Pay with Sofort


As a prerequisite, you should understand:

Make the Payment

A klarna Sofort payment works in principle the same way like giropay, or eps. It is processed like this:

  1. Your server asks the secuconnect API to authorise and capture the Sofort payment.

  2. You direct the payer to an URL provided in the Smart Transaction.

  3. The payer is returned to a success or failure URL, your server has provided before.

To this your server needs to respond accordingly. There is also a push notification for the case the payer is not returned.

The transaction is always captured with the authorisation, even if "auto_capture" is set to false. Payment Initiation Services (PIS) such as Sofort, giropay or eps do not have a two-step process by nature.

Always test Sofort payments with 88888888 (eight times 8) as IBAN or BIC. Otherwise, the payment will be executed even if the transaction was created in demo mode or on our test servers. Please make sure this is considered when working with demo transactions or on test servers.

The endpoint to authorise and capture a Sofort payment is POST /api/v2/Smart/Transactions/{id}/prepare/sofort :

POST /api/v2/Smart/Transactions/STX_WBVJKK82Y2X3MKHN3NZCPAAF6C38AJ/prepare/sofort HTTP/1.1
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json
"callback_urls": {
"success_url": "",
"failure_url": ""

The two URLs are passed to Sofort. We will direct your customer to one of these URLs:

  • after the Sofort payment was accepted (success_url) or

  • after the Sofort payment was aborted or failed (failure_url).

If everthing is fine, the API responds with 200 OK and a respresentation of the Smart Transaction:

HTTP/1.1 200 OK
Content-Type: application/json
"object": "smart.transactions",
// ...
"updated": "2021-04-14T10:14:41+02:00",
"status": "created",
// ...
"payment_method": "sofort",
"trans_id": 34029564,
"iframe_url": "https:\/\/\/payment\/go\/4e1f08c1b85dc4ea442cec44954fb14dd59dfe6d",
// ...

You need to direct the customer to iframe_url now, in order to make the payment.

Despite its name, you must not open the iframe_url within an Iframe ( <iframe> ):

  • It is forbidden to conduct a Sofort payment within an Iframe. (s. link to Sofort Integration Center)

  • Some popular browsers have very strict same-origin restrictions for third party content, so that Cookie technology will not work inside Iframes. Most external authorisation flows cannot be completed.

After this you will receive him back at one of the URLs you have passed with the request. If the payment was accepted, and the success_url is called, the status of the Smart Transaction changes to pending. See the sections about the status flow, and how to check the status in order to understand more.