Host2Host Integration

Introduction

This section explains the steps to follow to perform the Host2Host integration (hereinafter H2H). This integration consists of sending requests directly from your e-commerce platform to the endpoint provided by Addon Payments (AP). In this integration, the merchant must create its own form/cashier.

For requests in this section that involve sending card data from your platform, it is the merchant’s responsibility to be aware of the PCI DSS certification requirements.

The parameters, operations and procedures may vary between the different payment solutions and services. This guide shows those shared by the majority of the payment solutions. If you need other use cases, don’t hesitate to contact our support team.

The following links will help you during your integration:

Glossary, to familiarize you with the concepts we will use throughout the documentation.
Postman, to test the operations of this integration.
SDKs, complete tool to integrate Addon Payments in a fast, flexible and easy way.

We hope this guide is helpful.

Host2Host integration workflow

Below is a diagram of how Host2Host integration works.

To sum it up, H2H integration follows this flow:

The customer wants to perform a payment.
The merchant perform a Direct Payment H2H request. Encrypting the parameters using the Addon Payments Encryption algorithm.
Addon Payments processes the request, building and validating the payment transaction against the acquirer or payment solution platform.
Addon Payments executes the payment.
Addon Payments gets the payment response.
AddonPayments handles the payment response. Remember that it could requires some customer redirection, only if it is required.
AddonPayments returns the payment response to the merchant.
Merchant get the response and return the customer to its final result page.

Environments and endpoints: staging and production

Addon Payments offers two (2) separate operating environments:

Staging environment:

- This is the first environment you will use.
- There is a list of cards to use for testing the system, simulating transactions of various operations, authentication types (frictionless, challenge) and results (authorized, declined).
- This will allow you to make sure that the different situations are handled properly by your integration.
- Real cards and accounts don’t work.

Production Environment:

- In this environment, transactions are real.
- You can only use real, operational cards and accounts.

This is a table with the endpoints where to send the request according to the environment where you operate:

Environment	URL
Staging	https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/pay
Production	https://checkout.addonpayments.com/EPGCheckout/rest/online/pay

Required and optional data (H2H)

These are the common parameters for the different H2H operations in card payments: authorisation, pre-authorisation, card validation, tokenisation, subscription plan registration, subscription payment and payouts.

Plus, we recommend you visit our 3DSecure section to add additional fields to the payment process. These optional data fields enrich the payment request and can facilitate the authentication process.

The type column shows whether the element is Required (R) or Optional (O):

Field	Format	Type	Description	Example
merchantId	Whole number 4~7 digits	R	Your merchant’s ID on the AP platform. Provided by Support in the welcome email. It is the same for both environments	14983
productId	Whole number 6~11 digits	R	Product ID created on your AP merchant. You’ll find it in the welcome email.	149830
paymentSolution	Alphanumeric Max 45 characters	R	Name of the payment solution to process the transaction. IMPORTANT: If you don’t want all the payment solutions you have available to be shown, do NOT send this parameter.	creditcards
operationType	Alphanumeric Max 45 characters	R	Shows type of operation to carry out. Values admited: – debit (default): Payment transaction. That is, cash travels from the customer’s account to the merchant. – credit: Deposit transaction to the customer’s account. That is, cash travels from the merchant to the customer’s account. For example, in the payment of a prize. Not to be confused with returns. These have their own type of transaction.”	debit
merchantTransactionId	Alphanumeric Max 45 characters	R	This is the unique identifier of the merchant’s transaction. It is used by your platform to link the notifications received with the customer’s order.	order_91684
amount	Numerical with decimals 0~1000000.00	R	Amount of the transaction. If the amount has decimals, the separator is a dot (.). The separator cannot be included in the thousands.	127.5
currency	Alphabetical 3 characters ISO-4217.3	R	Currency of the transaction	EUR
country	Alphabetical 2 characters ISO 3166-1 alfa-2	R	Country from which the transaction is sent	ES
customerId	Alphanumeric Max 80 characters	R	Customer ID in your e-commerce platform. – To save the customer’s card, use the “forceTokenRequest” parameter, with value “true” to save the token and “false” not to. – To show or hide the option to remember the customer’s card, use the “showRememberMe” parameter, with value “true” to show it and “false” to hide it.	A34623
cardNumber	Numerical max 19 digits.	R	Card PAN. Must pass the Luhn Check algorithm.	4907270002222227
expDate	Numerical 4 digits MMYY format, months MM and year YY.	R	Card expiry date.	0623
cvnNumber	Numerical 3 to 4 digits.	R	CVC on the card.	123
chName	Alphanumeric Max 100 characters	R	Full name of the card holder. First and last names are separated by spaces. UTF-8 is supported.	Pablo Ferrer
statusURL	Alphanumeric (characters allowed in URL) Max. 2048 characters	R	URL of your e-commerce platform where AP will send the notification with the status of the transaction. If it is sent in the request, it will take priority over the one configured in the Addon Payments BackOffice Portal. If it is not sent in the request, the customer will be redirected to the URL configured in the administration module.	https://www.example.com/status
successURL	Alphanumeric (characters allowed in URL) Max. 2048 characters	R	URL of your platform to which the customer is redirected if the transaction is authorized. If it is sent in the request, it will take priority over the one configured in the Addon Payments BackOffice Portal. If it is not sent in the request, the customer will be redirected to the URL configured in the administration module.	https://www.example.com/success
errorURL	Alphanumeric (characters allowed in URL) Max. 2048 characters	R	URL of your platform to which the customer is redirected if the transaction is declined. If it is sent in the request, it will take priority over the one configured in the Addon Payments BackOffice Portal. If it is not sent in the request, the customer will be redirected to the URL configured in the administration module.	https://www.example.com/error
cancelURL	Alphanumeric (characters allowed in URL) Max. 2048 characters	R	URL of your platform to which the customer is redirected if the transaction is cancelled during the payment process. If it is sent in the request, it will take priority over the one configured in the Addon Payments BackOffice Portal. If it is not sent in the request, the customer will be redirected to the URL configured in the administration module.	https://www.example.com/cancel
awaitingURL	Alphanumeric (characters allowed in URL) Max. 2048 characters	R	URL of your platform to which the customer is redirected if the transaction is pending processing. If it is sent in the request, it will take priority over the one configured in the Addon Payments BackOffice Portal. If it is not sent in the request, the customer will be redirected to the URL configured in the administration module.	https://www.example.com/awaiting
customerEmail	Alphanumeric Max 100 characters	R*	Cardholder’s email. European merchants: required for SCA *customerEmail or telephone must be sent. Only 1 of those paramaters is mandatory	correo@ejemplo.com
telephone	Alphanumeric Max 45 characters	R*	International prefix + Cardholder’s phone number. Can be mobile, work or home phone number. European merchants: required for SCA *customerEmail or telephone must be sent. Only 1 of those paramaters is mandatory	34600600600
forceTokenRequest	Boolean – true – false	O	Indicates whether or not to save the customer’s card token. If you do not want to save the card, use “false”.	false
rememberMe	Boolean – true – false	O	Indicates whether or not to save the customer’s card data. “true” to save the data and ‘false’ not to save the data.	false
language	ISO 639-1 code	O	Language to be displayed on the customer checkout. Currently, it is only available in Spanish (ES) and English (EN).	EN
referenceId	Alphanumeric 12 characters	O	Variable reference for merchants requiring FB500 reconciliation files.	SM1258X795WW
merchantParams	Key1:Value1;Key2:Value2;KeyN:ValueN Max 500 characters	O	Parameters that are sent to modify the mechant configuration or the processing of a transaction. They are received back within the tag. Does not support special characters	name:pablo;surname:ferrer;clientid:12345
printReceipt	Boolean	O	Show the end customer a receipt in the redirection process optional type.	True
autoCapture	Boolean	O	Establishes whether the transaction will be an authorization or pre-authorization. In the latter case, it requires a subsequent capture or release by the merchant.	True
type	Alphanumeric: MOTO ECOM	O	Sets whether the payment request is e-commerce or MO/TO type. If not included, it is e-commerce type by default.	ECOM
city	Alphanumeric Max 100 characters	O	City of cardholder. European merchants: optional for SCA	Barcelona
chCountry	2 characters ISO 3166-1 alfa-2	O	ISO 3166-1 alfa-2 code of cardholder’s country. European merchants: optional for SCA	ES
addressLine1	Alphanumeric Max 250 characters	O	First line of cardholder’s address. European merchants: optional for SCA	Calle Romero 123
addressLine2	Alphanumeric Max 50 characters	O	Cradholder’s zip code. European merchants: optional for SCA	08001
state	Alphanumeric Max 45 characters	O	State or province of the cardholder. European merchants: optional for SCA	Barcelona

Card payments

Your platform has to send several parameters and their respective values in order to generate a valid request to send to AP. In each request and use case you will have a sample request, a table with the required and optional parameters and a sample response.

A list of response/error codes is available on this page.

Authorization

Below is an example of the basic fields for sending requests from your ecommerce platform.

Plus, we recommend you visit our 3DSecure section to add additional fields to the payment process. These optional data fields enrich the payment request and can facilitate the authentication process.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request section for more information.

This is a sample request for authorization of a card payment, the first as a string and the second as cURL. Remember that the string must pass the encryption process.

				
					merchantId=12345&merchantTransactionId=00000001&amount=10
.00&currency=EUR&country=ES&customerId=000001&paymentSolution
=creditcards&statusURL=https://micomercio
.com/recepcion_notificacion.php&successURL
=https://micomercio.com/url-ok.php&errorURL
=https://micomercio.com/url-ko.php&cancelURL
=https://micomercio.com/url-cancelacion.php&chName=Nombre
+Apellido&cardNumber=4907270002222227&expDate=1234&cvnNumber=123

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/pay' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: 0Pn6pDEm73YvekNKUJcvwg==' \
--form 'merchantId="12345"' \
--form 'encrypted="YhkE2nrG1vmWRxNnMxWtbqDHsi/+FQs2AfPJBBHwIYOG3JCagem6DSb+R+63D5+NT/FQzI0Agb69XWtT8WJ9qAdyNFHE6Hn+Hya57tJy2vABHzY718FIygsQXguzOX71j02MBW57Dh299/0sAvv6I9XFOxL7VnnLQsqr1YhPR+Zri9HZdlhZFMaXdKDWIoo0vyp5nKInCV2Gx3wpnmXsctM6/fV4fGEhKCnpIyLy8BT+GSx0f5TkdmwPAccU0m1OdFQy+c/w+ZxdLvB+MePPnAp6Q/ieTrW0tNFOz1Sz1xwJbHygF4CVBFJB5kZsJyQABpgj2hjbhYqMJ4PhjIH6unGEEgxMWjqX7VebSsmn/C1uzwvOFum7/Ykrwh2V1mcIldXBWTlwqIUmuR8ltCNLszWTXQKv+LKvVLjXZhKV4JUnubrfgP/SAoL1Sr5IpvfGKf0V8m7WUl6M5+LjrBTmZ9ZP2QFr2AZ3Dbn+bxcIVPaGGyg2kBBcOfx1ylrhg53nG2evwuAborzvFSQO3IslRCtBAuJVaSzRavzdNBtZXjzS2D5hF1TUlut+p3/9WUaInomL4o17lyYZds2eQ48hNGO8O8EmnDzTfveqZUASpII=”' \
--form 'integrityCheck="06c928531469eb314c609e9a565567afecae69e644ba0e8cc49c612b6bf35e83"'

Once the POST is sent to Addon Payments, you will receive a redirect URL in a first response in the field “redirectionResponse”:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="2">
	<message>WorkFlow has finished successfully, for transaction Id: 7702702</message>
	<operations>
		<operation sorted-order="1">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Exemptions has been removed</message>
			<operationType>DEBIT</operationType>
			<service>TRA</service>
			<status>SUCCESS</status>
			<transactionId>7702702</transactionId>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>3bf8a522_116e_41f6_b0a1_e0a512f5dbfd</uuid>
			</respCode>
		</operation>
		<operation sorted-order="2">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Starting 3DSecure 2.0 process.</message>
			<operationType>DEBIT</operationType>
			<optionalTransactionParams/>
			<originalTransactionId>7702702</originalTransactionId>
			<paymentDetails>
				<cardHolderName>Nombre Apellido</cardHolderName>
				<extraDetails>
					<entry>
						<key>threeDSMethodData</key>
						<value>eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjFmMjc4OWQyLTJmYTYtNDNmMC04MzNhLTdmOGY2ZWYxNGFjOCIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIjogImh0dHBzOi8vY2hlY2tvdXQuc3RnLWV1LXdlc3QzLmVwZ2ludC5jb20vRVBHQ2hlY2tvdXQvY2FsbGJhY2svZ2F0aGVyRGV2aWNlTm90aWZpY2F0aW9uL3BheXNvbC8zZHN2Mi8xMDAyNTQ3In0=</value>
					</entry>
					<entry>
						<key>threeDSv2Token</key>
						<value>1f2789d2-2fa6-43f0-833a-7f8f6ef14ac8</value>
					</entry>
				</extraDetails>
			</paymentDetails>
			<redirectionResponse>redirect:https://checkout.stg-eu-west3.epgint.com/EPGCheckout/rest/online/3dsv2/redirect?action=gatherdevice&amp;params=eyJ0aHJlZURTdjJUb2tlbiI6IjFmMjc4OWQyLTJmYTYtNDNmMC04MzNhLTdmOGY2ZWYxNGFjOCIsInRocmVlRFNNZXRob2RVcmwiOiJodHRwczovL21vY2stZHMuc3RnLWV1LXdlc3QzLmVwZ2ludC5jb20vcHVibGljL21ldGhvZC1kYXRhLyIsInRocmVlRFNNZXRob2REYXRhIjoiZXlKMGFISmxaVVJUVTJWeWRtVnlWSEpoYm5OSlJDSTZJakZtTWpjNE9XUXlMVEptWVRZdE5ETm1NQzA0TXpOaExUZG1PR1kyWldZeE5HRmpPQ0lzSUNKMGFISmxaVVJUVFdWMGFHOWtUbTkwYVdacFkyRjBhVzl1VlZKTUlqb2dJbWgwZEhCek9pOHZZMmhsWTJ0dmRYUXVjM1JuTFdWMUxYZGxjM1F6TG1Wd1oybHVkQzVqYjIwdlJWQkhRMmhsWTJ0dmRYUXZZMkZzYkdKaFkyc3ZaMkYwYUdWeVJHVjJhV05sVG05MGFXWnBZMkYwYVc5dUwzQmhlWE52YkM4elpITjJNaTh4TURBeU5UUTNJbjA9IiwiYnJhbmQiOiJWSVNBIiwicmVzdW1lQXV0aGVudGljYXRpb24iOiJodHRwczovL2NoZWNrb3V0LnN0Zy1ldS13ZXN0My5lcGdpbnQuY29tL0VQR0NoZWNrb3V0L3JldHVybnVybC9mcmljdGlvbmxlc3MvcGF5c29sLzNkc3YyLzEwMDI1NDc/dGhyZWVEU3YyVG9rZW49MWYyNzg5ZDItMmZhNi00M2YwLTgzM2EtN2Y4ZjZlZjE0YWM4IiwicmVuZGVyQ2FzaGllckxvY2F0aW9uIjoiaHR0cHM6Ly9lcGdqcy1yZW5kZXJjYXNoaWVyLXN0Zy5lYXN5cGF5bWVudGdhdGV3YXkuY29tIiwiY2hhbGxlbmdlV2luZG93c1NpemUiOiIwNSJ9</redirectionResponse>
			<service>3DSv2</service>
			<status>REDIRECTED</status>
			<transactionId>1002547</transactionId>
			<respCode>
				<code>8100</code>
				<message>Frictionless requires</message>
				<uuid>6da05aff_17e9_4565_bd1b_bba132bf2050</uuid>
			</respCode>
			<mpi>
				<acsEndProtocolVersion>2.2.0</acsEndProtocolVersion>
				<acsStartProtocolVersion>2.1.0</acsStartProtocolVersion>
				<dsEndProtocolVersion>2.2.0</dsEndProtocolVersion>
				<dsStartProtocolVersion>2.1.0</dsStartProtocolVersion>
				<threeDSMethodURL>https://mock-ds.stg-eu-west3.epgint.com/public/method-data/</threeDSMethodURL>
			</mpi>
		</operation>
	</operations>
	<status>SUCCESS</status>
	<workFlowResponse>
		<id>31380</id>
		<name>debit creditcards (TRA)</name>
		<version>0</version>
	</workFlowResponse>
</response>

To learn more about when to redirect the client, visit the Redirecting customer section.

Authorisation request parameters

The required/mandatory and optional parameters are listed in this table.

Response

Visit our section on Managing notifications to learn more about its structure.

This is an example of a payment response for an authorized frictionless operation:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="3">
	<message>WorkFlow has finished successfully, for transaction Id: 7702702</message>
	<operations>
		<operation sorted-order="1">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Invalid threeDSv2Token.</message>
			<operationType>DEBIT</operationType>
			<service>3DSv2</service>
			<status>ERROR3DS</status>
			<transactionId>7702702</transactionId>
			<respCode>
				<code>3015</code>
				<message>Frictionless request not received. Invalid token.</message>
				<uuid>1f83d761_1a9d_4445_a3db_403c24ed99fd</uuid>
			</respCode>
		</operation>
		<operation sorted-order="2">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>3dsv2 - processed</message>
			<operationType>DEBIT</operationType>
			<paymentDetails>
				<cardNumberToken>5774655584592227</cardNumberToken>
				<extraDetails/>
			</paymentDetails>
			<service>3DSv2</service>
			<status>SUCCESS3DS</status>
			<transactionId>7702702</transactionId>
			<respCode>
				<code>8000</code>
				<message>Successful authentication</message>
				<uuid>28d943be_e311_4889_a810_dfa699c1d200</uuid>
			</respCode>
			<mpi>
				<acsTransID>aac563ad-8e2a-4139-916a-1999d489ccdb</acsTransID>
				<authMethod>01</authMethod>
				<authTimestamp>202310231538</authTimestamp>
				<authenticationStatus>Y</authenticationStatus>
				<cavv>AJkBB4OBmVFmgYFYFIGZAAAAAAA=</cavv>
				<eci>05</eci>
				<messageVersion>2.2.0</messageVersion>
				<threeDSSessionData>MWYyNzg5ZDItMmZhNi00M2YwLTgzM2EtN2Y4ZjZlZjE0YWM4</threeDSSessionData>
				<threeDSv2Token>1f2789d2-2fa6-43f0-833a-7f8f6ef14ac8</threeDSv2Token>
			</mpi>
			<paymentCode>nsY1</paymentCode>
			<paymentMessage>Authenticated successfully</paymentMessage>
		</operation>
		<operation sorted-order="3">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<details>{"resultCode":"00000","resultDescription":"OK","values":{"rfTransactionCurrency":"EUR","rfRTS":"355534686 790190 836550 231023173838","rfContactlessLogo":"false","rfOperationType":"Settle","rfAuthMode":"On","rfDataEntryMode":"Manual","rfCardHolderVerificationMode":"No","rfFuc":"355534686","rfTerminalID":"00000500","rfProcessor":"Redsys","rfMerchantName":"Pruebas Addon 25","rfMerchantCity":"BARCELONA","rfMerchantPostalCode":"08014","rfMerchantAddress":"GRAN VIA DE LES CORTS CATALANE, 159 PLANTA 7","rfMaskedPan":"************2227","rfOperationDateTime":"23/10/23 17:38:38","rfTerminalOperationNumber":"1136","rfAuthNumber":"869421","rfTransactionAmountCurrency":"10,00 EUR","rfProcessorMessage":"","rfPrintSignatureBox":"false","rfCardPresent":"true","rfReferenceId":"1136","posTransactionToken":"{\"pucIdMsg\":\"1200\",\"pucP3ProcessCode\":\"000000\",\"pucP4OriginalAmount\":\"000000001000\",\"pucP11TransactionNumber\":\"836550\",\"pucP12LocalDateTime\":\"231023173838\",\"pucP22ServicePointData\":\"1U00506K3000\",\"pucP38AuthNumber\":\"869421\",\"pucP39ActionCode\":\"000\",\"pucP53SecurityControlInfo\":\"0102000001000000\",\"pinpadId\":\"1440\",\"pinpadAcquirerId\":\"00000500\",\"pinpadManufacturer\":null,\"pinpadModel\":null,\"pinpadSerialNumber\":null,\"pinpadSoftwareName\":null,\"pinpadSoftwareVersion\":null,\"pinpadKernelEmv\":null,\"pinpadVccStrip\":null,\"pinpadVerPup\":null,\"pinpadPciStage\":null,\"pinpadVerEmvParams\":null,\"pinpadEmvType\":null,\"pinpadCapabilities\":null,\"pinpadLanguage\":null,\"transactionType\":\"O\",\"transactionContactless\":\"0\",\"transactionDcc\":\"0\",\"transactionDccComission\":null,\"transactionDccExchangeRate\":null,\"transactionDccMarkUp\":null,\"transactionDccEntity\":null,\"transactionDccBceExchangeRate\":null,\"transactionDccBceMarkUp\":null,\"transactionPanSequenceNumber\":null,\"transactionTerminalOperationNumber\":\"1136\",\"transactionResponseCode\":null,\"transactionCurrency\":\"978\",\"transactionFuc\":\"355534686\",\"cardMaskedPan\":\"************2227\",\"cardAid\":null,\"cardDdfName\":null,\"cardApplicationLabel\":null,\"cardCypherData\":null}","OperationResult":"000"},"threeDsProtocolVersion":"2.2.0"}</details>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Success 'Settle' operation</message>
			<operationType>DEBIT</operationType>
			<optionalTransactionParams/>
			<paySolTransactionId>355534686 790190 836550 231023173838</paySolTransactionId>
			<paymentDetails>
				<cardHolderName>Nombre Apellido</cardHolderName>
				<cardNumber>490727****2227</cardNumber>
				<cardNumberToken>5774655584592227</cardNumberToken>
				<cardType>VISA/CREDIT OR DEBIT</cardType>
				<expDate>1234</expDate>
				<extraDetails>
					<entry>
						<key>cardCategory</key>
						<value>Not Available</value>
					</entry>
					<entry>
						<key>rememberMe</key>
						<value>true</value>
					</entry>
				</extraDetails>
				<issuerBank>SERVIRED MASTERCARD INTERNACIONAL</issuerBank>
				<issuerCountry>ES</issuerCountry>
			</paymentDetails>
			<paymentMethod>19900</paymentMethod>
			<paymentSolution>caixapucpuce</paymentSolution>
			<status>SUCCESS</status>
			<transactionId>7702702</transactionId>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>3bf8a522_116e_41f6_b0a1_e0a512f5dbfd</uuid>
			</respCode>
			<authCode>869421</authCode>
			<mpi>
				<eci>05</eci>
			</mpi>
			<paymentCode>000</paymentCode>
			<paymentMessage>Operación finalizada con éxito</paymentMessage>
		</operation>
	</operations>
	<optionalTransactionParams/>
	<status>SUCCESS</status>
	<workFlowResponse>
		<id>31380</id>
		<name>debit creditcards (TRA)</name>
		<version>0</version>
	</workFlowResponse>
</response>

Pre-authorization

Pre-authorizations are a two-step payment method. The operation is sent with “false” in the “autoCapture” parameter. The customer experience is the same as any other payment.

After the customer authorizes the transaction, the funds are put on hold in their account or card balance. The merchant has 30 days to confirm or decline the pre-authorization. However, payment is not ensured after 7 days. It is important to note that the merchant doesn’t receive the funds from the pre-authorization until it is confirmed.

Pre-authorizations, if the transaction is authorized, will show a “Pending” status. You can manually release or capture these transactions in the Addon Payments BackOffice Portal. You can also do it using an H2H request to capture or release the amount, as you’ll see in this guide.

In addition, we recommend that you visit our 3DSecure section in order to add additional fields to the payment process. These optional data enrich the payment request and can facilitate the authentication process

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request for more information.

This is a sample request for pre-authorization of a card payment, the first as a string and the second as cURL. Remember that the string must pass the encryption process.

				
					merchantId=12345&merchantTransactionId=00000001&amount=10
.00&currency=EUR&autoCapture=false&country=ES&customerId=000001&paymentSolution
=creditcards&statusURL=https://micomercio
.com/recepcion_notificacion.php&successURL
=https://micomercio.com/url-ok.php&errorURL
=https://micomercio.com/url-ko.php&cancelURL
=https://micomercio.com/url-cancelacion.php&chName=Nombre
+Apellido&cardNumber=4907270002222227&expDate=1234&cvnNumber=123

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/pay' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: uuwmiVsCoUrMGHBmR81DTA==' \
--form 'merchantId="12345"' \
--form 'encrypted="uMtfmrDsqkyx+motjz8s8Z8Mx9i0JXLkf8+b/OpNWroJ998QmIZ7chx2itDGTviHHkp4gN7+sbNVjkCb/xEghJvvo2SMTSzgQdGYz/5ThYQL9GcezTXslpl+xGc5xz/Q0NkQ2aF0+Te/Zhqjf982zjcoNGsh5+AA5dfDlPZMEQ3FsJNuz+EaARB9E2pDu38r3e7nG+7iE7HrwcnGQp4WAPNrvRz2ySZlDr2hZ/5sYctDz7ySviVpi90xH1A90f7VDp0qgJRshHxkJAmIF4JLjk2gi6RfYNa/cuT9E3v6UppEdQVYIghSQwzcqXGLsWynNtRET9yr7owgdWDZvXprsLURTZfBtHk5s0i/KZ8E3Zkd2DG5gQwLbQ+2J3VAyY+wcbJ9imN5z8LXVQreXNNuQ3zFrwE4gFear27R6HYpewLUcpo2SUppO9sbg2rHXm6LazYjZAYbdt61fHXLwP/+iopRuqk5xe20P2/fUQxn1d1tHFKyhsKmIGNQ1N9+A8zd/UZfItlJzF9KajVfcog2CO8msCiR2/96jts0pg/WD1czDC5pxcOjh/T3dxP3w04DHE+cZNMXXQ/vLvEW34/AEo2qdGO17np5jVNVo4TlaUCd1UpYoyEbhSs7xtycqe3o1iKdTC66xV337Hdl5uMz+rsFPoLbA19EPb+uaH4KzF6Ugx1S0L2XCThNEu4mk3LNL7cXD5lmJaWa4o7nOcaHSA/1zAMv4Z13iRPBprwRSRUM95pxvQr0Roov/im4LcEheARlyIsetaH0xZUWefDz5L6yEiDuliICnMA3WNBiP4krJnnUnuceD8QsKybxlGrvbRYUoNUGXMiqDH7oOQVtOBoVvSZh6Vq0d69Q+3ZM5QRIZYx/jlPcl7zrjahKp3LyogxZrnI7wgnw7uTFkIiX687kCGI74rVJvn+iTZHUTQo=”' \
--form 'integrityCheck="5e8be549819126a4b771896775493f1e511946dfe6e0763a88f2cecbc955599c"'

Once the POST is sent to Addon Payments, you will receive a redirect URL for the customer:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="2">
  <message>WorkFlow has finished successfully, for transaction Id: 7707796</message>
  <operations>
    <operation sorted-order="1">
      <amount>10.00</amount>
      <currency>EUR</currency>
      <merchantTransactionId>00000001</merchantTransactionId>
      <message>Exemptions has been removed</message>
      <operationType>DEBIT</operationType>
      <service>TRA</service>
      <status>SUCCESS</status>
      <transactionId>7707796</transactionId>
      <respCode>
        <code>0000</code>
        <message>Successful</message>
        <uuid>dd04d570_bf82_4b9b_baf6_6ec123601521</uuid>
      </respCode>
    </operation>
    <operation sorted-order="2">
      <amount>10.00</amount>
      <currency>EUR</currency>
      <merchantTransactionId>00000001</merchantTransactionId>
      <message>Starting 3DSecure 2.0 process.</message>
      <operationType>DEBIT</operationType>
      <optionalTransactionParams/>
      <originalTransactionId>7707796</originalTransactionId>
      <paymentDetails>
        <cardHolderName>Nombre Apellido</cardHolderName>
        <extraDetails>
          <entry>
            <key>threeDSMethodData</key>
            <value>eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjAzYmJkN2MzLTBiMDQtNDdhZC1hYjNjLTI1MWVjYTNlNTE1MCIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIjogImh0dHBzOi8vY2hlY2tvdXQuc3RnLWV1LXdlc3QzLmVwZ2ludC5jb20vRVBHQ2hlY2tvdXQvY2FsbGJhY2svZ2F0aGVyRGV2aWNlTm90aWZpY2F0aW9uL3BheXNvbC8zZHN2Mi8xMDAzMjg4In0=</value>
          </entry>
          <entry>
            <key>threeDSv2Token</key>
            <value>03bbd7c3-0b04-47ad-ab3c-251eca3e5150</value>
          </entry>
        </extraDetails>
      </paymentDetails>
      <redirectionResponse>redirect:https://checkout.stg-eu-west3.epgint.com/EPGCheckout/rest/online/3dsv2/redirect?action=gatherdevice&params=eyJ0aHJlZURTdjJUb2tlbiI6IjAzYmJkN2MzLTBiMDQtNDdhZC1hYjNjLTI1MWVjYTNlNTE1MCIsInRocmVlRFNNZXRob2RVcmwiOiJodHRwczovL21vY2stZHMuc3RnLWV1LXdlc3QzLmVwZ2ludC5jb20vcHVibGljL21ldGhvZC1kYXRhLyIsInRocmVlRFNNZXRob2REYXRhIjoiZXlKMGFISmxaVVJUVTJWeWRtVnlWSEpoYm5OSlJDSTZJakF6WW1Ka04yTXpMVEJpTURRdE5EZGhaQzFoWWpOakxUSTFNV1ZqWVRObE5URTFNQ0lzSUNKMGFISmxaVVJUVFdWMGFHOWtUbTkwYVdacFkyRjBhVzl1VlZKTUlqb2dJbWgwZEhCek9pOHZZMmhsWTJ0dmRYUXVjM1JuTFdWMUxYZGxjM1F6TG1Wd1oybHVkQzVqYjIwdlJWQkhRMmhsWTJ0dmRYUXZZMkZzYkdKaFkyc3ZaMkYwYUdWeVJHVjJhV05sVG05MGFXWnBZMkYwYVc5dUwzQmhlWE52YkM4elpITjJNaTh4TURBek1qZzRJbjA9IiwiYnJhbmQiOiJWSVNBIiwicmVzdW1lQXV0aGVudGljYXRpb24iOiJodHRwczovL2NoZWNrb3V0LnN0Zy1ldS13ZXN0My5lcGdpbnQuY29tL0VQR0NoZWNrb3V0L3JldHVybnVybC9mcmljdGlvbmxlc3MvcGF5c29sLzNkc3YyLzEwMDMyODg/dGhyZWVEU3YyVG9rZW49MDNiYmQ3YzMtMGIwNC00N2FkLWFiM2MtMjUxZWNhM2U1MTUwIiwicmVuZGVyQ2FzaGllckxvY2F0aW9uIjoiaHR0cHM6Ly9lcGdqcy1yZW5kZXJjYXNoaWVyLXN0Zy5lYXN5cGF5bWVudGdhdGV3YXkuY29tIiwiY2hhbGxlbmdlV2luZG93c1NpemUiOiIwNSJ9</redirectionResponse>
      <service>3DSv2</service>
      <status>REDIRECTED</status>
      <transactionId>1003288</transactionId>
      <respCode>
        <code>8100</code>
        <message>Frictionless requires</message>
        <uuid>cd6aeb5d_8f32_46a6_b172_10a889928d71</uuid>
      </respCode>
      <mpi>
        <acsEndProtocolVersion>2.2.0</acsEndProtocolVersion>
        <acsStartProtocolVersion>2.1.0</acsStartProtocolVersion>
        <dsEndProtocolVersion>2.2.0</dsEndProtocolVersion>
        <dsStartProtocolVersion>2.1.0</dsStartProtocolVersion>
        <threeDSMethodURL>https://mock-ds.stg-eu-west3.epgint.com/public/method-data/</threeDSMethodURL>
      </mpi>
    </operation>
  </operations>
  <optionalTransactionParams/>
  <status>SUCCESS</status>
  <workFlowResponse>
    <id>31380</id>
    <name>debit creditcards (TRA)</name>
    <version>0</version>
  </workFlowResponse>
</response>

To learn more about when to redirect the client, visit the Redirecting customer section.

Pre-Authorisation request parameters

The required/mandatory and optional parameters are listed in this table.

In addition to those parameters, for a pre-authorization you must also include:

autoCapture: false

Response

Visit our section on Managing notifications to learn more about its structure.

In this operation, the transaction response will be pending until you capture or release the amount:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="3">
	<message>WorkFlow has finished successfully, for transaction Id: 7707796</message>
	<operations>
		<operation sorted-order="1">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Exemptions has been removed</message>
			<operationType>DEBIT</operationType>
			<service>TRA</service>
			<status>SUCCESS</status>
			<transactionId>7707796</transactionId>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>dd04d570_bf82_4b9b_baf6_6ec123601521</uuid>
			</respCode>
		</operation>
		<operation sorted-order="2">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>3dsv2 - processed</message>
			<operationType>DEBIT</operationType>
			<paymentDetails>
				<cardNumberToken>5774655584592227</cardNumberToken>
				<extraDetails/>
			</paymentDetails>
			<service>3DSv2</service>
			<status>SUCCESS3DS</status>
			<transactionId>7707796</transactionId>
			<respCode>
				<code>8000</code>
				<message>Successful authentication</message>
				<uuid>28d943be_e311_4889_a810_dfa699c1d200</uuid>
			</respCode>
			<mpi>
				<acsTransID>9a52d2e2-440f-430c-b763-d2374c9f7f93</acsTransID>
				<authMethod>01</authMethod>
				<authTimestamp>202310261114</authTimestamp>
				<authenticationStatus>Y</authenticationStatus>
				<cavv>AJkBB4OBmVFmgYFYFIGZAAAAAAA=</cavv>
				<eci>05</eci>
				<messageVersion>2.2.0</messageVersion>
				<threeDSSessionData>MDNiYmQ3YzMtMGIwNC00N2FkLWFiM2MtMjUxZWNhM2U1MTUw</threeDSSessionData>
				<threeDSv2Token>03bbd7c3-0b04-47ad-ab3c-251eca3e5150</threeDSv2Token>
			</mpi>
			<paymentCode>nsY1</paymentCode>
			<paymentMessage>Authenticated successfully</paymentMessage>
		</operation>
		<operation sorted-order="3">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<details>{"resultCode":"00000","resultDescription":"OK","values":{"rfTransactionCurrency":"EUR","rfRTS":"355534686 790190 840267 231026131437","rfContactlessLogo":"false","rfOperationType":"Auth","rfAuthMode":"On","rfDataEntryMode":"Manual","rfCardHolderVerificationMode":"No","rfFuc":"355534686","rfTerminalID":"00000500","rfProcessor":"Redsys","rfMerchantName":"Pruebas Addon 25","rfMerchantCity":"BARCELONA","rfMerchantPostalCode":"08014","rfMerchantAddress":"GRAN VIA DE LES CORTS CATALANE, 159 PLANTA 7","rfMaskedPan":"************2227","rfOperationDateTime":"26/10/23 13:14:37","rfTerminalOperationNumber":"1153","rfAuthNumber":"133193","rfTransactionAmountCurrency":"10,00 EUR","rfProcessorMessage":"","rfPrintSignatureBox":"false","rfCardPresent":"true","rfReferenceId":"1153","posTransactionToken":"{\"pucIdMsg\":\"1100\",\"pucP3ProcessCode\":\"000000\",\"pucP4OriginalAmount\":\"000000001000\",\"pucP11TransactionNumber\":\"840267\",\"pucP12LocalDateTime\":\"231026131437\",\"pucP22ServicePointData\":\"1U00506K3000\",\"pucP38AuthNumber\":\"133193\",\"pucP39ActionCode\":\"000\",\"pucP53SecurityControlInfo\":\"0102000001000000\",\"pinpadId\":\"1440\",\"pinpadAcquirerId\":\"00000500\",\"pinpadManufacturer\":null,\"pinpadModel\":null,\"pinpadSerialNumber\":null,\"pinpadSoftwareName\":null,\"pinpadSoftwareVersion\":null,\"pinpadKernelEmv\":null,\"pinpadVccStrip\":null,\"pinpadVerPup\":null,\"pinpadPciStage\":null,\"pinpadVerEmvParams\":null,\"pinpadEmvType\":null,\"pinpadCapabilities\":null,\"pinpadLanguage\":null,\"transactionType\":\"O\",\"transactionContactless\":\"0\",\"transactionDcc\":\"0\",\"transactionDccComission\":null,\"transactionDccExchangeRate\":null,\"transactionDccMarkUp\":null,\"transactionDccEntity\":null,\"transactionDccBceExchangeRate\":null,\"transactionDccBceMarkUp\":null,\"transactionPanSequenceNumber\":null,\"transactionTerminalOperationNumber\":\"1153\",\"transactionResponseCode\":null,\"transactionCurrency\":\"978\",\"transactionFuc\":\"355534686\",\"cardMaskedPan\":\"************2227\",\"cardAid\":null,\"cardDdfName\":null,\"cardApplicationLabel\":null,\"cardCypherData\":null}","OperationResult":"000"},"threeDsProtocolVersion":"2.2.0"}</details>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Success 'Auth' operation</message>
			<operationType>DEBIT</operationType>
			<optionalTransactionParams/>
			<paySolTransactionId>355534686 790190 840267 231026131437</paySolTransactionId>
			<paymentDetails>
				<cardHolderName>Nombre Apellido</cardHolderName>
				<cardNumber>490727****2227</cardNumber>
				<cardNumberToken>5774655584592227</cardNumberToken>
				<cardType>VISA/CREDIT OR DEBIT</cardType>
				<expDate>1234</expDate>
				<extraDetails>
					<entry>
						<key>cardCategory</key>
						<value>Not Available</value>
					</entry>
					<entry>
						<key>rememberMe</key>
						<value>true</value>
					</entry>
				</extraDetails>
				<issuerBank>SERVIRED MASTERCARD INTERNACIONAL</issuerBank>
				<issuerCountry>ES</issuerCountry>
			</paymentDetails>
			<paymentMethod>19900</paymentMethod>
			<paymentSolution>caixapucpuce</paymentSolution>
			<status>PENDING</status>
			<transactionId>7707796</transactionId>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>3bf8a522_116e_41f6_b0a1_e0a512f5dbfd</uuid>
			</respCode>
			<authCode>133193</authCode>
			<mpi>
				<eci>05</eci>
			</mpi>
			<paymentCode>000</paymentCode>
			<paymentMessage>Operación finalizada con éxito</paymentMessage>
		</operation>
	</operations>
	<optionalTransactionParams/>
	<status>SUCCESS</status>
	<workFlowResponse>
		<id>31380</id>
		<name>debit creditcards (TRA)</name>
		<version>0</version>
	</workFlowResponse>
</response>

Card validation

Card validation consists of a transaction with a 0 amount, which generates a token or reference to the customer’s card for future transactions. This operation is also known as Open To Buy (OTB).

Normally, these card validations for an amount of 0 are used to save the customer’s card for future payments. In this case, we recommend you also use the following parameters:

amount: 0
paymentRecurringType: newCof
challengeInd: 04 (recommended to force SCA for the transaction so the issuer doesn’t decline future requests)

This operation validates that the card is operational when the request is made, although it can’t guarantee future payments will be authorized.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request for more information.

This is a sample request for a card validation, the first as a string and the second as cURL. Remember that the string must pass the encryption process.

				
					merchantId=12345&merchantTransactionId=00000001&
currency=EUR&amount=0&country=ES&customerId=000001&paymentSolution
=creditcards&statusURL=https://micomercio
.com/recepcion_notificacion.php&successURL
=https://micomercio.com/url-ok.php&errorURL
=https://micomercio.com/url-ko.php&cancelURL
=https://micomercio.com/url-cancelacion.php&chName=Nombre
+Apellido&cardNumber=4907270002222227&expDate=1234&cvnNumber=123

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/pay' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: 0Pn6pDEm73YvekNKUJcvwg==' \
--form 'merchantId="12345"' \
--form 'encrypted="W8T5PiYk2rdGsbUc2dKPhMTzg0irF5cxHuZSLmYrWBeAdixBcWr3xUZ6Mit0ssjEABUuufVU9DiNvxuSB3zCbID55NHZtHWyX+JXBScwPNUvC/OhUr9gNx6zN2tuFSdTsUH91h+Ql59+TxZEturOuIk5pVMqEr+EvEBUrP4zprZpbrhxRdIrdNugB9hHYjO+VJj+rMXpJE1LKroB6P5jfPhWf2mJeOsyJYgUt7mhNhmX9TjJZIhSPF1/Mg/16KQt1roTCTk58JuzOP7piS/b7GnuUcK4KpKhH3pXU6/1R5wtTBEzAfMLxMnM/PagMN312wNcW0BFgJLDHm9E4xqcP9JfpQRW7w1Ig17lBfUqUughqjhIIX0zYwvpa1TEBiTrcFofwoe/VTGqSMKfOOn9IMMYls0DOWAoXgOrA8Cc3D52D7IwgWcxKDSfS3I67daqLKs9uwoVbDMe388vfIPi/U0cUQ9ydqZlsf+QZoN58LExgMwASOH6v01VJuNc3gANIFLjjBT7gooTAAw/2QIuyKJ4Q33orEgv9dxfeyZP7KR9HLwbnLX+kuv3AiwQaRq2IAo/9uSAHM+Mx+7HUJVkwPPHzre4RrCoHpit59uFwSUtH57Ugx5Z4QRfAYHWGf+TOO2haJlDIFiJfjXwWmt1pGCkZE0Bhyzg++wOaYn2lglR++evprfwhNknPlzcWwXdMtQUv/JwcsX3MXv3NK7Zr16GI7e2bAopsRfs8r0ZruUtOuPiz1ByXmer+It3CwD2RHmFveVNBuOzbWsiqKnQTOVftgmevrBku/aErCDXSU7t5yR2IaO76MQJ28MmIz1c9GuXB9knklyFqNU2KG0LwElKodVGNzsOP4FxVQWz3Y718yobHIGNk31y6ZlomPte”' \
--form 'integrityCheck="0782b8f76631a4742171ac6f6b5afbb9939bf1d41aaf14a8561d62f2d5941080"'

Once the POST is sent to Addon Payments, you will receive a redirect URL for the customer:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="2">
  <message>WorkFlow has finished successfully, for transaction Id: 7709935</message>
  <operations>
    <operation sorted-order="1">
      <amount>0</amount>
      <currency>EUR</currency>
      <merchantTransactionId>00000001</merchantTransactionId>
      <message>Exemptions has been removed</message>
      <operationType>DEBIT</operationType>
      <service>TRA</service>
      <status>SUCCESS</status>
      <transactionId>7709935</transactionId>
      <respCode>
        <code>0000</code>
        <message>Successful</message>
        <uuid>f7fe9eea_910f_437b_99e9_40a8a9c981c0</uuid>
      </respCode>
    </operation>
    <operation sorted-order="2">
      <amount>0</amount>
      <currency>EUR</currency>
      <merchantTransactionId>00000001</merchantTransactionId>
      <message>Starting 3DSecure 2.0 process.</message>
      <operationType>DEBIT</operationType>
      <optionalTransactionParams/>
      <originalTransactionId>7709935</originalTransactionId>
      <paymentDetails>
        <cardHolderName>Nombre Apellido</cardHolderName>
        <extraDetails>
          <entry>
            <key>threeDSMethodData</key>
            <value>eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjhmMzM2YzMyLWQ2NTYtNGYxYy1hNWZmLWQ4Y2QzNWEyZGE5OSIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIjogImh0dHBzOi8vY2hlY2tvdXQuc3RnLWV1LXdlc3QxLmVwZ2ludC5jb20vRVBHQ2hlY2tvdXQvY2FsbGJhY2svZ2F0aGVyRGV2aWNlTm90aWZpY2F0aW9uL3BheXNvbC8zZHN2Mi8xMDAzNzgzIn0=</value>
          </entry>
          <entry>
            <key>threeDSv2Token</key>
            <value>8f336c32-d656-4f1c-a5ff-d8cd35a2da99</value>
          </entry>
        </extraDetails>
      </paymentDetails>
      <redirectionResponse>redirect:https://checkout.stg-eu-west1.epgint.com/EPGCheckout/rest/online/3dsv2/redirect?action=gatherdevice&params=eyJ0aHJlZURTdjJUb2tlbiI6IjhmMzM2YzMyLWQ2NTYtNGYxYy1hNWZmLWQ4Y2QzNWEyZGE5OSIsInRocmVlRFNNZXRob2RVcmwiOiJodHRwczovL21vY2stZHMuc3RnLWV1LXdlc3QzLmVwZ2ludC5jb20vcHVibGljL21ldGhvZC1kYXRhLyIsInRocmVlRFNNZXRob2REYXRhIjoiZXlKMGFISmxaVVJUVTJWeWRtVnlWSEpoYm5OSlJDSTZJamhtTXpNMll6TXlMV1EyTlRZdE5HWXhZeTFoTldabUxXUTRZMlF6TldFeVpHRTVPU0lzSUNKMGFISmxaVVJUVFdWMGFHOWtUbTkwYVdacFkyRjBhVzl1VlZKTUlqb2dJbWgwZEhCek9pOHZZMmhsWTJ0dmRYUXVjM1JuTFdWMUxYZGxjM1F4TG1Wd1oybHVkQzVqYjIwdlJWQkhRMmhsWTJ0dmRYUXZZMkZzYkdKaFkyc3ZaMkYwYUdWeVJHVjJhV05sVG05MGFXWnBZMkYwYVc5dUwzQmhlWE52YkM4elpITjJNaTh4TURBek56Z3pJbjA9IiwiYnJhbmQiOiJWSVNBIiwicmVzdW1lQXV0aGVudGljYXRpb24iOiJodHRwczovL2NoZWNrb3V0LnN0Zy1ldS13ZXN0MS5lcGdpbnQuY29tL0VQR0NoZWNrb3V0L3JldHVybnVybC9mcmljdGlvbmxlc3MvcGF5c29sLzNkc3YyLzEwMDM3ODM/dGhyZWVEU3YyVG9rZW49OGYzMzZjMzItZDY1Ni00ZjFjLWE1ZmYtZDhjZDM1YTJkYTk5IiwicmVuZGVyQ2FzaGllckxvY2F0aW9uIjoiaHR0cHM6Ly9lcGdqcy1yZW5kZXJjYXNoaWVyLXN0Zy5lYXN5cGF5bWVudGdhdGV3YXkuY29tIiwiY2hhbGxlbmdlV2luZG93c1NpemUiOiIwNSJ9</redirectionResponse>
      <service>3DSv2</service>
      <status>REDIRECTED</status>
      <transactionId>1003783</transactionId>
      <respCode>
        <code>8100</code>
        <message>Frictionless requires</message>
        <uuid>2236f2ee_e667_4ac1_aecb_1b30f300eb98</uuid>
      </respCode>
      <mpi>
        <acsEndProtocolVersion>2.2.0</acsEndProtocolVersion>
        <acsStartProtocolVersion>2.1.0</acsStartProtocolVersion>
        <dsEndProtocolVersion>2.2.0</dsEndProtocolVersion>
        <dsStartProtocolVersion>2.1.0</dsStartProtocolVersion>
        <threeDSMethodURL>https://mock-ds.stg-eu-west3.epgint.com/public/method-data/</threeDSMethodURL>
      </mpi>
    </operation>
  </operations>
  <optionalTransactionParams/>
  <status>SUCCESS</status>
  <workFlowResponse>
    <id>31380</id>
    <name>debit creditcards (TRA)</name>
    <version>0</version>
  </workFlowResponse>
</response>

To learn more about when to redirect the client, visit the Redirecting customer section.

Card validation request parameters

The required/mandatory and optional parameters are listed in this table.

In addition to those parameters, for a card validation you must also include the ones on the table below: The type shows whether the element is Required (R) or Optional (O):

Field	Format	Type	Description	Example
amount	Numerical with decimal 0~1000000.00	R	Transaction amount. If the total has decimal places, the separator is a point (.). No separator can be used for thousands. For card validations, it must be “0”.	0
paymentRecurringType	– newCof: One-off payments, without a fixed amount or periodicity. – newSubscription: Recurring payments with fixed amount and periodicity. – newInstallment: Postponed payment limited to individual purchase with fixed amount and periodicity.	O	Recurring or successive payment type. Note if the COF transaction is initial or successive, and the reason or purpose for payment.	newCof
challengeInd	Accepted values: – 01: no preference (default value if this parameter is not sent) – 02: avoid challenge – 03: require challenge (trade preference) – 04: require challenge (mandatory) – 05: avoid challenge (performed transaction risk analysis) – 06: avoid challenge (only in data sharing) – 07: avoid challenge (SCA already done) – 08: avoid challenge (use whitelist exemption) – 09: avoid challenge (request whitelist)	O	Indicates the preference set by the merchant for an authentication process. The issuer can modify the preference specified in this field.	04

Response

Visit our section on Managing notifications to learn more about its structure.

The highlighted part of the response shows the card details you can use in future operations, such as the token.

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="3">
	<message>WorkFlow has finished successfully, for transaction Id: 7709935</message>
	<operations>
		<operation sorted-order="1">
			<amount>0</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Exemptions has been removed</message>
			<operationType>DEBIT</operationType>
			<service>TRA</service>
			<status>SUCCESS</status>
			<transactionId>7709935</transactionId>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>f7fe9eea_910f_437b_99e9_40a8a9c981c0</uuid>
			</respCode>
		</operation>
		<operation sorted-order="2">
			<amount>0</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>3dsv2 - processed</message>
			<operationType>DEBIT</operationType>
			<paymentDetails>
				<cardNumberToken>5774655584592227</cardNumberToken>
				<extraDetails/>
			</paymentDetails>
			<service>3DSv2</service>
			<status>SUCCESS3DS</status>
			<transactionId>7709935</transactionId>
			<respCode>
				<code>8000</code>
				<message>Successful authentication</message>
				<uuid>b3c84b0a_d79c_4792_a20a_7dfec8688a4f</uuid>
			</respCode>
			<mpi>
				<acsTransID>8555f4e2-83f7-4b52-8076-1e8abcfe4ac2</acsTransID>
				<authMethod>01</authMethod>
				<authTimestamp>202310271327</authTimestamp>
				<authenticationStatus>Y</authenticationStatus>
				<cavv>AJkBB4OBmVFmgYFYFIGZAAAAAAA=</cavv>
				<eci>05</eci>
				<messageVersion>2.2.0</messageVersion>
				<threeDSSessionData>OGYzMzZjMzItZDY1Ni00ZjFjLWE1ZmYtZDhjZDM1YTJkYTk5</threeDSSessionData>
				<threeDSv2Token>8f336c32-d656-4f1c-a5ff-d8cd35a2da99</threeDSv2Token>
			</mpi>
			<paymentCode>nsY1</paymentCode>
			<paymentMessage>Authenticated successfully</paymentMessage>
		</operation>
		<operation sorted-order="3">
			<amount>0.00</amount>
			<currency>EUR</currency>
			<details>{"resultCode":"00000","resultDescription":"OK","values":{"rfTransactionCurrency":"EUR","rfRTS":"355534686 790190 841678 231027152758","rfContactlessLogo":"false","rfOperationType":"Auth","rfAuthMode":"On","rfDataEntryMode":"Manual","rfCardHolderVerificationMode":"No","rfFuc":"355534686","rfTerminalID":"00000500","rfProcessor":"Redsys","rfMerchantName":"Pruebas Addon 25","rfMerchantCity":"BARCELONA","rfMerchantPostalCode":"08014","rfMerchantAddress":"GRAN VIA DE LES CORTS CATALANE, 159 PLANTA 7","rfMaskedPan":"************2227","rfOperationDateTime":"27/10/23 15:27:58","rfTerminalOperationNumber":"1189","rfAuthNumber":"516569","rfTransactionAmountCurrency":"0,00 EUR","rfProcessorMessage":"","rfPrintSignatureBox":"false","rfCardPresent":"true","rfReferenceId":"1189","posTransactionToken":"{\"pucIdMsg\":\"1100\",\"pucP3ProcessCode\":\"000000\",\"pucP4OriginalAmount\":\"000000000000\",\"pucP11TransactionNumber\":\"841678\",\"pucP12LocalDateTime\":\"231027152758\",\"pucP22ServicePointData\":\"1U00506K3000\",\"pucP38AuthNumber\":\"516569\",\"pucP39ActionCode\":\"085\",\"pucP53SecurityControlInfo\":\"0102000001000000\",\"pinpadId\":\"1440\",\"pinpadAcquirerId\":\"00000500\",\"pinpadManufacturer\":null,\"pinpadModel\":null,\"pinpadSerialNumber\":null,\"pinpadSoftwareName\":null,\"pinpadSoftwareVersion\":null,\"pinpadKernelEmv\":null,\"pinpadVccStrip\":null,\"pinpadVerPup\":null,\"pinpadPciStage\":null,\"pinpadVerEmvParams\":null,\"pinpadEmvType\":null,\"pinpadCapabilities\":null,\"pinpadLanguage\":null,\"transactionType\":\"O\",\"transactionContactless\":\"0\",\"transactionDcc\":\"0\",\"transactionDccComission\":null,\"transactionDccExchangeRate\":null,\"transactionDccMarkUp\":null,\"transactionDccEntity\":null,\"transactionDccBceExchangeRate\":null,\"transactionDccBceMarkUp\":null,\"transactionPanSequenceNumber\":null,\"transactionTerminalOperationNumber\":\"1189\",\"transactionResponseCode\":null,\"transactionCurrency\":\"978\",\"transactionFuc\":\"355534686\",\"cardMaskedPan\":\"************2227\",\"cardAid\":null,\"cardDdfName\":null,\"cardApplicationLabel\":null,\"cardCypherData\":null}","OperationResult":"000"},"threeDsProtocolVersion":"2.2.0"}</details>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Success 'Auth' operation</message>
			<operationType>DEBIT</operationType>
			<optionalTransactionParams/>
			<paySolTransactionId>355534686 790190 841678 231027152758</paySolTransactionId>
			<paymentDetails>
				<cardHolderName>Nombre Apellido</cardHolderName>
				<cardNumber>490727****2227</cardNumber>
				<cardNumberToken>5774655584592227</cardNumberToken>
				<cardType>VISA/CREDIT OR DEBIT</cardType>
				<expDate>1234</expDate>
				<extraDetails>
					<entry>
						<key>cardCategory</key>
						<value>Not Available</value>
					</entry>
					<entry>
						<key>rememberMe</key>
						<value>true</value>
					</entry>
				</extraDetails>
				<issuerBank>SERVIRED MASTERCARD INTERNACIONAL</issuerBank>
				<issuerCountry>ES</issuerCountry>
			</paymentDetails>
			<paymentMethod>19900</paymentMethod>
			<paymentSolution>caixapucpuce</paymentSolution>
			<status>SUCCESS</status>
			<transactionId>7709935</transactionId>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>f7fe9eea_910f_437b_99e9_40a8a9c981c0</uuid>
			</respCode>
			<authCode>516569</authCode>
			<mpi>
				<eci>05</eci>
			</mpi>
			<paymentCode>000</paymentCode>
			<paymentMessage>Operación finalizada con éxito</paymentMessage>
		</operation>
	</operations>
	<optionalTransactionParams/>
	<status>SUCCESS</status>
	<workFlowResponse>
		<id>31380</id>
		<name>debit creditcards (TRA)</name>
		<version>0</version>
	</workFlowResponse>
</response>

Saving cards

In Addon Payments you can store cards by generating references or tokenization. This operation has several use cases, which we will see below.

Storing cards

Card storage is controlled using the parameters sent in the request. If the customer completes the transaction successfully, you will receive the “cardNumberToken”, which is the token for the customer’s card. This field is directly related to the “customerId” sent in the payment request. Plus, remember that one “customerId” can be associated with several card tokens.

Use cases and parameters

The use cases for saving cards on H2H are in the following table. Remember that saving cards is optional. To save (or not) the client card, it includes the following parameters in addition to the common ones:

This behavior corresponds to version 5 of the API. If your merchant uses an earlier version, please check with Support for the different card saving behaviors.

Objective	Parameter	Type	Value	Description
Save card	rememberMe	Boolean	true	If you force token saving you will receive the card token and the card will be saved for later use. You must inform the customer that you will be storing their card information.
Save card	forceTokenRequest	Boolean	true
Do not save card	rememberMe	Boolean	false	You will not receive the card token and it cannot be used for subsequent payments.
Do not save card	forceTokenRequest	Boolean	false
Do not send any of the above parameters	N/A	N/A	N/A	If none of the above parameters are sent, the token is generated but the card is NOT saved, so you will not be able to use it for subsequent payments.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request for more information.

This is a sample request for forcing card saving, the first as a string and the second as cURL. Remember that the string must pass the encryption process.

				
					merchantId=12345&merchantTransactionId=00000001&
currency=EUR&amount=0&forceTokenRequest=true&country=ES&customerId=000001&paymentSolution
=creditcards&statusURL=https://micomercio
.com/recepcion_notificacion.php&successURL
=https://micomercio.com/url-ok.php&errorURL
=https://micomercio.com/url-ko.php&cancelURL
=https://micomercio.com/url-cancelacion.php&chName=Nombre
+Apellido&cardNumber=4907270002222227&expDate=1234&cvnNumber=123

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/pay' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: 0Pn6pDEm73YvekNKUJcvwg==' \
--form 'merchantId="12345"' \
--form 'encrypted="W8T5PiYk2rdGsbUc2dKPhMTzg0irF5cxHuZSLmYrWBeAdixBcWr3xUZ6Mit0ssjEABUuufVU9DiNvxuSB3zCbID55NHZtHWyX+JXBScwPNUvC/OhUr9gNx6zN2tuFSdTsUH91h+Ql59+TxZEturOuIk5pVMqEr+EvEBUrP4zprZpbrhxRdIrdNugB9hHYjO+VJj+rMXpJE1LKroB6P5jfPhWf2mJeOsyJYgUt7mhNhmX9TjJZIhSPF1/Mg/16KQt1roTCTk58JuzOP7piS/b7GnuUcK4KpKhH3pXU6/1R5wtTBEzAfMLxMnM/PagMN312wNcW0BFgJLDHm9E4xqcP9JfpQRW7w1Ig17lBfUqUughqjhIIX0zYwvpa1TEBiTrcFofwoe/VTGqSMKfOOn9IMMYls0DOWAoXgOrA8Cc3D52D7IwgWcxKDSfS3I67daqLKs9uwoVbDMe388vfIPi/U0cUQ9ydqZlsf+QZoN58LExgMwASOH6v01VJuNc3gANIFLjjBT7gooTAAw/2QIuyKJ4Q33orEgv9dxfeyZP7KR9HLwbnLX+kuv3AiwQaRq2IAo/9uSAHM+Mx+7HUJVkwPPHzre4RrCoHpit59uFwSUtH57Ugx5Z4QRfAYHWGf+TOO2haJlDIFiJfjXwWmt1pGCkZE0Bhyzg++wOaYn2lglR++evprfwhNknPlzcWwXdMtQUv/JwcsX3MXv3NK7Zr16GI7e2bAopsRfs8r0ZruUtOuPiz1ByXmer+It3CwD2RHmFveVNBuOzbWsiqKnQTOVftgmevrBku/aErCDXSU7t5yR2IaO76MQJ28MmIz1c9GuXB9knklyFqNU2KG0LwElKodVGNzsOP4FxVQWz3Y718yobHIGNk31y6ZlomPte”' \
--form 'integrityCheck="0782b8f76631a4742171ac6f6b5afbb9939bf1d41aaf14a8561d62f2d5941080"'

To learn more about when to redirect the client, visit the Redirecting customer section.

Response

This is a response in which, after forcing token saving, you receive the “cardNumberToken”.

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="3">
	<message>WorkFlow has finished successfully, for transaction Id: 7709935</message>
	<operations>
		<operation sorted-order="1">
			<amount>0</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Exemptions has been removed</message>
			<operationType>DEBIT</operationType>
			<service>TRA</service>
			<status>SUCCESS</status>
			<transactionId>7709935</transactionId>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>f7fe9eea_910f_437b_99e9_40a8a9c981c0</uuid>
			</respCode>
		</operation>
		<operation sorted-order="2">
			<amount>0</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>3dsv2 - processed</message>
			<operationType>DEBIT</operationType>
			<paymentDetails>
				<cardNumberToken>5774655584592227</cardNumberToken>
				<extraDetails/>
			</paymentDetails>
			<service>3DSv2</service>
			<status>SUCCESS3DS</status>
			<transactionId>7709935</transactionId>
			<respCode>
				<code>8000</code>
				<message>Successful authentication</message>
				<uuid>b3c84b0a_d79c_4792_a20a_7dfec8688a4f</uuid>
			</respCode>
			<mpi>
				<acsTransID>8555f4e2-83f7-4b52-8076-1e8abcfe4ac2</acsTransID>
				<authMethod>01</authMethod>
				<authTimestamp>202310271327</authTimestamp>
				<authenticationStatus>Y</authenticationStatus>
				<cavv>AJkBB4OBmVFmgYFYFIGZAAAAAAA=</cavv>
				<eci>05</eci>
				<messageVersion>2.2.0</messageVersion>
				<threeDSSessionData>OGYzMzZjMzItZDY1Ni00ZjFjLWE1ZmYtZDhjZDM1YTJkYTk5</threeDSSessionData>
				<threeDSv2Token>8f336c32-d656-4f1c-a5ff-d8cd35a2da99</threeDSv2Token>
			</mpi>
			<paymentCode>nsY1</paymentCode>
			<paymentMessage>Authenticated successfully</paymentMessage>
		</operation>
		<operation sorted-order="3">
			<amount>0.00</amount>
			<currency>EUR</currency>
			<details>{"resultCode":"00000","resultDescription":"OK","values":{"rfTransactionCurrency":"EUR","rfRTS":"355534686 790190 841678 231027152758","rfContactlessLogo":"false","rfOperationType":"Auth","rfAuthMode":"On","rfDataEntryMode":"Manual","rfCardHolderVerificationMode":"No","rfFuc":"355534686","rfTerminalID":"00000500","rfProcessor":"Redsys","rfMerchantName":"Pruebas Addon 25","rfMerchantCity":"BARCELONA","rfMerchantPostalCode":"08014","rfMerchantAddress":"GRAN VIA DE LES CORTS CATALANE, 159 PLANTA 7","rfMaskedPan":"************2227","rfOperationDateTime":"27/10/23 15:27:58","rfTerminalOperationNumber":"1189","rfAuthNumber":"516569","rfTransactionAmountCurrency":"0,00 EUR","rfProcessorMessage":"","rfPrintSignatureBox":"false","rfCardPresent":"true","rfReferenceId":"1189","posTransactionToken":"{\"pucIdMsg\":\"1100\",\"pucP3ProcessCode\":\"000000\",\"pucP4OriginalAmount\":\"000000000000\",\"pucP11TransactionNumber\":\"841678\",\"pucP12LocalDateTime\":\"231027152758\",\"pucP22ServicePointData\":\"1U00506K3000\",\"pucP38AuthNumber\":\"516569\",\"pucP39ActionCode\":\"085\",\"pucP53SecurityControlInfo\":\"0102000001000000\",\"pinpadId\":\"1440\",\"pinpadAcquirerId\":\"00000500\",\"pinpadManufacturer\":null,\"pinpadModel\":null,\"pinpadSerialNumber\":null,\"pinpadSoftwareName\":null,\"pinpadSoftwareVersion\":null,\"pinpadKernelEmv\":null,\"pinpadVccStrip\":null,\"pinpadVerPup\":null,\"pinpadPciStage\":null,\"pinpadVerEmvParams\":null,\"pinpadEmvType\":null,\"pinpadCapabilities\":null,\"pinpadLanguage\":null,\"transactionType\":\"O\",\"transactionContactless\":\"0\",\"transactionDcc\":\"0\",\"transactionDccComission\":null,\"transactionDccExchangeRate\":null,\"transactionDccMarkUp\":null,\"transactionDccEntity\":null,\"transactionDccBceExchangeRate\":null,\"transactionDccBceMarkUp\":null,\"transactionPanSequenceNumber\":null,\"transactionTerminalOperationNumber\":\"1189\",\"transactionResponseCode\":null,\"transactionCurrency\":\"978\",\"transactionFuc\":\"355534686\",\"cardMaskedPan\":\"************2227\",\"cardAid\":null,\"cardDdfName\":null,\"cardApplicationLabel\":null,\"cardCypherData\":null}","OperationResult":"000"},"threeDsProtocolVersion":"2.2.0"}</details>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Success 'Auth' operation</message>
			<operationType>DEBIT</operationType>
			<optionalTransactionParams/>
			<paySolTransactionId>355534686 790190 841678 231027152758</paySolTransactionId>
			<paymentDetails>
				<cardHolderName>Nombre Apellido</cardHolderName>
				<cardNumber>490727****2227</cardNumber>
				<cardNumberToken>5774655584592227</cardNumberToken>
				<cardType>VISA/CREDIT OR DEBIT</cardType>
				<expDate>1234</expDate>
				<extraDetails>
					<entry>
						<key>cardCategory</key>
						<value>Not Available</value>
					</entry>
					<entry>
						<key>rememberMe</key>
						<value>true</value>
					</entry>
				</extraDetails>
				<issuerBank>SERVIRED MASTERCARD INTERNACIONAL</issuerBank>
				<issuerCountry>ES</issuerCountry>
			</paymentDetails>
			<paymentMethod>19900</paymentMethod>
			<paymentSolution>caixapucpuce</paymentSolution>
			<status>SUCCESS</status>
			<transactionId>7709935</transactionId>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>f7fe9eea_910f_437b_99e9_40a8a9c981c0</uuid>
			</respCode>
			<authCode>516569</authCode>
			<mpi>
				<eci>05</eci>
			</mpi>
			<paymentCode>000</paymentCode>
			<paymentMessage>Operación finalizada con éxito</paymentMessage>
		</operation>
	</operations>
	<optionalTransactionParams/>
	<status>SUCCESS</status>
	<workFlowResponse>
		<id>31380</id>
		<name>debit creditcards (TRA)</name>
		<version>0</version>
	</workFlowResponse>
</response>

Token payment

After you’ve saved the token for the customer’s card, you can use it to process payments. This value is received in the “cardNumberToken” parameter and requires a prior operation in which the customer provides their card details.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request for more information.

This is a sample request for token payment, the first as a string and the second as cURL. Remember that the string must pass the encryption process.

				
					merchantId=12345&merchantTransactionId=00000001&amount=10&currency
=EUR&country=ES&customerId=000001&paymentSolution
=creditcards&statusURL=https://micomercio
.com/recepcion_notificacion.php&successURL
=https://micomercio.com/url-ok.php&statusURL
=https://micomercio.com/url-ko.php&successURL
=https://micomercio.com/url-cancelacion.php&cardNumberToken
=4535954006730084

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/pay' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: 0Pn6pDEm73YvekNKUJcvwg==' \
--form 'merchantId="12345"' \
--form 'encrypted="yWcQVYxrmggTzEaW3NLVBxR2U4RwC0yYFKvJ/tmc8SoRIfgGfYvNx2EXArSnL7agHbhgAVNrXr/5JmZKxLjXbmolMnygRlLojzF5NJW18n7imVHCgLHk2Ry/NNwo0LwMfhI1kiho6bR5MkRCSAXxxyqllQB/g4hOCgFIPy9njXcwvmLC5p4tQCxT9Rn/hhBOxQvsEKTu7ZCeTDfltUMXoLvDtHVWRTWVfrsjiGvO9swdJHjOryawg7zkRlmfKLF/hf+K+hxPonnBMRZPZRnXABN7AjNZjnNFLP6QOBAS92YUSbUizVPh5hKMHA0838tI7PM5irJzieZIiwI/LeFqwEMbmqiRPseGWrBzl73tFiCso9YRTql+PLq89NVTW2EjTSeklbEd2FrxgiJ0TfL81hc/ntx6hQjK0BEmF7XUtEbMTQiIkWURPorIWUx75/lKYjTQ4lk/QKN1QtUuIGiix4rbnp7JMkwTyI/GRzmjsJxW5FEQJl4wEEK9hjxHyrFuCNLoyZwAqbUfTIENywuLo+Oj1uRDndqSzg9Kv5PhKG2ZGMbp06JrSJSV6TFGecaiurtLHdqPx087B+Lvk0YeAfaER3/C80VJCxhFd3sRFVKkD+XpfvKrI0prUL/PysNPz71c5UVpIoMIJHHy2cUgKOxmYmNlctorpAwJslA/JqpepYrCXtqu5LSzaYld++cdYnrM+WXiDcH2t5OEcTcu1WwiR4ffL2md/JfsZYUfzbdmnC8CGhjgSbsgCHywlncm1vn3oaFHZjzlNk+ObV9pSfEsD50RsMLmmMMwrpY502f602pD64pUzoqwt8eoCdgC”' \
--form 'integrityCheck="a515c97d85da0b94a93b21ffb67804b96f7ac74c693266045f8435eec0c95c02"'

Once the POST is sent to Addon Payments, you will receive a redirect URL in the field “redirectionResponse”:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="2">
  <message>WorkFlow has finished successfully, for transaction Id: 7709953</message>
  <operations>
    <operation sorted-order="1">
      <amount>10</amount>
      <currency>EUR</currency>
      <merchantTransactionId>00000001</merchantTransactionId>
      <message>Exemptions has been removed</message>
      <operationType>DEBIT</operationType>
      <service>TRA</service>
      <status>SUCCESS</status>
      <transactionId>7709953</transactionId>
      <respCode>
        <code>0000</code>
        <message>Successful</message>
        <uuid>cab5eec6_8afd_4385_be3c_a3b8c3e930bb</uuid>
      </respCode>
    </operation>
    <operation sorted-order="2">
      <amount>10</amount>
      <currency>EUR</currency>
      <merchantTransactionId>00000001</merchantTransactionId>
      <message>Starting 3DSecure 2.0 process.</message>
      <operationType>DEBIT</operationType>
      <optionalTransactionParams/>
      <originalTransactionId>7709953</originalTransactionId>
      <paymentDetails>
        <cardHolderName>Nombre Apellido</cardHolderName>
        <extraDetails>
          <entry>
            <key>threeDSMethodData</key>
            <value>eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjZhNDk0MTg1LWJkNmMtNGYyNy1hMzhkLTQ2YWUxY2MzZTQzZiIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIjogImh0dHBzOi8vY2hlY2tvdXQuc3RnLWV1LXdlc3QzLmVwZ2ludC5jb20vRVBHQ2hlY2tvdXQvY2FsbGJhY2svZ2F0aGVyRGV2aWNlTm90aWZpY2F0aW9uL3BheXNvbC8zZHN2Mi8xMDAzNzk4In0=</value>
          </entry>
          <entry>
            <key>threeDSv2Token</key>
            <value>6a494185-bd6c-4f27-a38d-46ae1cc3e43f</value>
          </entry>
        </extraDetails>
      </paymentDetails>
      <redirectionResponse>redirect:https://checkout.stg-eu-west3.epgint.com/EPGCheckout/rest/online/3dsv2/redirect?action=gatherdevice&params=eyJ0aHJlZURTdjJUb2tlbiI6IjZhNDk0MTg1LWJkNmMtNGYyNy1hMzhkLTQ2YWUxY2MzZTQzZiIsInRocmVlRFNNZXRob2RVcmwiOiJodHRwczovL21vY2stZHMuc3RnLWV1LXdlc3QzLmVwZ2ludC5jb20vcHVibGljL21ldGhvZC1kYXRhLyIsInRocmVlRFNNZXRob2REYXRhIjoiZXlKMGFISmxaVVJUVTJWeWRtVnlWSEpoYm5OSlJDSTZJalpoTkRrME1UZzFMV0prTm1NdE5HWXlOeTFoTXpoa0xUUTJZV1V4WTJNelpUUXpaaUlzSUNKMGFISmxaVVJUVFdWMGFHOWtUbTkwYVdacFkyRjBhVzl1VlZKTUlqb2dJbWgwZEhCek9pOHZZMmhsWTJ0dmRYUXVjM1JuTFdWMUxYZGxjM1F6TG1Wd1oybHVkQzVqYjIwdlJWQkhRMmhsWTJ0dmRYUXZZMkZzYkdKaFkyc3ZaMkYwYUdWeVJHVjJhV05sVG05MGFXWnBZMkYwYVc5dUwzQmhlWE52YkM4elpITjJNaTh4TURBek56azRJbjA9IiwiYnJhbmQiOiJ2aXNhIiwicmVzdW1lQXV0aGVudGljYXRpb24iOiJodHRwczovL2NoZWNrb3V0LnN0Zy1ldS13ZXN0My5lcGdpbnQuY29tL0VQR0NoZWNrb3V0L3JldHVybnVybC9mcmljdGlvbmxlc3MvcGF5c29sLzNkc3YyLzEwMDM3OTg/dGhyZWVEU3YyVG9rZW49NmE0OTQxODUtYmQ2Yy00ZjI3LWEzOGQtNDZhZTFjYzNlNDNmIiwicmVuZGVyQ2FzaGllckxvY2F0aW9uIjoiaHR0cHM6Ly9lcGdqcy1yZW5kZXJjYXNoaWVyLXN0Zy5lYXN5cGF5bWVudGdhdGV3YXkuY29tIiwiY2hhbGxlbmdlV2luZG93c1NpemUiOiIwNSJ9</redirectionResponse>
      <service>3DSv2</service>
      <status>REDIRECTED</status>
      <transactionId>1003798</transactionId>
      <respCode>
        <code>8100</code>
        <message>Frictionless requires</message>
        <uuid>7cdbbc74_ae26_434d_ba87_12a47e198d09</uuid>
      </respCode>
      <mpi>
        <acsEndProtocolVersion>2.2.0</acsEndProtocolVersion>
        <acsStartProtocolVersion>2.1.0</acsStartProtocolVersion>
        <dsEndProtocolVersion>2.2.0</dsEndProtocolVersion>
        <dsStartProtocolVersion>2.1.0</dsStartProtocolVersion>
        <threeDSMethodURL>https://mock-ds.stg-eu-west3.epgint.com/public/method-data/</threeDSMethodURL>
      </mpi>
    </operation>
  </operations>
  <optionalTransactionParams/>
  <status>SUCCESS</status>
  <workFlowResponse>
    <id>31380</id>
    <name>debit creditcards (TRA)</name>
    <version>0</version>
  </workFlowResponse>
</response>

To learn more about when to redirect the client, visit the Redirecting customer section.

Parameters of the tokenised payment request

The required/mandatory and optional parameters are listed in this table. As you are paying with token, it is not required to send the card data (cardNumber, expDate, chName). You will need to send the cvnNumber only in this case:

A Customer Initiated Transaction (CIT) with 3DSecure.

In addition to those parameters, you must also include the ones on the table below. The type shows whether the element is Required (R) or Optional (O):

Field	Format	Type	Description	Example
cardNumberToken	Alphanumeric 16~20 characters	R	Addon Payments token of the card number. The last 4 digits coincide with the original card number.	4535954006730084
cvnNumber	Numerical 3 to 4 digits.	O	CVC on the card. Required when the token payment is a Customer Initiated Transaction with 3DSecure.	123

Secondary transactions

Secondary transactions are those that are performed on an initial transaction to modify its status and generate a movement of funds. Secondary transactions can only be performed on operations that have been previously authorized by the issuer.

Secondary operations can be carried out in two ways:

1. Through the AP BackOffice Portal

Information on how to manage transactions through the Addon Payments BackOffice Portal is available in the Operations Search guide on the BackOffice Portal.
After completing a secondary operation through your BackOffice dashboard, AP will send a notification to your platform with the operation type and amount to the notification URL given in “statusURL” in the original transaction request. You can set up your ecommerce platform to handle these notifications and update the status of the operations.

2. By sending AP a secondary transaction via H2H integration

This is a table with the endpoints to send the request to according to the type of secondary operation you are going to perform and the environment you are in.

Request	Environment	URL
Capture	Staging	https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/capture
Void	Staging	https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/void
Refund	Staging	https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/rebate
Capture	Production	https://checkout.addonpayments.com/EPGCheckout/rest/online/capture
Void	Production	https://checkout.addonpayments.com/EPGCheckout/rest/online/void
Refund	Production	https://checkout.addonpayments.com/EPGCheckout/rest/online/rebate

Capture

In Addon Payments you can settle (capture) the amount manually. This allows you, among other things, to withdraw the amount from the customer’s account after the goods have been shipped. Authorized transactions pending settlement will have the status “PENDING” in the notification and will be shown with this status in the transaction list of the BackOffice Portal.

These are a few points to keep in mind about the two-phase payment:

We recommend not to exceed seven (7) calendar days between the two transactions. This is because the maximum settlement period is set by the issuers, and authorization after this period is not guaranteed.
The amount settled (confirmed) is always the total amount of the transaction. A partial amount is not allowed.
Settled payments can be returned in full or in part to customers.

To proceed with the settlement amount, the merchant must send a capture (settlement) on the initial transaction before the maximum deadline, normally seven (7) days.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request for more information.

Your ecommerce platform sends the capture request generated to the URL set up for captures. Remember that the string must pass the encryption process.

				
					merchantId=12345&merchantTransactionId=27258897&paymentSolution=caixapucpuce&transactionId=7556056

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/capture' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: Z7VA6TpG9B84X9x9qqXoWQ==' \
--form 'merchantId="12345"' \
--form 'encrypted="4xUYxJxLc/ABCyqJfwttTalkds3YeijsJe6MlTnC6mgmbm0aXKwhI7thwa70o6lLyjrUtW8fFNUWf/l3jIojR4H5nW54Pl+GxerG1/AjMFpHlacchB3+kfkZzko42dQKk7MopAALi6SAFbl1Uq//qsESz8fV07ED7IvRQwlXREZDFtxQn2m9eyPr5zrJczILhRx27p3lqFQ61Sqlq0nCN+3sgJmuPUMKRqlXhYqf+vErv+fBaZMPV/8iKgERJLpIjPn+HZSLpc+q5VBcD4b+rGAgEKNi56Ni/MPCpKVWBUv8HFb06PngrLfiXcnFTfNeegg0XPkkmuGwR1l1y/k1tv9dPrdBkSIwE2OuHYvrkrn+NAOTHBxjGR4Ap93aZEwcPX9afkHkFOMi/5e3JdoxtFvSwOCe1ScEw2vRDhonE+5lV7jwOrqSMr+tfWVGPqzrYj/DZiQwCIUQJM6g5x+ocLTAURzz4IiJ26kBlQpYVnedKEVhevNJNZ88z6m50W2THtDR70pQq6qjF37NCfOeq/UDCg0RB/MPfYUJRUIsfPk=' \
--form 'integrityCheck="1c256f5b834e5db6d5f453043a8a3830859b308f297cc2cf423064510c5c9b72"'

Capture request parameters

These are the parameters to send for a capture request. The type column shows whether the element is Required (R) or Optional (O).

Field	Format	Type	Description	Example
merchantId	Whole number 4~7 digits	R	Your merchant’s ID on the AP platform. Provided by Support in the welcome email. It is the same for both environments	14983
transactionId	Whole number max 100 digits	R	ID for the original transaction the secondary operation applies to, such as capture, release or refund.	76543210
paymentSolution	Alphanumeric max 45 characters	R	Name of the payment solution that processed the original transaction. Given in the response for the original transaction.	caixapucpuce
merchantTransactionId	Max 45 characters Page of Latin-1 codes (ISO-8859-1)	R	This is the transaction ID on your ecommerce platform. Allows your platform to link notifications received to the customer’s order. Each transaction must have a unique ID.	order_91684
description	Max 1000 characters Page of Latin-1 codes (ISO-8859-1)	O	Description of the transaction. Saved in the transaction details and returned in the notification. Doesn’t affect the transaction. Helps you identify it more easily.	Capture after delivering product

Response

Visit our section on Managing notifications to learn more about its structure.

Sample response received for a capture request:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<payfrex-response operation-size="1">
	<operations>
		<operation sorted-order="1">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<details>{"resultCode":"00000",………,"threeDsProtocolVersion":"2.2.0"}</details>
			<merchantTransactionId>27258897</merchantTransactionId>
			<message>Success 'Capture' operation with status 'SUCCESS'</message>
			<operationType>DEBIT</operationType>
			<optionalTransactionParams/>
			<originalPayFrexTransactionId>7556056</originalPayFrexTransactionId>
			<payFrexTransactionId>7556056</payFrexTransactionId>
			<paySolTransactionId>355534686 790190 695475 230630005907</paySolTransactionId>
			<paymentDetails>
				<cardHolderName>Test</cardHolderName>
				<cardNumber>490727****2227</cardNumber>
				<cardNumberToken>8090783229362227</cardNumberToken>
				<cardType>VISA/DEBIT OR CREDIT</cardType>
				<expDate>1234</expDate>
				<extraDetails>
					<entry>
						<key>cardCategory</key>
						<value>Not Available</value>
					</entry>
				</extraDetails>
				<issuerBank>SERVIRED MASTERCARD INTERNACIONAL</issuerBank>
				<issuerCountry>ES</issuerCountry>
			</paymentDetails>
			<paymentSolution>caixapucpuce</paymentSolution>
			<status>SUCCESS</status>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>c8228a36_2662_438a_89a6_cff879e8257e</uuid>
			</respCode>
			<authCode>008628</authCode>
			<mpi>
				<eci>05</eci>
			</mpi>
			<paymentCode>000</paymentCode>
			<paymentMessage>Operación finalizada con éxito</paymentMessage>
		</operation>
	</operations>
	<optionalTransactionParams/>
</payfrex-response>

Void

In Addon Payments you can cancel (release) the amount manually. This allows you, among other things, to release amounts held as collateral. Authorized transactions pending release will have the status “PENDING” in the notification and will be shown with that status in the transaction list of the BackOffice Portal.

These are some points to keep in mind about the two-phase payment:

We recommend not to exceed seven (7) calendar days between the two transactions. This is because the maximum settlement period is set by the issuers, and authorization after that period is not guaranteed.
The amount released (cancelled) is always the total amount of the transaction. A partial amount is not allowed.
Payments that have been released cannot be settled.

To proceed with the release of the amount, the merchant must send a reversal (release) on the initial transaction before the maximum deadline, normally seven (7) days.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request section for more information.

Your ecommerce platform sends the void request generated to the URL set up for releases. Remember that the string must pass the encryption process.

				
					merchantId=12345&merchantTransactionId=27258897&paymentSolution=caixapucpuce&transactionId=7556056

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/void' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: Z7VA6TpG9B84X9x9qqXoWQ==' \
--form 'merchantId="12345"' \
--form 'encrypted="4xUYxJxLc/ABCyqJfwttTalkds3YeijsJe6MlTnC6mgmbm0aXKwhI7thwa70o6lLyjrUtW8fFNUWf/l3jIojR4H5nW54Pl+GxerG1/AjMFpHlacchB3+kfkZzko42dQKk7MopAALi6SAFbl1Uq//qsESz8fV07ED7IvRQwlXREZDFtxQn2m9eyPr5zrJczILhRx27p3lqFQ61Sqlq0nCN+3sgJmuPUMKRqlXhYqf+vErv+fBaZMPV/8iKgERJLpIjPn+HZSLpc+q5VBcD4b+rGAgEKNi56Ni/MPCpKVWBUv8HFb06PngrLfiXcnFTfNeegg0XPkkmuGwR1l1y/k1tv9dPrdBkSIwE2OuHYvrkrn+NAOTHBxjGR4Ap93aZEwcPX9afkHkFOMi/5e3JdoxtFvSwOCe1ScEw2vRDhonE+5lV7jwOrqSMr+tfWVGPqzrYj/DZiQwCIUQJM6g5x+ocLTAURzz4IiJ26kBlQpYVnedKEVhevNJNZ88z6m50W2THtDR70pQq6qjF37NCfOeq/UDCg0RB/MPfYUJRUIsfPk=' \
--form 'integrityCheck="1c256f5b834e5db6d5f453043a8a3830859b308f297cc2cf423064510c5c9b72"'

Void request parameters

These are the parameters to send for a void request. The type column shows whether the element is Required (R) or Optional (O).

Field	Format	Type	Description	Example
merchantId	Whole number 4~7 digits	R	Your merchant’s ID on the AP platform. Provided by Support in the welcome email. It is the same for both environments	14983
transactionId	Whole number max 100 digits	R	ID for the original transaction the secondary operation applies to, such as capture, release or refund.	76543210
paymentSolution	Alphanumeric max 45 characters	R	Name of the payment solution that processed the original transaction. Given in the response for the original transaction.	caixapucpuce
merchantTransactionId	Max 45 characters Page of Latin-1 codes (ISO-8859-1)	R	This is the transaction ID on your ecommerce platform. Allows your platform to link notifications received to the customer’s order. Each transaction must have a unique ID.	order_91684
description	Max 1000 characters Page of Latin-1 codes (ISO-8859-1)	O	Description of the transaction. Saved in the transaction details and returned in the notification. Doesn’t affect the transaction. Helps you identify it more easily.	Capture after delivering product

Response

Visit our section on Managing notifications to learn more about its structure.

Sample response received for a release request:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<payfrex-response operation-size="1">
	<operations>
		<operation sorted-order="1">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<details>{"resultCode":"00000",………,"OperationResult":"000"}}</details>
			<merchantTransactionId>61565574</merchantTransactionId>
			<message>Success 'Void' operation with status 'SUCCESS'</message>
			<operationType>VOID</operationType>
			<optionalTransactionParams/>
			<originalPayFrexTransactionId>7556059</originalPayFrexTransactionId>
			<payFrexTransactionId>7556062</payFrexTransactionId>
			<paySolTransactionId>355534686 790190 695513 230630014250</paySolTransactionId>
			<paymentDetails>
				<cardHolderName>Test</cardHolderName>
				<cardNumber>490727****2227</cardNumber>
				<cardNumberToken>2256407039282227</cardNumberToken>
				<cardType>VISA/DEBIT OR CREDIT</cardType>
				<expDate>1234</expDate>
				<extraDetails>
					<entry>
						<key>cardCategory</key>
						<value>Not Available</value>
					</entry>
					<entry>
						<key>rememberMe</key>
						<value>true</value>
					</entry>
				</extraDetails>
				<issuerBank>SERVIRED MASTERCARD INTERNACIONAL</issuerBank>
				<issuerCountry>ES</issuerCountry>
			</paymentDetails>
			<paymentSolution>caixapucpuce</paymentSolution>
			<status>SUCCESS</status>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>d25443a8_b5d6_4e74_b6b9_a747364c7369</uuid>
			</respCode>
			<authCode>947278</authCode>
			<paymentCode>000</paymentCode>
			<paymentMessage>Operación finalizada con éxito</paymentMessage>
		</operation>
	</operations>
</payfrex-response>

Refunds

Addon Payments allows you to make full or partial refund of the transaction amount. To process a refund, the transaction must meet the following conditions:

The original transaction date must be within one (1) year.
The sum of all refunds involving the original transaction cannot exceed the original total.
The transaction status must be authorized and captured (SUCCESS).
Refunds can’t be processed for transactions with the following statuses:
- Not captured (PENDING).
- Released (VOIDED).
- Declined (FAIL).
- Wrong (ERROR).

Refunds can’t be reversed, so you have to be sure both the transaction and the amount to refund are correct.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request section for more information.

Your ecommerce platform sends the refund request generated to the URL set up for releases. Remember that the string must pass the encryption process.

				
					merchantId=12345&merchantTransactionId=61565574&amount=5&paymentSolution=caixapucpuce&transactionId=7556056

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/rebate' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: Z7VA6TpG9B84X9x9qqXoWQ==' \
--form 'merchantId="12345"' \
--form 'encrypted="4xUYxJxLc/ABCyqJfwttTalkds3YeijsJe6MlTnC6mgmbm0aXKwhI7thwa70o6lLyjrUtW8fFNUWf/l3jIojR4H5nW54Pl+GxerG1/AjMFpHlacchB3+kfkZzko42dQKk7MopAALi6SAFbl1Uq//qsESz8fV07ED7IvRQwlXREZDFtxQn2m9eyPr5zrJczILhRx27p3lqFQ61Sqlq0nCN+3sgJmuPUMKRqlXhYqf+vErv+fBaZMPV/8iKgERJLpIjPn+HZSLpc+q5VBcD4b+rGAgEKNi56Ni/MPCpKVWBUv8HFb06PngrLfiXcnFTfNeegg0XPkkmuGwR1l1y/k1tv9dPrdBkSIwE2OuHYvrkrn+NAOTHBxjGR4Ap93aZEwcPX9afkHkFOMi/5e3JdoxtFvSwOCe1ScEw2vRDhonE+5lV7jwOrqSMr+tfWVGPqzrYj/DZiQwCIUQJM6g5x+ocLTAURzz4IiJ26kBlQpYVnedKEVhevNJNZ88z6m50W2THtDR70pQq6qjF37NCfOeq/UDCg0RB/MPfYUJRUIsfPk=' \
--form 'integrityCheck="1c256f5b834e5db6d5f453043a8a3830859b308f297cc2cf423064510c5c9b72"'

Refund request parameters

These are the parameters to send for a refund request. The type column shows whether the element is Required (R) or Optional (O).

Field	Format	Type	Description	Example
merchantId	Whole number 4~7 digits	R	Your merchant’s ID on the AP platform. Provided by Support in the welcome email. It is the same for both environments	14983
transactionId	Whole number max 100 digits	R	ID for the original transaction the secondary operation applies to, such as capture, release or refund.	76543210
paymentSolution	Alphanumeric max 45 characters	R	Name of the payment solution that processed the original transaction. Given in the response for the original transaction.	caixapucpuce
amount	Numerical with decimals 0~1000000.00	R	Amount of the transaction. If the amount has decimals, the separator is a dot (.). The separator cannot be included in the thousands.	127.5
merchantTransactionId	Max 45 characters Page of Latin-1 codes (ISO-8859-1)	R	This is the transaction ID on your ecommerce platform. Allows your platform to link notifications received to the customer’s order. Each transaction must have a unique ID.	order_91684
description	Max 1000 characters Page of Latin-1 codes (ISO-8859-1)	O	Description of the transaction. Saved in the transaction details and returned in the notification. Doesn’t affect the transaction. Helps you identify it more easily.	Refund after returning product

Response

Visit our section on Managing notifications to learn more about its structure.

Sample responses received for a full and partial refund:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<payfrex-response operation-size="1">
	<operations>
		<operation sorted-order="1">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<details>{"resultCode":"00000",………,"OperationResult":"000"}}</details>
			<merchantTransactionId>61565574</merchantTransactionId>
			<message>Success 'Refund' operation with status 'SUCCESS'</message>
			<operationType>REFUND</operationType>
			<optionalTransactionParams/>
			<originalPayFrexTransactionId>7556053</originalPayFrexTransactionId>
			<payFrexTransactionId>7556071</payFrexTransactionId>
			<paySolTransactionId>355534686 790190 695523 230630022641</paySolTransactionId>
			<paymentDetails>
				<cardHolderName>Test</cardHolderName>
				<cardNumber>490727****2227</cardNumber>
				<cardNumberToken>8090783229362227</cardNumberToken>
				<cardType>VISA/DEBIT OR CREDIT</cardType>
				<expDate>1234</expDate>
				<extraDetails>
					<entry>
						<key>cardCategory</key>
						<value>Not Available</value>
					</entry>
					<entry>
						<key>rememberMe</key>
						<value>true</value>
					</entry>
				</extraDetails>
				<issuerBank>SERVIRED MASTERCARD INTERNACIONAL</issuerBank>
				<issuerCountry>ES</issuerCountry>
			</paymentDetails>
			<paymentSolution>caixapucpuce</paymentSolution>
			<remainingAmount>0.00</remainingAmount>
			<status>SUCCESS</status>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>c8228a36_2662_438a_89a6_cff879e8257e</uuid>
			</respCode>
			<authCode>234791</authCode>
			<paymentCode>000</paymentCode>
			<paymentMessage>Operación finalizada con éxito</paymentMessage>
		</operation>
	</operations>
	<status>SUCCESS</status>
</payfrex-response>

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<payfrex-response operation-size="1">
	<operations>
		<operation sorted-order="1">
			<amount>5</amount>
			<currency>EUR</currency>
			<details>{"resultCode":"00000",………,"OperationResult":"000"}}</details>
			<merchantTransactionId>61565574</merchantTransactionId>
			<message>Success 'Rebate' operation with status 'SUCCESS'</message>
			<operationType>REBATE</operationType>
			<optionalTransactionParams/>
			<originalPayFrexTransactionId>7556056</originalPayFrexTransactionId>
			<payFrexTransactionId>7556065</payFrexTransactionId>
			<paySolTransactionId>355534686 790190 695506 230630020702</paySolTransactionId>
			<paymentDetails>
				<cardHolderName>Test</cardHolderName>
				<cardNumber>490727****2227</cardNumber>
				<cardNumberToken>8090783229362227</cardNumberToken>
				<cardType>VISA/DEBIT OR CREDIT</cardType>
				<expDate>1234</expDate>
				<extraDetails>
					<entry>
						<key>cardCategory</key>
						<value>Not Available</value>
					</entry>
				</extraDetails>
				<issuerBank>SERVIRED MASTERCARD INTERNACIONAL</issuerBank>
				<issuerCountry>ES</issuerCountry>
			</paymentDetails>
			<paymentSolution>caixapucpuce</paymentSolution>
			<remainingAmount>5.00</remainingAmount>
			<status>SUCCESS</status>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>d25443a8_b5d6_4e74_b6b9_a747364c7369</uuid>
			</respCode>
			<authCode>082706</authCode>
			<paymentCode>000</paymentCode>
			<paymentMessage>Operación finalizada con éxito</paymentMessage>
		</operation>
	</operations>
	<status>SUCCESS</status>
</payfrex-response>

Recurring and successive payments

In this section, you will find out how to save customer cards for later payments without customer interaction or CIT (Customer Initiated Transaction). We will also look at how to launch operations from your ecommerce to pay for subscriptions, known as MIT (Merchant Initiated Transaction).

In the first situation, the customer must make an initial payment authenticated with 3DS2 and SCA, which will allow them to save their card details and consent for future payments. This type of transaction is called COF (Credential On File).

Subscription

With this integration, you can allow customers to subscribe to your plans, saving their card for later payments. In the request, you must include the COF parameters and force SCA to prevent the issuer from declining future transactions. In the response, you will get the “subscriptionPlan“, which is the ID for future operations and is directly linked to the response “cardNumberToken” and the “customerId” you sent with the payment request. We will see all this below.

In the first transaction, you have to notify the type of transactions that will be processed in the future based on your needs. Here is a table with the parameters to include in “paymentRecurringType” and their function:

Initial payment	Successive payment	Description	Example
newCof	cof	One-off payments without fixed amount or periodicity.	Purchase when customer chooses to save the card for future transactions.
newSubscription	subscription	Recurring payment with fixed amount and periodicity.	Fees or subscriptions.
newInstallment	installment	Postponed payment limited to individual purchase with fixed amount and periodicity.	Payment in instalments.

Plus, we recommend you visit our 3DSecure section to add additional fields to the payment process. These optional data fields enrich the payment request and can facilitate the authentication process.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request for more information.

This is a sample request for a subscription plan, the first as a string and the second as cURL. Remember that the string must pass the encryption process.

				
					merchantId=12345&merchantTransactionId=00000001&amount=10
.00&currency=EUR&country=ES&customerId=000001&paymentSolution
=creditcards&productId=123450001&operationType=DEBIT&statusURL
=https://micomercio.com/recepcion_notificacion
.php&successURL=https://micomercio.com/url-ok.php&errorURL
=https://micomercio.com/url-ko.php&cancelURL
=https://micomercio.com/url-cancelacion.php&chName=Nombre
+Apellido&cardNumber=4012000000150084&expDate
=1234&cvnNumber=123&challengeInd=04&paymentRecurringType
=newSubscription

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/pay' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: 0Pn6pDEm73YvekNKUJcvwg==' \
--form 'merchantId="12345"' \
--form 'encrypted="E0ltWj/qZLrQmhjo8nL+O8MMVrH3JtXjGdH5qKhR0VcPUohtRyAjwdaS8aOQSTDTRBSIaBnsJfZ33K3gvCywD3RErijYqggEDwceb9wdmXSxs9PNacdgD/nfxyYsgXX1SuKScFvczlMH9qgAJWrFF7HoKyxgoxkPXAXHEjTANNCNuJPKLDImVIpUPYUyHcdzha5d8FHoey7EJLMN3GycRLfrNGH2+AXfcwL66wMMPURbDsp6p30wFlPpM2VX+PE/CeLPm8lFwG/Q5M1OA4cPO+/+f8ASorKnuo+xa7yp/A1qJATluogVbNZKKOKjCPh+jBmTApoPgARDMpyVujeNHPGgnAoTJWbaO7HH8OBB47MSh4Ml9VHKUdAOVmsWU9/pzbOYD+YNPjnYjDLWZ3KDjq67Pwr6q2DrDt59BrQDlIWMVbv/L1QcODQFR8IaljFre43an0sOvGGpw0vp1Xt9koYIzJQAi1uaUVofNAgJOXbl2Z58wzQvtPiBBBXlrEA7xeRORsFvbvUzg8aNkVBxQFkzf4zxKM3JDvMwZL934VypLG87mj+gND0KwyeTKY1PVivi59lZGWoT0AAdPiwtg3g18U73GpQ+ASrxfQNHx8eP3onRPi2BphgAjxLQeqpJOkTSqbN7MvPHSaaSNQemjt9gvmz2IO6PPAwOAKmrc6R+kAWGS1FNZhGyGOm9I1DHIi5vrb60PCNH+SedYBe0TbQBcVpbHX9HY+u8Jszcp9X28KsLzOaS3bubqk1ki1MhETZymQbzIUOCnpHntB6y+PquHNtzz6klWE4Y7n3kgqoH4oXgWmrUMq8TiaNJ8H6hQeK+ftoOL86pVLpvufs7FdY7aXSV1hCBYCEm4RXF93is2+xDWEne0Y6donwwa12x6CZKaF9oP0+Au1LjqQnOc5MJZh16kESPKOvax6LQY4xS1bwLFcNFd22+0Ip+qBwNYNMQNJPevUFEFx2zNThiBY2zVgQIjhdrNbo7DTI2+4Ustb9g5MkYCZHLF1w4qwRw”' \
--form 'integrityCheck="dfedf34c8a3636c1f4f2feddafa37122e6235211f69c0462f133ac5f180133fd"'

You receive a response with the URL where the customer will be redirected for authentication in the field “redirectionResponse”:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="2">
  <message>WorkFlow has finished successfully, for transaction Id: 7711753</message>
  <operations>
    <operation sorted-order="1">
      <amount>10.00</amount>
      <currency>EUR</currency>
      <merchantTransactionId>00000001</merchantTransactionId>
      <message>Exemptions has been removed</message>
      <operationType>DEBIT</operationType>
      <service>TRA</service>
      <status>SUCCESS</status>
      <transactionId>7711753</transactionId>
      <respCode>
        <code>0000</code>
        <message>Successful</message>
        <uuid>d6854b77_0909_4e2c_a83c_37778ace38a6</uuid>
      </respCode>
    </operation>
    <operation sorted-order="2">
      <amount>10.00</amount>
      <currency>EUR</currency>
      <merchantTransactionId>00000001</merchantTransactionId>
      <message>Starting 3DSecure 2.0 process.</message>
      <operationType>DEBIT</operationType>
      <optionalTransactionParams/>
      <originalTransactionId>7711753</originalTransactionId>
      <paymentDetails>
        <cardHolderName>Nombre Apellido</cardHolderName>
        <extraDetails>
          <entry>
            <key>threeDSMethodData</key>
            <value>eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjUwMDNkZDlhLWQ2ZTYtNGM0YS05YzRhLTliNTI0ODhlMzlmOSIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIjogImh0dHBzOi8vY2hlY2tvdXQuc3RnLWV1LXdlc3QzLmVwZ2ludC5jb20vRVBHQ2hlY2tvdXQvY2FsbGJhY2svZ2F0aGVyRGV2aWNlTm90aWZpY2F0aW9uL3BheXNvbC8zZHN2Mi8xMDA0MTI1In0=</value>
          </entry>
          <entry>
            <key>threeDSv2Token</key>
            <value>5003dd9a-d6e6-4c4a-9c4a-9b52488e39f9</value>
          </entry>
        </extraDetails>
      </paymentDetails>
      <redirectionResponse>redirect:https://checkout.stg-eu-west3.epgint.com/EPGCheckout/rest/online/3dsv2/redirect?action=gatherdevice&params=eyJ0aHJlZURTdjJUb2tlbiI6IjUwMDNkZDlhLWQ2ZTYtNGM0YS05YzRhLTliNTI0ODhlMzlmOSIsInRocmVlRFNNZXRob2RVcmwiOiJodHRwczovL21vY2stZHMuc3RnLWV1LXdlc3QzLmVwZ2ludC5jb20vcHVibGljL21ldGhvZC1kYXRhLyIsInRocmVlRFNNZXRob2REYXRhIjoiZXlKMGFISmxaVVJUVTJWeWRtVnlWSEpoYm5OSlJDSTZJalV3TUROa1pEbGhMV1EyWlRZdE5HTTBZUzA1WXpSaExUbGlOVEkwT0RobE16bG1PU0lzSUNKMGFISmxaVVJUVFdWMGFHOWtUbTkwYVdacFkyRjBhVzl1VlZKTUlqb2dJbWgwZEhCek9pOHZZMmhsWTJ0dmRYUXVjM1JuTFdWMUxYZGxjM1F6TG1Wd1oybHVkQzVqYjIwdlJWQkhRMmhsWTJ0dmRYUXZZMkZzYkdKaFkyc3ZaMkYwYUdWeVJHVjJhV05sVG05MGFXWnBZMkYwYVc5dUwzQmhlWE52YkM4elpITjJNaTh4TURBME1USTFJbjA9IiwiYnJhbmQiOiJWSVNBIiwicmVzdW1lQXV0aGVudGljYXRpb24iOiJodHRwczovL2NoZWNrb3V0LnN0Zy1ldS13ZXN0My5lcGdpbnQuY29tL0VQR0NoZWNrb3V0L3JldHVybnVybC9mcmljdGlvbmxlc3MvcGF5c29sLzNkc3YyLzEwMDQxMjU/dGhyZWVEU3YyVG9rZW49NTAwM2RkOWEtZDZlNi00YzRhLTljNGEtOWI1MjQ4OGUzOWY5IiwicmVuZGVyQ2FzaGllckxvY2F0aW9uIjoiaHR0cHM6Ly9lcGdqcy1yZW5kZXJjYXNoaWVyLXN0Zy5lYXN5cGF5bWVudGdhdGV3YXkuY29tIiwiY2hhbGxlbmdlV2luZG93c1NpemUiOiIwNSJ9</redirectionResponse>
      <service>3DSv2</service>
      <status>REDIRECTED</status>
      <transactionId>1004125</transactionId>
      <respCode>
        <code>8100</code>
        <message>Frictionless requires</message>
        <uuid>7b43832c_34d9_456d_98e4_982731382e96</uuid>
      </respCode>
      <mpi>
        <acsEndProtocolVersion>2.2.0</acsEndProtocolVersion>
        <acsStartProtocolVersion>2.1.0</acsStartProtocolVersion>
        <dsEndProtocolVersion>2.2.0</dsEndProtocolVersion>
        <dsStartProtocolVersion>2.1.0</dsStartProtocolVersion>
        <threeDSMethodURL>https://mock-ds.stg-eu-west3.epgint.com/public/method-data/</threeDSMethodURL>
      </mpi>
    </operation>
  </operations>
  <optionalTransactionParams/>
  <status>SUCCESS</status>
  <workFlowResponse>
    <id>31380</id>
    <name>debit creditcards (TRA)</name>
    <version>0</version>
  </workFlowResponse>
</response>

Parameters of the subscription plan application request

The required/mandatory and optional parameters are listed in this table.

In addition to those parameters, to start a subscription plan, you have to add the following parameters. The type shows whether the element is Required (R) or Optional (O):

Field	Format	Type	Description	Example
paymentRecurringType	– newCof: One-off payments, without a fixed amount or periodicity. – newSubscription: Recurring payments with fixed amount and periodicity. – newInstallment: Postponed payment limited to individual purchase with fixed amount and periodicity.	R	Recurring or successive payment type. Note if the COF transaction is initial or successive, and the reason or purpose for payment.	newSubscription
challengeInd	Accepted values: – 01: no preference (default value if this parameter is not sent) – 02: avoid challenge – 03: require challenge (trade preference) – 04: require challenge (mandatory) – 05: avoid challenge (performed transaction risk analysis) – 06: avoid challenge (only in data sharing) – 07: avoid challenge (SCA already done) – 08: avoid challenge (use whitelist exemption) – 09: avoid challenge (request whitelist)	R	Indicates the preference set by the merchant for an authentication process. The issuer can modify the preference specified in this field.	04

Response

Visit our section on Managing notifications to learn more about its structure.

This is a sample notification received after starting a subscription plan:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="3">
	<message>WorkFlow has finished successfully, for transaction Id: 7711753</message>
	<operations>
		<operation sorted-order="1">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Exemptions has been removed</message>
			<operationType>DEBIT</operationType>
			<service>TRA</service>
			<status>SUCCESS</status>
			<transactionId>7711753</transactionId>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>d6854b77_0909_4e2c_a83c_37778ace38a6</uuid>
			</respCode>
		</operation>
		<operation sorted-order="2">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Challenge: Authenticated successfully</message>
			<operationType>DEBIT</operationType>
			<paymentDetails>
				<cardNumberToken>4535954006730084</cardNumberToken>
				<extraDetails/>
			</paymentDetails>
			<service>3DSv2</service>
			<status>SUCCESS3DS</status>
			<transactionId>7711753</transactionId>
			<respCode>
				<code>8000</code>
				<message>Successful authentication</message>
				<uuid>737ed5e3_12f5_4e5c_9a9b_2d2f3f7b59b9</uuid>
			</respCode>
			<mpi>
				<acsTransID>20d853ed-4347-4727-a5a0-e19ab8bcda08</acsTransID>
				<authMethod>02</authMethod>
				<authTimestamp>202310301425</authTimestamp>
				<authenticationStatus>Y</authenticationStatus>
				<cavv>AJkBAlQ0Y1czBidENjRjAAAAAAA=</cavv>
				<eci>05</eci>
				<messageVersion>2.2.0</messageVersion>
				<result>eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjUwMDNkZDlhLWQ2ZTYtNGM0YS05YzRhLTliNTI0ODhlMzlmOSIsImFjc1RyYW5zSUQiOiIyMGQ4NTNlZC00MzQ3LTQ3MjctYTVhMC1lMTlhYjhiY2RhMDgiLCJhdXRoZW50aWNhdGlvblR5cGUiOiIwMSIsImF1dGhlbnRpY2F0aW9uTWV0aG9kIjoiMTAiLCJhdXRoZW50aWNhdGlvblZhbHVlIjoiQUprQkFsUTBZMWN6QmlkRU5qUmpBQUFBQUFBPSIsImRzVHJhbnNJRCI6IjY5OTM0MTFjLWU1ZGUtNGZmYS04NDdhLTA5MDZkMTNhYWFiYiIsImVjaSI6IjA1IiwiaW50ZXJhY3Rpb25Db3VudGVyIjoiMDEiLCJtZXNzYWdlVHlwZSI6IlJSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMi4wIiwibWVzc2FnZUNhdGVnb3J5IjoiMDEiLCJ0cmFuc1N0YXR1cyI6IlkifQ==</result>
				<threeDSv2Token>5003dd9a-d6e6-4c4a-9c4a-9b52488e39f9</threeDSv2Token>
			</mpi>
			<paymentCode>nsY1</paymentCode>
			<paymentMessage>Authenticated successfully</paymentMessage>
		</operation>
		<operation sorted-order="3">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<details>{"resultCode":"00000","resultDescription":"OK","values":{"rfTransactionCurrency":"EUR","rfRTS":"355534686 790190 845391 231030152505","rfContactlessLogo":"false","rfOperationType":"Settle","rfAuthMode":"On","rfDataEntryMode":"Manual","rfCardHolderVerificationMode":"No","rfFuc":"355534686","rfTerminalID":"00000500","rfProcessor":"Redsys","rfMerchantName":"Pruebas Addon 25","rfMerchantCity":"BARCELONA","rfMerchantPostalCode":"08014","rfMerchantAddress":"GRAN VIA DE LES CORTS CATALANE, 159 PLANTA 7","rfMaskedPan":"************0084","rfOperationDateTime":"30/10/23 15:25:05","rfTerminalOperationNumber":"1195","rfAuthNumber":"795430","rfTransactionAmountCurrency":"10,00 EUR","rfProcessorMessage":"","rfPrintSignatureBox":"false","rfCardPresent":"true","rfReferenceId":"1195","posTransactionToken":"{\"pucIdMsg\":\"1200\",\"pucP3ProcessCode\":\"000000\",\"pucP4OriginalAmount\":\"000000001000\",\"pucP11TransactionNumber\":\"845391\",\"pucP12LocalDateTime\":\"231030152505\",\"pucP22ServicePointData\":\"1U00506U3000\",\"pucP38AuthNumber\":\"795430\",\"pucP39ActionCode\":\"000\",\"pucP53SecurityControlInfo\":\"0102000001000000\",\"pinpadId\":\"1440\",\"pinpadAcquirerId\":\"00000500\",\"pinpadManufacturer\":null,\"pinpadModel\":null,\"pinpadSerialNumber\":null,\"pinpadSoftwareName\":null,\"pinpadSoftwareVersion\":null,\"pinpadKernelEmv\":null,\"pinpadVccStrip\":null,\"pinpadVerPup\":null,\"pinpadPciStage\":null,\"pinpadVerEmvParams\":null,\"pinpadEmvType\":null,\"pinpadCapabilities\":null,\"pinpadLanguage\":null,\"transactionType\":\"O\",\"transactionContactless\":\"0\",\"transactionDcc\":\"0\",\"transactionDccComission\":null,\"transactionDccExchangeRate\":null,\"transactionDccMarkUp\":null,\"transactionDccEntity\":null,\"transactionDccBceExchangeRate\":null,\"transactionDccBceMarkUp\":null,\"transactionPanSequenceNumber\":null,\"transactionTerminalOperationNumber\":\"1195\",\"transactionResponseCode\":null,\"transactionCurrency\":\"978\",\"transactionFuc\":\"355534686\",\"cardMaskedPan\":\"************0084\",\"cardAid\":null,\"cardDdfName\":null,\"cardApplicationLabel\":null,\"cardCypherData\":null}","OperationResult":"000","cofAdditionalInformation":"RS478101069093662"},"threeDsProtocolVersion":"2.2.0"}</details>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Success 'Settle' operation</message>
			<operationType>DEBIT</operationType>
			<optionalTransactionParams/>
			<paySolTransactionId>355534686 790190 845391 231030152505</paySolTransactionId>
			<paymentDetails>
				<cardHolderName>Nombre Apellido</cardHolderName>
				<cardNumber>401200****0084</cardNumber>
				<cardNumberToken>4535954006730084</cardNumberToken>
				<cardType>visa/credit</cardType>
				<expDate>1234</expDate>
				<extraDetails>
					<entry>
						<key>cardCategory</key>
						<value>Not Available</value>
					</entry>
					<entry>
						<key>rememberMe</key>
						<value>true</value>
					</entry>
				</extraDetails>
				<issuerBank>EXTRAS TEST - VISA</issuerBank>
				<issuerCountry>ES</issuerCountry>
			</paymentDetails>
			<paymentMethod>19900</paymentMethod>
			<paymentSolution>caixapucpuce</paymentSolution>
			<status>SUCCESS</status>
			<transactionId>7711753</transactionId>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>d6854b77_0909_4e2c_a83c_37778ace38a6</uuid>
			</respCode>
			<authCode>795430</authCode>
			<mpi>
				<eci>05</eci>
			</mpi>
			<paymentCode>000</paymentCode>
			<paymentMessage>Operación finalizada con éxito</paymentMessage>
			<subscriptionPlan>478101069093662</subscriptionPlan>
		</operation>
	</operations>
	<optionalTransactionParams/>
	<status>SUCCESS</status>
	<workFlowResponse>
		<id>31380</id>
		<name>debit creditcards (TRA)</name>
		<version>0</version>
	</workFlowResponse>
</response>

Subscription payments

Subscription payments are recurring transactions when the merchant sends the payment request to the customer with the details stored previously. This operation requires data from the customer provided when signing up for a subscription.

Subscription payments are initiated by the merchant (MIT) and require data like the “cardNumberToken” or “subscriptionPlan”, obtained previously.

Plus, we recommend you visit our 3DSecure section to add additional fields to the payment process. These optional data fields enrich the payment request and can facilitate the authentication process.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request for more information.

This is a sample request for a subscription payment, the first as a string and the second as cURL. Remember that the string must pass the encryption process.

				
					merchantId=12345&merchantTransactionId=00000001&amount=10
.00&currency=EUR&country=ES&customerId=000001&paymentSolution
=creditcards&productId=123450001&operationType=debit&statusURL
=https://micomercio.com/recepcion_notificacion
.php&successURL=https://micomercio.com/url-ok.php&errorURL
=https://micomercio.com/url-ko.php&cancelURL
=https://micomercio.com/url-cancelacion
.php&merchantExemptionsSca=MIT&cardNumberToken
=4535954006730084&paymentRecurringType
=subscription&subscriptionPlan=478101069093662

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/pay' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: 0Pn6pDEm73YvekNKUJcvwg==' \
--form 'merchantId="12345"' \
--form 'encrypted="XUmYdlfwkdBKe71gni7taV6pNECxp5xj1ay9aJBd/JYO3xCjNtHi6oca+i+LotVg38teQFDugCfQJPp59sMIbjfvGZqBPlgBg4oJGByM0iyubIskjUzBM5FOPNrASVzeF/HSy+yyind7DcY+2ZQDgq7puB0hd0EqQegquW0Ow0JieTsdMhSyq2I7Ry81P5wUP9L8OZlG/HNy+kbHmbMGksjdLyOIbxZg/YOqYU0fQns9Y2ie0lj4PbT7IR5URtwhVrx3+ssDNUyXuAUTrqsaAu/x8QfqPyhSw8DLORkyLP4k7MVpz2e2l4kIfdhLhSkt+9L4PlZ9EqWj9139qMZP51mnuquCE1dttKObyycn4QoUxa5wLqTxXMqoQWj/w+sCjdgO2BrAsHDqzacsrnP0ddUDx7Ft2oq4zx3J9OQ4zmGouAac6QJXGG7s3wZnanKkGMB5Ps9HH/+6yJPFxV6rCRpdYFhLoLwS1DV3YZe/7dc+FJu8GsSDLg45gJZY442dYEg6FAevccmImnI62WFw30Ak1RjRjgWZWmvjrGhaHpG51FMndI5i+NfNdt+eX9Tw6IUqfXJ9WPjiR95KNqyc64MSQj8LAW3A0IlFsKuQyckzgmOrHiDo9yy80mKX95hCFK03OnSpVyGWjniAg7hVQmTLa2vJsab9TbGIOrP59zyYcwX1OgOAhiAvu62qq0/JxNl/CW5Wyy99MxQIAw6GsFaVB1ZxNHgMVTwQAYlQhf89iELS/HRjykpsPZ7Q7r0zSXv5nCR314VVg+p1TsQhJ7RDBIM3U3+2255PED7cFUStQXyfQWs+YXdcITtxPSew6PKDsDXlVFpwvS1P7GbGT08FZFfVha8589XkAmUYFeFtonlrQCd/ox61zSrJilJMbjv7YYbCJdbt04HnfGMJipUGlIM6I5yOAfTEhGvtUkFe/PcRqd0zoFzxGhYEDrFjzQKXIfCTh8UprzfYBYUlONtNLZHmBsbb/JFJdfV/6DQ=”' \
--form 'integrityCheck="46bd5b723103b13d87667bd6a6cdf8e69635b1ffd837e31239f62ffd7632046b"'

Subscription payment request parameters

The required/mandatory and optional parameters are listed in this table.

In addition to those parameters, for subscription payments you have to add the following parameters. The type shows whether the field is Required (R) or Optional (O).

Field	Format	Type	Description	Example
merchantExemptionsSca	MIT = Transaction initiated by the merchant TRA = Transaction risk analysis exemption LWV = Low value exemption COR = Corporate payment exemption	R	PSD2 exemption to apply. Normally only sent in successive payments with the value “MIT”.	MIT
paymentRecurringType	cof subscription installment delayed resubmission reauthorization incremental noShow	R	Type of recurring or successive payment. Note if the COF transaction is initial or successive, and the reason or purpose for payment. The following table has detailed explanations.	subscription
subscriptionPlan	Alphanumeric Max. 45 characters.	R	COF transaction ID generated in initial transaction. It is received with the same name on the response notification for the initial COF transaction. It must be sent in successive transactions linked to the initial transaction.	708120533554282
cardNumberToken	Alphanumeric 16~20 characters	R	Addon Payments token of the card number. The last 4 digits coincide with the original card number.	4535954006730084

This table shows the values for “paymentRecurringType” for successive transactions explained in detail and their functions:

Value	Description	Example
cof	One-off payments, without a fixed amount or periodicity.	Purchase when customer chooses to save the card for future transactions.
subscription	Recurring payment with fixed amount and periodicity.	Fees or subscriptions.
installment	Postponed payment limited to individual purchase with fixed amount and periodicity.	Payment in instalments
delayed	Additional payment after provision of a service	Hotel room charges Extra charges for rentals Damages to hire cars Extras not included in the service
resubmission	Resubmission of a charge after having provided the service or product to the customer and the initial payment being rejected for lack of funds. Only for certain sectors (for more information, check the brands’ rules) and with a maximum of days from the purchase.	Transport
reauthorization	Reauthorization for an existing COF recurring payment, updating the card or recurring plan.
incremental	The customer consents to pay for any additional services they incur for the duration of the contract.	Extending hotel stay.
noShow	Payment for services the customer agreed to pay for when they did not comply with the terms of the agreement.	Hotel or apartment bookings when the customer doesn’t show up.

Response

Visit our section on Managing notifications to learn more about its structure.

This is a sample notification received after a subscription payment:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="1">
  <message>WorkFlow has finished successfully, for transaction Id: 7711801</message>
  <operations>
    <operation sorted-order="1">
      <amount>10.00</amount>
      <currency>EUR</currency>
      <details>{"resultCode":"00000","resultDescription":"OK","values":{"rfTransactionCurrency":"EUR","rfRTS":"355534686 790190 845403 231030153739","rfContactlessLogo":"false","rfOperationType":"Settle","rfAuthMode":"On","rfDataEntryMode":"Manual","rfCardHolderVerificationMode":"No","rfFuc":"355534686","rfTerminalID":"00000500","rfProcessor":"Redsys","rfMerchantName":"Pruebas Addon 25","rfMerchantCity":"BARCELONA","rfMerchantPostalCode":"08014","rfMerchantAddress":"GRAN VIA DE LES CORTS CATALANE, 159 PLANTA 7","rfMaskedPan":"************0084","rfOperationDateTime":"30/10/23 15:37:39","rfTerminalOperationNumber":"1196","rfAuthNumber":"745649","rfTransactionAmountCurrency":"10,00 EUR","rfProcessorMessage":"","rfPrintSignatureBox":"false","rfCardPresent":"true","rfReferenceId":"1196","posTransactionToken":"{\"pucIdMsg\":\"1200\",\"pucP3ProcessCode\":\"000000\",\"pucP4OriginalAmount\":\"000000001000\",\"pucP11TransactionNumber\":\"845403\",\"pucP12LocalDateTime\":\"231030153739\",\"pucP22ServicePointData\":\"10005060F000\",\"pucP38AuthNumber\":\"745649\",\"pucP39ActionCode\":\"000\",\"pucP53SecurityControlInfo\":\"0102000001000000\",\"pinpadId\":\"1440\",\"pinpadAcquirerId\":\"00000500\",\"pinpadManufacturer\":null,\"pinpadModel\":null,\"pinpadSerialNumber\":null,\"pinpadSoftwareName\":null,\"pinpadSoftwareVersion\":null,\"pinpadKernelEmv\":null,\"pinpadVccStrip\":null,\"pinpadVerPup\":null,\"pinpadPciStage\":null,\"pinpadVerEmvParams\":null,\"pinpadEmvType\":null,\"pinpadCapabilities\":null,\"pinpadLanguage\":null,\"transactionType\":\"O\",\"transactionContactless\":\"0\",\"transactionDcc\":\"0\",\"transactionDccComission\":null,\"transactionDccExchangeRate\":null,\"transactionDccMarkUp\":null,\"transactionDccEntity\":null,\"transactionDccBceExchangeRate\":null,\"transactionDccBceMarkUp\":null,\"transactionPanSequenceNumber\":null,\"transactionTerminalOperationNumber\":\"1196\",\"transactionResponseCode\":null,\"transactionCurrency\":\"978\",\"transactionFuc\":\"355534686\",\"cardMaskedPan\":\"************0084\",\"cardAid\":null,\"cardDdfName\":null,\"cardApplicationLabel\":null,\"cardCypherData\":null}","OperationResult":"000"},"merchantExemptionSca":"MIT"}</details>
      <merchantTransactionId>00000001</merchantTransactionId>
      <message>Success 'Settle' operation</message>
      <operationType>DEBIT</operationType>
      <optionalTransactionParams/>
      <paySolTransactionId>355534686 790190 845403 231030153739</paySolTransactionId>
      <paymentDetails>
        <cardNumber>401200****0084</cardNumber>
        <cardNumberToken>4535954006730084</cardNumberToken>
        <cardType>visa/credit</cardType>
        <expDate>1234</expDate>
        <extraDetails>
          <entry>
            <key>cardCategory</key>
            <value>Not Available</value>
          </entry>
          <entry>
            <key>rememberMe</key>
            <value>true</value>
          </entry>
        </extraDetails>
        <issuerBank>EXTRAS TEST - VISA</issuerBank>
        <issuerCountry>ES</issuerCountry>
      </paymentDetails>
      <paymentSolution>caixapucpuce</paymentSolution>
      <status>SUCCESS</status>
      <transactionId>7711801</transactionId>
      <respCode>
        <code>0000</code>
        <message>Successful</message>
        <uuid>f7fe9eea_910f_437b_99e9_40a8a9c981c0</uuid>
      </respCode>
      <authCode>745649</authCode>
      <paymentCode>000</paymentCode>
      <paymentMessage>Operación finalizada con éxito</paymentMessage>
    </operation>
  </operations>
  <optionalTransactionParams/>
  <status>SUCCESS</status>
  <workFlowResponse>
    <id>31386</id>
    <name>debit creditcards (MIT)</name>
    <version>21</version>
  </workFlowResponse>
</response>

Payouts

Payouts are a payment transaction from the merchant to the customer’s account. Not to be confused with refunds. The purpose of this operation is the payment of prizes, for example. You must request this operation to Support for its activation.

The request is very similar to a standard authorization, but it includes “operationType: credit”. The type of Payout depends on the flow that your merchant has active, you can not choose the type of Payout (direct or in two steps) with the parameters of the request. There are two types of Payouts:

Direct Payout: The customer receives the amount when the request is successfully completed.
Payout in two steps: The customer initiates the Payout process but the Payout is pending approval or rejection by the merchant.

In addition, for security reasons, to perform a Payout there must be a previous authorized payment (from the customer to the merchant). The Payout will be made with the same payment solution and to the same card with which the previous payment was made. However, there are exceptions where a Payout can be made without prior deposit, depending on the nature of the merchant.

You must request the Payout operation to Support for its activation.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request for more information.

Your e-commerce platform sends the Host2Host Payout request to the established endpoint. Here you have an example in string and cURL. Remember that the string must pass the encryption process.

				
					merchantId=12345&merchantTransactionId=00000001&amount=10&currency
=EUR&country=ES&customerId=000001&paymentSolution=creditcards&productId=123450001
&statusURL=https://micomercio.com/recepcion_notificacion.php
&successURL=https://micomercio.com/url-ok.php&errorURL=https://micomercio.com/url-ko.php
&cancelURL=https://micomercio.com/url-cancelacion.php&awaitingURL=https://micomercio.com/url-espera.php
&cardNumberToken=4535954006730084&operationType=credit

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/pay' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: 0Pn6pDEm73YvekNKUJcvwg==' \
--form 'merchantId="12345"' \
--form 'encrypted="YhkE2nrG1vmWRxNnMxWtbqDHsi/x1ylrhg53nG2evwuAborzvFSQO3IslRCtBAuJVaSzmL4o17lyYZds2eQ48hNGO8O8EmnDzTfveqZUASpII=”' \
--form 'integrityCheck="06c928531469eb314c609e9a565567afecae69e644ba0e8cc49c612b6bf35e83"'

Host2Host Payout Parameters

The parameters required for a Host2Host Payout are those in this table.

In addition, you must add or modify the following data:

Field	Format	Type	Description	Example
operationType	Alphanumeric Max. 45 characters	R	Shows type of operation to carry out. Eligible values: – credit: Deposit transaction to the customer’s account. That is, cash travels from the merchant to the customer’s account. For example, in the payment of a price.	credit
cardNumberToken	Alphanumeric 16~20 characters	R	Addon Payments token of the customer’s card number. The last 4 digits match the original card number.	4535954006730084
cardNumber	Numeric. Maximum 19 digits.	O (R if cardNumberToken is not sent)	PAN of the card. It must pass the Luhn Check algorithm.	4907270002222227
expDate	Numeric 4 digits MMAA format, months are MM and YY is the year.	O (R if cardNumberToken is not sent)	Card expiration date.	0623
cvnNumber	Numeric 3 to 4 digits.	O (R if cardNumberToken is not sent)	Card CVC.	123
chName	Alphanumeric Max. 100 characters	O (R if cardNumberToken is not sent)	Full name of cardholder. First and last names are separated with spaces. Supports UTF-8.	Pablo Ferrer

Response

This is an example of the notification you get from a Payout transaction:

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
  <payfrex-response operation-size="1">
      <message>WorkFlow has finished successfully, for transaction Id: 199007517</message>
      <operations>
          <operation sorted-order="1">
              <amount>3.00</amount>
              <currency>EUR</currency>
              <details>{"resultCode":"00000","resultDescri ... ypherData\":null}","OperationResult":"000"}}</details>
              <merchantTransactionId>test-0305-014</merchantTransactionId>
              <message>A description - Success 'Payout' operation with status 'SUCCESS'</message>
              <operationType>CREDIT</operationType>
              <optionalTransactionParams/>
              <payFrexTransactionId>197517</payFrexTransactionId>
              <paySolTransactionId>008000853 790190 596484 210503172504</paySolTransactionId>
              <paymentDetails>
                  <cardNumber>466203****7594</cardNumber>
                  <cardNumberToken>3049400010087594</cardNumberToken>
                  <cardType>VISA/CREDIT</cardType>
                  <expDate>0425</expDate>
                  <extraDetails>
                      <entry>
                          <key>cardCategory</key>
                          <value>CLASSIC</value>
                      </entry>
                      <entry>
                          <key>rememberMe</key>
                          <value>true</value>
                      </entry>
                  </extraDetails>
                  <issuerBank>BANCO, S.A.U.</issuerBank>
                  <issuerCountry>ES</issuerCountry>
              </paymentDetails>
              <paymentSolution>caixapucpuce</paymentSolution>
              <status>SUCCESS</status>
              <respCode>
                  <code>0000</code>
                  <message>Successful</message>
                  <uuid>f82e5b47_bfa9_4135_a1b9_25202571208b</uuid>
              </respCode>
          </operation>
      </operations>
      <optionalTransactionParams/>
      <status>SUCCESS</status>
      <workFlowResponse>
          <id>12215</id>
          <name>Caixa Creditcards credit </name>
          <version>2</version>
      </workFlowResponse>
  </payfrex-response>

Approve and reject Payout

If your merchant flow indicates so, Payouts will remain in “PENDING” to “CREDIT” status until they are approved or rejected. The endpoints to approve or reject Payouts are:

Request	Enviroment	URL
Approve Payout	Staging	https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/approvePayout
Decline Payout	Staging	https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/rejectPayout
Approve Payout	Production	https://checkout.addonpayments.com/EPGCheckout/rest/online/approvePayout
Decline Payout	Production	https://checkout.addonpayments.com/EPGCheckout/rest/online/rejectPayout

Approve Payout

In this section we will see how to approve Payout transactions by request. Unlike other Addon Payments operations, you can approve several Payouts at the same time.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request for more information.

This is an example of a request to approve a Payout. The first tab has formed the XML with the identifiers of the requests to approve and a description for each one, the second one has the cURL. Remember that the XML request must pass the encryption process.

				
					xml=<fulfill-request>
        <accept>
          <fulfill-transaction-request><description>Approve reason 1</description><id>AddonPaymentsTrxId1</id></fulfill-transaction-request>
          <fulfill-transaction-request><description>Approve reason 2</description><id>AddonPaymentsTrxId2</id></fulfill-transaction-request>
          ...
          <fulfill-transaction-request><description>Approve reason n</description><id>AddonPaymentsTrxIdn</id></fulfill-transaction-request>
        <accept>
      </fulfill-request>

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/approvePayout' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: JdzesBT3L9h4lGnf2joraA==' \
--form 'merchantId="12345"' \
--form 'encrypted="4xUYxJxLc/ABCyqJfwttTalkds3YeijsJe6MlTnC6mgmbm0aXKwhI7thwa70o6lLyjrUtW8fIiJ26kBlQpYVnedKEVhevNJNZ88z6m50W2THtDR70pQq6qjF37NCfOeq/UDCg0RB/MPfYUJRUIsfPk=' \
--form 'integrityCheck="1c256f5b834e5db6d5f453043a8a3830859b308f297cc2cf423064510c5c9b72"'

Parameters to approve a Payout

Remember to retrieve the original transaction identifier from the transaction notification. These are the required parameters (R) to approve a Payout:

Field	Format	Type	Description	Example
transactionId	Integer Numeric Max. 100 digits	R	Identifier of the original transaction on which a Payout is to be approved or rejected.	76543210
description	Latin-1 Code Page (ISO-8859-1) Max. 1000 characters	R	Transaction description. It is stored in the transaction details and returned in the notification.	Payout approved for prize

Response

Visit our section on Managing notifications to learn more about its structure.

This is the notification received in response to a request to approve Payout:

				
					<?xml version="1.0" encoding="UTF-8"?>
<payfrex-response operation-size="1">
  <message>Approve payout summary</message>
  <operations>
    <operation sorted-order="2">
      <amount>2000.00</amount>
      <currency>USD</currency>
      <details>paymentsolution_response</details>
      <fee>56.29</fee>
      <merchantTransactionId>14132046-172396</merchantTransactionId>
      <message>none</message>
      <operationType>CREDIT</operationType>
      <optionalTransactionParams />
      <payFrexTransactionId>19484</payFrexTransactionId>
      <paySolTransactionId>123413201885024</paySolTransactionId>
      <paymentSolution>neteller</paymentSolution>
      <status>SUCCESS</status>
    </operation>
    <operation sorted-order="1">
      <amount>500.00</amount>
      <currency>USD</currency>
      <details>paymentsolution_response</details>
      <merchantTransactionId>1413xx6-172393</merchantTransactionId>
      <message>none</message>
      <operationType>CREDIT</operationType>
      <optionalTransactionParams />
      <payFrexTransactionId>15584</payFrexTransactionId>
      <paySolTransactionId>1wewr188r5024</paySolTransactionId>
      <paymentSolution>wirecard</paymentSolution>
      <status>SUCCESS</status>
    </operation>
  </operations>
  <optionalTransactionParams />
  <status>SUCCESS</status> 
</payfrex-response>

Reject Payout

In this section we will see how to reject Payout transactions via request. Unlike other Addon Payments operations, you can reject several Payouts at once.

Request

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request for more information.

This is an example of a request to reject a Payout. The first tab has formed the XML with the identifiers of the requests to reject and a description for each one, the second one has the cURL. Remember that the XML request must pass the encryption process.

				
					xml=<fulfill-request>
        <reject>
          <fulfill-transaction-request><description>Reject reason 1</description><id>AddonPaymentsTrxId1</id></fulfill-transaction-request>
          <fulfill-transaction-request><description>Reject reason 2</description><id>AddonPaymentsTrxId2</id></fulfill-transaction-request>
          ...
          <fulfill-transaction-request><description>Reject reason n</description><id>AddonPaymentsTrxIdn</id></fulfill-transaction-request>
        </reject>
      </fulfill-request>

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/rejectPayout' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: JdzesBT3L9h4lGnf2joraA==' \
--form 'merchantId="12345"' \
--form 'encrypted="4xUYxJxLc/ABCyqJfwttTalkds3YeijsJe6MlTnC6mgmbm0aXKwhI7thwa70o6lLyjrUtW8fIiJ26kBlQpYVnedKEVhevNJNZ88z6m50W2THtDR70pQq6qjF37NCfOeq/UDCg0RB/MPfYUJRUIsfPk=' \
--form 'integrityCheck="1c256f5b834e5db6d5f453043a8a3830859b308f297cc2cf423064510c5c9b72"'

Parameters for rejecting a Payout

Remember to retrieve the original transaction identifier from the transaction notification. These are the required parameters (R) to reject a Payout:

Field	Format	Type	Description	Example
transactionId	Integer Numeric Max. 100 digits	R	Identifier of the original transaction on which a Payout is to be approved or rejected.	76543210
description	Latin-1 Code Page (ISO-8859-1) Max. 1000 characters	R	Transaction description. It is stored in the transaction details and returned in the notification.	Payout approved for prize

Response

Visit our section on Managing notifications to learn more about its structure.

This is the notification received to a request to reject Payout.

				
					<?xml version="1.0" encoding="UTF-8"?> <payfrex-response operation-size="1">
  <message>reject payout summary</message>
  <operations>
    <operation sorted-order="2">
      <amount>2000.00</amount>
      <currency>USD</currency>
      <details>paymentsolution_response</details>
      <fee>56.29</fee>
      <merchantTransactionId>14846-172396</merchantTransactionId>
      <message>none</message>
      <operationType>CREDIT</operationType>
      <optionalTransactionParams />
      <payFrexTransactionId>19484</payFrexTransactionId>
      <paySolTransactionId>123413201885024</paySolTransactionId>
      <paymentSolution>neteller</paymentSolution>
      <status>REJECTED</status>
    </operation>
    <operation sorted-order="1">
      <amount>500.00</amount>
      <currency>USD</currency>
      <details>paymentsolution_response</details>
      <merchantTransactionId>141-172393</merchantTransactionId>
      <message>none</message>
      <operationType>CREDIT</operationType>
      <optionalTransactionParams />
      <payFrexTransactionId>15584</payFrexTransactionId>
      <paySolTransactionId>1wewr188r5024</paySolTransactionId>
      <paymentSolution>wirecard</paymentSolution>
      <status>REJECTED</status>
    </operation>
  </operations>
  <optionalTransactionParams />
  <status>SUCCESS</status> 
</payfrex-response>

External authentication

This operation allows your merchant to process the authentication externally (with an external MPI) and send the authorization through Host2Host. If you want to activate this option you should contact Support.

Request

To process an authorization with external authentication the parameter “threedParams” must be added. This parameter contains a JSON with the authentication data.

Remember that requests sent to Addon Payments must be encrypted. Visit our Encryption, signature and sending the request for more information.

Here is an example in string and cURL of a request with external authentication. Remember that the string must pass the encryption process:

				
					merchantId=12345&merchantTransactionId=00000001&amount=10
.00&currency=EUR&country=ES&customerId=000001&paymentSolution
=creditcards&statusURL=https://micomercio
.com/recepcion_notificacion.php&successURL
=https://micomercio.com/url-ok.php&errorURL
=https://micomercio.com/url-ko.php&cancelURL
=https://micomercio.com/url-cancelacion.php&chName=Nombre
+Apellido&cardNumber=4907270002222227&expDate=1234&cvnNumber=123
&threedParams={"authenticationStatus":"Y","cavv":"MAAAAAAAAAAAAAAAAAAAAAAAAAA%3D",
"eci":"05","xid":"a5266648-b850-403e-a13c-9bd763f9add8"
,"directoryServerTxnId":"74a22bba-a5f7-4e0b-84e5-95910dfa7864"
,"extendedThreeDSVersion":"2.2.0"}

				
					curl --location --request POST 'https://checkout-stg.addonpayments.com/EPGCheckout/rest/online/pay' \
--header 'apiVersion: 5' \
--header 'encryptionMode: CBC' \
--header 'iv: 0Pn6pDEm73YvekNKUJcvwg==' \
--form 'merchantId="12345"' \
--form 'encrypted="YhkE2nrG1vmWRxNnMxWtbqDHsi/x1ylrhg53nG2evwuAborzvFSQO3IslRCtBAuJVaSzmL4o17lyYZds2eQ48hNGO8O8EmnDzTfveqZUASpII=”' \
--form 'integrityCheck="06c928531469eb314c609e9a565567afecae69e644ba0e8cc49c612b6bf35e83"'

Parameters of the request with external authentication

In the request with external authentication you must send the required parameters to Host2Host. In addition, you must add the parameter:

threedParams: Parameter that includes an alphanumeric JSON with the external authentication data.

The data you must include in the JSON of the threedParams are:

Field	Format	Type	Description	Example
eci	Accepted values: 00 01 02 05 06 07 More details about these values	R	Indicates the authentication status.	05
cavv	Maximum 100 characters	R	Cardholder authentication verification value.	AJkCAYB2gwCCCCRMgmEQdQAAA AA=
authenticationStatus	Accepted values: – Y: Succesful authentication. – A: An unsuccessful attempt to authenticate has been made, but evidence that an attempt has been made is provided. – N: Unsuccesful authentication. – U: Authentication cannot be performed due to technical or other problems. – C: Challenge required.	R	Authentication status.	Y
extendedThreeDSVersion	Maximum 5 characters	R	3DS message version which processed the authentication: X.Y.Z	2.2.0
directoryServerTxnId	UUID Format	R	Authentication identifier on the directory server side.	d7da0bae-bbbb-4868-8e8c-7e7f0d6 581fc
threeDSv2Token	Maximum 64 characters	R (when AP process the authentication)	3DS Authentication hash value created by AP. Only required if AP process the authentication.	2841e6ac-11e8-4758-bf4d-75aa79e 78757
result	Maximum 4000 characters JSON	O	JSON with the raw value of the authentication. It is recommended to send it.	{“threeDSServerTransID”:”2841e6ac- 11e8-4758-bf4d-75aa79e78757″,”ac sOperatorID”:”00000019″,”acsTransI D”:”166e7e2c-aaaa-42ac-943c-8538 a8f4bac6″,”acsReferenceNumber”:”3 DS_LOA_ACS_RSAS_020200_00000″,(…),transStatus”:”Y”}
xid	Maximum 100 characters	O	Authentication transaction identifier.	N/A

Response

Visit our section on Managing notifications to learn more about its structure.

This is the notification you receive to an authorization request with external authentication, as you can see, it is the same as that of an authorization.

				
					<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response operation-size="2">
	<message>WorkFlow has finished successfully, for transaction Id: 7702702</message>
	<operations>
		<operation sorted-order="1">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Exemptions has been removed</message>
			<operationType>DEBIT</operationType>
			<service>TRA</service>
			<status>SUCCESS</status>
			<transactionId>7702702</transactionId>
			<respCode>
				<code>0000</code>
				<message>Successful</message>
				<uuid>3bf8a522_116e_41f6_b0a1_e0a512f5dbfd</uuid>
			</respCode>
		</operation>
		<operation sorted-order="2">
			<amount>10.00</amount>
			<currency>EUR</currency>
			<merchantTransactionId>00000001</merchantTransactionId>
			<message>Starting 3DSecure 2.0 process.</message>
			<operationType>DEBIT</operationType>
			<optionalTransactionParams/>
			<originalTransactionId>7702702</originalTransactionId>
			<paymentDetails>
				<cardHolderName>Nombre Apellido</cardHolderName>
				<extraDetails>
					<entry>
						<key>threeDSMethodData</key>
						<value>eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjFmMjc4OWQyLTJmYTYtNDNmMC04MzNhLTdmOGY2ZWYxNGFjOCIsICJ0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMIjogImh0dHBzOi8vY2hlY2tvdXQuc3RnLWV1LXdlc3QzLmVwZ2ludC5jb20vRVBHQ2hlY2tvdXQvY2FsbGJhY2svZ2F0aGVyRGV2aWNlTm90aWZpY2F0aW9uL3BheXNvbC8zZHN2Mi8xMDAyNTQ3In0=</value>
					</entry>
					<entry>
						<key>threeDSv2Token</key>
						<value>1f2789d2-2fa6-43f0-833a-7f8f6ef14ac8</value>
					</entry>
				</extraDetails>
			</paymentDetails>
			<redirectionResponse>redirect:https://checkouttIiwiY2hhbGxlbmdlV2luZG93c1NpemUiOiIwNSJ9</redirectionResponse>
			<service>3DSv2</service>
			<status>REDIRECTED</status>
			<transactionId>1002547</transactionId>
			<respCode>
				<code>8100</code>
				<message>Frictionless requires</message>
				<uuid>6da05aff_17e9_4565_bd1b_bba132bf2050</uuid>
			</respCode>
			<mpi>
				<acsEndProtocolVersion>2.2.0</acsEndProtocolVersion>
				<acsStartProtocolVersion>2.1.0</acsStartProtocolVersion>
				<dsEndProtocolVersion>2.2.0</dsEndProtocolVersion>
				<dsStartProtocolVersion>2.1.0</dsStartProtocolVersion>
				<threeDSMethodURL>https://mock-ds.stg-eu-west3.epgint.com/public/method-data/</threeDSMethodURL>
			</mpi>
		</operation>
	</operations>
	<status>SUCCESS</status>
	<workFlowResponse>
		<id>31380</id>
		<name>debit creditcards (TRA)</name>
		<version>0</version>
	</workFlowResponse>
</response>

Next steps

Having reached this point, we hope you have successfully completed your Host2Host integration. Check out the other guides for a full integration:

Host2Host Integration

Introduction

Host2Host integration workflow

Environments and endpoints: staging and production

Required and optional data (H2H)

Card payments

Authorization

Request

Authorisation request parameters

Response

Pre-authorization

Request

Pre-Authorisation request parameters

Response

Card validation

Request

Card validation request parameters

Response

Saving cards

Storing cards

Use cases and parameters

Request

Response

Token payment

Request

Parameters of the tokenised payment request

Secondary transactions

Capture

Request

Capture request parameters

Response

Void

Request

Void request parameters

Response

Refunds

Request

Refund request parameters

Response

Recurring and successive payments

Subscription

Request

Parameters of the subscription plan application request

Response

Subscription payments

Request

Subscription payment request parameters

Response

Payouts

Request

Host2Host Payout Parameters

Response

Approve and reject Payout

Approve Payout

Request

Parameters to approve a Payout

Response

Reject Payout

Request

Parameters for rejecting a Payout

Response

External authentication

Request

Parameters of the request with external authentication

Response

Next steps

Products

Sales

Technical Support

Partners

SmartWiki, Powered by AI

Consulta la documentación de las distintas secciones de integraciones:

Addon Payments

Cyberpac

POS integrated Payments

Addon Payments

Consult the documentation of the different integrations sections:​

Consult the documentation of the different integrations sections: