Guides
Log In

Direct Payment

Your onsite/in-app payment is here

Suggest Edits

Introduction

This integration allows you to collect card details from the customer and use these details to process the payments within your page, and you will receive the payment result instantly without any redirection.

Prerequisite

Before requesting to enable the direct payment feature, You must comply with the Payment Card Industry Data Security Standards and be PCI DSS Certified. It’s the law and failing to demonstrate compliance not only puts your customers at risk but puts you at risk of a heavy fine.

After that, kindly contact your account manager or sales representative to activate the Direct Payment feature.

🚧

Payment Method

Please, note that not all Payment Methods are supporting the Direct Payment feature, please refer to your account manager for more details.

How it works

This part of the integration requires you to fully implement integration with ExecutePayment endpoint, then you need to send a request including the DirectPayment post details to the PaymentURL parameter that you got from the ExecutePayment response.

The PaymentType parameter can be set to be either "card" or "token". In the case of "card", You should provide the full card details, and for the "token" you can use the client token that received from the Tokenization.

The DirectPayment endpoint provides two payment process flows: 3D Secure Flow and Non-3D Secure Flow. So what is 3D Secure? For extra fraud protection, 3D Secure requires customers to complete an additional verification step with the card issuer when paying. Typically, you direct the customer to an authentication page on their bank’s website, and they enter a password associated with the card or a code sent to their phone. This process is familiar to customers through the card networks’ brand names, such as Visa Secure and Mastercard Identity Check.

You can control how the DirectPayment endpoint goes by setting the Bypass3DS parameter. By default, the Bypass3DS parameter is set to "false" to provide the customer additional security as it forces the customer to enter their 3DS/OTP code during the payment.

However, for some business needs and to provide the customer seamless payment experience, you can use the non-3D secure flow by setting the Bypass3DS parameter with "true". You should be too aware of the potential dangers of making this choice.

❗️

Non-3D Secure Flow

The merchant will be responsible for any fraud dispute and it will be deducted directly from the merchant account.

👍

Testing Direct Payment

For the test purpose, you should use the PaymentMethodId parameter with value "20" in the request body of ExecutePayment endpoint.

3D Secure Flow

The DirectPayment response contains a PaymentURL parameter as below example. In this case, you should redirect the customer to this URL. It will ask the customer to enter the 3DS/OTP code that will be sent to their mobile phone.

After that, MyFatoorah system will redirect the customer back to your website using the CallBackUrl or ErrorUrl parameters that were set at the ExecutePayment endpoint. Then you should check the payment process by calling the GetPaymentStatus endpoint for security issues. Also, you can use the Webhook feature, to notify your system when a transaction status changed event happens in your application.

{
   "PaymentType":"card",
   "Bypass3DS":false,
   "Card":{
      "Number":"5123450000000008",
      "ExpiryMonth":"05",
      "ExpiryYear":"21",
      "SecurityCode":"100",
      "HolderName":"fname lname"
   }
}

{
   "IsSuccess":true,
   "Message":null,
   "ValidationErrors":null,
   "Data":{
      "Status":"Success",
      "ErrorMessage":null,
      "PaymentId":"060660319048996263",
      "Token":null,
      "RecurringId":null,
      "PaymentURL":"https://demo.MyFatoorah.com/En/KWT/PayInvoice/MpgsResultDirect?PaymentId=060660319048996263&sessionId=SESSION0002695084533H9081736G19",
      "CardInfo":null
   }
}

Non-3D Secure Flow

The result of the payment will be in your response body and you don't need to check it again with the GetPaymentStatus endpoint.

{
   "PaymentType":"card",
   "Bypass3DS":true,
   "Card":{
      "Number":"5123450000000008",
      "ExpiryMonth":"05",
      "ExpiryYear":"21",
      "SecurityCode":"100",
      "HolderName":"fname lname"
   }
}

{
  "IsSuccess": true,
  "Message": null,
  "ValidationErrors": null,
  "Data": {
    "Status": "SUCCESS",
    "ErrorMessage": null,
    "PaymentId": "060666494153498864",
    "Token": null,
    "RecurringId": null,
    "PaymentURL": null,
    "CardInfo": {
      "Number": "512345xxxxxx0008",
      "ExpiryMonth": "05",
      "ExpiryYear": "21",
      "Brand": null,
      "Issuer": null
    }
  }
}

Updated about 2 months ago