Authorization

Learn how to handle authorization requests.

The Authorization request handles pre-authorization and capture in one interface. Once the authorization request is sent to the Payment Gateway, the credit card data and the credit line is verified and the cardholder is charged immediately.

The authorization request is made when the customer makes a purchase or pays for service with a card. The authorization request can be approved or declined.


Step 1. Send request

To initiate a transaction you need to send an authorization request from your server.

POST https://sandbox.payabl.com/pay/backoffice/payment_authorize

In your request, include:

  • merchantid : The merchant identification number is issued during account creation.
  • amount : The amount field contains the transaction’s total amount. This is the amount that will be transmitted to the authorizing system.
  • currency : The currency field contains the alphanumeric currency code for the transaction, according to ISO 4217, e.g. EUR, USD, AUD, CAD, NOK, SEK, CHF. to http://www.xe.com/iso4217.php.
  • payment_method : Valid payment method id, e.g. 1 = Credit Card.
  • signature : The signature field contains a 40-figure hexadecimal value. This signature value is a checksum designed to protect the merchant account from unauthorized access..
  • ccn : The ccn field contains the customer's credit card number. The payment gateway is capable of processing any credit card type.
  • exp_month
  • exp_year
  • cvc_code
  • cardholder_name
  • email : A RFC 822 compliant email address.
  • customerip
  • shop_url website URL (if several are used for one account)

❗️

For multiple URLs under one Merchant Account, parameter shop_url is mandatory

(format: https://www.website.com).

You can see a full list of parameters in Authorization API reference.

Request example

merchantid=fazley_paymentid&amount=1.23&currency=USD&orderid=Powercash21-Test&language=en&
gender=M&lastname=Mann&street=An+der+Welle+4&zip=60322&city=Frankfurt&country=DEU&customerid=&
salutation=Herr&title=&firstname=Muster&company=Powercash21&birthday=07071971&house=19&postbox=&
state=HE&email=test%40inatec.com&phone=00496975938501&fax=&mobile=&customerip=127.0.0.1&
custom1=123456&custom2=&custom3=&url_return=http%3A%2F%2Fdev-sim-ng.inatec.local%2F%7Esimdad%2FInatecResponse%2Fredirect_response.php&
url_success=http%3A%2F%2Fdev-sim-ng.inatec.local%2F%7Esimdad%2FInatecResponse%2Fsuccess.php&
url_failed=http%3A%2F%2Fdev-sim-ng.inatec.local%2F%7Esimdad%2FInatecResponse%2Ffailed.php&
notification_url=http%3A%2F%2F83.169.19.140%2Fsimulation%2Fbilling_response.php&payment_method=1&
ccn=4242424242424242&cvc_code=123&cardholder_name=Gateway+Test&exp_month=12&exp_year=2030&
signature=6dce71126bca85f4ec854ff2a67ba7f771ea2078

🚧

Public Sandbox information

Do not use your personal email address, Order ID with sensitive information, real customer details and credit card data in a public Sandbox. For email field you may use [email protected]

Step 2. 3D Secure

payabl. will send a response with url_3ds parameter. The status of the transaction will be pending errorcode=2000.

🚧

The 3D Secure step depends on the processing countries and the technical settings of the account.

Response example

transactionid=213592105&transid=213592105&status=2000&errormessage=pending&errmsg=pending&amount=1.23
&price=1.23¤cy=USD&orderid=Powercash21-Test&payment_method=1&ccn_four=4242&card_type=VISA&expiry_month=12&
expiry_year=2030&url_3ds=http%3A%2F%2F172.25.50.31%3A9100%2Ftest%2Fv1%2Ffb1657ac65343bdaa831dfd633ff8f20%2Fredirect&user_id=46929

After you receive the 3D Secure URL, you need to decode it and redirect the customers to it. Then customers will need to provide PIN/passphrase to their bank/customer’s credit card institution for transaction verification.

If the 3D Secure step is successful, an internal notification will be sent to the merchant’s notification URL and the customer will be redirected to the url_return.

Notification example

"security=6def3e9d217612fcba5264315a0eef45cf7b0130&type=capture&transactionid=213592105&errorcode=0&errormessage=&orderid=Powercash21-Test" "http://83.169.19.140/simulation/billing_response.php"

Step 3. Capture response

When the 3DSecure process is complete. payabl. will send a response to you with the security parameter, which you will need to use in order to verify the authenticity of the notification. The value of the security parameter is calculated in the same way as the signature parameter.

Response example

transactionid=6905371&transid=6905371&status=0&errormessage=&errmsg=&amount=1.23&pric
e=1.23&currency=EUR&orderid=1234-123456789-4321&user_id=674281

Our Technical Support team is there to help you:
Email: [email protected]
Available Monday – Friday between 09:00 and 17:00 CET/CEST