This guide is for the deprecated Flex.API. If you are starting with a new integration, please refer to the Guide for the secuconnect API: Link
The general workflows for authorization is this:
The merchant obtains the available payment methods, and offers them to the customer.
The merchant creates a payment transaction with "payment_action": "sale", and directs the customer to the payment iframe. The customer only authorizes the payment here.
The merchant receives the customer back at the success URL.
The merchant prompts the customer for final closure, and then asks for capture, except for invoice payment.
If the payment status is accepted everything is ready for delivery. But it is also possible you need to wait for the payment.
If it is invoice payment, the merchant adds every delivery, and asks for capture together with the final delivery.
If something went wrong, the customer is directed to the failure URL. It is also possible, the customer is neither directed to the success URL nor to the failure URL.