3DS payment confirmation (3-D Secure)

After responding to the POST method /api/invoicer/payments/checkStatus was received data.status=NEEDS_CONFIRMATION and data.confirmation.type=3DS, it is necessary to redirect the user to the ACS-page of the issuer's bank to confirm the payment.

To do this, you need to perform a query using the POST method on URL data.confirmation.url. If there are parameters in the object data.confirmation.form - they must be passed in the request (they are not all required). Be sure to pass the parameter TermUrl, it must be formed on the principle URL + query string parameters: id, redirect, key (not required)::

${redirectUrl}?id=${redirectParamsId}&key=${key}&redirect=${redirect}

where:

  • ${redirectUrl} - value of the field data.redirect.url from the response to the request to receive the payment status;

  • ${redirectParamsId} - field value data.redirect.params.id in response to a request for payment status;

  • ${key} - the value of the data.key field in response to the payment request;

  • ${redirect} - URL, to be redirected to after completion of ACS page verification (usually Merchant page URL)

Example of response to the POST method api/invoicer/payments/checkStatus:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 { "status": 1, "data": { "id": "d00c4a4e-30e6-499c-8dba-9fae2816094c", "externalId": "ab527192-0f81-423d-a192-d6d270d3a9d2.1611586242200", "receiptId": "8SRY8F4AK95E", "status": "NEEDS_CONFIRMATION", "amount": 1200, "pluginId": 38, "key": "7qAux1wS9QrEjMutPcahmtHvUBECmXuiyYu6AhQrCgZu.kkcou74107632189319", "confirmation": { "type": "3DS", "url": "https://api.demo.uapay.ua/api/acs/virtual/form", "form": { "PaReq": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmRlcklkIjoiMjc5MTZjODEtOTIwYi00YWFlLTkxNWYtZjEwNjBiZDdkOGYxIiwiYW1vdW50IjoxMzI0LCJwYW5NYXNrZWQiOiI1NDU0NTQ1NDU0IiwiaWF0IjoxNjExNTg2MjQzfQ.Wof7YYGOed6AJdeuPGzQZ8T6sZEz_i9zq1o84CjAgEM", "MD": "27916c81-920b-4aae-915f-f1060bd7d8f1" } }, "redirect": { "url": "https://api.demo.uapay.ua/api/payments/ecom/confirm", "params": { "id": "d00c4a4e-30e6-499c-8dba-9fae2816094c" }, "directAcs": null }, "paymentStatus": "NEW" } }

To make a POST request to the issuer's bank, you need to create and call an HTML form. Example using JavaScript:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 <!DOCTYPE html> <html> <head> <title>Example call ACS</title> </head> <body> <script type="text/javascript"> var form = document.createElement('form'); form.setAttribute('method', 'POST'); form.setAttribute('action', data.confirmation.url); var paReq = document.createElement('input'); paReq.setAttribute('type', 'hidden'); paReq.setAttribute('name', 'PaReq'); paReq.setAttribute('value', data.confirmation.form.PaReq); form.appendChild(paReq); var md = document.createElement('input'); md.setAttribute('type', 'hidden'); md.setAttribute('name', 'MD'); md.setAttribute('value', data.confirmation.form.MD); form.appendChild(md); var termUrl = document.createElement('input'); termUrl.setAttribute('type', 'hidden'); termUrl.setAttribute('name', 'TermUrl'); termUrl.setAttribute('value', termUrl); form.appendChild(termUrl); document.body.append(form); form.submit(); </script> </body> </html>

After the user returns to the page, it is necessary to continue sending the show request, until the final payment status is received.