We recommend to work with the General Contract. The push messages work exactly like those familiar from the payment process except the object type.
After this, you need to read the General Contract to recognise whether it is approved or not:
GET /api/v2/General/Contracts/GCR_2JPUE9F2D7TTNJ3Z5R6V7Y9D8HB5FT HTTP/1.1Host: connect-testing.secuconnect.comAuthorization: Bearer qb56tjj1bcvo9n2nj4u38k84loAccept: application/jsonIf everything is fine, the API responds with 200 OK and the representation of the General Contract:
HTTP/1.1 200 OKContent-Type: application/json{ "object": "general.contracts", "id": "GCR_2JPUE9F2D7TTNJ3Z5R6V7Y9D8HB5FT", "id_old": 1015383, "approved": true, "merchant": { "object": "general.merchants", "id": "MRC_PTBGSDJPO0H024K2Q5FBOMD21UNATQ" }}The property "approved" tells, whether the contract can receive payments (true) or not (false).