Ingenico Direct Support Site

Results for

icon-search-large No search results yet
Enter your search query above

1. Introduction

Our Server-to-server solution allows you to exchange all transaction-related data between your server and our platform directly. Your customers remain in your webshop environment during the whole payment process, which enables you to

Before you process live transactions, use our test environment. Get to know our solution without costs or any commitments involved! Once you want to go live, check out here how to get a production account or contact us!

s2s-1.png
The graph above graphic provides you a broad overview on the parties involved and their responsibilities in the payment process.

If you do not use this solution in conjunction with either recurring payments or our Hosted Tokenization Page, you need to handle sensitive card data. This requires a very high PCI DSS compliance. Make sure your infrastructure fulfils all necessary security standards!

2. Get started

To process transactions on our platform with this solution, make sure that

  • You have an account on our platform
  • At least one of these payment methods is activated in your account (Check in the Back Office via Configuration > Payment methods)
  • You have configured your API Key and API Secret in your account (Check in the Back Office via Configuration > Technical Information > Ingenico Direct Settings Direct API Key). Learn more in our authentication chapter
  • Your server can process server-to-server request via our RESTful API. Using one of our Server SDKs will greatly ease this task
To configure your API Key and API Secret, make sure that option "DIR (Merchant using Ingenico Direct integration)" is active in your Back Office (Configuration > Account > Your options > Available options).
Contact us if this not the case.

Are you all set? Then learn how to use our Server-to-server in the next chapter!

3. Integration with Server-to-server

Your customers stay in your webshop environment during the whole payment process. As you send all the data directly to our platform and receive the (intermediate) result in real-time, no other party becomes visible to your customers (except for 3-D Secure challenge flow transactions). This way, you are completely free to design the look and feel of the payment page.

Target endpoint URLs in test / live

Our platform allows you to send requests either to our Test environment or Live environment:

For transactions with no financial impact, use the TEST-URL. The transactions will be sent to our test environment thereby to your test account

For transactions with a financial impact, use the LIVE-URL. The transactions will be sent to our live environment thereby to your live account

Understand transaction flow

Our Server SDKs come with a Payments API. It includes all the methods you need to perform all the steps of a typical payment flow:

s2s-2.png

  1. Your customer goes to your check-out page and enters her/his credit card data to finalise the purchase

  2. You send a Create Payment request to our to our platform, including the mandatory 3-D Secure v2 parameters. A typical request looks like this:
    
    CreatePaymentRequest paymentrequest = new CreatePaymentRequest
    {
    	CardPaymentMethodSpecificInput = new CardPaymentMethodSpecificInput
    	{
           	      PaymentProductId = 1,
                  SkipAuthentication = false,
    	      Card = new Card
            {
    	      CardholderName = "John Doe",
    	      CardNumber = "4874970686672022",
    	      Cvv = "123",
    	      ExpiryDate = "1236"
            },
            ThreeDSecure = new ThreeDSecure
            {
    	      RedirectionData = new RedirectionData
    	      {
    	           ReturnUrl = "https://yourRedirectionUrl.com"
    	      }
            }
        },
        Order = new Order
        {
            AmountOfMoney = new AmountOfMoney
            {
                Amount = 100,
                CurrencyCode = "EUR"
            },
    
            Customer = new Customer
            {
                Device = new CustomerDevice
                {
    		AcceptHeader = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3",
                    Locale = "en_EN",
                    TimezoneOffsetUtcMinutes = "-180",
                    UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36",
                    BrowserData = new BrowserData
                    {
                        ColorDepth = 24,
                        JavaScriptEnabled = false,
                        ScreenHeight = "1080",
                        ScreenWidth = "1920"
                    }
    	     }
    	}
       }
    }; 
    
    You can replace the sensitive data in Card with a (temporary) token, significantly reducing your PCI-DSS compliance level. Learn more in our dedicated chapter

    2'. We perform a Fraud check

  3. Our platform sends a response containing a MerchantAction object.
    It instructs you how to proceed with the payment. Based on the response, these scenarios are possible:

    a)  3-D Secure frictionless flow authentication (MerchantAction.ActionType=null): Your customer uses a 3-D Secure enrolled card. The 3-D Secure v2 parameters in your Create Payment request prove to be sufficient for the authentication step. We submit the transaction to the acquirer and provide the result in property StatusOutput.StatusCode. The flow continues at step 9)

    b) 3-D Secure challenge flow authentication (MerchantAction.ActionType=REDIRECT): Your customer uses a 3-D Secure enrolled card. S/he needs to identify her/himself as the rightful card owner. The flow continues at step 4)

    c) No 3-D Secure authentication (MerchantAction.ActionType=null): Your customer uses a non-3-D Secure enrolled card. We submit the transaction to the acquirer and provide the result in property StatusOutput.StatusCode. The flow continues at step 9)

    Find a detailed overview about the implementation of 3-D Secure V2 in our dedicated guide 
  4. You redirect the customer to her/his issuing bank to the MerchantAction.RedirectData.RedirectURL. The cardholder identifies herself/himself
  5. Our system receives the result from the issuer. Based on the result, two scenarios are possible:

    a) If the identification was unsuccessful, we redirect your customer to your ReturnUrl, ending the flow. You can request the transaction result as described in step 8)

    b) If the identification was successful, the flow continues at step 6)

  6. We submit the actual financial transaction to the acquirer to process it. We receive the transaction result

  7. We redirect your customer to your ReturnUrl

  8. You request the transaction result from our platform via GetPayment or receive the result via webhooks

  9. If the transaction was successful, you can deliver the goods / services

4. Use additional possibilities

Our Server-to-server solution offers many more possibilities. Learn here all about its available features.

Replace sensitive data with token

Handling credit card data by yourself requires you to fulfil the highest PCI DSS compliancy level. This might not be desirable or feasible for you. Therefore, we have designed this solution to accept a token instead of sensitive card data as described in step 2. This way, you can reduce your PCI DSS compliancy level significantly and use this integration mode at the same time!

A token is a credit card profile safely stored on our platform. There are two different types of tokens:

A typical request replacing card data with a permanent/temporary token looks like this:


CreatePaymentRequest requestBody = new CreatePaymentRequest
{
	CardPaymentMethodSpecificInput = new CardPaymentMethodSpecificInput
	{
		PaymentProductId = 1,
        kipAuthentication = false,
        Token = paymentToken,
        ThreeDSecure = new ThreeDSecure
        {
            RedirectionData = new RedirectionData
            {
				ReturnUrl = "https://secure.ogone.com/Ncol/Test/displayparams.asp"
            }
        }
    },
    Order = new Order
    {
        AmountOfMoney = new AmountOfMoney
        {
            Amount = 100,
            CurrencyCode = "EUR"
        },

        Customer = new Customer
        {
            Device = new CustomerDevice
            {
                AcceptHeader = "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3",
                Locale = "en_EN",
                TimezoneOffsetUtcMinutes = "-180",
                UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36",
                BrowserData = new BrowserData
                {
                    ColorDepth = 24,
                    JavaScriptEnabled = false,
                    ScreenHeight = "1080",
                    ScreenWidth = "1920"
                }
            }
        }
    }
};