Backend2Backend Integration
With the Backend2Backend Integration the merchant collects all required data from the customer directly on the merchant's website and submits it to the mPAY24 system. The payment data is than processed to the corresponding financial institution by mPAY24. Afterwards the merchant is informed by the result, which could be the end of the transaction or instructions for the next step of the process (e.g. redirection). Since the merchant decides to accept sensitive data (e. g. credit card data) on the web site, the merchant is obliged to maintain the system secure and only allow secure connections between the customer’s browser client, the merchant's web server and mPAY24 for requests.
When processing credit cards, the merchant must take care of the Payment Card Industry Data Security Standard (PCI DSS) and the merchant's implementation would be responsible for all the sensitive data of customers. Among others, the merchant is obligated to complete the Self-Assessment Questionnaire D of PCI SSC. More information about PCI DSS: https://www.pcisecuritystandards.org
Additional the merchant may be required to perform an acceptance test with the acquirer before switching to productive system.
In any case, the merchant system has to be adjusted by interface changes made due to 3rd party or security requirements.
The Backend2Backend Integration uses the AcceptPayment
operation, which has to be provided with all payment and order information.
It is highly recommended to contact the mPAY24 Support to discuss merchant specific use cases and to receive guide through the implementation process.
Integration steps
Processing a basic payment
- The customer requests a payment (e.g. by filling out a form with all payment details such as credit card number, expiry and cvc and confirming the payment by pressing a
Pay
button).
The merchant is responsible to handle and/or store the entered data secure!
- The merchant sends an
AcceptPayment
call including all order and payment details to mPAY24.
When processing credit cards the merchant is required to be PCI DSS certificated.
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<etp:AcceptPayment>
<merchantID>90000</merchantID>
<tid>21736</tid>
<pType>ELV</pType>
<payment xsi:type="etp:PaymentELV">
<amount>1000</amount>
<currency>EUR</currency>
<brand>HOBEX-AT</brand>
<iban>AT771400000123456789</iban>
<bic>BAWAATWWXXX</bic>
<mandateID>ID-12751-2014-08-14</mandateID>
<dateOfSignature>2014-08-14</dateOfSignature>
</payment>
<customerName>John Doe</customerName>
<order>
<clientIP>131.130.70.8</clientIP>
<desciption>Direct debit example</desciption>
</order>
</etp:AcceptPayment>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<etp:AcceptPaymentResponse>
<status>OK</status>
<returnCode>OK</returnCode>
<mpayTID>1683862</mpayTID>
</etp:AcceptPaymentResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
-
mPAY24 returns the
AcceptPaymentResponse
with information about the transaction result. -
The merchant informs the customer about the payment/transaction.
-
mPAY24 communicates the payment result via push using the
confirmationURL
(see chapter Payment notification for more information). (Confirmation Interface). Note that this step could occur before mPAY24 returned theAcceptPaymentResponse
.
http://www.hotelmuster.com/conf.php?OPERATION=CONFIRMATION&TID=4002451&
STATUS=BILLED&PRICE=1000&CURRENCY=EUR&P_TYPE=ELV&BRAND=HOBEX-AT&MPAYTID=1683862
USER_FIELD=&ORDERDESC=Example+payment&CUSTOMER=John+Doe&CUSTOMER_EMAIL=&LANG
CUSTOMER_ID=&PROFILE_STATUS=IGNORED&FILTER_STATUS=OK&APPR_CODE=%2Dtest%2D
- The merchant confirms the receipt of the transaction notification with either
OK
orERROR
(status depends if the confirmation could successfully update the merchant' system).
In
PHP
this could be achieved byecho 'OK'
Processing a redirection payment
- The customer requests a payment (e.g. by filling out a form with all payment details such as name and desired payment system and confirming the payment by pressing a
Pay
button).
The merchant is responsible to handle and/or store the user input data secure!
- The merchant sends an
AcceptPayment
call including order and payment specific details to mPAY24.
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<etp:AcceptPayment>
<merchantID>90000</merchantID>
<tid>2626281</tid>
<pType>SOFORT</pType>
<payment xsi:type="etp:PaymentSOFORT">
<amount>1000</amount>
<currency>EUR</currency>
</payment>
<customerName>John Doe</customerName>
<order>
<description>Example payment</description>
</order>
<successURL>http://www.hotelmuster.at/succ.php</successURL>
<errorURL>http://www.hotelmuster.at/err.php</errorURL>
<confirmationURL>http://www.hotelmuster.at/conf.php</confirmationURL>
</etp:AcceptPayment>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<etp:AcceptPaymentResponse>
<status>OK</status>
<returnCode>REDIRECT</returnCode>
<mpayTID>1690804</mpayTID>
<location>https://www.sofort.com/payment/go/[...]</location>
</etp:AcceptPaymentResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
- mPAY24 returns the
AcceptPaymentResponse
including areturnCode = REDIRECT
and alocation
value (ifstatus = OK
). - The customer is redirected to the 3rd party
location
URL by the merchant (e.g. by supplying thelocation
as a link or just forwarding the browser to the URL). - The customer follows the payment process specified by the 3rd party.
- mPAY24 is informed about the 3rd party server result.
- The customer is redirected to mPAY24 by the 3rd party site. It is possible that the customer is redirected immediately and does not notice this redirection (see diagram step Redirect to successURL or ErrorURL).
- mPAY24 communicates the payment result via the push method using the
confirmationURL
(see chapter Payment notification for more information).
http://www.hotelmuster.com/conf.php?OPERATION=CONFIRMATION&TID=2626281&STATUS=BILLED&PRICE=1000&CURRENCY=EUR&P_TYPE=SAFETYPAY&BRAND=&MPAYTID=1690804&USER_FIELD=&ORDERDESC=Example+order&CUSTOMER=John+Doe&CUSTOMER_EMAIL=&LANGUAGE=DE&CUSTOMER_ID=&PROFILE_STATUS=IGNORED&FILTER_STATUS=OK&APPR_CODE=%2Dtest%2D
- The merchant confirms the receipt of the transaction notification with either
OK
orERROR
(status depends if the confirmation could successfully update the merchant' system).
In
PHP
this could be achieved byecho 'OK'
- mPAY24 forwards the customer to the
successURL
orerrorURL
specified by the merchant dynamically within theAcceptPayment
request or static over the merchant portal. - The customer requests the
successURL
orerrorURL
. - The merchant informs the customer about the payment/transaction.
Payment system integration
The following overview shows the payment system requirements and relevant chapters for integration as well as additional notes.
Description | pType | Brand | Integrated by chapter | Additional note |
---|---|---|---|---|
Billpay | BILLPAY | HP | Hire purchase | After integration the Billpay activation needs to be performed. |
Billpay | BILLPAY | INVOICE | Invoice | After integration the Billpay activation needs to be performed. |
Creditcards | CC | AMEX , DINERS , JCB ,VISA , MASTERCARD | Creditcard | The merchant is obligated to complete theVISA , MASTERCARD Self-Assessment Questionnaire D of PCI SSC. |
Debit cards | MAESTRO | n/a | Debit cards | The merchant is obligated to complete the Self-Assessment Questionnaire D of PCI SSC. |
Direct debit | ELV | ATOS | Direct debit | mPAY24 highly recommends the merchant to additionally request a written SEPA mandate from the customer (see SEPA Direct Debit). |
Direct debit | ELV | HOBEX-AT , HOBEX-DE , HOBEX-NL | Direct debit | None |
Direct debit | ELV | BILLPAY | Direct debit | After integration the Billpay activation needs to be performed. |
Klarna | KLARNA | HP | Hire purchase | None |
Klarna | KLARNA | INVOICE | Invoice | None |
MasterPass | MASTERPASS | n/a | Masterpass | None |
mpass | MPASS | n/a | Redirect payment systems | None |
PayPal | PAYPAL | n/a | Paypal | None |
paysafecard | PSC | PSC | Redirect payment systems | None |
paysafecash | PSC | PAYSAFECASH | Redirect payment systems | None |
Online-Banking | EPS | n/a | Online Banking | None |
Online-Banking | GIROPAY | n/a | Online Banking | None |
Online-Banking | SOFORT | n/a | Online Banking | None |
@Quick | QUICK | n/a | Redirect payment systems | None |
Updated almost 4 years ago