3DS payment confirmation (3-D Secure)

After responding to the POST method /api/invoicer/payments/checkStatus was received data.status=NEEDS_CONFIRMATION and data.confirmation.type=3DS, it is necessary to redirect the user to the ACS-page of the issuer's bank to confirm the payment.

To do this, you need to perform a query using the POST method on URL data.confirmation.url. If there are parameters in the object data.confirmation.form - they must be passed in the request (they are not all required). Be sure to pass the parameter TermUrl, it must be formed on the principle URL + query string parameters: id, redirect, key (not required)::

${redirectUrl}?id=${redirectParamsId}&key=${key}&redirect=${redirect}

where:

${redirectUrl} - value of the field data.redirect.url from the response to the request to receive the payment status;
${redirectParamsId} - field value data.redirect.params.id in response to a request for payment status;
${key} - the value of the data.key field in response to the payment request;
${redirect} - URL, to be redirected to after completion of ACS page verification (usually Merchant page URL)

Example of response to the POST method api/invoicer/payments/checkStatus:

{
  "status": 1,
  "data": {
    "id": "d00c4a4e-30e6-499c-8dba-9fae2816094c",
    "externalId": "ab527192-0f81-423d-a192-d6d270d3a9d2.1611586242200",
    "receiptId": "8SRY8F4AK95E",
    "status": "NEEDS_CONFIRMATION",
    "amount": 1200,
    "pluginId": 38,
    "key": "7qAux1wS9QrEjMutPcahmtHvUBECmXuiyYu6AhQrCgZu.kkcou74107632189319",
    "confirmation": {
      "type": "3DS",
      "url": "https://api.demo.uapay.ua/api/acs/virtual/form",
      "form": {
        "PaReq": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmRlcklkIjoiMjc5MTZjODEtOTIwYi00YWFlLTkxNWYtZjEwNjBiZDdkOGYxIiwiYW1vdW50IjoxMzI0LCJwYW5NYXNrZWQiOiI1NDU0NTQ1NDU0IiwiaWF0IjoxNjExNTg2MjQzfQ.Wof7YYGOed6AJdeuPGzQZ8T6sZEz_i9zq1o84CjAgEM",
        "MD": "27916c81-920b-4aae-915f-f1060bd7d8f1"
      }
    },
    "redirect": {
      "url": "https://api.demo.uapay.ua/api/payments/ecom/confirm",
      "params": {
        "id": "d00c4a4e-30e6-499c-8dba-9fae2816094c"
      },
      "directAcs": null
    },
    "paymentStatus": "NEW"
  }
}

An example of the formed TermUrl:
https://api.demo.uapay.ua/api/payments/ecom/confirm?id=d00c4a4e-30e6-499c-8dba-9fae2816094c&redirect=https://uapay.ua/

To make a POST request to the issuer's bank, you need to create and call an HTML form. Example using JavaScript:

<!DOCTYPE html>
<html>

<head>
    <title>Example call ACS</title>
</head>

<body>
    <script type="text/javascript">
    var form = document.createElement('form');
    form.setAttribute('method', 'POST');
    form.setAttribute('action', data.confirmation.url);

    var paReq = document.createElement('input');
    paReq.setAttribute('type', 'hidden');
    paReq.setAttribute('name', 'PaReq');
    paReq.setAttribute('value', data.confirmation.form.PaReq);
    form.appendChild(paReq);

    var md = document.createElement('input');
    md.setAttribute('type', 'hidden');
    md.setAttribute('name', 'MD');
    md.setAttribute('value', data.confirmation.form.MD);
    form.appendChild(md);

    var termUrl = document.createElement('input');
    termUrl.setAttribute('type', 'hidden');
    termUrl.setAttribute('name', 'TermUrl');
    termUrl.setAttribute('value', termUrl);
    form.appendChild(termUrl);
    
    document.body.append(form);
    
    form.submit();
    </script>
    </body>

</html>

After the user returns to the page, it is necessary to continue sending the show request, until the final payment status is received.