Several test endpoints are available to complete certain steps in the payment flow to facilitate automated testing.
These endpoints are only available in the sandbox environment and are not available in the production environment; therefore the endpoints have as starting point /ps_sim/ instead of /ps/.
Finally, these endpoints can only be used after the Start Payment API request is performed. There are no automation endpoints for completing shopper actions inside the CM.com payment menu.
Wait Endpoint
A wait endpoint is available to wait for the payment transition into a final state, for example AUTHORIZED or CANCELED, and that the order status change notification is executed. This request waits up to 30 seconds before returning a response.
This endpoint should be used for the following scenarios:
- Completing a 3DSv2 browser authentication flow (see als below);
- Completing a 3DSv2 decoupled 3RI authentication flow;
- Completing a Point-of-Sale payment.
In the sandbox environment the actual wait time depends on the tested scenario and normally the wait time is a few seconds, except for point of sale which generally takes about 20 seconds to complete. These numbers are not representative for the production environment.
GET /ps_sim/wait-for/payments/{payment_id}
Identifiers
| Name | Type | Description |
|---|---|---|
| payment_id | PaymentIdentifier | The payment identifier, as received in the start payment response. |
Parameters
Not applicable.
Request
Not applicable.
Response
No content is returned.
HTTP Status
| Status | Meaning |
|---|---|
| 204 (No Content) | The payment is in final authorization state. |
| 404 (Not Found) | The payment was not found. |
| 408 (Request Timeout) | If the payment took too long to complete. |
Authentication Completion Endpoint
Card Payments
For card payments the 3DS authentication step needs to be completed. A different endpoint needs to be used, depending on the used 3DS version. For simplicity, if the start response for a credit card payments contains a redirect instruction (see also Start Payment), then it can be assumed that 3DS version 1 is used for authentication. Otherwise, it is 3DS version 2.
3DS Version 1
For 3DS version 1, a PaRes is needed to complete the authentication part of the payment flow. The PaRes can be obtained via the following post operation.
POST /ps_sim/3ds/v1/pares-generator/{payment_id}
Identifiers
| Name | Type | Description |
|---|---|---|
| payment_id | PaymentIdentifier | The payment identifier, as received in the start payment response in the POST-parameters map under the key 'MD'. |
Parameters
Not applicable.
Request
| Field | Type | M | Description |
|---|---|---|---|
| status | String(1) | O | The authentication status ('Y' for successful authentication; 'N' for failed or aborted authentication). The default is 'Y'. |
| pareq | String | M | The PaReq data, as received in the start payment response in the POST-parameters map under the key 'PaReq'. |
Response
The response is the generated PaRes and is returned using content-type text/plain. The PaRes is then send to the Payment System via the TermUrl, as received in the start payment response in the POST-parameters map under the key TermUrl. The HTTP-operation is a form-POST with content type application/x-www-form-urlencoded and parameter PaRes containing the received Pares value.
For example, if the start response of card payment is the following:
{
"result": "CHALLENGE",
"urls": [
{
"purpose": "REDIRECT",
"url": "https://acceptsecure.docdatapayments.com/ps_sim/3dsecureauthentication.jsf?data=NTU1NTU1NTU1NTU1NDU1MA==",
"method": "POST",
"order": 1,
"parameters": {
"MD": "2164143269",
"TermUrl": "https://acceptsecure.docdatapayments.com/ps/returnFromAuthorization?paymentReference=2164143269B14E8B30C5CED1811D1A98F3958289A7",
"PaReq": "<some long encoded value>"
}
}
]
}
The curl command to generate the PaRes is:
curl -d '{ "status" : "Y", "pareq" : "<some long encoded value>"}' -H 'application/json' -X POST https://secure.sandbox.pay.cm.com/ps_sim/3ds/v1/pares-generator/2164143269
The curl command to complete the payment is:
curl -d 'PaRes=<received value from /ps_sim/3ds/v1/pares-generator/...>' -X POST https://secure.sandbox.pay.cm.com/ps/returnFromAuthorization?paymentReference=2164143269B14E8B30C5CED1811D1A98F3958289A7
The last command should result in a redirect to the landing page for the shopper.
HTTP Status
| Status | Meaning |
|---|---|
| 200 (Ok) | The PaRes is generated. |
| 400 (Bad Request) | The payment identifier is incorrect. |
| 404 (Not Found) | The specified payment is not found. |
3DS Version 2
For 3DS version 2, the Payment System needs to be notified (simulated notification) that the shopper completed the authentication and that the authorization request can be performed. The same endpoint can be used to complete browser authentication and decoupled 3RI authentication.
The pending authentication request is completed by sending the following POST-request:
POST /ps_sim/3ds/v2/complete-authentication/{payment_id}
Identifiers
| Name | Type | Description |
|---|---|---|
| payment_id | PaymentIdentifier | The payment identifier, as received in the start payment response. |
If the following start payment response is received:
{
"id": "pid1607034399t",
"status": "REDIRECTED_FOR_AUTHENTICATION",
"urls": [
{
"purpose": "HIDDEN_IFRAME",
"method": "POST",
"url": "https://secure.sandbox.pay.cm.com/ps_sim/nca_sim/finger_print",
"order": 1,
"parameters": {
"threeDSMethodData": "eyd0aHJlZURTTWV0aG9kTm90aWZpY2F0aW9uVVJMJzonaHR0cHM6Ly9kdW1teS5jb20vbm90aWZpY2F0aW9uLXVybCcsJ3RocmVlRFNTZXJ2ZXJUcmFuc0lEJzonYzY3NjUzNjItNDQ5Ni00YjUwLTkyYzItYmRhYmNhZDQ3ZWVmIn0="
}
},
{
"purpose": "IFRAME",
"method": "POST",
"url": "https://secure.sandbox.pay.cm.com/ps/api/public/3dsv2/v1/transactions/c6765362-4496-4b50-92c2-bdabcad47eef/references/1607034399/authenticate",
"order": 2
}
]
}
Then the following curl command completes the authentication flow:
curl -d '{ "status" : "Y" }' -H 'application/json' -X POST https://secure.sandbox.pay.cm.com/ps_sim/3ds/v2/complete-authentication/pid1607034399t
Parameters
Not applicable.
Request
| Field | Type | M | Description |
|---|---|---|---|
| status | String(1) | O | The authentication status ('Y' for successful authentication; 'N' for failed or aborted authentication). The default is 'Y' |
Response
No content is returned.
HTTP Status
| Status | Meaning |
|---|---|
| 204 (No Content) | The authentication is processed. |
| 404 (Not Found) | The 3DS transaction is not found. |
KBC and CBC authorization endpoint
For KBC and CBC, the Payment System needs to be notified (simulated notification) that the shopper completed the authentication and then the authorization request can be performed.
To simulate payment notification following steps needs to be performed.
- From the response of the start payment, the payment state must be
REDIRECTED_FOR_AUTHORIZATIONand it also containsurlparameter which is a redirect url. - From the redirect url, the 'olpCtx' query parameter have to be extracted.
- For example, if the start response of kbc/cbc payment is the following where the
olpCtxis part of the query param of redirect url.
'{
"id": "pid1607530162t",
"status": "REDIRECTED_FOR_AUTHORIZATION",
"urls": [
{
"purpose": "REDIRECT",
"method": "GET",
"url": "https://secure.sandbox.pay.cm.com/ps_sim/kbcacquirersimulator.jsf?langWebSite=N&olpId=TODO&olpCtx=KM9qIUM5o1L3ePYukXjlHgBLQX40Ro0RxDaYQECuTWsHAlwYi5GvWEO6xP930kYO0uZ67xKY0M7L0OdRn25HYTcBTgPnJ89en24zQTQdSnoiURSweFidG24k09eBhQiwptYXtQpn3FuUEz4PPYfgpu%2F2ABKDy9A%2BoyN7Ixcu8zHn%2F10u86xNR1jGfanEmilXykdJAA0Ee0GsRZABgfjcPK5RegOs5StSSHn%2FN9o8pIhKoHY%2BDwTubC2LUiJeY3qpMBmONF0TsDGrSMrEsBJMBoiELXJaMEUfZxLBZ7Y6fBx2RtHt7Getpji6UxiJCbChdG%2BxqynrEOTPJVrCqCFn%2BAj00IfXuvvK5eUxd1b%2BUJUpzpsxQXwxjZaYOlvtj3WianhlMPwVuGREh7wW9AgW2AK0vNxW0iQ0raY3iB96u7UVm%2B9xBQAwnOShcCBWlXHkz3KuqjLaE3k8mi6ATKaQQAjuUaZfwfdd&olpVer=3.0&olpCompany=KBC",
"order": 1
}
]
}'
- Then the following
curlcommand notifies the payment system that the shopper has completed the payment and receives another redirect url in the response to complete the payment authorization.
> curl -d '{ "olp_context" : "KM9qIUM5o1L3ePYukXjlHgBLQX40Ro0RxDaYQECuTWsHAlwYi5GvWEO6xP930kYO0uZ67xKY0M7L0OdRn25HYTcBTgPnJ89en24zQTQdSnoiURSweFidG24k09eBhQiwptYXtQpn3FuUEz4PPYfgpu/2ABKDy9A+oyN7Ixcu8zHn/10u86xNR1jGfanEmilXykdJAA0Ee0GsRZABgfjcPK5RegOs5StSSHn/N9o8pIhKoHY+DwTubC2LUiJeY3qpMBmONF0TsDGrSMrEsBJMBoiELXJaMEUfZxLBZ7Y6fBx2RtHt7Getpji6UxiJCbChdG+xqynrEOTPJVrCqCFn+Aj00IfXuvvK5eUxd1b+UJUpzpsxQXwxjZaYOlvtj3WianhlMPwVuGREh7wW9AgW2AK0vNxW0iQ0raY3iB96u7UVm+9xBQAwnOShcCBWlXHkz3KuqjLaE3k8mi6ATKaQQAjuUaZfwfdd", "approve_payment" : true }' -H 'application/json' \
-X \
POST https://secure.sandbox.pay.cm.com/ps_sim/api/generators/kbc
< Http 200 Ok
< '{
"redirect_url": "https://secure.sandbox.pay.cm.com/ps/returnFromAuthorization?paymentReference=1607530162B171DC0F6E1DFE6B859869FE0A148EE9&checkDigitId=1607530162&olpCtx=QmSv3kymwKTvnUoHjclaIdU3gx76DyVJqqkEYk%2Fq1mcy%2FGJyRkZ1E%2B5avk0WPOC2aMT4pwWPw56jDTFeUtity6ltcE77Ki2Irs9GJy2M7xHdvTrwSgnc6wxKwo7yppXIXRbYSKrpfMRxTTeDaC0McVcnQUs%2FEPHkEvoojh9qHhbp9EVcLRmF4QFPmAzcaFDCawm38W%2BHFa%2BkglipY1hPRyIGI9OB9SUvHT3EkzxwtRKdQGNb&olpSrc=user"
}'
Parameters
Not applicable.
Request
| Field | Type | M | Description |
|---|---|---|---|
| olp_context | String(1, 500) | M | The olp context value which is an extracted query parameter from the redirect url value of the response of start payment |
| approve_payment | boolean | M | The boolean flag to approve the payment authorization (true for successful authorization; false for failed authorization). |
Response
The response has the following fields :
| Field | Type | M | Description |
|---|---|---|---|
| redirect_url | String(1, 500) | M | The redirect url to complete the authorization. |
HTTP Status
| Status | Meaning |
|---|---|
| 200 (Ok) | The authentication is processed. |
| 400 (Bad request) | The authentication information i.e olp_context is incorrect. |
- From the above response, get the
redirect_url. - Then the following
curlcommand will complete the payment authorization using theredirect_url.
> curl -d -X GET https://secure.sandbox.pay.cm.com/ps/returnFromAuthorization?paymentReference=1607530162B171DC0F6E1DFE6B859869FE0A148EE9&checkDigitId=1607530162&olpCtx=QmSv3kymwKTvnUoHjclaIdU3gx76DyVJqqkEYk%2Fq1mcy%2FGJyRkZ1E%2B5avk0WPOC2aMT4pwWPw56jDTFeUtity6ltcE77Ki2Irs9GJy2M7xHdvTrwSgnc6wxKwo7yppXIXRbYSKrpfMRxTTeDaC0McVcnQUs%2FEPHkEvoojh9qHhbp9EVcLRmF4QFPmAzcaFDCawm38W%2BHFa%2BkglipY1hPRyIGI9OB9SUvHT3EkzxwtRKdQGNb&olpSrc=user
< Http 302 Ok
HTTP Status
| Status | Meaning |
|---|---|
| 302 (Redirects to another page) | The authorization is processed. |
| 400 (Bad request) | The redirect url is invalid. |
Payment reconciliation
In order to reconcile a payment, this endpoint can be used.
To reconcile a payment, the captures has to be either in STARTED or CAPTURED state.
For Bank transfer specific related payments, bank account information are required to reconcile a payment.
- Then the following
curlcommand notifies the payment system and the payment system based on the capture state it will reconcile the payment. - The merchant can use their rest-api user credentials to authenticate the Api.
> curl \
-X POST \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic RG9jZGF0YVBGOkJXazJhZkpV' \
https://secure.sandbox.pay.cm.com/ps_sim/api/public/reconciliation/payment-paid \
-d '{
"order_key": "38C448CFC06AFC4AC3112DAE4EFC8F1A",
"payment_identifier": "pid1607538182t",
"account": {
"number": "NL44RABO0123456789",
"bic": "RABONL2U"
}'
< Http 200 Ok
Parameters
Not applicable.
Request
| Field | Type | M | Description |
|---|---|---|---|
| order_key | OrderKey | M | The order key. |
| payment_identifier | PaymentIdentifier | M | The payment identifier. |
| account | Block | O | The bank account information. |
| + number | String(5, 34) | M | The consumer international bank account number. |
| + bic | String(8, 11) | O | The bank identification code of iban. |
Response
No content is received in the response
HTTP Status
| Status | Meaning |
|---|---|
| 200 (Ok) | The reconciliation is processed. |
| 401 (Unauthorized) | Authorization header missing or invalid. |
| 403 (Forbidden) | The merchant is not allowed to do reconciliation. |