Girocheckout API

User Tools

Site Tools

Trace:

Sidebar

Introduction

Integration

Basics

Apple Pay
Bluecode
Credit Card
Direct Debit
Direktüberweisung
eps
Google Pay
iDEAL
Klarna
Maestro
Payment Page
PayPal

Tools

Error codes
Result codes
Test data

SDK

PHP SDK
Java SDK
.NET SDK

Others

API Change log
Plugins Changelog

Imprint
Privacy policy
S-Public Services GmbH

Translations of this page:
en:girocheckout:creditcard_3ds2:start

This is an old revision of the document!

Table of Contents

Credit Card 3D Secure 2.0

This is the future version of the creditcard API that includes the new fields for 3D Secure 2.0. This API is not yet available for testing on our server! These docs are only a preview of the upcoming API.

New in these docs are mostly the fields whose names start with “tds2”, see transaction initialization below.

The parameters related to 3D Secure 2.0 are subject to changes due to modifications in the EMVCo 3-D Secure specs.

Test data

Transaction types

Detailed information on the transaction types.

Reservation (AUTH)

A reservation is to be used when the actual fulfillment of an order takes place at a later time, but the order amount for the presented card (for credit card transactions) or the given account information (for Paydirekt payments and others) needs to be authorized beforehand at the time of the order. Once the reservation period has expired, the reservation is either booked or voided.

  • initial Transaction

AUTHCAPTUREVOIDREFUND

Sale

Use sale when the business case is complete, e.g. a shopping cart was offered, ordered and delivered to the customer. The customer's payment method is debited with the amount of the sale.

  • initial Transaction

SALEREFUNDVOID

Initialize credit card payment

After a successful initialization the merchant receives a reference number and a redirect link. The redirect link leads to the payment page. The customer (buyer) must be redirected to this link. This can be achieved by an HTTP redirect header, an HTML page with a corresponding meta tag or a JavaScript redirect.

Provided by: GiroCheckout
Called by: merchant

Workflow

CustomerShopGiroCheckoutCredit Card ProcessorCustomerShopGiroCheckoutCredit Card Processor1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (c)2016 by GiroSolution AG

  1. Buyer selects payment type “credit card”
  2. Shop initializes credit card transaction (Initialization)
  3. GiroCheckout initializes transaction at CC processor
  4. Credit card processor transmits result to GiroCheckout
  5. Shop receives response about transaction outcome (transaction ends in case of error)
  6. Shop sends redirect URL to customer browser
  7. Customer browser redirects to credit card processor
  8. Credit card processor displays payment form
  9. Customer authorizes transaction
  10. Credit card processor carries out transaction
  11. Credit card processor transmits result to GiroCheckout
  12. GiroCheckout notifies Shop about transaction outcome (Notification)
  13. Shop processes transaction outcome
  14. Shop sends HTTP status code to GiroCheckout
  15. GiroCheckout sends merchant redirect (return to merchant page) to Credit card processor
  16. Customer clicks “Back to shop” (Return)

API functions

Overview

As shown in the workflow, different API calls are involved in a credit card transaction. During the payment process a 3D-Secure check may be applied as well, but this depends solely on the credit card issuing institute and does not affect merchant or PSP in any way.

  1. Initialize transaction
  2. 3D-Secure check (optional)
  3. Payment result notification to merchant
  4. Buyer redirection to the merchant (triggered by buyer)

Reservation/Sale

POST parameters

Name Mandatory Type Description
merchantId yes Integer merchant ID
projectId yes integer project ID
merchantTxId yes String(255) unique transaction id of the merchant
amount yes Integer if a decimal currency is used, the amount has to be in the smallest unit of value, eg. Cent, Penny
currency yes String(3) currency
EUR = Euro
purpose yes String(27) purpose
type optional String(4) transaction type (see Transaction types)
SALE = Immediate booking (default)
AUTH = Reservation of amount
locale optional String(4) language of the credit card payment page
de = German (default)
en = English
es = Spanish
fr = French
it = Italian
ja = Japanese
pt = Portuguese
nl = Dutch
cs = Czech
sv = Swedish
da = Danish
pl = Polish
spde = German donation
spen = English donation
de_DE_stadtn = German communes
mobile optional Boolean optimised payment page for mobile devices
0 = no (default)
1 = yes
pkn optional String(50) This field is used process a transaction without re-entering the card data.
create = generate a new pseudo card number
[pseudo card number] = pkn of the masked card data (see pseudo card number)
recurring optional Boolean recurring payment
0 = no (default)
1 = yes
urlRedirect yes String URL, where the buyer has to be sent after payment
urlNotify yes String URL, where the notification has to be sent after payment
tds2Address optional String For 3D Secure 2.0: Main address line (usually street and number) of the card holder's billing address, Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50. When specified, you must also specify the tds2-fields, except for tds2Optional.
tds2Postcode optional String For 3D Secure 2.0: Zip code of the card holder's billing address, Format A-Z, a-z, 0-9, Blank, [-], max. 11. When specified, you must also specify the tds2-fields, except for tds2Optional.
tds2City optional String For 3D Secure 2.0: City of the card holder's billing address, Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50. When specified, you must also specify the tds2-fields, except for tds2Optional.
tds2Country optional String For 3D Secure 2.0: Country of the card holder's billing address, Format A-Z, max. 2. Zweibuchstabiges Länderkürzel nach dem aktuell gültigen Standard ISO 3166. When specified, you must also specify the tds2-fields, except for tds2Optional.
tds2Email optional String For Secure 2.0: The card holder's email address, Format A-Z, a-z, 0-9, [_.+-@], max. 254. When specified, you must also specify the tds2-fields, except for tds2Optional.
tds2Optional optional String For 3D Secure 2.0: JSON-String that contains further optional fields. A complete list of the available fields can be found underneath this table under 3D Secure 2.0 Optional Fields (tds2Optional).
hash yes String HMAC MD5 hash (see hash generation)

3D Secure 2.0 Optional Fields (tds2Optional)

This is a JSON formatted object that has a hierarchical structure (2 levels) and contains the following sub-objects:

  • billingAddress
  • shippingddress
  • homePhoneNumber
  • mobilePhoneNumber
  • workPhoneNumber
  • cardholderAccountInfo
  • tdsMerchantRiskIndicators
  • tdsRequestorAuthenticationInformation
  • tdsTransactionAttributes
  • tdsBrowserData
  • tdsCommunicationData

Generally, the following fields (all optional) are available (fields in sub-objects are displayed as [sub-object name].[field]):

Name Type Description
addressesMatch Boolean Lieferadresse entspricht Rechnungsadresse, ja=“true”, nein=“false”, kein Unterobjekt sondern Feld direkt im Hauptobjekt.
billingAddress
billingAddress.line2 String Zeile 2 der Rechnungsadresse. Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
billingAddress.line3 String Zeile 3 der Rechnungsadresse. Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
billingAddress.state String Bundesland der Rechnungsadresse o.ä. Format A-Z, max. 3, Kürzel gemäß ISO 3166-2
shippingAddress
shippingAddress.line1 String Zeile 1 der Lieferadresse. Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
shippingAddress.line2 String Zeile 2 der Lieferadresse. Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
shippingAddress.line3 String Zeile 3 der Lieferadresse. Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
shippingAddress.postcode String Postleitzahl der Lieferadresse, Format A-Z, a-z, 0-9, Blank, [-], max. 11
shippingAddress.city String Ort der Lieferadresse, Format A-Z, a-z, 0-9, Blank, [-/().,&'], max. 50
shippingAddress.state String Bundesland der Lieferadresse o.ä. Format A-Z, max. 3, Kürzel gemäß ISO 3166-2
shippingAddress.country String Land der Lieferadresse, Format A-Z, max. 2. Zweibuchstabiges Länderkürzel nach dem aktuell gültigen Standard ISO 3166.
homePhoneNumber
homePhoneNumber.country Integer Ländervorwahl der Heim-Telefonnummer, Format 0-9, max. 3. z.B. 49 für Deutschland.
homePhoneNumber.regional String Rest der der Heim-Telefonnummer, Format 0-9, max. 15, ohne führende Nullen, z.B. 73482984938.
mobilePhoneNumber
mobilePhoneNumber.country Integer Ländervorwahl der Mobil-Telefonnummer, Format 0-9, max. 3. z.B. 49 für Deutschland.
mobilePhoneNumber.regional String Rest der der Mobil-Telefonnummer, Format 0-9, max. 15, ohne führende Nullen, z.B. 73482984938.
workPhoneNumber
workPhoneNumber.country Integer Ländervorwahl der Arbeits-Telefonnummer, Format 0-9, max. 3. z.B. 49 für Deutschland.
workPhoneNumber.regional String Rest der der Arbeits-Telefonnummer, Format 0-9, max. 15, ohne führende Nullen, z.B. 73482984938.
cardholderAccountInfo
cardholderAccountInfo.accountAgeIndicator String Alter des Kundenkontos. Mögliche Werte: “never” - Kunde hat kein Kundenkonto, kauft z.B. als Gast ein, “now” - Kunde hat während des aktuellen Einkaufs ein Konto angelegt, “less30” - Konto ist weniger als 30 Tage alt, “more30less60” - Konto ist mindestens 30 aber weniger als 60 Tage alt, “more60” - Kundenkonto ist mindestens 60 Tage alt.
cardholderAccountInfo.passwordChangeIndicator String Gibt an, wann das Passwort des Kundenkontos zuletzt geändert oder zurückgesetzt wurde. Mögliche Werte: “never” - Kunde hat nie sein Passwort geändert, “now” - Kunde hat während des aktuellen Einkaufs sein Passwort geändert, “less30” - Passwort wurde vor weniger als 30 Tagen geändert, “more30less60” - Passwort wurde vor mindestens 30 aber weniger als 60 Tagen geändert, “more60” - Passwort wurde seit mindestens 60 Tagen nicht geändert.
cardholderAccountInfo.paymentAccountAgeIndicator String Gibt an, wann das Zahlungskonto des Kunden angelegt wurde. Mögliche Werte: “never” - Kunde hat kein Zahlungskonto, kauft z.B. als Gast ein, “now” - Kunde hat das Zahlungskonto während des aktuellen Einkaufs angelegt, “less30” - Zahlungskonto wurde vor weniger als 30 Tagen angelegt, “more30less60” - Zahlungskonto wurde vor mindestens 30 aber weniger als 60 Tagen angelegt, “more60” - Zahlungskonto wurde vor mindestens 60 Tagen angelegt.
cardholderAccountInfo.accountChange String Gibt an, wann das Kundenkonto im Shop zuletzt geändert wurde, z.B. Adressänderung oder neue Zahlungsdaten. Mögliche Werte: “now” - Kunde hat während des aktuellen Einkaufs sein Konto geändert, “less30” - Konto wurde vor weniger als 30 Tagen geändert, “more30less60” - Konto wurde vor mindestens 30 aber weniger als 60 Tagen geändert, “more60” - Kundenkonto wurde seit mindestens 60 Tagen nicht geändert.
cardholderAccountInfo.shippingAddressAgeIndicator String Gibt an, wann der Kunde die aktuelle Lieferadresse zum ersten Mal benutzt hat. Mögliche Werte: “now” - Kunde benutzt die Lieferadresse zum ersten Mal, “less30” - Lieferadresse wurde vor weniger als 30 Tagen zum ersten Mal benutzt, “more30less60” - Lieferadresse wurde vor mindestens 30 aber weniger als 60 Tagen zuerst benutzt, “more60” - Lieferadresse wurde vor mindestens 60 Tagen zuerst benutzt.
cardholderAccountInfo.shippingNameIndicator String Gibt an, ob der Name des Karteninhabers und der Name der Lieferadresse identisch sind. Mögliche Werte: “identical” - Namen sind identisch, “different” - Namen sind unterschiedlich.
cardholderAccountInfo.suspiciousAccountActivity Boolean Gibt an, ob für diesen Kunden verdächtige Aktivitäten beobachtet wurden. Mögliche Werte: “false” - nein, “true” - ja.
cardholderAccountInfo.provisioningDayCount Integer Anzahl der “Karte hinzufügen” Versuche in den letzten 24 Stunden. Format 0-9, max. 3.
tdsMerchantRiskIndicators
tdsMerchantRiskIndicators.deliveryTimeframe String Zeitraum, in dem die Ware an den Kunden geliefert wird. Mögliche Werte: “electronic” - sofortige elektronische Lieferung, “moreThanOneDay” - mehr als ein Tag, “overnight” - über Nacht, “sameDay” - am selben Tag.
tdsMerchantRiskIndicators.deliveryEmailAddress String Liefer-E-Mail-Adresse des Kunden im Fall einer elektronischen Lieferung. Format A-Z, a-z, 0-9, [_.+-@], max. 254.
tdsMerchantRiskIndicators.giftCardAmount Integer Betrag der Geschenkkarte in größter Währungseinheit, z.B. 123 bei 123,45 EUR. Format 0-9, max. 10.
tdsMerchantRiskIndicators.giftCardCount Integer Anzahl der gekauften Geschenkkarten. Format 0-9, max. 1.
tdsMerchantRiskIndicators.giftCardCurrency Integer Währungscode der Geschenkkarte gemäß ISO 4217. Format A-Z, max. 3.
tdsMerchantRiskIndicators.preOrderDate Date Im Fall einer Vorbestellung: Datum, an dem die Ware voraussichtlich verfügbar ist. Format JJJJ-MM-TT.
tdsMerchantRiskIndicators.preOrderPurchaseIndicator String Mögliche Werte: “available” - die Ware ist bereits verfügbar, “future” - die Ware ist erst in der Zukunft verfügbar.
tdsMerchantRiskIndicators.reorderItemsIndicator String Gibt an, ob der Kunde Artikel bereits zuvor bestellt hat. Mögliche Werte: “first” - erste Bestellung, “reordered” - erneute Bestellung.
tdsMerchantRiskIndicators.shippingIndicator String Gibt an, wohin die Ware geliefert wird. Mögliche Werte: “digital” - digitale Lieferung, “billingAddress” - an die Rechnungsadresse, “differentAddress” - an eine andere Adresse, “verifiedAddress” - an eine geprüfte Adresse, “store” - in ein Geschäft, “other” - sonstiges.
tdsRequestorAuthenticationInformation
tdsRequestorAuthenticationInformation.authenticationData String Authentifizierungsdaten des Kunden. Format A-Z, a-z, 0-9 [!“#$%$'()*+,./:;⇔?@[\]^`{|}~-], max. 2048
tdsRequestorAuthenticationInformation.authenticationTimestamp DateTime Datum und Uhrzeit, wann sich der Kunde im Shop authentifiziert hat. Format JJJJ-MM-TTTHH:mm:ss
tdsRequestorAuthenticationInformation.authenticationMethod String Gibt an, wie sich der Kunde in Ihrem Shop authentifiziert hat. Mögliche Werte: “none” - gar nicht, z.B. Kunde kauft als Gast ein, “ownCredentials” - Kunde ist mit seinen Daten, z.B. Login-Name und Passwort angemeldet, “federatedId” - föderierte Identität, “issuerCredentials”, “thirdParty”, “fido”, “fidoSigned”, “srcAssurance”.
tdsTransactionAttributes
tdsTransactionAttributes.purchaseInstalmentData Integer Maximal erlaubte Anzahl von Autorisierungen bei Ratenzahlungen. Format 0-9, max. 3, Wert muss > 1 sein.
tdsTransactionAttributes.recurringExpiry Date Datum, nach dem keine weiteren Autorisierungen mehr stattfinden sollen. Format JJJJ-MM-TT.
tdsTransactionAttributes.recurringFrequency Integer Minimale Anzahl von Tagen zwischen zwei Autorisierungen. Format 0-9, max. 4.
tdsTransactionAttributes.type String Art der 3-D Secure 2.0 Zahlung. Mögliche Werte: “purchase” - Einkauf, “checkAcceptance”, “accountFunding”, “quasiCash”, “prepaidActivation”.
tdsBrowserData
tdsBrowserData.browserAcceptHeader String “Accept” HTTP-Header des Browsers des Kunden. Format A-Z, a-z, 0-9, [/;=-], max. 80.
tdsBrowserData.browserColorDepth Integer Farbtiefe des Browsers des Kunden in Bit. Gültige Werte: 1, 4, 8, 15, 16, 24, 32, 48.
tdsBrowserData.browserIP String IP-Adresse (IPv4 oder IPv6) des Browsers des Kunden. Format A-Z, a-z, 0-9, [.:], max. 39.
tdsBrowserData.browserJavaEnabled Boolean Gibt an, ob im Browser des Kunden Java aktiv ist (true) oder nicht (false).
tdsBrowserData.browserJavaScriptEnabled Boolean Gibt an, ob im Browser des Kunden JavaScript aktiv ist (true) oder nicht (false).
tdsBrowserData.browserLanguage String Sprache des Browsers des Kunden. Format A-Z, a-z, [-], Max. 8., Bsp. en-US
tdsBrowserData.browserScreenHeight Integer Höhe des Bildschirms des Kunden in Pixeln. Format 0-9, Max. 6.
tdsBrowserData.browserScreenWidth Integer Breite des Bildschirms des Kunden in Pixeln. Format 0-9, Max. 6.
tdsBrowserData.browserTimeZone Integer Differenz in Minuten zwischen der Zeitzone des Kunden und UTC. Wird von der JavaScript-Methode getTimezoneOffset() zurückgegeben. Format 0-9, [-], Max. 5.
tdsBrowserData.browserUserAgent String “User-Agent” HTTP-Header des Browsers des Kunden. Format A-Z, a-z, Blank, [().:;/,_-], Max. 2048.
tdsCommunicationData
tdsCommunicationData.cResNotificationURL String URL des Shops, an welche der ACS die CRes-Nachricht senden soll. Format A-Z, a-z, 0-9, [:./-?;&=%], Max. 2048.
tdsCommunicationData.methodNotificationURL String URL des Shops, an welche der ACS die Benachrichtigung über die „3DS Method“ senden soll. Format A-Z, a-z, 0-9, [:./-?;&=%], Max. 2048.
tdsCommunicationData.challengeWindowSize String Größe des Fensters, das dem Kunden zur Autorisierung einer 3-D Secure 2.0 Zahlung angezeigt werden soll. Falls nicht angegeben wird “FullScreen” angenommen. Format: Einer der Werte “size250x400”, “size390x400”, “size500x600”, “size600x400”, “FullScreen”
Example of a tds2Optional string (formatted for demonstration purposes, should normally be specified in one line)
{
  "addressesMatch": "false",
  "billingAddress": {
    "line2": "Beim Nachbarn klingeln",
    "line3": "zw. 22-24 Uhr",
    "state": "BW"
  },
  "shippingAddress": {
    "city": "Berlin",
    "country": "DE",
    "line1": "Unter den Linden 1",
    "line2": "Brandenburger Tor",
    "line3": "(linker Bogen)",
    "state": "BER"
  },
  "homePhoneNumber": {
    "country": "49",
    "regional": "75519209309"
  },
  "mobilePhoneNumber": {
    "country": "49",
    "regional": "17093902978"
  },
  "workPhoneNumber": {
    "country": "49",
    "regional": "8938928938"
  },
  "cardholderAccountInfo": {
    "accountAgeIndicator": "more30less60",
    "passwordChangeIndicator": "never",
    "paymentAccountAgeIndicator": "less30",
    "accountChange": "now",
    "shippingAddressAgeIndicator": "more60",
    "shippingNameIndicator": "different",
    "suspiciousAccountActivity": "false",
    "provisioningDayCount": 10
  },
  "tdsMerchantRiskIndicators": {
    "deliveryTimeframe": "overnight",
    "deliveryEmailAddress": "hans-mueller@example.com",
    "giftCardAmount": 0,
    "giftCardCount": 2,
    "giftCardCurrency": "EUR",
    "preOrderDate": "2020-12-20",
    "preOrderPurchaseIndicator": "available",
    "reorderItemsIndicator": "first",
    "shippingIndicator": "store"
  },
  "tdsRequestorAuthenticationInformation": {
    "authenticationData": "123Hdajkd/dasjdkk",
    "authenticationTimestamp": "2020-11-09T12:09:09",
    "authenticationMethod": "ownCredentials"
  },
  "tdsTransactionAttributes": {
    "purchaseInstalmentData": 2,
    "recurringExpiry": "2020-11-30",
    "recurringFrequency": 1234,
    "type": "quasiCash"
  },
  "tdsBrowserData": {
    "browserAcceptHeader": "anything",
    "browserColorDepth": 24,
    "browserIP": "192.168.0.43",
    "browserJavaEnabled": "true",
    "browserJavaScriptEnabled": "true",
    "browserLanguage": "en-US",
    "browserScreenHeight": 2048,
    "browserScreenWidth": 4096,
    "browserTimeZone": "120",
    "browserUserAgent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
  },
  "tdsCommunicationData": {
    "cResNotificationURL": "https://www.example.com/resnot.php?param1=value1¶m2=value2",
    "methodNotificationURL": "https://www.example.com/methnot.php?param1=value1¶m2=value2",
    "challengeWindowSize": "FullScreen"
  }
}
Example of a transaction initialization
curl -d "merchantId=1234567" \
     -d "projectId=1234" \
     -d "merchantTxId=1234567890" \
     -d "amount=100" \
     -d "currency=EUR" \
     -d "purpose=Beispieltransaktion" \
     -d "locale=de" \
     -d "mobile=0" \
     -d "pkn=create" \
     -d "recurring=0" \
     -d "urlRedirect=http://www.my-domain.de/girocheckout/redirect" \
     -d "urlNotify=http://www.my-domain.de/girocheckout/notify" \
     -d "hash=26fbe72bcc0b7cd0b024b2282e974583" \
     https://payment.girosolution.de/girocheckout/api/v2/transaction/start

Reply

The reply is a JSON encoded string. The field rc contains the response code. If it is 0 the transaction was successfully initialized. The response also includes a transaction id and a redirect URL to the payment page.

Parameters
Name Mandatory Type Description
rc yes Integer response code
msg yes String additional information about the response code
reference optional String unique GiroCheckout transaction ID
redirect optional String redirect URL to the payment page
HEADER parameter
hash yes String HMAC MD5 hash on the complete JSON string. (see api call reply)
Example in case of success
{"reference":"6d2d31b6-c23f-47c4-8f6c-1a0495f35f0f","redirect":"https://testmerch.directpos.de/web-api/SSLPayment.po?n=wrlIRO9O30S4NNAO9h6uHwhyWibDFKUWeoWy7mPLDDyZ","rc":"0","msg":""}
Example in case of error
{"reference":null,"redirect":null,"rc":5030,"msg":"Betrag ungültig"}

Notification about the payment result

The result of an initialized transaction will be submitted to the merchant through URL specified in the urlNotify parameter. This notification should be used to update the order status in the merchant's system.

The result of the payment is contained in the field gcResultPayment.

Request

URL: notifyUrl of the previous init transaction call
Provided by: Merchant
Called by: GiroCheckout

GET parameters
Name Mandatory Type Description
gcReference yes String unique GiroCheckout transaction ID
gcMerchantTxId yes String merchant transaction ID
gcBackendTxId yes String payment processor transaction ID
gcAmount yes Integer if a decimal currency is used, the amount has to be in the smallest unit of value, eg. Cent, Penny
gcCurrency yes String currency
gcResultPayment yes Integer Payment result codes
gcHash yes String HMAC MD5 hash (see hash generation)

Reply

As a reply to the GET request, one of the following HTTP status codes is expected.

HTTP status code Description
200 (OK) The notification was processed correctly.
400 (Bad Request) The merchant did not process the notification and does not wish to be notified again.
All others The notification is repeated no more than 10 times every 30 minutes until the merchant returns the status code 200 or 400.

Redirection of the customer to merchant

After completing the payment, the customer may return to the merchant through a link. This return only happens once the customer clicks the “cancel” or “return to shop” button and is not done automatically.

Request

URL: redirectUrl of the previous init transaction call
Provided by: Merchant
Called by: GiroCheckout

GET parameters
Name Mandatory Type Description
gcReference yes String unique GiroCheckout transaction ID
gcMerchantTxId yes String merchant transaction ID
gcBackendTxId yes String payment processor transaction ID
gcAmount yes Integer if a decimal currency is used, the amount has to be in the smallest unit of value, e.g. Cent, Penny
gcCurrency yes String Currency
gcResultPayment yes Integer Payment result codes
gcHash yes String HMAC MD5 hash (see hash generation)

Other transaction types

These transactions reference a previous transaction. They are based on a server to server communication and require no customer interaction (data entry).

Provided by: GiroCheckout
Called by: Merchant

Workflow

ShopGiroCheckoutCredit Card ProcessorShopGiroCheckoutCredit Card Processor1 2 3 4 (c)2016 by GiroSolution AG

  1. Shop sends reference to previous credit card transaction
  2. GiroCheckout sends transaction to credit card processor
  3. credit card processor transmits result to GiroCheckout
  4. Shop receives reply on transaction outcome (Notification)

Capture

When booking, the customer account is debited with an amount and the merchant account is credited. This model is based on the assumption that the associated business case has been completed, e.g. a shopping cart was offered, ordered and delivered to the customer.

  • Condition: only reserved transactions may be booked
  • Amount ⇐ Reservation amount
  • Partial bookings are possible

Refund

A refund is to be used when a previous payment is to be returned fully or partially to the customer.

  • Condition: may only be applied to the following transaction types:
    • Reservation
    • Reservation/Booking
  • Amount ⇐ Transaction amount of the previous transaction

POST Parameters

URL CAPTURE: https://payment.girosolution.de/girocheckout/api/v2/transaction/capture
URL REFUND: https://payment.girosolution.de/girocheckout/api/v2/transaction/refund

Name Mandatory Type Description
merchantId yes Integer Merchant ID
projectId yes Integer Project ID
merchantTxId yes String(255) Unique transaction id of the merchant
amount yes Integer If a decimal currency is used, the amount has to be in the smallest unit of value, e.g. Cent, Penny
currency yes String(3) Currency according to ISO 4217.
EUR = Euro
reference yes String GiroCheckout transaction ID from a previous transaction, which the capture or refund is for
purpose optional String Purpose of the refund. This information is printed on the credit card statement.
hash yes String HMAC MD5 hash on the complete call. See hash generation
Example
curl -d "merchantId=1234567" \
     -d "projectId=1234" \
     -d "merchantTxId=1234567890" \
     -d "amount=100" \
     -d "currency=EUR" \
     -d "reference=fb70602d-c137-4413-8432-7dcc69a9d891" \
     -d "hash=edb7459114db25c2991d1783d4ab5388" \
     https://payment.girosolution.de/girocheckout/api/v2/transaction/capture

Reply

The reply is a JSON encoded string. The field rc contains the response code. If it is 0 the transaction was successfully initialized. The response also includes a transaction id and other information about the transaction.

Parameters
Name Mandatory Type Description
rc yes Integer response code
msg yes String Additional information about the response code
reference yes String Unique GiroCheckout transaction ID
merchantTxId yes String Unique transaction id of the merchant
backendTxId yes String Payment processor transaction ID
amount yes Integer If a decimal currency is used, the amount has to be in the smallest unit of value, e.g. Cent, Penny
currency yes String Currency
resultPayment yes Integer Payment result codes
HEADER parameter
hash yes String HMAC MD5 hash on the complete JSON string. (see api call reply)
Example in case of success
{"reference":"7f18859d-7246-4181-8fb5-30ce7958f309","referenceParent":"5a101478-df14-4a79-86af-f743784c2c24","merchantTxId":"58e39be91fce8","backendTxId":"1196307_01","amount":"100","currency":"EUR","resultPayment":"4000","rc":0,"msg":""}
Example in case of error
{"reference":null,"referenceParent":null,"merchantTxId":null,"backendTxId":null,"amount":null,"currency":null,"resultPayment":"5200","rc":0,"msg":"Transaktion nicht akzeptiert"}

Void

Void is to be used when an already accepted transaction is not to be executed.

  • Condition: may only be applied to the following transaction types:
    • Reservation (as long as booking has not been done and reservation hasn't expired)
    • Reservation/Booking (only on the same day)
    • Refund (only on the same day)

POST Parameters

URL VOID: https://payment.girosolution.de/girocheckout/api/v2/transaction/void

Name Mandatory Type Description
merchantId Yes Integer Merchant ID of a credit card project
projectId Yes Integer Project ID of a credit card project
merchantTxId Yes String(255) Unique transaction ID of the merchant
reference Yes String GiroCheckout transaction ID that is to be voided
hash Yes String HMAC MD5 hash on the complete JSON string. (see api call reply)
Example
curl -d "merchantId=1234567" \
     -d "projectId=1234" \
     -d "merchantTxId=1234567890" \
     -d "reference=fb70602d-c137-4413-8432-7dcc69a9d891" \
     -d "hash=edb7459114db25c2991d1783d4ab5388" \
     https://payment.girosolution.de/girocheckout/api/v2/transaction/void

Reply

The reply is a JSON encoded string. The field rc contains the response code. If it is 0 the call was successful. The response includes a transaction number and other information.

Parameters
Name Mandatory Type Description
rc yes Integer response code
msg yes String Additional information about the response code
reference yes String Unique GiroCheckout transaction ID
referenceParent yes String GiroCheckout transaction ID of the original base transaction
merchantTxId yes String Unique transaction id of the merchant
backendTxId yes String Payment processor transaction ID
amount yes Integer Voided amount, if a decimal currency is used, the amount has to be in the smallest unit of value, e.g. Cent, Penny
currency yes String Currency
resultPayment yes Integer Payment result codes
HEADER parameter
hash yes String HMAC MD5 hash on the complete JSON string. (see api call reply)
Example in case of success
{"reference":"ef27303f-87b3-465e-9c39-fabfb749d253","referenceParent":"5a101478-df14-4a79-86af-f743784c2c24","merchantTxId":"58e39be91fce8","backendTxId":"1226723_01","amount":"100","currency":"EUR","resultPayment":"4000","rc":0,"msg":""}
Example in case of failure
{"reference":null,"referenceParent":null,"merchantTxId":null,"backendTxId":null,"amount":null,"currency":null,"resultPayment":null,"rc":5200,"msg":"Transaktion nicht akzeptiert"}

Pseudo card numbers (PKN)

This function requires a separate implementation on PSP side which also generate a one-time implementation fee.

A pseudo card number is a reference to a credit card that has been used recently by the buyer (card number and expiration date). This reference allows the merchant to offer a previously used credit card for reuse by the customer. If the PKN is transmitted along during the initialization of a credit card transaction, the card number and expiration date is pre-filled in the payment form. The customer needs only to enter the validation code and may then carry out the payment.

Query pseudo card information

This function allows access to PKN information. It returns as a result both the PKN and the saved credit card information (masked credit card number, expiration date), which were used for a previous transaction.

URL: https://payment.girosolution.de/girocheckout/api/v2/creditcard/pkninfo
Provided by: GiroCheckout
Called by: Merchant

POST Parameters

Name Mandatory Type Description
merchantId yes Integer Merchant ID
projectId yes Integer Project ID
reference yes String(36) Unique reference to a GiroCheckout transaction
hash yes String(32) HMAC MD5 hash on the complete JSON string. (see api call reply)
Example
curl -d "merchantId=1234567" \
     -d "projectId=1234" \
     -d "reference=6d2d31b6-c23f-47c4-8f6c-1a0495f35f0f" \
     -d "hash=dc1686b621c9cc15bd271390c694258d" \
     https://payment.girosolution.de/girocheckout/api/v2/creditcard/pkninfo

Reply

The reply is a JSON encoded string. The field rc contains the response code. If it is 0 the call was successful. The response includes the PKN number, the (masked) credit card number and the expiration date.

Parameters
Name Mandatory Type Description
rc yes Integer response code
msg yes String Additional information about the response code
pkn yes String Pseudo card number
cardnumber yes String Masked credit card number, e.g. 411111******1111
expiremonth yes String Month of the credit card's expiration date
expireyear yes String Year of the credit card's expiration date
HEADER Parameter
hash yes String HMAC MD5 hash on the complete JSON string. (see api call reply)
Example in case of success
{"pkn":"ad5c386b38cc9aeb839705d1d10da499","cardnumber":"411111******1111","expiremonth":"2","expireyear":"2016","rc":0,"msg":""}
Example in case of error
{"pkn":null,"cardnumber":null,"expiremonth":null,"expireyear":null,"rc":5034,"msg":"Transaktion nicht vorhanden"}

Recurring credit card payment

The transaction data is transmitted and the result of the credit card payment is returned immediately. This function is used for recurring credit card payments, such as subscriptions.

The following steps are necessary to implement a recurring payment:

  1. Carry out a normal credit card transaction (see Initialize Payment)
  2. Obtain pseudo card number (PKN) (see Query PKN information)
  3. Store this PKN
  4. On the next recurring payment, initialize a payment transaction (use correct end point, see Recurring or PKN transaction), but set parameter pkn and let recurring=1.

Recurring transaction

In order to carry out a recurring payment without customer intervention, use the following function.

POST Parameters

URL https://payment.girosolution.de/girocheckout/api/v2/transaction/payment

Name Mandatory Type Description
merchantId yes Integer merchant ID
projectId yes integer project ID
merchantTxId yes String(255) unique transaction id of the merchant
amount yes Integer if a decimal currency is used, the amount has to be in the smallest unit of value, eg. Cent, Penny
currency yes String(3) currency
EUR = Euro
purpose yes String(27) purpose
type optional String(4) transaction type (see Transaction types)
SALE = Immediate booking (default)
AUTH = Reservation of amount
pkn optional String(50) This field is used process a transaction without re-entering the card data.
[pseudo card number] = pkn of the masked card data (see pseudo card number)
recurring optional Boolean recurring payment
0 = no (default)
1 = yes
urlNotify yes String URL, where the notification has to be sent after payment
hash yes String HMAC MD5 hash (see hash generation)
Example
curl -d "merchantId=1234567" \
     -d "projectId=1234" \
     -d "merchantTxId=1234567890" \
     -d "amount=100" \
     -d "currency=EUR" \
     -d "purpose=Beispieltransaktion" \
     -d "pkn=ad5c386b38cc9aeb839705d1d10da499" \
     -d "recurring=0" \
     -d "hash=0361f14f7b1be9be16326b2edd925853" \
     https://payment.girosolution.de/girocheckout/api/v2/transaction/payment

Reply

The reply is a JSON encoded string. The field rc contains the response code. If it is 0 the call was successful.

Parameters

Name Mandatory Type Description
rc yes Integer response code
msg yes String Additional information about the response code
reference yes String Unique GiroCheckout transaction ID
backendTxId yes String Payment processor transaction ID
resultPayment yes Integer Payment result codes
HEADER parameter
hash yes String HMAC MD5 hash on the complete JSON string. (see api call reply)
Example in case of success
{"reference":"7f18859d-7246-4181-8fb5-30ce7958f309","backendTxId":"1196307_01","resultPayment":"4000","rc":0,"msg":""}
Example in case of error
{"reference":"fb70602d-c137-4413-8432-7dcc69a9d891","backendTxId":"","resultPayment":"4106","rc":0,"msg":"Pseudo-Kartennummer ungültig "}
en/girocheckout/creditcard_3ds2/start.1605244467.txt.gz · Last modified: 2021/04/12 14:32

Page Tools