• France
status page
demonstrations
assistance
FAQContact support
Search
Categories
Tags
English
French
English
Homepage
Use cases
Create a payment
Create an installment payment
Create a multi-card (split) payment
Create a payment by Alias (Token)
Create a payment link
Create a recurring payment
Manage subscriptions
Manage your transactions (refund, cancel...)
Analyze your reports
API docs
Embedded Form
REST API
Hosted payment
Mobile payment
File exchange
Snippets
Payment methods
Plugins
Guides
Merchant Back Office
Functional guides

Payment with integrated authentication

The activation of these features is subject to prior approval by Sogecommerce.

Presentation

Le Web Service V4.1/PCI/Charge/CreatePayment permet aux marchands PCI-DSS d'effectuer un paiement en passant les informations de carte dans la requête.

Si nécessaire, le service authentifie le porteur de carte et renvoie les informations d'authentification à la fin du processus.

As a reminder, under the PSD2, it is mandatory to authenticate the cardholder via the 3D Secure protocol during e-commerce payments.

General principle

1. Adding , the JavaScript library , to your site : kr-authenticate.umd.js

2. Call the V4.1/PCI/Charge/CreatePayment Web Service to create an authentication session

3. , Initialization , of the JavaScript library by passing , the url , : operationUrl

  • This url is generated when the authentication session is created.

4. Executing the JavaScript library

  • The JavaScript library is responsible for executing all the actions required for authentication. It interacts with the ACS , the cardholder's bank's authentication server.

  • There are several authentication options, such as :

    • 3DS2 - Frictionless Authentication, without the 3DS Method
    • 3DS2 - Frictionless authentication, with the 3DS Method
    • 3DS2 - Challenge authentication, without the 3DS Method
    • 3DS2 - Challenge authentication, with the 3DS Method

  • More info: Tests and use cases.

5. Analyze the payment result from the notification: Instant Payment Notification (IPN).

  • The IPN is a server-to-server notification to get the payment result.

You must allow the IP address range 194.50.38.0/24 on your server to be notified.

  • More info: URL notification at end of payment.

Managing timeouts

La durée de la session de paiement est fixée à 10 minutes. Au bout de ce délai, si l'IPN n'a pas été configurée par le marchand, il est recommandé de faire un appel au Web Service "Order/Get" pour obtenir le résultat du paiement.

Specific use cases:

In the following cases, if the merchant is not registered for the 3D Secure program or if the payment is not an e-commerce payment (e.g.: MOTO), the call to the PCI/Charge/CreatePayment Web Service, directly returns an object Payment.

Detailed flowchart

The following diagram details a generic payment scenario with authentication: initial call to the service, creation of a session identifier, interaction with the ACS, final authentication result and end of payment.

CLIENT

Browser

iFrame

Merchant server

Payment gateway server

Remote server (e.g.: ACS)

undefined

© 2024 {'|'} All rights reserved to Sogecommerce
2.91.0-doc-1.11