Payment Process

The payment process consists of two steps:

  1. Authorisation

  2. Capture

Advance payment (prepaid) does not have a separate authorisation. Using invoice payment you can include the authorisation in the capture.

The authorisation is initiated by a call to POST /prepare/{method}. Status approved means the payment is authorised and you should be able to capture it. Status failed means you must repeat the payment process. You must also repeat the payment process when you update the Smart Transaction. It is then set back to created.

The authorisation may also involve a risk check, for instance a 3-D Secure check or the PayPal authorisation. In the status stays unchanged at created, and there is an iframe_url for the external authorisation. The customer is directed back to the success_url or failure_url passed with /prepare after successful or failed authorisation.

Despite its name, you should not open the iframe_url within an Iframe ( <iframe> ):

  • It is forbidden to conduct a Sofort payment within an Iframe. (s. link to Sofort Integration Center)

  • 3-D Secure checks can leave the Iframe and switch to full-screen. In this case, the success (success_url) or failure URL (failure_url) of the shop is not opened inside the Iframe, but in the uppermost browser window (DOM window.top).

  • Some popular browsers have very strict same-origin restrictions for third party content, so that Cookie technology will not work inside Iframes. Most external authorisation flows cannot be completed.

The capture follows the successful authorisation. It is done by calling POST /start. Status ok, received or collection means you can deliver. Status pending means you have to wait for one of these statusses. Status failed means the payment failed, and you must repeat the payment process.

These are the API calls without auto-capture:


Authorisation

Capture

Details

Direct Debit

/prepare/debit

/start

  • pass bank details or Payment Container ID

  • mandate ID sent by email

Invoice Payment

/prepare/invoice

/start

  • /prepare/invoice includes risk analysis

  • /start is unlikely to fail


/start/invoice

  • /start includes risk analysis

Advance Payment


/start/prepaid

  • should not fail

Credit Card

/prepare/creditcard

/start

  • pass data from FE integration or Payment Container ID

  • pass return URLs for success and failure for 3-D Secure check

  • may direct to 3-D Secure check (controlled by card issuer bank)

PayPal Payment

/prepare/paypal

/start

  • pass return URLs for success and failure

  • creates PayPal Order or Subscription

  • directs to PayPal checkout

  • can receive more details from PayPal if needed

With auto-capture the capture is made immediately after successful authorisation without a separate API call:


Authorisation and Capture

Details

Direct Debit

/prepare/debit

  • pass bank details or Payment Container ID

  • mandate ID sent by email

Invoice Payment

/prepare/invoice

  • both calls have the same effect

/start/invoice

Advance Payment

/start/prepaid

  • should not fail

Credit Card

/prepare/creditcard

  • pass data from FE integration or Payment Container ID

  • pass return URLs for success and failure for 3-D Secure check

  • may direct to 3-D Secure check (controlled by card issuer bank)

PayPal Payment

/prepare/paypal

  • pass return URLs for success and failure

  • creates PayPal Order or Subscription

  • directs to PayPal checkout

  • can receive more details from PayPal if needed

The next sections explain the process for each payment method.