Prerequisites
As a prerequisite, you should understand:
Make the Payment
Mastercard Pay by Bank is an Account Information and Payment Initiation Service provided by Mastercard Open Banking, formerly known as Aiia.
In order to conduct the payment, you must follow this process:
- Your server asks the secuconnect API to authorise and capture the payment.
- You direct the payer to a URL provided in the Smart Transaction.
- The payer is returned to a success or failure URL, your server has provided before.
To this your server needs to respond accordingly. There is also a push notification for the case the payer is not returned.
The transaction is always captured with the authorisation, even if "auto_capture"
is set to false
. Payment Initiation Services such as Mastercard Open Banking, klarna Sofort, giropay or eps do not have a two-step process by nature.
The endpoint to start authorisation and capture is POST /api/v2/Smart/Transactions/{id}/prepare/aiia
:
POST /api/v2/Smart/Transactions/STX_WBVJKK82Y2X3MKHN3NZCPAAF6C38AJ/prepare/aiia HTTP/1.1
Host: connect-testing.secuconnect.com
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json
{
"callback_urls"
: {
"success_url"
:
"https://shop.example.com/payment/success?nonce=ciix8j3qbqffg8dcdc7b"
,
"failure_url"
:
"https://shop.example.com/payment/failure?nonce=ciix8j3qbqffg8dcdc7b"
}
}
The two URLs are passed to Mastercard Open Banking. We will direct your customer to one of these URLs:
- after the payment was accepted (
success_url
) or - after the payment was aborted or failed (
failure_url
).
If everthing is fine, the API responds with 200 OK
and a respresentation of the Smart Transaction:
HTTP/1.1 200 OK
Content-Type: application/json
...
{
"object"
:
"smart.transactions"
,
"id"
:
"STX_WBVJKK82Y2X3MKHN3NZCPAAF6C38AJ"
,
// ...
"transactions"
: [
{
"object"
:
"payment.transactions"
,
"id"
:
"PCI_D2V9XT02E24R1G65FS7ODG6O8CFCPE"
,
"trans_id"
: 92190140,
"transaction_hash"
:
"tupwnrzusfuv8899618"
}
],
// ...
"created"
:
"2024-06-12T10:52:34+02:00"
,
"updated"
:
"2024-06-12T10:52:51+02:00"
,
"status"
:
"created"
,
// ...
"payment_method"
:
"aiia"
,
"trans_id"
: 92190140,
"iframe_url"
:
"https://app-sandbox.aiia.eu/#/pay/20240612.ab1c23defg45hijklmnopqrst6"
,
// ...
}
You need to direct the customer to iframe_url
now, in order to make the payment.
Despite its name, you should not open the iframe_url
within an Iframe (<iframe>
):
- It is forbidden to conduct a Sofort payment within an Iframe. (s. link to Sofort Integration Center)
- 3-D Secure checks can leave the Iframe and switch to full-screen. In this case, the success (
success_url
) or failure URL (failure_url
) of the shop is not opened inside the Iframe, but in the uppermost browser window (DOMwindow.top
). - Some popular browsers have very strict same-origin restrictions for third party content, so that Cookie technology will not work inside Iframes. Most external authorisation flows cannot be completed.
After this you will normally receive him back at one of the URLs you have passed with the request. If the payment was accepted, and the success_url
is called, the status of the Smart Transaction changes to ok
. See the sections about the status flow, and how to check the status in order to understand more.
See Also
Further information:
- Customer Details per Payment Method
- Obtain the Available Payment Methods
- Push Notifications for Payments
Other payment methods: