Skip to content

Create order for PCIDSS merchants

These edpoints relate to the flow, when merchant is PCI DSS compliant and card data collected on behalf of merchant site or application.

Note

This flow will consist from two steps.

  • Step 1: Obtain ACS URL from issuing bank and redirect caldholder to this URL for 3DSecure authentication.

  • Step 2: Obtain result from ACS URL and perform financial transaction - purchase.

Endpoint for order creation

Step 1. Starting 3DSecure authentication

POST /api/3dsecure_step1

This endpoint expects POST request in JSON fromat with parameters.

If the card is enrolled in 3D-Secure service, response will contain parameters:

Parameter Type Description
response_status string(50) if no error ocured always returned success success
acs_url string(2048) URL of cardholder issuing bank Access Control Server where he must enter 3DSecure password
pareq string(20480) Parameter which must be submeted to acs_url
md string(1024) Unique 3DSecure request ID. Generated by Flitt payment gateway

A merchant receiving this response must build an HTML form and using it submit customer to acs_url. HTML form must be of the following content:

<form name="MPIform" action='${acs_url}' method="POST">
  <input type="hidden" name="PaReq" value='${pareq}'>
  <input type="hidden" name="MD" value='${md}'>
  <input type="hidden" name="TermUrl" value='${TempUrl}'>
</form>

where ${TempUrl} – is merchant URL where customer will be redirected after 3DSecure authentication at acs_url.

The following parameters are returned to URL TempUrl after cardholder password verification:

Parameter Type Description
pares string(20480) Payer authentication result.Is BASE64 string
md string(1024) Unique 3DSecure request ID.Generated by Flitt payment gateway

Request and response examples

curl -i -X POST \
-H "Content-Type:application/json" \
-d \
'
{
  "request": {
    "order_id": "test_12343242",
    "merchant_id": "1549901",
    "order_desc": "Test order",
    "amount": 1000,
    "currency": "GEL",
    "card_number": "4444555566661111",
    "cvv2": "111",
    "expiry_date": "1125",
    "client_ip": "8.8.8.8",
    "server_callback_url": "https://myserver.com/callback",
    "signature": "0c0c2374c73267e7be560d80834e4ba28ccda7aa"
  }
}
' \
'https://pay.flitt.com/api/3dsecure_step1'

{
    "response": {
        "response_status": "success",
        "acs_url": "https://pay.flitt.com/test/testacs/",
        "pareq": "eJxtU21vgjAQ/u6vIP4A+gJRNKVJHUvUiRpwS/aRYYNsgljA6b8fLTpFuISE5+5pe/fcHdnsBOeOz8NScNrTKiMuz/Mg4lq8tfuDyqxRv46o6Jp5/HjHynfiIo8PKUU61DEBN9gkuVyEuyAtmm4VCsLjZLakpjUyDUTAFbZ5CRczhxpDDCsjoIZtWhoknC7Y5mM2Z762Zv6GaRO2fGMEqFD7RHgo00JcqIktAm6gTSvFnu6KIsvHQD6uysn1ffal708EyGizZNBdM1mX0p13ZXKOt9R12O/Th5ffn3jl/NgESEb73DYoOMUQmdDCloaGY4jGaECA8nconsgiKdYh1F7fvUrz2tFmZjJXdqVL1R8dHUqWQvA0vNDRUEp5Q20iP2eHlMtLCfj/f5KvWyfyMu2cobCopsFNVsZ8yhdHL1rNkedH0Ev8yLblVClCZyZx1W4DozqV+Ln3BDy+WKV1XwHZYrUttEdAY5f+AHcC0ak=",
        "md": "2001876637"
    }
}

Request and response examples

see response parameters

{
    "response": {
        "error_code": 1011,
        "error_message": "Parameter `amount` is missing",
        "request_id": "5htKi0wf7zEHn",
        "response_status": "failure"
    }
}

Endpoint for 3DSecure authentication completion

Step 2. Complete 3D-Secure authentication and perform purchase transaction

POST /api/3dsecure_step2

This endpoint expects POST request in JSON fromat with parameters:

Parameter Type Mandatory Description
merchant_id integer(12) mandatory Merchant unique ID. Generated by Flitt during merchant registration.
order_id string(1024) mandatory Order ID which is generated by merchant.
pares string(20480) mandatory Parameter returned by issuing bank to URL TempUrl after password verification
md string(1024) mandatory Unique 3DSecure request ID. Generated by Flitt payment gateway
version string(10) optional Protocol version. Default value: 1.0
signature string(40) mandatory Order signature. Required to verify merchant request consistency and authenticity. Signature generation algorithm please see at Signature generation.

Request

curl -i -X POST \
-H "Content-Type:application/json" \
-d \
'
{
    "request": {
        "order_id": "test_123432421",
        "merchant_id": "1549901",
        "pares": "eJzFWFuTosgSft9f0dH7aMxwF9lweqO4g4JcFXxDRO6Ccin01y/aPb093T3nTOzGiVMRhlZWVlZ+mfkVKfM/h7J46KNzk1bHb4/YV/TxITqG1T49xt8eXUf8Mnv88+m3uZOco4i3o7A7R0+/PYxjrkVNE8TRQ7r/9jilZhRGPz6v3FcNYEXNfQ2b0hhOEij1Zvmu8nLq03joV3yOfJ/+qKRF5zAJju2P4vtSEJ5YRX8iZwxJYHPkZfpRr4zOCv9E0Dg6jjnyPP3xFOTzY+ZGdxM30SdWh3T/pPEAvvvguhNjmhN+myM3jY/79kEbPeEoRqIzDHvAmD9I6g+MniN3+Uf1+uYBKKtu9A2/uf9W8FF9zM95zN/liaFnc+R19lExGurqGN2MzpHX3++C8jn6eR0cn9A3g6DJ6ehX8D51jvfJuW1avoU/vcHHx+zd5R/VmzZou+bJnyMvvz6BHPT9EwcAx15WciwtHNeKfNWPwMsYM3FX+SQGYfqEUiP+8ftzu6CIq3PaJuUtTD8K3sXqLdgxcrfqfyOw0/g4un+OHka6HZtvj0nb1n8gCITwKyS+VucYuVUngjLIqLBv0vj392y5mYj2yvFQ/WMbdztccKyOaRgU6TVoR75pUZtU+4dXYJ/ZdaybaQyxBO7LaPtLiJHHLzcJSmDUI/LJKa+Af8X8e7fPTfClSQLsU8tWdIhuRR09uJby7fH3n10vrxv4NI6a9p/48TMf3phdB0UXPRELlLTEgEh7ccMxxVmAV4rVYZDb5Fh9bzU/4kFeAb0vqb8z/kkp3IP7bNMmtwIakXDfxaqQIylGe+JF161w6vvu/lTn1K7tFwUhL69omYk+ikpldg2Wu1N74LFFutsryLK4YtOBF2pyEh8L8ULwkhyRlclhxoIk+ZnLxhKeu9oCUD6mnK1a9PEsmpb4AuoiOtuRp7A8E5dEKVUDWpku+26PbSGu0xd1ra0TObyyMit8e0b1xvkfkS2iy0e89xWPQhk+aIOfZOO2zEXnNj2MpT1epJqicGbGcSBoOM7kEi3wZsn14MUO0Nk4PyV5KjEQZYHpioAHE81sIGf6/No0JQGqa/cqmBogJYC5wrhbNnHx4m+sJLwKmgaqZ/mg8a5QuJo5g/zzXl6AWxh4ZuvjApSTUNccE2pXgI+acOUow+Yuy28y7FWWcWzGC0sN5He7bKJx67U2CA4w2FhfsyB2OEHvdxJz86HXrBiK8f08WYCMEmz21U4Su62sxW4pdj4eD7wDls97K4cVt6qLCsPyCtpnWeOoxbYOcSG2NxS69dTO96x6h1PJjmOdcY4HG71QBPEa4kwWbEQ02DCdZgHIx99x7sd9OhpKBaop0kEDqMTZJ8lWdgRvCre4gjF8OuA5NjUXbGzyzWXay37aH3DzSAWLaOEuVxolT2JmpUTyShDqNg6HlPQGGSEbYgVbJPV5w7AHsafAubxOsIkIpS2bTpzEWoTbNZzsG3lKdMZ65eYyLx3JXWTgcmC154tDePTpqDlJ5snx4biO3JNSY7OtZTipry/9rCeQU2vvKds8TU1vCEU6iI284HDHNhUemIB9j4l9xsQCTR6pVBesoRQmV+nVFqdbftvOWGkj+cFuYVwEQQKcZ1CUh3WEPisErKdLkXZKVKdMI8YIeMkZf8dWK6REOOew8s1eViUmnCIYSuETT2pdQu30Iq13ZOKIOslP8+mWWbqljSDmGmlRwh8MkaVtouW6zpNyV0FLVD3kxaF23d2qhbAsk3aOvGfGr/PneB35E6cxgMpYgooK9CSUkDFXsGU+i40mgIG7AvW5xnwHFGvnTc0sxprhfU9NtpJ41UwIuWf5UoC6aa/NN/WuOZzM1nsOu+xwBtVY0uMdAdV4DeoZQHXev+pYNcqUu2zk0ncZNLJPeMSD1SsX0BFEKea+pw08Dxbf+QAwVl3zgnHDddsLBk261fZyoye/WN/2DOad6IpkHgRpYC8nFjVdB/kV68Znji+eEKHy1OvShihog80Mi+SOSy7RjPZiXjK8DghctVtYWF3RWVn2tI6Vp6oY9su2BRW1UM4bJlrp0wkyIWyyVfJucT5Npuulcxlsqi1peZQRazleBZ1/2gK45wZbPCmdmDVdljQTzxt6yHYV1cDn+q5IKb1jY++Y93xsbljWtqMVAup+jyi+USUgljFlL9h6jSx4Ft7iJduaEDjsMR6vCp0hD65uWkfytKIbO/PaeiPvLToNRKEWFGh+dq/9ej4sDcy+50O558NT+x1hj3c6Tw1uQ5RKX2+uQLv7ZWkC64y3uSkjP+Uu13os2rcFOjFdt5eloprFJw5mWQL5ZR3ga6spgq5ZSO2M3BRG6qGOjLOnoUSupXFhM/3YeRtJLk1yEYvlKUDtSMTAwUB8AmwiQQVTtYoyanaU0OQ85cLVbjhzEwg0y+CVYimvJhRmXrJaFxmZm+T4dDe4Qb1t8PUGwevQmNJla8oXL/XNf8Pdyrlx9/Q3d42jaF8jP50Uu/8nd7WrO2jij9x9kf2PasWE8fb+fFYX1VZJ+lAHd8xghIaCsf7V8XHOgoVE79PgzJsxRrtZ2atBI4t2tkmM/Y5BmNrb9huw6EIGnk4ZTxx7dwonndr6injSyd7jJllORzm5Fumsz3mRsFD0cJSLKVytu8PVLERAT0yv3jia1OymlwtMPA2ud+Fq1mFkKK2RYUKtI5g78Xlt7U7bYuUpZVQUer/BDo1Kyam9Psiz6FKAWGMBkLI4UO7Y5FvvYaErlvUFUc8JImFMjJUOaUV3w0KP8MLfY3KnajK481yBVq1JEfhPupVr52Y2ZvPf9EWWAHn4vV9I7n1RWDL9Xnlfj/DulwBNURupDA4f8iU+50sASrTdtp55Ktix5Q7wOC2lvEKCJe5vxrYoQcmLs5hkkF7lKuJu9gCL6Zmr5hRydlQGp2gmrahzUy5lbz3pNuF0c54q4ooEhyE1+4m0QYyxm6s7kqlmUc9cnN4PqmbmGeR1765Iq/FYyJx9q7MNctXj7WqxMKpypS6DnU2N1VdwVZfTNIkMzq3X/a/8fVb52NfOkQ+d8JvO+eUFDPLyBubpt/Hv59v3M38BUoNF+A==",
        "md": "2003330322",
        "signature": "32b08ca114659b8c18ab9576cf1d5ffdb9c711f2"
    }
}
' \
'https://pay.flitt.com/api/3dsecure_step2'

see response parameters

{
    "response": {
        "error_code": 1011,
        "error_message": "Parameter `amount` is missing",
        "request_id": "5htKi0wf7zEHn",
        "response_status": "failure"
    }
}