Backend2Backend Integration

With the Backend2Backend Integration the merchant collects all required data from the customer directly on the merchant's website and submits it to the mPAY24 system. The payment data is than processed to the corresponding financial institution by mPAY24. Afterwards the merchant is informed by the result, which could be the end of the transaction or instructions for the next step of the process (e.g. redirection). Since the merchant decides to accept sensitive data (e. g. credit card data) on the web site, the merchant is obliged to maintain the system secure and only allow secure connections between the customer’s browser client, the merchant's web server and mPAY24 for requests.

When processing credit cards, the merchant must take care of the Payment Card Industry Data Security Standard (PCI DSS) and the merchant's implementation would be responsible for all the sensitive data of customers. Among others, the merchant is obligated to complete the Self-Assessment Questionnaire D of PCI SSC. More information about PCI DSS: https://www.pcisecuritystandards.org

Additional the merchant may be required to perform an acceptance test with the acquirer before switching to productive system.

📘

In any case, the merchant system has to be adjusted by interface changes made due to 3rd party or security requirements.

The Backend2Backend Integration uses the AcceptPayment operation, which has to be provided with all payment and order information.

📘

It is highly recommended to contact the mPAY24 Support to discuss merchant specific use cases and to receive guide through the implementation process.

Integration steps

Processing a basic payment

• The customer requests a payment (e.g. by filling out a form with all payment details such as credit card number, expiry and cvc and confirming the payment by pressing a Pay button).

📘

The merchant is responsible to handle and/or store the entered data secure!

• The merchant sends an AcceptPayment call including all order and payment details to mPAY24.

📘

When processing credit cards the merchant is required to be PCI DSS certificated.

<SOAP-ENV:Envelope 
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
  xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <etp:AcceptPayment>
      <merchantID>90000</merchantID>
      <tid>21736</tid>
      <pType>ELV</pType>
      <payment xsi:type="etp:PaymentELV">
        <amount>1000</amount>
        <currency>EUR</currency>
        <brand>HOBEX-AT</brand>
        <iban>AT771400000123456789</iban>
        <bic>BAWAATWWXXX</bic>
        <mandateID>ID-12751-2014-08-14</mandateID>
        <dateOfSignature>2014-08-14</dateOfSignature>
      </payment>
      <customerName>John Doe</customerName>
      <order>
        <clientIP>131.130.70.8</clientIP>
        <desciption>Direct debit example</desciption>
      </order>
    </etp:AcceptPayment>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

<SOAP-ENV:Envelope 
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
  xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
  xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <etp:AcceptPaymentResponse>
      <status>OK</status>
      <returnCode>OK</returnCode>
      <mpayTID>1683862</mpayTID>
    </etp:AcceptPaymentResponse>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

• mPAY24 returns the AcceptPaymentResponse with information about the transaction result.

• The merchant informs the customer about the payment/transaction.

• mPAY24 communicates the payment result via push using the confirmationURL (see chapter Payment notification for more information). (Confirmation Interface). Note that this step could occur before mPAY24 returned the AcceptPaymentResponse.

http://www.hotelmuster.com/conf.php?OPERATION=CONFIRMATION&TID=4002451&
  STATUS=BILLED&PRICE=1000&CURRENCY=EUR&P_TYPE=ELV&BRAND=HOBEX-AT&MPAYTID=1683862
  USER_FIELD=&ORDERDESC=Example+payment&CUSTOMER=John+Doe&CUSTOMER_EMAIL=&LANG
  CUSTOMER_ID=&PROFILE_STATUS=IGNORED&FILTER_STATUS=OK&APPR_CODE=%2Dtest%2D

• The merchant confirms the receipt of the transaction notification with either OK or ERROR (status depends if the confirmation could successfully update the merchant' system).

📘

In PHP this could be achieved by echo 'OK'

Processing a redirection payment

• The customer requests a payment (e.g. by filling out a form with all payment details such as name and desired payment system and confirming the payment by pressing a Pay button).

📘

The merchant is responsible to handle and/or store the user input data secure!

• The merchant sends an AcceptPayment call including order and payment specific details to mPAY24.

<SOAP-ENV:Envelope 
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
  xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <etp:AcceptPayment>
      <merchantID>90000</merchantID>
      <tid>2626281</tid>
      <pType>SOFORT</pType>
      <payment xsi:type="etp:PaymentSOFORT">
        <amount>1000</amount>
        <currency>EUR</currency>
      </payment>
      <customerName>John Doe</customerName>
      <order>
        <description>Example payment</description>
      </order>
      <successURL>http://www.hotelmuster.at/succ.php</successURL>
      <errorURL>http://www.hotelmuster.at/err.php</errorURL>
      <confirmationURL>http://www.hotelmuster.at/conf.php</confirmationURL>
    </etp:AcceptPayment>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

<SOAP-ENV:Envelope 
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
  xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
  xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <etp:AcceptPaymentResponse>
      <status>OK</status>
      <returnCode>REDIRECT</returnCode>
      <mpayTID>1690804</mpayTID>
      <location>https://www.sofort.com/payment/go/[...]</location>
    </etp:AcceptPaymentResponse>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

• mPAY24 returns the AcceptPaymentResponse including a returnCode = REDIRECT and a location value (if status = OK).
• The customer is redirected to the 3rd party location URL by the merchant (e.g. by supplying the location as a link or just forwarding the browser to the URL).
• The customer follows the payment process specified by the 3rd party.
• mPAY24 is informed about the 3rd party server result.
• The customer is redirected to mPAY24 by the 3rd party site. It is possible that the customer is redirected immediately and does not notice this redirection (see diagram step Redirect to successURL or ErrorURL).
• mPAY24 communicates the payment result via the push method using the confirmationURL (see chapter Payment notification for more information).

http://www.hotelmuster.com/conf.php?OPERATION=CONFIRMATION&TID=2626281&STATUS=BILLED&PRICE=1000&CURRENCY=EUR&P_TYPE=SAFETYPAY&BRAND=&MPAYTID=1690804&USER_FIELD=&ORDERDESC=Example+order&CUSTOMER=John+Doe&CUSTOMER_EMAIL=&LANGUAGE=DE&CUSTOMER_ID=&PROFILE_STATUS=IGNORED&FILTER_STATUS=OK&APPR_CODE=%2Dtest%2D

• The merchant confirms the receipt of the transaction notification with either OK or ERROR (status depends if the confirmation could successfully update the merchant' system).

📘

In PHP this could be achieved by echo 'OK'

• mPAY24 forwards the customer to the successURL or errorURL specified by the merchant dynamically within the AcceptPayment request or static over the merchant portal.
• The customer requests the successURL or errorURL.
• The merchant informs the customer about the payment/transaction.

Payment system integration

The following overview shows the payment system requirements and relevant chapters for integration as well as additional notes.