Create order for PCIDSS merchants

These edpoints relate to the flow, when merchant is PCI DSS compliant and card data collected on behalf of merchant site or application.

Note

This flow will consist from two steps.

• Step 1: Obtain ACS URL from issuing bank and redirect caldholder to this URL for 3DSecure authentication.

• Step 2: Obtain result from ACS URL and perform financial transaction - purchase.

Endpoint for order creation

Step 1. Starting 3DSecure authentication

POST /api/3dsecure_step1

This endpoint expects POST request in JSON format with parameters.

If the card is enrolled in 3D-Secure service, response will contain parameters:

Parameter	Type	Description
response_status	string(50)	if no error ocured always returned success success
acs_url	string(2048)	URL of cardholder issuing bank Access Control Server where he must enter 3DSecure password
pareq	string(20480)	Parameter which must be submeted to acs_url
md	string(1024)	Unique 3DSecure request ID. Generated by Flitt payment gateway

A merchant receiving this response must build an HTML form and using it submit customer to acs_url. HTML form must be of the following content:

<form name="MPIform" action='${acs_url}' method="POST">
  <input type="hidden" name="PaReq" value='${pareq}'>
  <input type="hidden" name="MD" value='${md}'>
  <input type="hidden" name="TermUrl" value='${TempUrl}'>
</form>

where ${TempUrl} – is merchant URL where customer will be redirected after 3DSecure authentication at acs_url.

The following parameters are returned to URL TempUrl after cardholder password verification:

Parameter	Type	Description
pares	string(20480)	Payer authentication result.Is BASE64 string
md	string(1024)	Unique 3DSecure request ID.Generated by Flitt payment gateway

Request and response examples

RequestResponse if 3D-Secure is enabled

curl -i -X POST \
-H "Content-Type:application/json" \
-d \
'
{
  "request": {
    "order_id": "test_12343242",
    "merchant_id": "1549901",
    "order_desc": "Test order",
    "amount": 1000,
    "currency": "GEL",
    "card_number": "4444555566661111",
    "cvv2": "111",
    "expiry_date": "1125",
    "client_ip": "8.8.8.8",
    "server_callback_url": "https://myserver.com/callback",
    "signature": "0c0c2374c73267e7be560d80834e4ba28ccda7aa"
  }
}
' \
'https://pay.flitt.com/api/3dsecure_step1'

{
    "response": {
        "response_status": "success",
        "acs_url": "https://pay.flitt.com/test/testacs/",
        "pareq": "eJxtU21vgjAQ/u6vIP4A+gJRNKVJHUvUiRpwS/aRYYNsgljA6b8fLTpFuISE5+5pe/fcHdnsBOeOz8NScNrTKiMuz/Mg4lq8tfuDyqxRv46o6Jp5/HjHynfiIo8PKUU61DEBN9gkuVyEuyAtmm4VCsLjZLakpjUyDUTAFbZ5CRczhxpDDCsjoIZtWhoknC7Y5mM2Z762Zv6GaRO2fGMEqFD7RHgo00JcqIktAm6gTSvFnu6KIsvHQD6uysn1ffal708EyGizZNBdM1mX0p13ZXKOt9R12O/Th5ffn3jl/NgESEb73DYoOMUQmdDCloaGY4jGaECA8nconsgiKdYh1F7fvUrz2tFmZjJXdqVL1R8dHUqWQvA0vNDRUEp5Q20iP2eHlMtLCfj/f5KvWyfyMu2cobCopsFNVsZ8yhdHL1rNkedH0Ev8yLblVClCZyZx1W4DozqV+Ln3BDy+WKV1XwHZYrUttEdAY5f+AHcC0ak=",
        "md": "2001876637"
    }
}

Request and response examples

Response if 3D-Secure is disabledResponse in case of error

see response parameters

{
    "response": {
        "error_code": 1011,
        "error_message": "Parameter `amount` is missing",
        "request_id": "5htKi0wf7zEHn",
        "response_status": "failure"
    }
}

Endpoint for 3DSecure authentication completion

Step 2. Complete 3D-Secure authentication and perform purchase transaction

POST /api/3dsecure_step2

This endpoint expects POST request in JSON format with parameters:

Parameter	Type	Mandatory	Description
merchant_id	integer(12)	mandatory	Merchant unique ID. Generated by Flitt during merchant registration.
order_id	string(1024)	mandatory	Order ID which is generated by merchant.
pares	string(20480)	mandatory	Parameter returned by issuing bank to URL TempUrl after password verification
md	string(1024)	mandatory	Unique 3DSecure request ID. Generated by Flitt payment gateway
version	string(10)	optional	Protocol version. Default value: 1.0
signature	string(40)	mandatory	Order signature. Required to verify merchant request consistency and authenticity. Signature generation algorithm please see at Signature generation.

Request

RequestNormal responseResponse in case of error

curl -i -X POST \
-H "Content-Type:application/json" \
-d \
'
{
    "request": {
        "order_id": "test_123432421",
        "merchant_id": "1549901",
        "pares": "eJzFWFuTosgSft9f0dH7aMxwF9lweqO4g4JcFXxDRO6Ccin01y/aPb093T3nTOzGiVMRhlZWVlZ+mfkVKfM/h7J46KNzk1bHb4/YV/TxITqG1T49xt8eXUf8Mnv88+m3uZOco4i3o7A7R0+/PYxjrkVNE8TRQ7r/9jilZhRGPz6v3FcNYEXNfQ2b0hhOEij1Zvmu8nLq03joV3yOfJ/+qKRF5zAJju2P4vtSEJ5YRX8iZwxJYHPkZfpRr4zOCv9E0Dg6jjnyPP3xFOTzY+ZGdxM30SdWh3T/pPEAvvvguhNjmhN+myM3jY/79kEbPeEoRqIzDHvAmD9I6g+MniN3+Uf1+uYBKKtu9A2/uf9W8FF9zM95zN/liaFnc+R19lExGurqGN2MzpHX3++C8jn6eR0cn9A3g6DJ6ehX8D51jvfJuW1avoU/vcHHx+zd5R/VmzZou+bJnyMvvz6BHPT9EwcAx15WciwtHNeKfNWPwMsYM3FX+SQGYfqEUiP+8ftzu6CIq3PaJuUtTD8K3sXqLdgxcrfqfyOw0/g4un+OHka6HZtvj0nb1n8gCITwKyS+VucYuVUngjLIqLBv0vj392y5mYj2yvFQ/WMbdztccKyOaRgU6TVoR75pUZtU+4dXYJ/ZdaybaQyxBO7LaPtLiJHHLzcJSmDUI/LJKa+Af8X8e7fPTfClSQLsU8tWdIhuRR09uJby7fH3n10vrxv4NI6a9p/48TMf3phdB0UXPRELlLTEgEh7ccMxxVmAV4rVYZDb5Fh9bzU/4kFeAb0vqb8z/kkp3IP7bNMmtwIakXDfxaqQIylGe+JF161w6vvu/lTn1K7tFwUhL69omYk+ikpldg2Wu1N74LFFutsryLK4YtOBF2pyEh8L8ULwkhyRlclhxoIk+ZnLxhKeu9oCUD6mnK1a9PEsmpb4AuoiOtuRp7A8E5dEKVUDWpku+26PbSGu0xd1ra0TObyyMit8e0b1xvkfkS2iy0e89xWPQhk+aIOfZOO2zEXnNj2MpT1epJqicGbGcSBoOM7kEi3wZsn14MUO0Nk4PyV5KjEQZYHpioAHE81sIGf6/No0JQGqa/cqmBogJYC5wrhbNnHx4m+sJLwKmgaqZ/mg8a5QuJo5g/zzXl6AWxh4ZuvjApSTUNccE2pXgI+acOUow+Yuy28y7FWWcWzGC0sN5He7bKJx67U2CA4w2FhfsyB2OEHvdxJz86HXrBiK8f08WYCMEmz21U4Su62sxW4pdj4eD7wDls97K4cVt6qLCsPyCtpnWeOoxbYOcSG2NxS69dTO96x6h1PJjmOdcY4HG71QBPEa4kwWbEQ02DCdZgHIx99x7sd9OhpKBaop0kEDqMTZJ8lWdgRvCre4gjF8OuA5NjUXbGzyzWXay37aH3DzSAWLaOEuVxolT2JmpUTyShDqNg6HlPQGGSEbYgVbJPV5w7AHsafAubxOsIkIpS2bTpzEWoTbNZzsG3lKdMZ65eYyLx3JXWTgcmC154tDePTpqDlJ5snx4biO3JNSY7OtZTipry/9rCeQU2vvKds8TU1vCEU6iI284HDHNhUemIB9j4l9xsQCTR6pVBesoRQmV+nVFqdbftvOWGkj+cFuYVwEQQKcZ1CUh3WEPisErKdLkXZKVKdMI8YIeMkZf8dWK6REOOew8s1eViUmnCIYSuETT2pdQu30Iq13ZOKIOslP8+mWWbqljSDmGmlRwh8MkaVtouW6zpNyV0FLVD3kxaF23d2qhbAsk3aOvGfGr/PneB35E6cxgMpYgooK9CSUkDFXsGU+i40mgIG7AvW5xnwHFGvnTc0sxprhfU9NtpJ41UwIuWf5UoC6aa/NN/WuOZzM1nsOu+xwBtVY0uMdAdV4DeoZQHXev+pYNcqUu2zk0ncZNLJPeMSD1SsX0BFEKea+pw08Dxbf+QAwVl3zgnHDddsLBk261fZyoye/WN/2DOad6IpkHgRpYC8nFjVdB/kV68Znji+eEKHy1OvShihog80Mi+SOSy7RjPZiXjK8DghctVtYWF3RWVn2tI6Vp6oY9su2BRW1UM4bJlrp0wkyIWyyVfJucT5Npuulcxlsqi1peZQRazleBZ1/2gK45wZbPCmdmDVdljQTzxt6yHYV1cDn+q5IKb1jY++Y93xsbljWtqMVAup+jyi+USUgljFlL9h6jSx4Ft7iJduaEDjsMR6vCp0hD65uWkfytKIbO/PaeiPvLToNRKEWFGh+dq/9ej4sDcy+50O558NT+x1hj3c6Tw1uQ5RKX2+uQLv7ZWkC64y3uSkjP+Uu13os2rcFOjFdt5eloprFJw5mWQL5ZR3ga6spgq5ZSO2M3BRG6qGOjLOnoUSupXFhM/3YeRtJLk1yEYvlKUDtSMTAwUB8AmwiQQVTtYoyanaU0OQ85cLVbjhzEwg0y+CVYimvJhRmXrJaFxmZm+T4dDe4Qb1t8PUGwevQmNJla8oXL/XNf8Pdyrlx9/Q3d42jaF8jP50Uu/8nd7WrO2jij9x9kf2PasWE8fb+fFYX1VZJ+lAHd8xghIaCsf7V8XHOgoVE79PgzJsxRrtZ2atBI4t2tkmM/Y5BmNrb9huw6EIGnk4ZTxx7dwonndr6injSyd7jJllORzm5Fumsz3mRsFD0cJSLKVytu8PVLERAT0yv3jia1OymlwtMPA2ud+Fq1mFkKK2RYUKtI5g78Xlt7U7bYuUpZVQUer/BDo1Kyam9Psiz6FKAWGMBkLI4UO7Y5FvvYaErlvUFUc8JImFMjJUOaUV3w0KP8MLfY3KnajK481yBVq1JEfhPupVr52Y2ZvPf9EWWAHn4vV9I7n1RWDL9Xnlfj/DulwBNURupDA4f8iU+50sASrTdtp55Ktix5Q7wOC2lvEKCJe5vxrYoQcmLs5hkkF7lKuJu9gCL6Zmr5hRydlQGp2gmrahzUy5lbz3pNuF0c54q4ooEhyE1+4m0QYyxm6s7kqlmUc9cnN4PqmbmGeR1765Iq/FYyJx9q7MNctXj7WqxMKpypS6DnU2N1VdwVZfTNIkMzq3X/a/8fVb52NfOkQ+d8JvO+eUFDPLyBubpt/Hv59v3M38BUoNF+A==",
        "md": "2003330322",
        "signature": "32b08ca114659b8c18ab9576cf1d5ffdb9c711f2"
    }
}
' \
'https://pay.flitt.com/api/3dsecure_step2'

see response parameters

{
    "response": {
        "error_code": 1011,
        "error_message": "Parameter `amount` is missing",
        "request_id": "5htKi0wf7zEHn",
        "response_status": "failure"
    }
}