Prerequisites
As a prerequisite, you should understand:
- secuconnect API Fundamentals
- Create the Smart Transaction
- Pay with Credit Card
- Pay with SEPA Direct Debit
You should also understand if you may have searched for Subscriptions.
Abstract
Your contract needs to be activated for recurring payments. Otherwise the subsequent payment with MIT cannot be authorised.
To use a credit card or SEPA direct debit for recurring payments, you must:
- Record the Payment Container ID;
- Reuse this very ID for subsequent payments;
- Mark the subsequent payment as Merchant Initiated Transaction (MIT).
The MIT flag currently only affects credit card payment. Subsequent Payments can be captured without customer interaction. The Strong Customer Authentication (SCA) by the Revised Payment Services Directive (PSD2) is omitted.
Make the First Payment
Imagine you have authorised the Smart Transaction for the first order by using this call, for example:
POST /api/v2/Smart/Transactions/STX_3Z8EUQX0A2PBHRJV9FRY7P56GEDZAK/prepare/creditcard HTTP/1.1
Host: connect-testing.secuconnect.com
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json
{
"container"
: {
"type"
:
"credit_card"
,
"private"
: {
"owner"
:
"Max Mustermann"
,
"pan"
:
"411111XXXXXX1111"
,
"expiration_date"
:
"2026-01-01T00:00:00+00:00"
,
"issuer"
:
"VISA"
,
"transact_container"
:
"o40dsmkQrRzPaVLP6iDEaRI+rNsBokbU6z1pRtMMzFjoHxcrht..."
,
"transact_skey_pubkey"
:
"oyLkX4oddKGWywQCwUYNr8wq9s3tuwq6FYL3fzsBSYaT5MRg..."
,
"transact_skey_keyname"
:
"weberpublic.pem"
,
"transact_hash"
:
"1f3053bc8efcd43d74997a2368738bac13bce651c3a6bae6ac90692..."
}
},
"callback_urls"
: {
"success_url"
:
"https://shop.example.com/payment/success?nonce=ciix8j3qbqffg8dcdc7b"
,
"failure_url"
:
"https://shop.example.com/payment/failure?nonce=ciix8j3qbqffg8dcdc7b"
}
}
If everything was fine, the API would have responded with something with 200 OK
and the updated Smart Transaction:
HTTP/1.1 200 OK
Content-Type: application/json
{
"object"
:
"smart.transactions"
,
"id"
:
"STX_3Z8EUQX0A2PBHRJV9FRY7P56GEDZAK"
,
// ...
"container"
: {
"object"
:
"payment.containers"
,
"id"
:
"PCT_3JU4VGYZF2XY8EJHH9FQ7WGYNZGJA4"
,
"type"
:
"credit_card"
},
"transactions"
: [
{
"object"
:
"payment.transactions"
,
"id"
:
"PCI_W026W643US3TWCGZA0AVZ248W8TSMW"
,
"trans_id"
: 123456789,
"transaction_hash"
:
"abcdefghijkl12345678"
}
],
"created"
:
"2023-12-07T15:55:58+01:00"
,
"updated"
:
"2023-12-07T15:56:16+01:00"
,
"status"
:
"created"
,
// ...
"payment_method"
:
"creditcard"
,
"trans_id"
: 123456789,
"iframe_url"
:
"https://securepay.epayworldwide.com/securepay2/pay.php?..."
,
// ...
}
For direct debit it would look similar but there is no 3-D Secure, and no iframe_url
. Credit card payments require a 3-D Secure check if not exempted. So the iframe_url
may be present or not. If auto_capture
is set, the payment would be captured immediately after successful authorisation.
Another important detail here is the Payment Container ID (container.id
). Your application must record and use this ID for the subsequent payments. It must only be used for this very person.
Payment Containers are used for both kinds of payments, credit card and SEPA direct debit. They can be created implicitly like in the above example, or with a previous call to POST /api/v2/Payment/Containers
.
You must save the Payment Container ID only, but not the details your have used inside container.private
when creating it.
This part of the process may also be hidden from you are for using Smart Checkout instead of a custom checkout. You must then read the Smart Transaction with GET /api/v2/Smart/Transactions/{id}
to obtain the Payment Container ID after the payment was authorised.
Make Subsequent Payments
The subsequent orders are merchant-initiated. Thus the Smart Transaction are marked with payment_context.merchant_initiated
now:
POST /api/v2/Smart/Transactions HTTP/1.1
Host: connect-testing.secuconnect.com
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json
{
// ...
"basket_info"
: {
"sum"
: 3685
},
"payment_context"
: {
"auto_capture"
:
true
,
"merchant_initiated"
:
true
}
}
With the call to authorise the payment, you would pass the Payment Container ID only instead of all the details:
POST /api/v2/Smart/Transactions/STX_HUXEQ5X302PBHTEYWP66F9AX0N44A4/prepare/creditcard HTTP/1.1
Host: connect-testing.secuconnect.com
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json
{
"container"
: {
"id"
:
"PCT_3JU4VGYZF2XY8EJHH9FQ7WGYNZGJA4"
,
},
"callback_urls"
: {
"success_url"
:
"https://shop.example.com/payment/success?nonce=ciix8j3qbqffg8dcdc7b"
,
"failure_url"
:
"https://shop.example.com/payment/failure?nonce=ciix8j3qbqffg8dcdc7b"
}
}
If everything is fine, the API responds again with 200 OK
and the updated Smart Transaction:
HTTP/1.1 200 OK
Content-Type: application/json
{
"object"
:
"smart.transactions"
,
"id"
:
"STX_HUXEQ5X302PBHTEYWP66F9AX0N44A4"
,
// ...
"container"
: {
"object"
:
"payment.containers"
,
"id"
:
"PCT_3JU4VGYZF2XY8EJHH9FQ7WGYNZGJA4"
,
"type"
:
"credit_card"
},
"transactions"
: [
{
"object"
:
"payment.transactions"
,
"id"
:
"PCI_54UPYB6SGWC7PQCBXHX99248W8UWMJ"
,
"trans_id"
: 123456791,
"transaction_hash"
:
"bcdefghijklm223456789"
}
],
"created"
:
"2023-12-07T16:58:34+01:00"
,
"updated"
:
"2023-12-07T17:00:40+01:00"
,
"status"
:
"ok"
,
// ...
"payment_method"
:
"creditcard"
,
"trans_id"
: 123456791,
// ...
}
The payment is authorised or already captured (if accompanied by the auto_capture
flag). Please check the payment status.