Table of Contents

Payment Page

Important indication regarding giropay and paydirekt

The payment methods giropay and paydirekt are currently undergoing important changes that also affect the API. Please particularly note the new fields of the payment page API in the initialization section.

The new fields are:

  • paydirektShoppingCartType
  • paydirektShippingCompany
  • paydirektShippingAdditionalAddressInformation
  • paydirektShippingStreet
  • paydirektShippingStreetNumber
  • paydirektShippingEmail
  • paydirektMerchantOrderReferenceNumber
  • paydirektCart
  • paydirektDeliveryType

Please also note the information below regarding the purpose field.

API change
The following change is being made to the API in the following days:
The parameter paydirektMerchantReconciliationReferenceNumber is replaced by paydirektMerchantOrderReferenceNumber, which will continue to be optional but allows only 20 characters. Please also have a look a the allowed characters that are specified below.

Further information - especially about migration and settlement - is available in our new giropay overview page.

This document describes all flows and interfaces that are required for an integration of the GiroCheckout Payment Page.

This payment page allows for a much simpler integration of shops with GiroCheckout, without the need to configure each payment method separately within the shop. The GiroCheckout Payment Page offers the customer all payment methods available to the merchant for selection and then initializes the selected payment accordingly.

Example

Example Payment Page

Indication regarding the purpose field

Depending on the payment method that is selected by the buyer, not all characters in the purpose fields may be passed on, because the maximum lengths differ among the payment methods (for example, 27 characters in case of giropay).

The final purpose text may be adapted by the payment page to fit the requirements, by removing forbidden characters and crop the text to the maximum allowed length (please also see the documentations of the corresponding payment methods). For example, the final result for giropay will only contain characters that conform to the SEPA specification (see SEPA compliant characters).

Notes on 3-D Secure 2.0

Since January 21st 2021, the new security procedure for credit card payments “3D Secure 2.0” - introduced within the PSD2 efforts - has been mandatory for all payment providers. This API documentation already contains the fields necessary for this (field names beginning with “tds2”), see transaction initialization further below.

Please keep in mind: The parameters related to 3D Secure 2.0 are subject to changes due to modifications in the EMVCo 3-D Secure specs.

Supported payment methods

The following payment methods are currently supported:

Payment method Code
giropay 1
giropay-ID + giropay 17
giropay with payment confirmation 18
eps 2
iDEAL 12
Credit card 11
Direct debit 6
Direct debit with lock file 7
Bluecode 26
Maestro 33
PayPal 14
paydirekt 23
SOFORT-Überweisung 27

Payment initialization through the payment page

A payment page needs to be initialized so that a URL to the payment page can be generated. This payment page URL is the result of a successful payment page initialization. The customer must be redirected to this URL afterwards.

Provided by: GiroCheckout
Called by: Merchant

Workflow

CustomerShopGiroCheckoutPayment PagePayment Processor1 2 3 4 5 6 7 8 9 10 11 12 13 (c)2022 by S-Public Services GmbH

  1. Customer visits checkout section of the shop in order to pay for his order
  2. Shop initializes a paypage transaction (Initialization)
  3. GiroCheckout initializes transaction internally and returns paypage URL
  4. Shop redirects customer to the paypage, customer selects payment method
  5. Paypage initializes payment in GiroCheckout
  6. GiroCheckout returns URL of the payment form to the paypage
  7. Paypage redirects customer to the payment form of the payment processor, customer enters data and pays
  8. Payment processor informs GiroCheckout about transaction result
  9. GiroCheckout notifies shop about transaction result (Notification)
  10. Shop processes transaction result
  11. Shop sends HTTP status code to GiroCheckout
  12. GiroCheckout redirects customer back to the shop
  13. Shop displays result to customer

API functions

Project request

In case you have the requirement of only offering in your payment or donation page payment methods associated to certain projects in your GiroCockpit, and letting someone choose these methods programmatically, you may use this request to obtain a list of all your projects.

URL: https://payment.girosolution.de/girocheckout/api/v2/paypage/projects
Provided by: S-Public Services GmbH
Called by: Merchant

POST Parameters
Name Mandatory Type Description
merchantId Yes Integer Merchant ID of a Paypage project
projectId Yes Integer Project ID of a Paypage project
hash Yes String(32) HMAC MD5 hash of all the parameter values in the call. See hash generation
Example
curl -d "merchantId=1234567" \
     -d "projectId=1234" \
     -d "hash=9d7cc3729790bfdbe68a7156bb4d386b" \
     https://payment.girosolution.de/girocheckout/api/v2/paypage/projects

Response

The response consists of a JSON object. The field rc returns an error code. If rc = 0 is returned, the call was successful. In the response, you receive the element “projects” that contains the available projects.

Parameters
Name Mandatory Type Description
rc Yes Integer Error codes
msg Yes String(255) Additional information in case of an error
projects Optional Array List of the GiroCockpit projects with the elements Project Id (id), Projekt name (name), the number of the corresponding payment method (paymethod, see List of payment methods) and the mode (mode) = TEST or LIVE.
HEADER Parameters
hash Yes String(32) HMAC MD5 hash of all values of the response. See hash on response
Example
{"projects":[{"id":"12345","name":"iDEAL - ICEPAY","paymethod":"12","mode":"LIVE"},{"id":"12346","name":"giropay","paymethod":"1","mode":"TEST"},{"id":"12347","name":"Kreditkarte","paymethod":"11","mode":"TEST"}],"rc":0,"msg":""}

Initialization

POST Parameters

URL https://payment.girosolution.de/girocheckout/api/v2/paypage/init

Name Mandatory Type Description
merchantId Yes Integer Merchant ID of a Paypage project
projectId Yes Integer Project ID of a Paypage project
merchantTxId Yes String(255) Merchant's unique transaction ID. Allowed characters: any letters (incl. language-specific special characters such as German Umlauts), 0-9, symbols & = + , : ; . _ ! ? # /
amount Yes Integer For currencies with decimals, specify the amount in the smallest currency unit, such as Cent, Penny, without decimals. This parameter is MANDATORY, except for donation pages with free amount entry or with at least one fixed amount (meaning it is optional if pagetype == 2 and (freeamount=1 or fixedvalues not empty)).
currency Yes String(3) Currency of the transaction, according to ISO 4217.
EUR = Euro
purpose Yes String(50) Purpose of the transaction. This information is displayed on the card settlement or bank statement. If pagetype=2 and projectlist is not empty, the placeholder {SPENDENPROJEKT} may be used, which is then filled with the name of the user-selected project.
Please note regarding maximum field length: Depending on the payment method that is selected by the buyer, not all characters in the purpose fields may be passed on, because the maximum lengths differ among the payment methods, for example 27 characters for giropay.
The final purpose text may be adapted by the payment page to fit the requirements, by removing forbidden characters and crop the text to the maximum allowed length (please also see the documentations of the corresponding payment methods).
description Optional String(120) Description for the payment. Is only displayed on the payment page. Allowed characters see Allowed description characters
pagetype Optional Integer Type of the payment page to be generated: 0=normal API-Paypage (compatible to previous paymnent pages, default), 1=Payment page, 2=Donation page
expirydate Optional String(10) Expiration date:
* Empty = payment page is always valid,
* YYYY-MM-DD = Date in format Year-Month-Day, payment page will be valid up to this date (until 23:59:59).
* YYYY-MM-DD hh:mm:ss = Date in format “Year-Month-Day Hour:Minute:Second” (where the time component is assumed to be for the CET timezone, or CEST in the European summer), payment page will be valid up to this date and time.
Only works for pagetype 1 or 2.
The option 'once' is deprecated and shouldn't be used anymore because it will not be available in a future API version. Please use single=2 instead.
single Optional Integer Controls, whether and how the link may be reused.
0 = Link may be used as often as needed (default)
1 = Allows only one payment attempt for this payment link, no matter if successful or not
2 = Payment page may only be used for one successful payment, afterwards it will be invalidated
timeout Optional Integer Allows to specify a timeout for the selection of a payment method on the payment page. The timeout is specified in seconds and becomes active, as soon as the page is loaded. It is displayed to the user as a countdown and forwards to an error page when it expires. Reloading the page does NOT reset the timer, this can only be archieved by deleting the cookies. If the payment page was initialized with the parameter single=1, the link will be invalidated upon timeout expiration. For certain payment methods (direct debit, Paypal, credit card), the timer is hidden as soon as the tile for that method is selected. In the background, it continues running, though, and becomes visible again if the user selects another payment method. For the mentioned 3 payment methods, there are separate timeout values that may be configured for each method through GiroCockpit (administrative users of GS only).
type Optional String(4) Transaction type (see Transaction types)
SALE = Immediate payment (default)
AUTH = Amount reservation (not available for all payment methods)
locale Optional String(4) Language of the payment page
de = German (default)
en = English
paymethods Optional String Comma-separated list of the payment methods to be offered. If parameter is empty or not specified, all methods enabled by the merchant in GiroCockpit will be displayed. Specify each payment method as a number, see Payment methods
payprojects Optional String Comma-separated list of the project IDs, whose payment methods are to be available on the payment page. If nothing is specified here, all projects of the merchant are used. The project IDs may either be obtained manually through GiroCockpit, or programatically via a call to the function Project Request.
organization Optional String(70)Name of the organization offering the payment or donation page. If none specified, the merchant name from GiroCockpit is used.
freeamount Optional Integer Defines whether the payment page user may freely enter an amount (=1) or not (=0, default).
fixedvalues Optional JSON String JSON-encoded string that contains an array of all the amounts among which the user may select the one to be paid/donated, e.g. '[“10000”,“20000”,“50050”]', all amounts are to be specified in cents. If this field is empty, the content of the amount field is used as a only possible value. If this field contains values, the amount field is ignored!
minamount Optional Integer Minimum accepted value if free amount entry is allowed, i.e. freeamount=1. Specify the amount in the smallest currency unit, such as Cent, Penny, thus, without decimals. If this value is omitted, the default is 100 (meaning 1,00).
maxamount Optional Integer Maximum accepted value if free amount entry is allowed, i.e. freeamount=1. Specify the amount in the smallest currency unit, such as Cent, Penny, thus, without decimals.
orderid Optional String(20) Only used when payment method is Paydirekt. If empty, the orderid is generated from the purpose field. Only sepa-compliant characters are allowed (see SEPA-compliant characters)
projectlist Optional JSON String JSON-encoded string, that contains an array of projects (strings=project names), for which the donation page accepts donations. Only makes sense if pagetype=2.
pkn Optional String(50) This field allows the initialization of a new transaction without having to input the credit card or direct debit data again (recurring payments).
create = generate new pseudo card number for the payment data (credit card or bank data) used in this transaction.
test Yes Integer 1 = Display payment methods that are in test mode
0 = Display payment methods that are in Live mode
certdata Optional Integer 1 = Offer form for entering donation certificate data
0 = Do not offer the form (default)
otherpayments Optional JSON String JSON-formatted array of objects, that allows for the integration of external payment methods into the payment page. Clicking on this payment method within the payment page, will redirect to the specified link directly, instead of being processed via the GiroCheckout gateway as in the case of the rest of the methods. Currently, only payment methods listed in the list of already supported payment methods are allowed here (see Payment methods).
Fields of the objects:
id: Number of the payment method according to the list mentioned above.
url: Link to which the browser will be redirected on click. This link must contain everything that is required on behalf of the external payment provider (such as PayPal), so that the payment can be processed. The payment page does not carry out any string replacements or so.
position: Position that the new payment method will have within the full list of available payment methods on the page (>=1)
Example (PayPal and credit card):
[{"id":14, "url": "https://www.paypal.de/process/123456&param1=48399", "position":1}, {"id":11, "url":"https://www.visa.com/whatever", "position":2}]
paydirektShoppingCartType Optional String(19) Type of the shopping cart for giropay and paydirekt payments (only new giropay-payments). The following values are allowed:
PHYSICAL = All goods in the cart are of a physical nature,
DIGITAL = All goods in the cart are of a digital nature (require no shipping),
MIXED = The cart contains both physical and digital goods (this is the default value should the parameter not be given),
ANONYMOUS_DONATION = This is an anonymous donation and not a commercial transaction (no address data necessary),
AUTHORITIES_PAYMENT = This is a payment for local authorities (no address data necessary).
If this parameter is not specified during initialization, but the buyer selects giropay or paydirekt as payment method, the following process is applied to set a default value:
1) If this is a donation page as opposed to a payment page (pagetype=2), ANONYMOUS_DONATION is assumed.
2) If the merchant is registered with S-Public Services as an authority, AUTHORITIES_PAYMENT is assumed.
3) If the paydirekt address fields for first name, last name, postal code, city and country are set, MIXED is assumed.
4) If none of the cases 1-3 are a match, MIXED is assumed as default and the fields mentioned above for MIXED expected to be given as well.
paydirektShippingFirstName Optional String(100) First name for shipping address (only for giropay and paydirekt payments, Mandatory for shopping cart types PHYSICAL, DIGITAL and MIXED, optional for ANONYMOUS_DONATION and AUTHORITIES_PAYMENT). Permitted characters: All letters (UTF-8, also foreign), 0-9, the symbols .-!#$%&'*+/=?^_’`´{|}~"(),:;<>@[] , and blanks as well as line breaks.
paydirektShippingLastName Optional String(100) Last name for shipping address (only for giropay and paydirekt payments, Mandatory for shopping cart types PHYSICAL, DIGITAL and MIXED, optional for ANONYMOUS_DONATION and AUTHORITIES_PAYMENT). Permitted characters, see paydirektShippingFirstName.
paydirektShippingCompany Optional String (100) Company name for shipping address (only for giropay and paydirekt payments). Permitted characters, see paydirektShippingFirstName.
paydirektShippingAdditionalAddressInformation Optional String(100) Additional address information for shipping address (only for giropay and paydirekt payments). Permitted characters, see paydirektShippingFirstName.
paydirektShippingStreet Optional String(100) Street name for shipping address (only for giropay and paydirekt payments). Permitted characters, see paydirektShippingFirstName.
paydirektShippingStreetNumber Optional String(10) Street number for shipping address (only for giropay and paydirekt payments). Permitted characters, see paydirektShippingFirstName.
paydirektShippingZipCode Optional String(10) Zip code for shipping address (only for giropay and paydirekt payments, Mandatory for shopping cart types PHYSICAL and MIXED, optional for DIGITAL, ANONYMOUS_DONATION and AUTHORITIES_PAYMENT). Permitted characters, see paydirektShippingFirstName.
paydirektShippingCity Optional String(100) City for shipping address (only for giropay and paydirekt payments, Mandatory for shopping cart types PHYSICAL and MIXED, optional for DIGITAL, ANONYMOUS_DONATION and AUTHORITIES_PAYMENT). Permitted characters, see paydirektShippingFirstName.
paydirektShippingCountry Optional String(2) Country code (ISO 2 chars) for shipping address (only for giropay and paydirekt payments, Mandatory for shopping cart types PHYSICAL and MIXED, optional for DIGITAL, ANONYMOUS_DONATION and AUTHORITIES_PAYMENT).
paydirektShippingEmail Optional String(255) Email address of the buyer (only for giropay and paydirekt payments, Mandatory for DIGITAL shopping carts, optional for all others)
paydirektMerchantOrderReferenceNumber Optional String(20) Only for giropay payments. Additional information for the payment reconciliation for giropay payments, that is shown in the purpose on bank statements (only for type=SALE). Only characters that conform to the SEPA specification (see SEPA compliant characters) are allowed.
paydirektCart Optional JSON String Only for giropay and paydirekt payments: All products in the shopping cart in the following format: Description of cart field
paydirektDeliveryType Optional String(12) Only for giropay payments. The destination of a shipment. The default value is STANDARD. Possible values:
STANDARD: The goods are delivered to an ordinary postal address.
PACKSTATION: The goods are delivered to a self-service parcel terminal.
STORE_PICKUP: The goods are collected from the store.
successUrl Optional String(2048) URL where the customer is redirected to after successful payment.
backUrl Optional String(2048) URL where the customer is redirected to after clicking the Back button.
failUrl Optional String(2048) URL where the customer is redirected to after a failed payment.
notifyUrl Optional String(2048) URL where the payment notification is sent to via server to server communication.
tds2Address optional String(50) For 3D Secure 2.0: Main address line (usually street and number) of the card holder's billing address, Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50. When specified, you must also specify the tds2-fields, except for tds2Optional.
tds2Postcode optional String(10) For 3D Secure 2.0: Postal code of the card holder's billing address, Format A-Z, a-z, 0-9, Blank, [-], max. 11. When specified, you must also specify the tds2-fields, except for tds2Optional.
tds2City optional String(50) For 3D Secure 2.0: City of the card holder's billing address, Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50. When specified, you must also specify the tds2-fields, except for tds2Optional.
tds2Country optional String(2) For 3D Secure 2.0: Country of the card holder's billing address, Format A-Z, max. 2. Zweibuchstabiges Länderkürzel nach dem aktuell gültigen Standard ISO 3166. When specified, you must also specify the tds2-fields, except for tds2Optional.
tds2Optional optional JSON String For 3D Secure 2.0: JSON-String that contains further optional fields. A complete list of the available fields can be found underneath this table under 3D Secure 2.0 Optional Fields (tds2Optional).
mandateReference optional String(35) mandate reference
if nothing is specified, a unique number is generated. The reply includes the mandate reference number.
  numbers: 0 – 9  
  characters: A – Z and a – z  
  special characters: & \ / = + , : ; . _ \ - ! ? 
mandateSignedOn optional String(10) date (YYYY-MM-DD), when the SEPA mandate was placed. If no date is specified the current date will be used.
mandateReceiverName optional String(70) name of the recipient. If nothing is specified companies name from the master data is used.
  numbers: 0 – 9  
  characters: A – Z and a – z  
  special characters: & / = + , : ; . _ - ! ? 
mandateSequence optional Integer Sequence type of the SEPA direct debit.
1 = single payment (default)
2 = first payment of a sequence
3 = recurring payment
4 = last payment of a sequence
informationText Optional String(300) Informational notification text that is displayed on the Payment Page right above the payment method selection. This text may contain certain HTML tags: <a> <em> <strong> <ul> <ol> <li> <dl> <dt> <dd>. It is important to know that - if the text contains an <a> tag - this link must include the protocol (http:// or https://) and also a target attribute (usually target=“_blank”), The maximum length of the text (excluding the tags) is 300.
The aspect of the information box can be customized a little, but this requires the creation of a custom design of the Payment Page for this particular customer. Please contact our support for more information about this.
kassenzeichen Optional String(255) Optional field that allows passing an additional reference/identifier for the transaction. This value is displayed inside GiroCockpit as part of the transaction details (and soon export) and a search for it is also supported there. Characters must comply with the UTF-8 character set.
qrcodeReturn Optional Integer Optional field that causes the generation of a QR code for the payment link. The code is then returned as a base64 encoded string (PNG image) in the return parameter “qrcode”. The value of qrcodeReturn is an integer between 1 and 20 and defines the size of the QR code (1=smallest size, 20=largest size).
hash Yes String(32) HMAC MD5 hash of all the parameter values in the call. See hash generation

SEPA compliant characters

In SEPA payments, according to Annex 3 of this document, only characters of the limited SWIFT Latin characters set are allowed:

  • a b c d e f g h i j k l m n o p q r s t u v w x y z
  • A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
  • 0 1 2 3 4 5 6 7 8 9
  • ' : ? , - ( + . ) / |
  • Space

Allowed description characters

The following characters are allowed in the description text (field description):

3D Secure 2.0 Optional Fields (tds2Optional)

This is a JSON formatted object that has a hierarchical structure (2 levels) and contains the following sub-objects:

Generally, the following fields (all optional) are available (fields in sub-objects are displayed as [sub-object name].[field]):

Name Type Description
email String(255) The card holder's email address, Format A-Z, a-z, 0-9, [_.+-@], max. 254.
addressesMatch Boolean Specifies if the shipping address and billing address are the same (true) or not (false). Not a sub-object but a field directly in the main object.
billingAddress
billingAddress.line2 String(50) Second line of the billing address. Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
billingAddress.line3 String(50) Third line of the billing address. Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
billingAddress.state String(3) Subdivision (state, province or the like) of a country according to ISO 3166-2. Format A-Z, max. 3.
shippingAddress
shippingAddress.line1 String(50) First line of the shipping address. Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
shippingAddress.line2 String(50) Second line of the shipping address. Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
shippingAddress.line3 String(50) Third line of the shipping address. Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
shippingAddress.postcode String(10) Postal code of the shipping address, Format A-Z, a-z, 0-9, Blank, [-], max. 11
shippingAddress.city String(50) City of the shipping address, Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
shippingAddress.state String(50) Subdivision (state, province or the like) of a country according to ISO 3166-2. Format A-Z, max. 3
shippingAddress.country String(2) Country of the shipping address, Format A-Z, max. 2. Two-letter country code according to the currently applicable standard ISO 3166.
homePhoneNumber
homePhoneNumber.country Integer Country code of the telephone number without leading zeroes. Format 0-9, max. 3. e.g. 49 for Germany.
homePhoneNumber.regional String(15) Telephone number without country code and without leading 0 (area code and local number). Format 0-9, max. 15, e.g. 73482984938.
mobilePhoneNumber
mobilePhoneNumber.country Integer Country code of the mobile phone number without leading zeroes. Format 0-9, max. 3. e.g. 49 for Germany.
mobilePhoneNumber.regional String(15) Telephone number without country code and without leading 0 (area code and local number). Format 0-9, max. 15, e.g. 73482984938.
workPhoneNumber
workPhoneNumber.country Integer Country code of the work phone number without leading zeroes. Format 0-9, max. 3. e.g. 49 for Germany.
workPhoneNumber.regional String(15) Telephone number without country code and without leading 0 (area code and local number). Format 0-9, max. 15, e.g. 73482984938.
cardholderAccountInfo
cardholderAccountInfo.accountAgeIndicator String(12) Indicates when the customer's payment account was created. Possible values: “never” - customer has no payment account, is e.g. shopping as a guest, “now” - customer created the payment account during the current shopping session, “less30” - payment account created less than 30 days ago, “more30less60” - payment account created at least 30 but less than 60 days ago, “more60” - payment account created at least 60 days ago.
cardholderAccountInfo.passwordChangeIndicator String(12) Indicates when the password of the customer account was changed the last time. Possible values: “never” - the customer never changed his password, “now” - password changed during the current shopping session, “less30” - password changed less than 30 days ago, “more30less60” - password changed at least 30 but less than 60 days ago, “more60” - password has not been chan- ged for at least 60 days.
cardholderAccountInfo.paymentAccountAgeIndicator String(12) Indicates when the customer's payment account was created. Possible values: “never” - customer has no payment account, is e.g. shopping as a guest, “now” - customer created the payment account during the current shopping session, “less30” - payment account created less than 30 days ago, “more30less60” - payment account created at least 30 but less than 60 days ago, “more60” - payment account created at least 60 days ago.
cardholderAccountInfo.accountChange String(12) Indicates when the customer account in the shop was last modified, e.g. address change or new payment data. Possible values: “now” - Customer has changed his account during the current purchase, “less30” - Account was modified less than 30 days ago, “more30less60” - Account was modified at least 30 days ago but less than 60 days ago, “more60” - Customer account hasn't been changed in at least 60 days.
cardholderAccountInfo.shippingAddressAgeIndicator String(12) Indicates when the customer first used the current shipping address. Possible values: “now” - customer uses shipping address for the first time, “less30” - shipping address first used less than 30 days ago, “more30less60” - shipping address first used at least 30 but less than 60 days ago, “more60” - shipping address first used at least 60 days ago.
cardholderAccountInfo.shippingNameIndicator String(9) Specifies if the card holder's name is the same as the name of the shipping address. Possible values: “identical” - names are identical, “different” - names are different.
cardholderAccountInfo.suspiciousAccountActivity Boolean Indicates if the shop experienced suspicious activities of the card holder (true) or not (false).
cardholderAccountInfo.provisioningDayCount Integer Number of “add card” attempts within the last 24 hours. Format 0-9, max. 3.
tdsMerchantRiskIndicators
tdsMerchantRiskIndicators.deliveryTimeframe String(14) Indicates when the customer will receive the merchandise. Possible values: “electronic” - immediate electronic delivery, “moreThanOneDay”, “over- night”, “sameDay”.
tdsMerchantRiskIndicators.deliveryEmailAddress String(254) Delivery email address of the customer in case of an electronic delivery. Format A-Z, a-z, 0-9, [_.+-@], max. 254.
tdsMerchantRiskIndicators.giftCardAmount Integer Amount of a gift card in major currency unit, e.g. 123,45 EUR is 123. Format 0-9, max. 10.
tdsMerchantRiskIndicators.giftCardCount Integer Total count of gift cards purchased. Format 0-9, max. 2.
tdsMerchantRiskIndicators.giftCardCurrency Integer Currency code of a gift card according to ISO 4217. Format A-Z, max. 3.
tdsMerchantRiskIndicators.preOrderDate Date In the case of a pre-ordered purchase: date when the merchandise is expected to be available.
tdsMerchantRiskIndicators.preOrderPurchaseIndicator String(9) Possible values: “available” - the merchandise is already available, “future” - the merchandise will be available in the future.
tdsMerchantRiskIndicators.reorderItemsIndicator String(9) Indicates if the customer is reordering previously purchased merchandise: “first” - first time ordered, “reordered”.
tdsMerchantRiskIndicators.shippingIndicator String(16) Specifies where the merchandise is delivered to. Possible values: “digital” - di- gital delivery, “billingAddress” - to the billing address, “differentAddress” - to a different address, “verifiedAddress” - to a verfied address, “store” - to a store, “other” - something else.
tdsRequestorAuthenticationInformation
tdsRequestorAuthenticationInformation.authenticationData String(2048) Authentication data of the customer. Format A-Z, a-z, 0-9 [!“#$%$'()*+,./:;⇔?@[\]^`{|}~-], max. 2048
tdsRequestorAuthenticationInformation.authenticationTimestamp DateTime Date and time when the customer authenticated in the shop. Format JJJJ-MM-TTTHH:mm:ss
tdsRequestorAuthenticationInformation.authenticationMethod String(17) Specifies how the customer authenticated to the shop. Possile values: “none” - not at all, e.g. the customer is shopping as a guest, “ownCredentials” - the customer authenticated with his credentials, e.g. login name and password, “federatedId”, “issuerCredentials”, “thirdParty”, “fido”, “fidoSigned”, “srcAs- surance”.
tdsTransactionAttributes
tdsTransactionAttributes.purchaseInstalmentData Integer Maximum number of authorisations permitted for instalment payments. Format 0-9, max. 3, Wert muss > 1 sein.
tdsTransactionAttributes.recurringExpiry Date Date after which no further authorisations shall be carried out. Format YYYY-MM-DD.
tdsTransactionAttributes.recurringFrequency Integer Minimum number of days between authorisations. Format 0-9, max. 4.
tdsTransactionAttributes.type String(17) Type of 3-D Secure 2.0 payment. Possible values: “purchase”, “checkAccep- tance”, “accountFunding”, “quasiCash”, “prepaidActivation”.
Example of a tds2Optional string (formatted for demonstration purposes, should normally be specified in one line)
{
  "email": "myemail@example.com",
  "addressesMatch": "false",
  "billingAddress": {
    "line2": "Beim Nachbarn klingeln",
    "line3": "zw. 22-24 Uhr",
    "state": "BW"
  },
  "shippingAddress": {
    "city": "Berlin",
    "country": "DE",
    "line1": "Unter den Linden 1",
    "line2": "Brandenburger Tor",
    "line3": "(linker Bogen)",
    "state": "BER"
  },
  "homePhoneNumber": {
    "country": "49",
    "regional": "75519209309"
  },
  "mobilePhoneNumber": {
    "country": "49",
    "regional": "17093902978"
  },
  "workPhoneNumber": {
    "country": "49",
    "regional": "8938928938"
  },
  "cardholderAccountInfo": {
    "accountAgeIndicator": "more30less60",
    "passwordChangeIndicator": "never",
    "paymentAccountAgeIndicator": "less30",
    "accountChange": "now",
    "shippingAddressAgeIndicator": "more60",
    "shippingNameIndicator": "different",
    "suspiciousAccountActivity": "false",
    "provisioningDayCount": 10
  },
  "tdsMerchantRiskIndicators": {
    "deliveryTimeframe": "overnight",
    "deliveryEmailAddress": "hans-mueller@example.com",
    "giftCardAmount": 0,
    "giftCardCount": 2,
    "giftCardCurrency": "EUR",
    "preOrderDate": "2020-12-20",
    "preOrderPurchaseIndicator": "available",
    "reorderItemsIndicator": "first",
    "shippingIndicator": "store"
  },
  "tdsRequestorAuthenticationInformation": {
    "authenticationData": "123Hdajkd/dasjdkk",
    "authenticationTimestamp": "2020-11-09T12:09:09",
    "authenticationMethod": "ownCredentials"
  },
  "tdsTransactionAttributes": {
    "purchaseInstalmentData": 2,
    "recurringExpiry": "2020-11-30",
    "recurringFrequency": 1234,
    "type": "quasiCash"
  }
}
Example
curl -d "merchantId=1234567" \
     -d "projectId=1234" \
     -d "merchantTxId=1234567890" \
     -d "amount=100" \
     -d "currency=EUR" \
     -d "purpose=Beispieltransaktion" \
     -d "description=Fahrradleuchte klein" \
     -d "type=SALE" \
     -d "locale=de" \
     -d "paymethods=1,2,6,11,14" \
     -d "test=1" \
     -d "successUrl=http://www.my-domain.de/girocheckout/success" \
     -d "backUrl=http://www.my-domain.de/girocheckout/back" \
     -d "failUrl=http://www.my-domain.de/girocheckout/fail" \
     -d "notifyUrl=http://www.my-domain.de/girocheckout/notify" \
     -d "hash=9d7cc3729790bfdbe68a7156bb4d386b" \
     https://payment.girosolution.de/girocheckout/api/v2/paypage/init

Response

The response consists of a JSON object. The field rc returns an error code. If rc = 0 is returned, the transaction was successfully initialized. As a response, you receive a reference number for the payment page and the redirect URL that leads to the form.

Parameters
Name Mandatory Type Description
rc Yes Integer Error codes
msg Yes String(255) Additional information in case of an error
reference Optional String(36) Unique payment page ID
url Optional String(255) URL to the payment page, that the customer is to be redirected to.
qrcode Optional String Base64 encoded string, that contains a PNG image file with the QR code of the URL (see previous field). This field is only present when the parameter “qrcodeReturn” is specified during initialization. The size of the QR code is defined by a numerical value of 1-20 given in qrcodeReturn.
HEADER Parameters
hash Yes String(32) HMAC MD5 hash of all values of the response. See hash on response
Example in case of success

hash : 6c4da0504e8e6a359c7f2df86cb5318d

{"reference":"4f88b6c8-6209-4c96-a450-b6de22633f6b","url":"http:\/\/pay.girosolution.de\/v1\/paypage\/en\/EG-ddvXSrAHmXRClBeamKGAyzXU-uAYbNYFLQ3uz_zj_J4rYCb0GIrWIQ-H_g8h3_-yf3WvSenh2Dg6TLhmTAA","rc":0,"msg":""}
Example in case of failure

hash : f55ce87e132ebb7eb20004c6b186ce09

{"reference":null,"redirect":null,"rc":5030,"msg":"Betrag ungültig"}

cart field

JSON array with item objects:

Name Mandatory Type Description
name Yes String(100) Article name
ean Optional String(100) International artical number (EAN or GTIN)
quantity Yes Integer Article quantity (integer)
grossAmount Optional Integer Gross amount of the article (price of each unit, if more than one), Bruttobetrag des Artikels, for currencies that use decimals, specify amount in the smallest unit, e.g. Cent, Penny
Example
[ {
    "name" : "Bobbycar",
    "ean" : "800001303",
    "quantity" : 3,
    "grossAmount" : 2599
  }, {
    "name" : "Helm",
    "quantity" : 1,
    "grossAmount" : 1853
  } ]

Notification about transaction result

The result of a transaction is transmitted on 2 parallel paths. The notification and the redirect.

Notification

The first communication path is a host to host message sent to the URL specified in the parameter notifyUrl. This notification is used to inform the merchant about the result of the transaction, even if the buyer does not return to the shop page. This information can and should be used to update the transaction status in the shop. The result of the transaction can be found in the field gcResultPayment.

Request

URL: notifyUrl from the payment page initialization
Provided by: Merchant
Called by: GiroCheckout
Method: GET

Name Mandatory Type Description
gcPaymethod Yes Integer ID of the payment method of the transaction, see Payment methods
gcType Yes String(4) Transaction type:
SALE
AUTH
gcProjectId Yes String(10) GiroCheckout project ID used for the transaction.
gcReference Yes String(36) GiroCheckout transaction ID
gcMerchantTxId Yes String(255) Merchant transaction ID
gcBackendTxId Yes String(36) Payment processor transaction ID
gcAmount Yes Integer For currencies with decimals, specify the amount in the smallest currency unit, such as Cent, Penny
gcCurrency Yes String(3) Currency
gcResultPayment Yes Integer Payment result codes
gcPkn Optional String(50) Pseudo card number if pkn is active
gcCardnumber Optional String(19) Masked credit card number if pkn is active
gcCardExpDate Optional String(8) Credit card expiration date in the format month/year if pkn is active
gcAccountHolder Optional String(255) Account holder for direct debit if pkn is active
gcIban Optional String(36) IBAN for direct debit if pkn is active
gcHash Yes String(32) HMAC MD5 hash on all values of the call. See hash generation

Redirect

The second communication path is the redirection of the buyer within his/her browser to one of the three redirection URLs specified during initialization:

The success and fail URL are called via the POST method and obtain the same parameters specified for the notification above. In case of the backUrl no payment method has been chosen yet and no transaction has been initialized, so in case of this URL it is only a regular browser redirect without further parameters.

Other transaction types

These transactions reference a previous transaction. They are based on a server to server communication and require no customer interaction (data entry). In the case of the payment page, please bear in mind that these transaction types (capture and refund) will refer to the underlying transaction carried out previously and therefore the action is only admissible if the corresponding payment method supports this.

Example:

If a payment link is used to pay an invoice and the customer chooses the payment method creditcard, this transaction may later be refunded through the use of the payment page transaction reference number. If the initial transaction was an authorization (reservation), the same reference number may be used to trigger the capture of the reserved amount. However, if the customer made the payment with giropay instead, where there is no reservation or refund, these attempts will be denied with an error message.

Furthermore it is important to be aware that depending on how the payment or donation page was initialized (especially regarding the single parameter), there may be several payments that were completed through the page. In this case, where more than one successful payment is associated to the payment page reference number, the optional parameter 'txreference' must be specified, that will then contain the precise reference number of the payment transaction. Remember that this number is returned in both notification and redirect of the payment transaction in the parameters 'gcReference' and 'reference', respectively).

Provided by: GiroCheckout
Called by: Merchant

Workflow

ShopGiroCheckoutCredit Card Processor1 2 3 4 (c)2022 by S-Public Services GmbH

  1. Shop sends reference to previous credit card transaction
  2. GiroCheckout sends transaction to credit card processor
  3. credit card processor transmits result to GiroCheckout
  4. Shop receives reply on transaction outcome (Notification)

Capture

When booking, the customer account is debited with an amount and the merchant account is credited. This model is based on the assumption that the associated business case has been completed, e.g. a shopping cart was offered, ordered and delivered to the customer.

  • Condition: only reserved transactions may be booked
  • Amount ⇐ Reservation amount
  • Partial bookings are possible

Refund

A refund is to be used when a previous payment is to be returned fully or partially to the customer.

  • Condition: may only be applied to the following transaction types:
    • Reservation
    • Reservation/Booking
  • Amount ⇐ Transaction amount of the previous transaction

POST Parameters

URL CAPTURE: https://payment.girosolution.de/girocheckout/api/v2/transaction/capture
URL REFUND: https://payment.girosolution.de/girocheckout/api/v2/transaction/refund

Name Mandatory Type Description
merchantId yes Integer Merchant ID
projectId yes Integer Project ID
merchantTxId yes String(255) Unique transaction id of the merchant. Allowed characters: any letters (incl. language-specific special characters such as German Umlauts), 0-9, symbols & = + , : ; . _ ! ? # /
amount yes Integer If a decimal currency is used, the amount has to be in the smallest unit of value, e.g. Cent, Penny
currency yes String(3) Currency according to ISO 4217.
EUR = Euro
reference yes String(36) GiroCheckout transaction ID from a previous transaction, which the capture or refund is for
purpose optional String(27) Purpose of the refund or capture. This information is printed on the credit card statement.
hash yes String(32) HMAC MD5 hash on the complete call. See hash generation
Example
curl -d "merchantId=1234567" \
     -d "projectId=1234" \
     -d "merchantTxId=1234567890" \
     -d "amount=100" \
     -d "currency=EUR" \
     -d "reference=fb70602d-c137-4413-8432-7dcc69a9d891" \
     -d "hash=edb7459114db25c2991d1783d4ab5388" \
     https://payment.girosolution.de/girocheckout/api/v2/transaction/capture

Reply

The reply is a JSON encoded string. The field rc contains the response code. If it is 0 the transaction was successfully initialized. The response also includes a transaction id and other information about the transaction.

Parameters
Name Mandatory Type Description
rc yes Integer response code
msg yes String(255) Additional information about the response code
reference yes String(36) Unique GiroCheckout transaction ID
merchantTxId yes String(255) Unique transaction id of the merchant
backendTxId yes String(36) Payment processor transaction ID
amount yes Integer If a decimal currency is used, the amount has to be in the smallest unit of value, e.g. Cent, Penny
currency yes String(3) Currency
resultPayment yes Integer Payment result codes
HEADER parameter
hash yes String(32) HMAC MD5 hash on the complete JSON string. (see api call reply)
Example in case of success
{"reference":"7f18859d-7246-4181-8fb5-30ce7958f309","referenceParent":"5a101478-df14-4a79-86af-f743784c2c24","merchantTxId":"58e39be91fce8","backendTxId":"1196307_01","amount":"100","currency":"EUR","resultPayment":"4000","rc":0,"msg":""}
Example in case of error
{"reference":null,"referenceParent":null,"merchantTxId":null,"backendTxId":null,"amount":null,"currency":null,"resultPayment":"5200","rc":0,"msg":"Transaktion nicht akzeptiert"}