From c7a63cdf4908bc61f02adc3ee1849bacabd2a8e1 Mon Sep 17 00:00:00 2001 From: Peter Klogborg Date: Fri, 16 Jan 2026 12:59:44 +0100 Subject: [PATCH 1/5] merge token method documentation visa and mastercard --- .../authorizations_methods/token.md | 114 +++++++++--------- 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md index 8685310..2125492 100644 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md +++ b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md @@ -6,11 +6,11 @@ weight: 135 --- #### Method: token -Three token frameworks are supported: +Token frameworks supported: * `clicktopay`: Click to Pay -* `token[m4m]`: Mastercard Digital Enablement Service (MDES) for Merchants (M4M) -* `token[vts]`: Visa Token Service (VTS) +* `token`: Visa and Mastercard + Requirement of some parameters depends on the initiator of the transaction; a parameter might be required for cardholder-initiated transactions (CITs) and otherwise optional. See the details for each parameter. @@ -50,92 +50,92 @@ Click to Pay token payment method for both Visa and Mastercard CITs. {{% /description_details %}} {{% /description_list %}} -#### Method: token[m4m] +#### Method: token + +Token payment method for both For both Visa Token Service (VTS) and Mastercard Digital Enablement Service (MDES) -The required values are found in either the MDES `transact` response or the Secure Card on File (SCOF) `checkout` response. +The required values are found in: +- the VTS provision token response. +- the MDES `transact` response +- the SCOF Secure Card on File `checkout` response. {{% description_list %}} -{{% description_term %}}token[m4m][tan] {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} +{{% description_term %}}token[tan] {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} {{% description_details %}}Token Account Number (TAN) of the token to charge. -Found in `encryptedPayload.encryptedData.accountNumber` (MDES) or `encryptedPayload.token.paymentToken` (SCOF). +| Response | Found in | +| ------ | --------- | +| VTS | `tokenInfo.encTokenInfo` | +| MDES | `encryptedPayload.encryptedData.accountNumber` | +| SCOF | `encryptedPayload.token.paymentToken` | {{% /description_details %}} -{{% description_term %}}token[m4m][expire_month] {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} +{{% description_term %}}token[expire_month] {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} {{% description_details %}}Expiry month of token to charge. -Found in `encryptedPayload.encryptedData.applicationExpiryDate` (MDES) or `encryptedPayload.token.tokenExpirationMonth` (SCOF). -{{% /description_details %}} - -{{% description_term %}}token[m4m][expire_year] {{% regex %}}20[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Expiry year of token to charge. - -Found in `encryptedPayload.encryptedData.applicationExpiryDate` (MDES) or `encryptedPayload.token.tokenExpirationYear` (SCOF). +| Response | Found in | +| ------ | --------- | +| VTS | `tokenInfo.expirationDate.month` | +| MDES | `encryptedPayload.encryptedData.applicationExpiryDate ` | +| SCOF | `encryptedPayload.token.tokenExpirationMonth` | {{% /description_details %}} -{{% description_term %}}token[m4m][tav] {{% regex %}}[:base64:]{28}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Token Authentication Value (TAV). Also known as token cryptogram and Digital Secure Remote Payments (DSRP) cryptogram. -Only DSRP cryptograms are supported. The value must start with `[A-P]` to be a DSRP cryptogram. +{{% description_term %}}token[expire_year] {{% regex %}}20[0-9]{2}{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Expiry year of token to charge. -Found in `encryptedPayload.encryptedData.de48se43Data` (MDES) or `encryptedPayload.dynamicData.dynamicDataValue` (SCOF). -{{% regex_optional %}}Required for CITs. For MITs it shall only be included on the first, tokenized transaction or if there is a change to the token.{{% /regex_optional %}} +| Response | Found in | +| ------ | --------- | +| VTS | `tokenInfo.expirationDate.year` | +| MDES | `encryptedPayload.encryptedData.applicationExpiryDate ` | +| SCOF | `encryptedPayload.token.tokenExpirationYear` | {{% /description_details %}} -{{% description_term %}}token[m4m][rcai] {{% regex %}}[:base64:]{1..150}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Remote Commerce Acceptor Identifier. +{{% description_term %}}token[eci] {{% regex %}}0[57]{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Electronic Commerce Indicator. -Merchant identifier such as business website URL or reverse domain name (e.g. com.example.www). The identifier must be encoded as Base64. -Found in `customOutputData.remoteCommerceAcceptorIdentifier` (SCOF). (Not available in MDES.) -{{% regex_optional %}}Optional.{{% /regex_optional %}} -{{% /description_details %}} - -{{% description_term %}}token[m4m][3dsecure][v2] {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} -{{% description_details %}}See [Authentication: [3dsecure][v2]](#authentication-3dsecure-v2). -{{% regex_optional %}}Optional{{% /regex_optional %}} +| Response | Found in | Required for CITs | +| ------ | --------- | ---- | +| VTS | `cryptogramInfo.eci` | Yes, otherwise optional (defaults to `07`) | +| MDES | N/A | | +| SCOF | N/A | | {{% /description_details %}} -{{% /description_list %}} - -#### Method: token[vts] -The required values are found in the VTS provision token response. -{{% description_list %}} -{{% description_term %}}token[vts][tan] {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Token Account Number (TAN) of the token to charge. +{{% description_term %}}token[tav] {{% regex %}}[:base64:]{28}{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Token Authentication Value (TAV) also know as token cryptogram. -Found in `tokenInfo.encTokenInfo`. -{{% /description_details %}} +Visa specific name: Token Authentication Verification Value (TAVV). -{{% description_term %}}token[vts][expire_month] {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Expiry month of token to charge. +Mastercard specific name: Digital Secure Remote Payments (DSRP) cryptogram. +For Mastercard only DSRP cryptograms are supported. The value must start with `[A-P]` to be a DSRP cryptogram. -Found in `tokenInfo.expirationDate.month`. -{{% /description_details %}} -{{% description_term %}}token[vts][expire_year] {{% regex %}}20[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Expiry year of token to charge. -Found in `tokenInfo.expirationDate.year`. +| Response | Found in | Required for CITs | +| ------ | --------- | ---- | +| VTS | `cryptogramInfo.eci` | Yes; otherwise optional. | +| MDES | `encryptedPayload.encryptedData.de48se43Data` | Yes. For MITs it shall only be included on the first, tokenized transaction or if there is a change to the token| +| SCOF | `encryptedPayload.dynamicData.dynamicDataValue` | Yes. For MITs it shall only be included on the first, tokenized transaction or if there is a change to the token| {{% /description_details %}} -{{% description_term %}}token[vts][eci] {{% regex %}}0[57]{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Electronic Commerce Indicator. - -Found in `cryptogramInfo.eci`. -{{% regex_optional %}}Required for CITs; otherwise optional (defaults to `07`).{{% /regex_optional %}} -{{% /description_details %}} +{{% description_term %}}token[rcai] {{% regex %}}[:base64:]{1..150}{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Remote Commerce Acceptor Identifier. -{{% description_term %}}token[vts][tav] {{% regex %}}[:base64:]{28}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Token Authentication Value (TAV). Also known as token cryptogram and Token Authentication Verification Value (TAVV). +| Response | Found in | Required? | +| ------ | --------- | - | +| VTS | N/A | N/A | +| MDES | N/A | N/A | +| SCOF | `customOutputData.remoteCommerceAcceptorIdentifier`| optional | -Found in `cryptogramInfo.cryptogram`. -{{% regex_optional %}}Required for CITs; otherwise optional.{{% /regex_optional %}} +Merchant identifier such as business website URL or reverse domain name (e.g. com.example.www). The identifier must be encoded as Base64. {{% /description_details %}} -{{% description_term %}}token[vts][3dsecure][v2] {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} +{{% description_term %}}token[3dsecure][v2] {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} {{% description_details %}}See [Authentication: [3dsecure][v2]](#authentication-3dsecure-v2). {{% regex_optional %}}Optional{{% /regex_optional %}} {{% /description_details %}} {{% /description_list %}} + + From 1970e4810b419ba4d9318fc08a36cb23bdb9a7ac Mon Sep 17 00:00:00 2001 From: Peter Klogborg Date: Mon, 19 Jan 2026 13:05:44 +0100 Subject: [PATCH 2/5] keys to fields --- .../authorizations_methods/token.md | 65 +++++++------------ 1 file changed, 22 insertions(+), 43 deletions(-) diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md index 2125492..8d080e8 100644 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md +++ b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md @@ -18,49 +18,22 @@ Requirement of some parameters depends on the initiator of the transaction; a pa **Notice**: Signing is required to use the `token` payment method. {{% /notice %}} -#### Method: Click to Pay - -Click to Pay token payment method for both Visa and Mastercard CITs. - -{{% description_list %}} -{{% description_term %}}clicktopay[tan] {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Token Account Number (TAN) of the token to charge. -{{% /description_details %}} - -{{% description_term %}}clicktopay[expire_month] {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Expiry month of token to charge. -{{% /description_details %}} - -{{% description_term %}}clicktopay[expire_year] {{% regex %}}20[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Expiry year of token to charge. -{{% /description_details %}} - -{{% description_term %}}clicktopay[tav] {{% regex %}}[:base64:]{28}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Token authentication value, also known as cryptogram. -{{% /description_details %}} - -{{% description_term %}}clicktopay[eci] {{% regex %}}0[57]{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Zero-padded e-commerce indicator from token flow. -{{% regex_optional %}}Required for Visa CITs.{{% /regex_optional %}} -{{% /description_details %}} - -{{% description_term %}}clicktopay[3dsecure] {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} -{{% description_details %}}See [Authentication: [3dsecure]](#authentication-3dsecure-v2). -{{% regex_optional %}}Optional{{% /regex_optional %}} -{{% /description_details %}} -{{% /description_list %}} - -#### Method: token - Token payment method for both For both Visa Token Service (VTS) and Mastercard Digital Enablement Service (MDES) - -The required values are found in: +The token required values are found in: - the VTS provision token response. - the MDES `transact` response - the SCOF Secure Card on File `checkout` response. {{% description_list %}} -{{% description_term %}}token[tan] {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} +{{% description_term %}}type {{% regex %}}token{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Payment method type. Must be set to `token`. +| Response | condition | +| token | if its a card token | +| clicktopay | if its clickyopay + +{{% /description_details %}} + +{{% description_term %}}tan {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} {{% description_details %}}Token Account Number (TAN) of the token to charge. | Response | Found in | @@ -68,9 +41,10 @@ The required values are found in: | VTS | `tokenInfo.encTokenInfo` | | MDES | `encryptedPayload.encryptedData.accountNumber` | | SCOF | `encryptedPayload.token.paymentToken` | +| clicktopay | `tan` | {{% /description_details %}} -{{% description_term %}}token[expire_month] {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} +{{% description_term %}}expire_month {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} {{% description_details %}}Expiry month of token to charge. | Response | Found in | @@ -78,10 +52,11 @@ The required values are found in: | VTS | `tokenInfo.expirationDate.month` | | MDES | `encryptedPayload.encryptedData.applicationExpiryDate ` | | SCOF | `encryptedPayload.token.tokenExpirationMonth` | +| clicktopay | `expire_month` | {{% /description_details %}} -{{% description_term %}}token[expire_year] {{% regex %}}20[0-9]{2}{{% /regex %}}{{% /description_term %}} +{{% description_term %}}expire_year {{% regex %}}20[0-9]{2}{{% /regex %}}{{% /description_term %}} {{% description_details %}}Expiry year of token to charge. | Response | Found in | @@ -89,9 +64,10 @@ The required values are found in: | VTS | `tokenInfo.expirationDate.year` | | MDES | `encryptedPayload.encryptedData.applicationExpiryDate ` | | SCOF | `encryptedPayload.token.tokenExpirationYear` | +| clicktopay | `expire_year` | {{% /description_details %}} -{{% description_term %}}token[eci] {{% regex %}}0[57]{{% /regex %}}{{% /description_term %}} +{{% description_term %}}eci {{% regex %}}0[57]{{% /regex %}}{{% /description_term %}} {{% description_details %}}Electronic Commerce Indicator. @@ -100,10 +76,11 @@ The required values are found in: | VTS | `cryptogramInfo.eci` | Yes, otherwise optional (defaults to `07`) | | MDES | N/A | | | SCOF | N/A | | +| clicktopay | Zero-padded e-commerce indicator from token flow | Required for Visa CITs | {{% /description_details %}} -{{% description_term %}}token[tav] {{% regex %}}[:base64:]{28}{{% /regex %}}{{% /description_term %}} +{{% description_term %}}tav {{% regex %}}[:base64:]{28}{{% /regex %}}{{% /description_term %}} {{% description_details %}}Token Authentication Value (TAV) also know as token cryptogram. Visa specific name: Token Authentication Verification Value (TAVV). @@ -118,9 +95,10 @@ For Mastercard only DSRP cryptograms are supported. The value must start with `[ | VTS | `cryptogramInfo.eci` | Yes; otherwise optional. | | MDES | `encryptedPayload.encryptedData.de48se43Data` | Yes. For MITs it shall only be included on the first, tokenized transaction or if there is a change to the token| | SCOF | `encryptedPayload.dynamicData.dynamicDataValue` | Yes. For MITs it shall only be included on the first, tokenized transaction or if there is a change to the token| +| clicktopay | `tav` | Yes | {{% /description_details %}} -{{% description_term %}}token[rcai] {{% regex %}}[:base64:]{1..150}{{% /regex %}}{{% /description_term %}} +{{% description_term %}}rcai {{% regex %}}[:base64:]{1..150}{{% /regex %}}{{% /description_term %}} {{% description_details %}}Remote Commerce Acceptor Identifier. | Response | Found in | Required? | @@ -128,11 +106,12 @@ For Mastercard only DSRP cryptograms are supported. The value must start with `[ | VTS | N/A | N/A | | MDES | N/A | N/A | | SCOF | `customOutputData.remoteCommerceAcceptorIdentifier`| optional | +| clicktopay | N/A | N/A | Merchant identifier such as business website URL or reverse domain name (e.g. com.example.www). The identifier must be encoded as Base64. {{% /description_details %}} -{{% description_term %}}token[3dsecure][v2] {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} +{{% description_term %}}3dsecure[v2] {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} {{% description_details %}}See [Authentication: [3dsecure][v2]](#authentication-3dsecure-v2). {{% regex_optional %}}Optional{{% /regex_optional %}} {{% /description_details %}} From 4e5593bc99c9a4f3dd11e909fde5da5f7e4f9fcc Mon Sep 17 00:00:00 2001 From: Peter Klogborg Date: Mon, 19 Jan 2026 14:34:14 +0100 Subject: [PATCH 3/5] account number --- .../authorizations_methods/applepay.md | 27 +---- .../authorizations_methods/card.md | 34 ------ .../authorizations_methods/mobilepayonline.md | 51 --------- .../authorizations_methods/moto.md | 30 ----- .../authorizations_methods/token.md | 106 ++++++++++++++---- .../authorizations_methods/vipps.md | 43 ------- 6 files changed, 88 insertions(+), 203 deletions(-) delete mode 100644 website/content/gateway/api_reference/resources/authorizations/authorizations_methods/card.md delete mode 100644 website/content/gateway/api_reference/resources/authorizations/authorizations_methods/mobilepayonline.md delete mode 100644 website/content/gateway/api_reference/resources/authorizations/authorizations_methods/moto.md delete mode 100644 website/content/gateway/api_reference/resources/authorizations/authorizations_methods/vipps.md diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/applepay.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/applepay.md index 9aa0d32..7cbedea 100644 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/applepay.md +++ b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/applepay.md @@ -20,29 +20,6 @@ Example: `{"paymentData":{"version":"EC_v1","data":"",...},"paymentMethod":{...} Symmetric AES key (unique per transaction) that can decrypt `data` from the `PKPaymentToken`. {{% /description_details %}} -{{% description_details_header %}}Additionally, an Apple Pay authorization can be created using raw values from a payment token:{{% /description_details_header %}} -{{% description_term %}}applepay[raw][pan] {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Primary account number of card to charge. -{{% /description_details %}} - -{{% description_term %}}applepay[raw][expire_month] {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Expiry month of card to charge. -{{% /description_details %}} - -{{% description_term %}}applepay[raw][expire_year] {{% regex %}}20[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Expiry year of card to charge. -{{% /description_details %}} - -{{% description_term %}}applepay[raw][cryptogram] {{% regex %}}[:base64:]{28}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Online payment cryptogram. Found as `onlinePaymentCryptogram` in the payment token. -{{% /description_details %}} - -{{% description_term %}}applepay[raw][eci] {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Electronic Commerce Indicator. Found as `eciIndicator` in the payment token. -{{% regex_optional %}}Required for Visa. Otherwise optional.{{% /regex_optional %}} -{{% /description_details %}} - {{% /description_list %}} {{% notice %}} @@ -52,8 +29,6 @@ Primary account number of card to charge. **Notice**: An authorization made with `applepay` may be 3-D Secured to some degree or not at all; this is indicated by the `eciIndicator` of the `applepay[payment_token]`. -**Notice**: An authorization made with `applepay` cannot be a subsequent-in-series authorization. - -**Notice**: Clients using `applepay[raw]` are responsible for verifying the payment token’s signature, decrypting the token’s payment data, validating the format of the fields in the payment data, etc. The procedure is available in Apple Pay’s [Payment Token Format Reference](https://developer.apple.com/library/archive/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html). +**Notice**: An authorization made with `applepay` cannot be a subsequent-in-series authorization. {{% /notice %}} diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/card.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/card.md deleted file mode 100644 index edfc2b0..0000000 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/card.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: "card" -date: 2022-04-13T12:37:22+02:00 -anchor: "method-card" -weight: 110 ---- -#### Method: card -{{% description_list %}} -{{% description_term %}}card[pan] {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Primary account number of card to charge. -{{% /description_details %}} - -{{% description_term %}}card[expire_month] {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Expiry month of card to charge. -{{% /description_details %}} - -{{% description_term %}}card[expire_year] {{% regex %}}20[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Expiry year of card to charge. -{{% /description_details %}} - -{{% description_term %}}card[csc] {{% regex %}}[0-9]{3}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Card Security Code. - -{{% regex_optional %}}Optional when partner is trusted.{{% /regex_optional %}} -{{% /description_details %}} - -{{% description_term %}}card[3dsecure] {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} -{{% description_details %}}See [Authentication: [3dsecure]](#authentication-3dsecure). -{{% regex_optional %}}Optional.{{% /regex_optional %}} -{{% /description_details %}} -{{% /description_list %}} -{{% notice %}} -**Notice:** An authorization that includes `card[3dsecure][v2][rreq]` and/or `card[csc]` cannot be a subsequent-in-series authorization. -{{% /notice %}} diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/mobilepayonline.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/mobilepayonline.md deleted file mode 100644 index 646c200..0000000 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/mobilepayonline.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: "mobilepayonline" -date: 2022-04-13T12:37:22+02:00 -anchor: "method-mobilepayonline" -weight: 125 ---- -#### Method: mobilepayonline - -{{% description_list %}} -{{% description_term %}}mobilepayonline[pan] {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Primary account number of card to charge. - -If `payment_token` parameter is included, the pan must be a Token PAN. -{{% /description_details %}} - -{{% description_term %}}mobilepayonline[expire_month] {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Expiry month of card to charge. -{{% /description_details %}} - -{{% description_term %}}mobilepayonline[expire_year] {{% regex %}}[0-9]{4}{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Expiry year of card to charge. -{{% /description_details %}} - -{{% description_term %}}mobilepayonline[payment_token] {{% regex %}}[\:json\:]{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Full tokenCallback response serialized as JSON, supplied as a string. Required for token-based authentication. -Example: `{"paymentId":"string","tokenData":{"cryptogramInfo":{...},...},...}` -{{% regex_optional %}}Optional{{% /regex_optional %}} -{{% /description_details %}} - -{{% description_term %}}mobilepayonline[phone_number] {{% regex %}}[\x20-\x7E]{1,15}{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Phone number from where the PAN originates. -{{% regex_optional %}}Optional{{% /regex_optional %}} -{{% /description_details %}} - - -{{% description_term %}}mobilepayonline[3dsecure] {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -See [Authentication: [3dsecure]](#authentication-3dsecure). -{{% regex_optional %}}Optional{{% /regex_optional %}} -{{% /description_details %}} -{{% /description_list %}} -{{% notice %}} -**Notice**: Signing is required to use the `mobilepayonline` payment method. - -**Notice**: An authorization made with `mobilepayonline` with a payment token is strongly authenticated (SCA in PSD2). -{{% /notice %}} diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/moto.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/moto.md deleted file mode 100644 index 4215ef4..0000000 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/moto.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -title: "moto" -date: 2022-04-13T12:37:22+02:00 -anchor: "method-moto" -weight: 130 ---- -#### Method: moto - -{{% description_list %}} -{{% description_term %}}moto[pan] {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Primary account number of card to charge. -{{% /description_details %}} - -{{% description_term %}}moto[expire_month] {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Expiry month of card to charge. -{{% /description_details %}} - -{{% description_term %}}moto[expire_year] {{% regex %}}[0-9]{4}{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Expiry year of card to charge. -{{% /description_details %}} - -{{% /description_list %}} -{{% notice %}} -**Notice**: Signing is required to use the `moto` payment method. - -**Notice**: Neither `series[]` nor `credential_on_file` is supported. Also, `initiator` cannot be `merchant`. -{{% /notice %}} diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md index 8d080e8..35f4257 100644 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md +++ b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md @@ -4,48 +4,64 @@ date: 2022-04-13T12:37:22+02:00 anchor: "method-token" weight: 135 --- -#### Method: token +#### Payment methods -Token frameworks supported: +Payment methods supported: +* `applepay`: Apple Pay (raw values) +* `card`: Card payment * `clicktopay`: Click to Pay +* `mobilepayonline`: MobilePay Online +* `moto`: Mail Order/Telephone Order * `token`: Visa and Mastercard +* `vipps`: Vipps Requirement of some parameters depends on the initiator of the transaction; a parameter might be required for cardholder-initiated transactions (CITs) and otherwise optional. See the details for each parameter. {{% notice %}} -**Notice**: Signing is required to use the `token` payment method. +**Notice**: Signing is required to use the `token`, `moto`, `mobilepayonline`, `vipps`, and `applepay` payment methods. {{% /notice %}} -Token payment method for both For both Visa Token Service (VTS) and Mastercard Digital Enablement Service (MDES) -The token required values are found in: +For token payments, the required values are found in: - the VTS provision token response. - the MDES `transact` response - the SCOF Secure Card on File `checkout` response. {{% description_list %}} -{{% description_term %}}type {{% regex %}}token{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Payment method type. Must be set to `token`. -| Response | condition | -| token | if its a card token | -| clicktopay | if its clickyopay - +{{% description_term %}}type {{% regex %}}applepay|card|clicktopay|mobilepayonline|moto|token|vipps{{% /regex %}}{{% /description_term %}} +{{% description_details %}} +| Type | description | +| ---- | ----------- | +| applepay | Apple Pay (raw values) | +| card | Card payment, not tokenized | +| clicktopay | Click to pay | +| mobilepayonline | MobilePay Online | +| moto | Mail Order/Telephone Order | +| token | Token payments | +| vipps | Vipps {{% /description_details %}} -{{% description_term %}}tan {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Token Account Number (TAN) of the token to charge. +{{% description_term %}}account_number {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Account number. For card payments, this is the Primary Account Number (PAN). For token payments, this is the Token Account Number (TAN). + +If `payment_token` parameter is included for `mobilepayonline`, the account_number must be a Token PAN. | Response | Found in | | ------ | --------- | | VTS | `tokenInfo.encTokenInfo` | | MDES | `encryptedPayload.encryptedData.accountNumber` | | SCOF | `encryptedPayload.token.paymentToken` | -| clicktopay | `tan` | +| clicktopay | `account_number` | +| card | Card PAN | +| moto | Card PAN | +| mobilepayonline | Card PAN (or Token PAN if payment_token is included) | +| vipps | Card PAN | +| applepay | Card PAN (from decrypted payment token) | {{% /description_details %}} {{% description_term %}}expire_month {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Expiry month of token to charge. +{{% description_details %}}Expiry month of card or token to charge. | Response | Found in | | ------ | --------- | @@ -53,11 +69,16 @@ The token required values are found in: | MDES | `encryptedPayload.encryptedData.applicationExpiryDate ` | | SCOF | `encryptedPayload.token.tokenExpirationMonth` | | clicktopay | `expire_month` | +| card | Card expiry month | +| moto | Card expiry month | +| mobilepayonline | Card expiry month | +| vipps | Card expiry month | +| applepay | Card expiry month (from decrypted payment token) | {{% /description_details %}} {{% description_term %}}expire_year {{% regex %}}20[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Expiry year of token to charge. +{{% description_details %}}Expiry year of card or token to charge. | Response | Found in | | ------ | --------- | @@ -65,11 +86,18 @@ The token required values are found in: | MDES | `encryptedPayload.encryptedData.applicationExpiryDate ` | | SCOF | `encryptedPayload.token.tokenExpirationYear` | | clicktopay | `expire_year` | +| card | Card expiry year | +| moto | Card expiry year | +| mobilepayonline | Card expiry year | +| vipps | Card expiry year | +| applepay | Card expiry year (from decrypted payment token) | {{% /description_details %}} -{{% description_term %}}eci {{% regex %}}0[57]{{% /regex %}}{{% /description_term %}} +{{% description_term %}}eci {{% regex %}}[0-9]{2}|0[57]{{% /regex %}}{{% /description_term %}} {{% description_details %}}Electronic Commerce Indicator. +For `applepay`, this is found as `eciIndicator` in the payment token. + | Response | Found in | Required for CITs | | ------ | --------- | ---- | @@ -77,6 +105,7 @@ The token required values are found in: | MDES | N/A | | | SCOF | N/A | | | clicktopay | Zero-padded e-commerce indicator from token flow | Required for Visa CITs | +| applepay | `eciIndicator` in payment token | Required for Visa. Otherwise optional | {{% /description_details %}} @@ -88,7 +117,7 @@ Visa specific name: Token Authentication Verification Value (TAVV). Mastercard specific name: Digital Secure Remote Payments (DSRP) cryptogram. For Mastercard only DSRP cryptograms are supported. The value must start with `[A-P]` to be a DSRP cryptogram. - +For `applepay`, this is the online payment cryptogram found as `onlinePaymentCryptogram` in the payment token. | Response | Found in | Required for CITs | | ------ | --------- | ---- | @@ -96,6 +125,7 @@ For Mastercard only DSRP cryptograms are supported. The value must start with `[ | MDES | `encryptedPayload.encryptedData.de48se43Data` | Yes. For MITs it shall only be included on the first, tokenized transaction or if there is a change to the token| | SCOF | `encryptedPayload.dynamicData.dynamicDataValue` | Yes. For MITs it shall only be included on the first, tokenized transaction or if there is a change to the token| | clicktopay | `tav` | Yes | +| applepay | `onlinePaymentCryptogram` in payment token | Yes | {{% /description_details %}} {{% description_term %}}rcai {{% regex %}}[:base64:]{1..150}{{% /regex %}}{{% /description_term %}} @@ -111,10 +141,48 @@ For Mastercard only DSRP cryptograms are supported. The value must start with `[ Merchant identifier such as business website URL or reverse domain name (e.g. com.example.www). The identifier must be encoded as Base64. {{% /description_details %}} +{{% description_term %}}csc {{% regex %}}[0-9]{3}{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Card Security Code. + +{{% regex_optional %}}Optional when partner is trusted. Only applicable for card payments.{{% /regex_optional %}} +{{% /description_details %}} + +{{% description_term %}}payment_token {{% regex %}}[\:json\:]{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Full response serialized as JSON, supplied as a string. Required for token-based authentication. + +For `mobilepayonline`: Example: `{"paymentId":"string","tokenData":{"cryptogramInfo":{...},...},...}` + +For `vipps`: Example: `{"pspTransactionId":"string","networkToken":{"cryptogram": "string",...},...}` + +{{% regex_optional %}}Optional. Only applicable for `mobilepayonline` and `vipps` payments.{{% /regex_optional %}} +{{% /description_details %}} + +{{% description_term %}}phone_number {{% regex %}}[\x20-\x7E]{1,15}{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Phone number from where the PAN originates. + +{{% regex_optional %}}Optional. Only applicable for `mobilepayonline` payments.{{% /regex_optional %}} +{{% /description_details %}} + +{{% description_term %}}3dsecure {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} +{{% description_details %}}See [Authentication: [3dsecure]](#authentication-3dsecure). +{{% regex_optional %}}Optional. For card payments, use `3dsecure`. For token payments, use `3dsecure[v2]`.{{% /regex_optional %}} +{{% /description_details %}} + {{% description_term %}}3dsecure[v2] {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} {{% description_details %}}See [Authentication: [3dsecure][v2]](#authentication-3dsecure-v2). -{{% regex_optional %}}Optional{{% /regex_optional %}} +{{% regex_optional %}}Optional. For token payments, use `3dsecure[v2]`. For card payments, use `3dsecure`.{{% /regex_optional %}} {{% /description_details %}} {{% /description_list %}} +{{% notice %}} +**Notice:** An authorization that includes `3dsecure[v2][rreq]` and/or `csc` cannot be a subsequent-in-series authorization. + +**Notice:** For `moto` payments, neither `series[]` nor `credential_on_file` is supported. Also, `initiator` cannot be `merchant`. + +**Notice:** An authorization made with `mobilepayonline` with a payment token is strongly authenticated (SCA in PSD2). + +**Notice:** An authorization made with `applepay` is strongly authenticated (SCA in PSD2). +**Notice:** An authorization made with `applepay` cannot be a subsequent-in-series authorization. +**Notice:** Clients using `applepay` are responsible for verifying the payment token's signature, decrypting the token's payment data, validating the format of the fields in the payment data, etc. The procedure is available in Apple Pay's [Payment Token Format Reference](https://developer.apple.com/library/archive/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html). +{{% /notice %}} \ No newline at end of file diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/vipps.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/vipps.md deleted file mode 100644 index e99d1a3..0000000 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/vipps.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: "vipps" -date: 2022-04-13T12:37:22+02:00 -anchor: "method-vipps" -weight: 135 ---- -#### Method: vipps - -{{% description_list %}} -{{% description_term %}}vipps[pan] {{% regex %}}[0-9]{12,19}{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Primary account number of card to charge. -{{% /description_details %}} - -{{% description_term %}}vipps[expire_month] {{% regex %}}[0-9]{2}{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Expiry month of card to charge. -{{% /description_details %}} - -{{% description_term %}}vipps[expire_year] {{% regex %}}[0-9]{4}{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Expiry year of card to charge. -{{% /description_details %}} - -{{% description_term %}}vipps[payment_token] {{% regex %}}[\:json\:]{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Full response serialized as JSON, supplied as a string. -Example: `{"pspTransactionId":"string","networkToken":{"cryptogram": "string",...},...}` -{{% regex_optional %}}Optional{{% /regex_optional %}} -{{% /description_details %}} - -{{% description_term %}}vipps[3dsecure] {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -See [Authentication: [3dsecure]](#authentication-3dsecure). -{{% regex_optional %}}Optional{{% /regex_optional %}} -{{% /description_details %}} - - -{{% /description_list %}} - -{{% notice %}} -**Notice**: Signing is required to use the `vipps` payment method. -{{% /notice %}} From c128785eba76bb1021f017b63c8d08686a6dedc2 Mon Sep 17 00:00:00 2001 From: Peter Klogborg Date: Mon, 19 Jan 2026 14:53:22 +0100 Subject: [PATCH 4/5] Rename token to account number payment method --- .../authorizations_methods/{token.md => account_number.md} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename website/content/gateway/api_reference/resources/authorizations/authorizations_methods/{token.md => account_number.md} (98%) diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/account_number.md similarity index 98% rename from website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md rename to website/content/gateway/api_reference/resources/authorizations/authorizations_methods/account_number.md index 35f4257..0e29556 100644 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/token.md +++ b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/account_number.md @@ -1,10 +1,10 @@ --- -title: "token" +title: "account_number" date: 2022-04-13T12:37:22+02:00 -anchor: "method-token" +anchor: "method-account-number" weight: 135 --- -#### Payment methods +#### Account Number payment methods Payment methods supported: From c04360b2370ff4c14508964d1fd09e236368c7f7 Mon Sep 17 00:00:00 2001 From: Peter Klogborg Date: Tue, 20 Jan 2026 15:12:50 +0100 Subject: [PATCH 5/5] merge remaning authorizations. merge google and apple into wallets --- .../gateway/api_reference/changes/changes.md | 18 ++++ .../authorizations_methods/applepay.md | 34 -------- ...er.md => authorizations_account_number.md} | 2 +- .../authorizations_wallets.md | 83 +++++++++++++++++++ .../authorizations_methods/googlepay.md | 45 ---------- 5 files changed, 102 insertions(+), 80 deletions(-) delete mode 100644 website/content/gateway/api_reference/resources/authorizations/authorizations_methods/applepay.md rename website/content/gateway/api_reference/resources/authorizations/authorizations_methods/{account_number.md => authorizations_account_number.md} (99%) create mode 100644 website/content/gateway/api_reference/resources/authorizations/authorizations_methods/authorizations_wallets.md delete mode 100644 website/content/gateway/api_reference/resources/authorizations/authorizations_methods/googlepay.md diff --git a/website/content/gateway/api_reference/changes/changes.md b/website/content/gateway/api_reference/changes/changes.md index 68278f9..83d1a07 100644 --- a/website/content/gateway/api_reference/changes/changes.md +++ b/website/content/gateway/api_reference/changes/changes.md @@ -10,6 +10,24 @@ Follow coming changes on the [source code repository](https://github.com/clearha Sorted by descending timestamp. +#### Payment method documentation restructured +Starting 2026-01-20, the payment method documentation has been restructured for improved clarity and consistency. The following changes have been made: + +* Field names have been unified by removing method-specific prefixes: + - `card[pan]` and `token[tan]` are now both `account_number` + - `card[expire_month]` and `token[expire_month]` are now both `expire_month` + - `applepay[payment_token]` and `googlepay[token]` are now both `payment_token` (with wallet-specific variations documented) + - `applepay[symmetric_key]` is now `symmetric_key` and `googlepay[shared_key]` is now `shared_key` + - Similar unification applies to other common fields across payment methods + +* A `type` field has been added to distinguish between payment methods, allowing the same field names to be used across different payment types: + - For account number-based methods: `card`, `clicktopay`, `mobilepayonline`, `moto`, `token`, `vipps`, or `applepay` + - For wallet methods: `applepay` or `googlepay` + +* Payment method-specific fields are clearly marked with tables indicating which methods they apply to + +This restructuring improves documentation consistency while maintaining all existing functionality. All payment methods continue to work as before, with the same underlying API behavior. + #### Additional SCA exemtions added Starting 2025-12-12, we will start accepting new parameters for `sca_exemption`. The two new parameters are `low_value_payment` and `secure_corporate_payment` diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/applepay.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/applepay.md deleted file mode 100644 index 7cbedea..0000000 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/applepay.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: "applypay" -date: 2022-04-13T12:37:22+02:00 -anchor: "method-applepay" -weight: 115 ---- -#### Method: applepay - -Apple Pay requires the payment details (PAN, expiry, etc.) of the payment token to be decrypted by a symmetric key. Your systems must derive this symmetric key using the payment token’s ephemeral public key, the merchant’s private key and the merchant ID. For this, we refer to [our reference implementation](https://github.com/clearhaus/pedicel) written in Ruby; see [Apple’s documentation for the `PaymentToken` object](https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html) for more information. - -{{% description_list %}} -{{% description_term %}}applepay[payment_token] {{% regex %}}[\:json\:]{{% /regex %}}{{% /description_term %}} -{{% description_details %}}Full ` PKPaymentToken `serialized as JSON, supplied as a string. - -Example: `{"paymentData":{"version":"EC_v1","data":"",...},"paymentMethod":{...},...}` -{{% /description_details %}} - -{{% description_term %}}applepay[symmetric_key] {{% regex %}}[\:hex\:]{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Symmetric AES key (unique per transaction) that can decrypt `data` from the `PKPaymentToken`. -{{% /description_details %}} - - -{{% /description_list %}} -{{% notice %}} -**Notice**: Signing is required to use the `applepay` payment method. - -**Notice**: An authorization made with `applepay` is strongly authenticated (SCA in PSD2). - -**Notice**: An authorization made with `applepay` may be 3-D Secured to some degree or not at all; this is indicated by the `eciIndicator` of the `applepay[payment_token]`. - -**Notice**: An authorization made with `applepay` cannot be a subsequent-in-series authorization. - -{{% /notice %}} diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/account_number.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/authorizations_account_number.md similarity index 99% rename from website/content/gateway/api_reference/resources/authorizations/authorizations_methods/account_number.md rename to website/content/gateway/api_reference/resources/authorizations/authorizations_methods/authorizations_account_number.md index 0e29556..29f7d1d 100644 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/account_number.md +++ b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/authorizations_account_number.md @@ -1,5 +1,5 @@ --- -title: "account_number" +title: "authorizations_account_number" date: 2022-04-13T12:37:22+02:00 anchor: "method-account-number" weight: 135 diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/authorizations_wallets.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/authorizations_wallets.md new file mode 100644 index 0000000..ded7883 --- /dev/null +++ b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/authorizations_wallets.md @@ -0,0 +1,83 @@ +--- +title: "authorizations_wallets" +date: 2022-04-13T12:37:22+02:00 +anchor: "method-wallets" +weight: 115 +--- +#### Payment wallets + +Payment wallets supported: + +* `applepay`: Apple Pay +* `googlepay`: Google Pay + +{{% notice %}} +**Notice**: Signing is required to use the `applepay` and `googlepay` payment methods. +{{% /notice %}} + +Apple Pay requires the payment details (PAN, expiry, etc.) of the payment token to be decrypted by a symmetric key. Your systems must derive this symmetric key using the payment token's ephemeral public key, the merchant's private key and the merchant ID. For this, we refer to [our reference implementation](https://github.com/clearhaus/pedicel) written in Ruby; see [Apple's documentation for the `PaymentToken` object](https://developer.apple.com/library/content/documentation/PassKit/Reference/PaymentTokenJSON/PaymentTokenJSON.html) for more information. + +To accept a payment using Google Pay, the complete payment token, recipient ID and derived shared secret, are required. Please refer to the [official documentation](https://developers.google.com/pay/api/web/guides/resources/payment-data-cryptography). Only protocol version `ECv2` is supported. + +{{% description_list %}} +{{% description_term %}}type {{% regex %}}applepay|googlepay{{% /regex %}}{{% /description_term %}} +{{% description_details %}} +| Type | description | +| ---- | ----------- | +| applepay | Apple Pay | +| googlepay | Google Pay +{{% /description_details %}} + +{{% description_term %}}payment_token {{% regex %}}[\:json\:]{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Full payment token serialized as JSON, supplied as a string. + +| Wallet | Description | +| ------ | ----------- | +| applepay | Full `PKPaymentToken` serialized as JSON. Example: `{"paymentData":{"version":"EC_v1","data":"",...},"paymentMethod":{...},...}` | +| googlepay | Raw payment method token as received in response from Google. UTF-8 encoded serialization of a JSON dictionary. | +{{% /description_details %}} + +{{% description_term %}}token {{% regex %}}[\:json\:]{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Raw payment method token as received in response from Google. UTF-8 encoded serialization of a JSON dictionary. + +{{% regex_optional %}}Optional. Only applicable for `googlepay` payments.{{% /regex_optional %}} +{{% /description_details %}} + +{{% description_term %}}symmetric_key {{% regex %}}[\:hex\:]{{% /regex %}}{{% /description_term %}} +{{% description_details %}}Symmetric AES key (unique per transaction) that can decrypt `data` from the `PKPaymentToken`. + +{{% regex_optional %}}Only applicable for `applepay` payments.{{% /regex_optional %}} +{{% /description_details %}} + +{{% description_term %}}shared_key {{% regex %}}[\:base64\:]{{% /regex %}}{{% /description_term %}} +{{% description_details %}}The shared secret derived from the ephemeral public key and your private key. + +{{% regex_optional %}}Only applicable for `googlepay` payments.{{% /regex_optional %}} +{{% /description_details %}} + +{{% description_term %}}recipient_id {{% regex %}}[\x21-\x7E]+ [ASCII printable characters](http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters) excluding space {{% /regex %}}{{% /description_term %}} +{{% description_details %}}ID assigned by Google. Prepend it with either `merchant:` or `gateway:` depending on ID type. + +{{% regex_optional %}}Only applicable for `googlepay` payments. The `recipient_id` for `googlepay` in the test environment is `merchant:12345678901234567890`.{{% /regex_optional %}} +{{% /description_details %}} + +{{% description_term %}}3dsecure {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} +{{% description_details %}}See [Authentication: [3dsecure]](#authentication-3dsecure). + +{{% regex_optional %}}Optional. Only applicable for `googlepay` payments.{{% /regex_optional %}} +{{% /description_details %}} + +{{% /description_list %}} +{{% notice %}} +**Notice**: An authorization made with `applepay` is strongly authenticated (SCA in PSD2). + +**Notice**: An authorization made with `applepay` may be 3-D Secured to some degree or not at all; this is indicated by the `eciIndicator` of the `payment_token`. + +**Notice**: An authorization made with `applepay` cannot be a subsequent-in-series authorization. + +**Notice**: An authorization made with `googlepay` is strongly authenticated (SCA in PSD2) if `authMethod` is `CRYPTOGRAM_3DS` and the [Google Pay guidelines for SCA](https://developers.google.com/pay/api/android/guides/resources/sca) have been followed. If `authMethod` is `PAN_ONLY`, a 3-D Secure flow is required for SCA and the resulting ARes/RReq must be supplied in the `3dsecure` sub-dictionary. + +**Notice**: To obtain liability shift for a `googlepay` token with `authMethod` `CRYPTOGRAM_3DS` the `ECI` must be `02` or empty for Mastercard and `05` for Visa. For other values, a 3-D Secure flow is required for liability shift. + +**Notice**: An authorization made with `googlepay` cannot be a subsequent-in-series authorization. +{{% /notice %}} diff --git a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/googlepay.md b/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/googlepay.md deleted file mode 100644 index 3f1d326..0000000 --- a/website/content/gateway/api_reference/resources/authorizations/authorizations_methods/googlepay.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: "googlepay" -date: 2022-04-13T12:37:22+02:00 -anchor: "method-googlepay" -weight: 120 ---- -#### Method: googlepay - -To accept a payment using Google Pay, the complete payment token, recipient ID and derived shared secret, are required. Please refer to the [official documentation](https://developers.google.com/pay/api/web/guides/resources/payment-data-cryptography). Only protocol version `ECv2` is supported. - -{{% description_list %}} -{{% description_term %}}googlepay[token] {{% regex %}}[\:json\:]{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -Raw payment method token as received in response from Google. UTF-8 encoded serialization of a JSON dictionary. -{{% /description_details %}} - -{{% description_term %}}googlepay[shared_key] {{% regex %}}[\:base64\:]{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -The shared secret derived from the ephemeral public key and your private key -{{% /description_details %}} - -{{% description_term %}}googlepay[recipient_id] {{% regex %}}[\x21-\x7E]+ [ASCII printable characters](http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters) excluding space {{% /regex %}}{{% /description_term %}} -{{% description_details %}} -ID assigned by Google. Prepend it with either `merchant:` or `gateway:` depending on ID type. -{{% /description_details %}} - -{{% description_term %}}googlepay[3dsecure] {{% regex %}}dictionary{{% /regex %}}{{% /description_term %}} -{{% description_details %}} -See [Authentication: [3dsecure]](#authentication-3dsecure). -{{% regex_optional %}}Optional{{% /regex_optional %}} -{{% /description_details %}} - -{{% /description_list %}} -{{% notice %}} -**Notice**: Signing is required to use the `googlepay` payment method. - -**Notice**: An authorization made with `googlepay` is strongly authenticated (SCA in PSD2) if `authMethod` is `CRYPTOGRAM_3DS` and the [Google Pay guidelines for SCA](https://developers.google.com/pay/api/android/guides/resources/sca) have been followed. If `authMethod` is `PAN_ONLY`, a 3-D Secure flow is required for SCA and the resulting ARes/RReq must be supplied in the `3dsecure` sub-dictionary. - -**Notice**: To obtain liability shift for a `googlepay` token with `authMethod` `CRYPTOGRAM_3DS` the `ECI` must be `02` or empty for Mastercard and `05` for Visa. For other values, a 3-D Secure flow is required for liability shift. - -**Notice**: An authorization made with `googlepay` cannot be a subsequent-in-series authorization. - -**Notice**: The `recipient_id` for `googlepay` in the test environment is `merchant:12345678901234567890`. - -{{% /notice %}}