API for sending card data directly to D2I

Overview

This API allows sending card data directly and allows by passing D2I user interface to send card data to D2I PSP, this allows sending card data directly through D2I for card payments. Other payment options are not supported. The API accepts JSON data using very similar parameters and names as those used when starting payments. The meaning of the parameters and types are the same as when starting parameters. Return results are directly returned by the calls and support 3D Secure. To implement 3D Secure using this API it is required to handle most details in regards to 3D Secure processing as this API will forward data and return 3D Secure data.

Other payment services are not supported by this API, but could be added if and when payment interface is sufficentlly standardised

Requirement

Requires an agreement with D2I and that you are sufficiently PCI (payment card industry) compliant to directly handle card data. Which is to stay comply with Mastercard and Visa regulations. Including this is requirements of documents showing that your organisation is PCI compliant as defined by PCI compliance. Contact D2I for access to this API. Companies that are not PCI compliant and want to use this API are recommended to investigate costs of achieving PCI compliances internally before planning to use this API as costs to achieve PCI compliance of any type and level can be costly for small merchants.

Making calls to the API

Test Url https://{psp-url}/pay/test/carddirect/
Prod Url https://{psp-url}/pay/carddirect/
If you have a merchant under domain pay.direct2internet.com URLs are
Test URL https://pay.direct2internet.com/test/pay/carddirect/
Prod URL https://pay.direct2internet.com/pay/carddirect/

Make calls to https://{psp-url}/pay/carddirect/ or https://{psp-url}/pay/test/carddirect/ using json calls with parameters and mac calculate as in the call to payment window. The only difference to payment window parameters is that you add card number, cvc, exp_mon, exp_year to the call for card data information. and that result is returned directly in the call. When using 3D Secure you have to make multiple calls to make a single card payment.

Example call 
curl -d '{"mac":"...",
            "order_id":"test-991","amount":100,"currency":"GBP","cardno":"1111110000003333",
            "exp_mon":"12","exp_year":"99","cvc":"404","merchant_id":"1219"}' \
            -i  localhost:8003/pay/carddirect

Parameters are similar to names of those in normal calls. Unlike normal calls this API requires sensitive data like card number, CVC, exp_year, exp_month must be sent and remember that the fields have special security considerations stated in the PCI. Some parameters are missing from this API because they are only of use to other payment options,

It is possible to list call parameters through the API call directly
Call to display API options
curl -d '{"info":"*"}' -i https://pay.direct2internet.com/pay/carddirect
Or partially in OpenAPI format
curl -d '{"info":"openAPI"}' -i https://pay.direct2internet.com/pay/carddirect

Available parameters

Parameters similar in use, type and function to creating a payment window.

  • order_id

  • amount

  • currency

  • first_name

  • last_name

  • cardno

  • exp_mon

  • exp_year

  • cvc

  • info

  • language

  • test

  • capture_now

Additional 3D Secure Fields

These fields are special fields used when processing 3D Secure payment transactions.

  • 3ds_return_url

  • 3ds_user_data

  • 3ds_user_query_data

  • 3ds_verify_data

  • trans_id

How to send 3D Secure payments

When making 3D Secure payments you need to follow the pseudo code below. There are 3 calls that need to be made when using 3D Secure with cards. The results of the previous steps in the call needs to be sent in the subsequent steps. What step you are calling is determined by the field operation that is sent in the call. Some of the data is different types of encapsulated binary data sent from and to the server, ensure that character processing is not changing the 3D Secure field data.


1. operation = check_enroll
   set 3ds_return_url to url client browser must return to
     if challengeInstruction in returned fields is either a link or html widget display that to the client browser or follow the link   
     if resend_data is set instead of challengeInstruction send contents of field to step 2

2. operation = verify_enroll
   set trans_id to trans_id from step 1
   set 3ds_user_data to whatever pos/body data was returned after challenge (or resend_data)
   set 3ds_user_query_data to whatever the query was sent from the client
   
3. operation = authWith3DS
   set 3ds_verify_data to resend_data from step 2
   set trans_id to returned value from server in step 1
Example 3D Secure call

curl -d '{"mac":"......","order_id":"test-1",
           "amount":100,"currency":"GBP","cardno":"444..22",
           "exp_mon":"12","exp_year":"99",
           "cvc":"404","merchant_id":"1111","operation":"check_enroll"}' \
          -i  https://pay.direct2internet.com/pay/test/carddirect/

curl -d '{"mac":"......","order_id":"test-1",
           "amount":100,"currency":"GBP","cardno":"444..22",
           "exp_mon":"12","exp_year":"99",
           "cvc":"404","merchant_id":"1111","operation":"verify_enroll",
           "trans_id":"27NSA24BTRFTA2HM0910K08005","3ds_user_data":"....",
           "3ds_user_query_data":"..."}' \
          -i  https://pay.direct2internet.com/pay/test/carddirect/

curl -d '{"mac":"......","order_id":"test-1",
           "amount":100,"currency":"GBP","cardno":"444..22",
           "exp_mon":"12","exp_year":"99",
           "cvc":"404","merchant_id":"1111","operation":"authWith3DS",
           "trans_id":"27NSA24BTRFTA2HM0910K08005","3ds_verify_data":"..."}' \
          -i  https://pay.direct2internet.com/pay/test/carddirect/