API Manual Contact details

Transcription

API Manual Contact details
API Manual
Version: 2.14
Contact details
Simon Carmiggeltstraat 6-50
1011 DJ Amsterdam
P.O. Box 10095
1001 EB Amsterdam
The Netherlands
T +31 20 240 1240
E support@adyen.com
Table of Contents
1. Introduction...............................................................................................................................................................................................................................................................................................................................................
6
1.1. SOAP API............................................................................................................................................................................................................................................................................................................................7
1.2. REST API............................................................................................................................................................................................................................................................................................................................7
1.2.1. General Remarks On HTTP Name/Value Pair Communication................................................................................................................................................................................7
1.3. Security (Authentication).........................................................................................................................................................................................................................................................................................
8
2. Submitting API Payments..................................................................................................................................................................................................................................................................................................................9
2.1. Payment Fields..............................................................................................................................................................................................................................................................................................................
9
2.1.1. General Payment Fields..................................................................................................................................................................................................................................................................
9
2.1.2. Card Payment Specifc Fields....................................................................................................................................................................................................................................................10
2.1.3. Payment Response Fields...........................................................................................................................................................................................................................................................10
2.2. Submitting API Modifcation Requests.........................................................................................................................................................................................................................................................11
2.3. Client-Side Encryption (CSE) (optional).......................................................................................................................................................................................................................................................
11
2.3.1. How Does It Work?..........................................................................................................................................................................................................................................................................11
2.3.2. Additional Payment Fields.........................................................................................................................................................................................................................................................
12
2.3.3. Where Can I Find My Public key?............................................................................................................................................................................................................................................
12
2.3.4. Is CSE Secure?...................................................................................................................................................................................................................................................................................12
2.3.5. Main Benefts.....................................................................................................................................................................................................................................................................................
13
2.4. 3-D Secure.....................................................................................................................................................................................................................................................................................................................13
2.5. AVS.....................................................................................................................................................................................................................................................................................................................................15
2.6. Testing AVS and CVC/CVV Results....................................................................................................................................................................................................................................................................
15
2.6.1. Testing AVS Results.........................................................................................................................................................................................................................................................................15
2.6.2. Test CVC/CVV Results.....................................................................................................................................................................................................................................................................16
2.7. Card Verifcation/Dynamic Zero Value Auth................................................................................................................................................................................................................................................16
2.8. Installments..................................................................................................................................................................................................................................................................................................................17
2.9. Additional Payment Response Data...............................................................................................................................................................................................................................................................
17
3. Idempotency In The Adyen API...................................................................................................................................................................................................................................................................................................
18
3.1. Idempotency Implementation...........................................................................................................................................................................................................................................................................
18
3.2. Retrying transactions and Idempotency......................................................................................................................................................................................................................................................19
3.2.1. Refused Transactions.....................................................................................................................................................................................................................................................................19
3.2.2. Transient Errors.................................................................................................................................................................................................................................................................................19
4. One-Click Payments...........................................................................................................................................................................................................................................................................................................................20
4.1. The Initial Payment..................................................................................................................................................................................................................................................................................................20
4.2. Submitting A One-Click Payment.....................................................................................................................................................................................................................................................................20
5. Card Deposit (CFT).............................................................................................................................................................................................................................................................................................................................21
5.1. Card Deposit Using An Existing Transaction.............................................................................................................................................................................................................................................
21
5.2. Directly Depositing Funds On A Card............................................................................................................................................................................................................................................................
21
5.3. CFT Notifcations.......................................................................................................................................................................................................................................................................................................
22
6. Direct Debit Payments.....................................................................................................................................................................................................................................................................................................................23
6.1. US ACH Payments......................................................................................................................................................................................................................................................................................................
23
6.1.1. ACH Transaction Types..................................................................................................................................................................................................................................................................
23
6.1.2. ACH Response....................................................................................................................................................................................................................................................................................23
6.1.3. ACH Chargebacks.............................................................................................................................................................................................................................................................................23
6.2. SEPA Direct Debits....................................................................................................................................................................................................................................................................................................
24
6.2.1. One-off SDD Payment Requests.............................................................................................................................................................................................................................................24
6.2.2. Recurring SDD Payment Requests.........................................................................................................................................................................................................................................24
6.2.3. SDD Notifcations............................................................................................................................................................................................................................................................................
25
2 / 68
API Manual
6.2.4. SDD Settlement Timeline...........................................................................................................................................................................................................................................................
26
6.2.5. SDD Chargebacks.............................................................................................................................................................................................................................................................................27
6.3. ELV Payments – deprecated 1st August 2014..........................................................................................................................................................................................................................................
27
6.4. Dutch Incasso Payments – deprecated 1st August 2014..................................................................................................................................................................................................................28
6.4.1. Incasso Response.............................................................................................................................................................................................................................................................................
28
6.4.2. Incasso Chargebacks......................................................................................................................................................................................................................................................................28
6.4.3. Incasso Statement Text................................................................................................................................................................................................................................................................29
6.4.4. Incasso Legal Requirements......................................................................................................................................................................................................................................................29
7. Boleto Bancário....................................................................................................................................................................................................................................................................................................................................30
7.1. Boleto Notifcations..................................................................................................................................................................................................................................................................................................
30
7.2. Important Information Regarding Storage Of The Boleto PDF......................................................................................................................................................................................................
31
8. Notifcations...........................................................................................................................................................................................................................................................................................................................................32
8.1. Notifcation Message Fields................................................................................................................................................................................................................................................................................32
8.2. Accepting Notifcations..........................................................................................................................................................................................................................................................................................34
9. API Fault Codes....................................................................................................................................................................................................................................................................................................................................35
Appendix A: TEST and LIVE URLs...................................................................................................................................................................................................................................................................................................
36
Appendix B: SOAP API Payment Request and Response...................................................................................................................................................................................................................................................37
Appendix C: REST API Payment Request and Response...................................................................................................................................................................................................................................................
38
Appendix D: CSE Source Libraries Used.....................................................................................................................................................................................................................................................................................
39
Appendix F: Integration Example – CSE....................................................................................................................................................................................................................................................................................42
Appendix G: Integration Example – Server Side (SOAP)..................................................................................................................................................................................................................................................
43
Appendix H: Integration Example – Server Side (REST with cURL)..........................................................................................................................................................................................................................44
Appendix I: Authorise3d Request...................................................................................................................................................................................................................................................................................................
46
Appendix J: Payment Request with Installments..................................................................................................................................................................................................................................................................
47
Appendix K: CVC/CVV and AVS Result Values..........................................................................................................................................................................................................................................................................
48
Appendix L: ACH Payment Request...............................................................................................................................................................................................................................................................................................49
Appendix M: SEPA Direct Debit One-off Payment Request and Response............................................................................................................................................................................................................50
Appendix N: SEPA Direct Debit Recurring Payment Request.........................................................................................................................................................................................................................................52
Appendix O: Incasso Payment Request.......................................................................................................................................................................................................................................................................................53
Appendix P: Boleto SOAP API Payment Request and Response...................................................................................................................................................................................................................................54
Appendix Q: Boleto REST API Payment Request and Response...................................................................................................................................................................................................................................56
Appendix R: Sample Boleto Forms................................................................................................................................................................................................................................................................................................57
Appendix S: SOAP Notifcation Request and Response.....................................................................................................................................................................................................................................................
59
Appendix T: REST Notifcation Request and Response......................................................................................................................................................................................................................................................61
Appendix U: Fault Codes.....................................................................................................................................................................................................................................................................................................................
62
3 / 68
API Manual
ADYEN CONFIDENTIAL INFORMATION
Copyright (c) Adyen B.V. 2014
Changelog
Version
Date
Changes
2.14
2014-08-28
• Added installments WSDL to Appendix A
• Added code for inserting line breaks to section 7 and updated examples in
Appendices P and Q
• Corrected typo in REST example of Appendix J
2.13
2014-04-30
• Updated Introduction to include PCI compliance section
• Added Transient errors and Idempotency section
• Updated authorise REST API examples
2.12
2014-01-15
•
•
•
•
2.11
2013-11-27
• Added note about testing AVS results
2.10
2013-11-22
• Added additional information regarding response codes to the AVS section
2.00
2013-11-14
• Combined SOAP and REST manuals
• Added Client Side Encryption
• Updated document to conform to Adyen brand guidelines
1.39
2013-09-13
• Added card verifcation and idempotency documentation
• Moved ELV to direct debit chapter
• Removed deprecated iDeal API
1.38
2013-03-18
• Added note about correct XML for SOAP Payment Request with installments
1.37
2012-11-12
• Added Received as possible responseCode
1.36
2012-10-19
• Added additional AVS result codes
1.35
2011-12-15
• Added information about not using LATEST with ONECLICK
1.34
2011-08-31
• Added API Payment Response
1.33
2011-02-16
• Added details about new selectedBrand parameter
1.32
2010-12-30
• Added ACH US direct debits
1.31
2010-12-21
• Added section about Installments
1.30
2010-12-03
• Added general Tips and Warnings
1.21
2010-07-16
• Added changelog and audience sections
• Manual reviewed for English and layout consistency
4 / 68
API Manual
Added note about testing CVC/CVV results
Added SEPA DD section
Added note on submitting amount value
Updated installments appendix
Audience
This is a technical manual aimed at IT personnel involved in integrating merchants' systems with those at Adyen.
The latest version of this document is available here:
https://support.adyen.com/links/documentation
General Tips/Warnings
Defensive Programming
Adyen strongly recommends the use of “defensive programming” when integrating with the Adyen Services. This implies
that automated decisions programmed into your systems should be defaulted to non-delivery of products and services. In
other words, program your systems to only deliver products and/or services after receiving an explicit authorisation of the
requested payment and NOT to deliver in situations where an explicit rejection is not received.
Feedback
You can provide feedback about this document by sending an email to the following address:
support@adyen.com
We appreciate your comments.
5 / 68
API Manual
1. Introduction
The purpose of this manual is to provide you with the ability to submit payments to the Adyen Payment System using an
API rather than the Hosted Payment Pages (HPP). Due to strict industry regulations the API is only available to merchants
who have full Payment Card Industry Data Security Standard (PCI DSS)1 compliance and fall into either the Level 1 or Level
2 categories. Furthermore, certain implementations of the API may require that you process minimum annual transaction
volumes. Please contact an Adyen sales representative for more information regarding the API and transaction volume
requirements.
While there are signifcant benefts to using the HPP rather than an API there are some situations in which it makes sense
for you to capture the payment details and use an API to submit these to Adyen. If you do not have full PCI DSS
compliance Adyen also ofers the ability to process payments using Client-Side Encryption, this is covered in more detail in
section 2.3.
In the following sections we will cover how you can submit payments to our platform using either Adyen's SOAP or REST
APIs. Details on how to submit modifcation requests is covered in the Adyen Merchant Integration Manual, this can be
found here:
https://support.adyen.com/links/documentation
Please note that the ability to process API payments or Client-Side Encryption is not enabled by default, please contact the
Adyen Support Team (support@adyen.com) if you would like to have this functionality enabled for you.
It is important to respect the DNS Time-To-Live (TTL) when communicating with Adyen. Some frameworks, Java in
particular, cache DNS lookups by default. Adyen routinely changes their DNS confguration and, if your implementation
caches the DNS lookup, your ability to submit modifcations and/or payments may be impacted.
This document is an addendum to the Adyen Merchant Integration Manual and will reference, without citation, concepts
explained there.
Adyen has code samples in various programming languages available for your reference; these can be found here:
https://github.com/adyenpayments
1Please see http://en.wikipedia.org/wiki/PCI_DSS for more information.
6 / 68
API Manual
1.1. SOAP API
SOAP is a communication protocol between two web services that uses XML for its message format. While you are free to
choose your preferred method of integration, SOAP/REST., in most cases we recommend that you implement a SOAP
integration to Adyen; SOAP implementations automatically handle a number of edge cases around encoding and
validation that will result in a more robust integration.
SOAP is also benefcial for high volume merchants particularly with regards to notifcations; if there are many pending
notifcations, the SOAP format allows Adyen to transfer multiple notifcations in a single message. As such, when
compared to REST messages, SOAP notifcations reduce the number of requests and improve throughput. Please refer to
section 8 for more details regarding notifcation processing.
1.2. REST API
Representational State Transfer (REST) is an architecture style for designing networked applications. The idea being that,
rather than using complex mechanisms such as CORBA, RPC or SOAP to connect machines, simple HTTP with name/value
pairs is used to make calls between machines, in much the same way that web browsers transfer requests between the
user and a web server. For example, a URL with the possibility of diferent parameters.
https://www.google.com/search?q=adyen
•
https:// indicates the secure HTTP protocol variant
•
www.google.com/search is the address of the platform/service
•
?q=adyen is a variable Name (q) / Value (adyen) pair that lets the service know information about adyen needs
to be queried and returned to the requesting service
An important component of REST is that it is stateless in nature. Each request from client to server must contain all of the
information necessary to understand the request, and cannot take advantage of any stored context on the server. Session
state is therefore kept entirely to the client.
1.2.1.
General Remarks On HTTP Name/Value Pair Communication
The Adyen APIs are mapped from the SOAP felds to REST Name/Value pairs. Adyen provides an easy testing option via a
regular web browser showing a default form for the variables. Please refer to Appendix A for the URL of the HTTP
adapter.
The following screenshots show how it is easy to make test payments.
1.
When accessing the HTTP Adapter URL in a browser you will be prompted to log in:
2.
Select the Adyen API function that you want to test/explore:
7 / 68
API Manual
3.
Insert
the payment
variables, including your specifc account details and the relevant felds for the transaction type and click the
submit button at the bottom of the page:
4.
The browser communicates the values as HTTP Name/Value pairs and the response to the request is displayed
in the browser:
1.3.
Security (Authentication)
To submit authorisation messages you must supply authentication credentials (username/password). This will be
confgured in the library that you use to communicate the server-to-server request, or response, to the Adyen platform.
The username is ws@Company.[YourCompanyAccount] and you set the password for this user in the Adyen Customer Area
8 / 68
API Manual
(CA) under “Settings” → “Users”.
9 / 68
API Manual
2. Submitting API Payments
SOAP API payments are submitted using the authorise action2. We will explain a simple credit card submission and in
subsequent sections we will show you how to implement “Verifed by VISA / MasterCard SecureCode™” (3-D Secure) and
Direct Debits.
2.1. Payment Fields 3
2.1.1.
General Payment Fields
•
merchantAccount
The merchant account for which you want to process the payment.
•
amount
A container for the data concerning the amount to be authorised. This should contain the following items:
•
currency
The three character ISO currency code.
•
value
The paymentAmount of the transaction.
Please note, the transaction amount should be provided in minor units according to ISO standards;
some currencies don't have decimal points, such as JPY, and some have 3 decimal points, such as BHD.
For example, 10 GBP would be submitted with a value of “1000” and 10 JPY would be submitted as
“10”.
•
reference
This is your reference for this payment, it will be used in all communication to you regarding the status of the
payment. We recommend using a unique value per payment but this is not a requirement. If you need to provide
multiple references for a transaction you may use this feld to submit them with the transaction, separating each
with “-”.
This feld has a maximum of 80 characters.
•
shopperIP (recommended)
The IP address of the shopper. We recommend that you provide this data, as it is used in a number of risk
checks, for example, number of payment attempts, location based checks.
•
shopperEmail (recommended)
The shopper's email address. We recommend that you provide this data, as it is used in a velocity fraud check.
Please note, this feld is required for Recurring payments.
•
shopperReference (recommended)
An ID that uniquely identifes the shopper, such as a customer id in a shopping cart system. We recommend that
you provide this data, as it is used in a velocity fraud check and is the key for recurring payments.
Please note, this feld is required for Recurring payments.
2
3
•
fraudOfset (optional)
An integer that is added to the normal fraud score. The value can be either positive or negative.
•
selectedBrand (optional)
Used with some payment methods to indicate how it should be processed. For the MisterCash payment method
it can be set to maestro (default) to be processed like a Maestro card or bcmc to be processed as a MisterCash
card.
The URLs are provided in Appendix A
Please refer to “Explanation of the Session Fields” section in the Adyen Merchant Integration Manual for more information
regarding each of the felds.
10 / 68
API Manual
When comparing the SOAP felds and HTTP felds they are exactly the same. Typically it is just one feld with the same
name, but more complex structures like the amount will be rendered in two individual felds:
SOAP representation of an amount:
<amount xmlns="http://payment.services.adyen.com">
<currency xmlns="http://common.services.adyen.com">EUR</currency>
<value xmlns="http://common.services.adyen.com">500</value>
</amount>
REST representation of an amount:
paymentRequest.amount.currency=EUR&paymentRequest.amount.value=500
2.1.2.
•
Card Payment Specifc Fields
card
A container for credit card data, this object should not be populated when using Client-Side Encryption. This
should contain the following items:
2.1.3.
•
expiryMonth
The expiration date's month written as a 2-digit string, padded with 0 if required. For example, 03 or 12.
•
expiryYear
The expiration date's year written as in full. For example, 2016.
•
holderName
The card holder's name, as embossed on the card.
•
number
The card number.
•
cvc
The card validation code. This is the the CVC2 code (for MasterCard), CVV2 (for Visa) or CID (for
American Express).
•
issueNumber (Maestro UK / Solo only)
This feld is no longer in use.
•
startMonth (Maestro UK / Solo only)
This feld is no longer in use.
•
startYear (Maestro UK / Solo only)
This feld is no longer in use.
Payment Response Fields
If the message passes validation a risk analysis will be done and, depending on the outcome, an authorisation will be
attempted. You will receive a response with the following felds:
•
pspReference
This is Adyen's unique reference that is associated with the payment. This is guaranteed to be globally unique
and is used when communicating with us about this payment.
•
resultCode
The result of the payment. The possible values are Authorised, Refused, Error or Received (as with a Dutch Direct
Debit).
•
authCode
The authorisation code if the payment was successful. Blank otherwise.
•
refusalReason
Adyen's mapped refusal reason, populated if the payment was refused.
Please refer to Appendix B and Appendix C for examples of SOAP and REST API requests and responses.
11 / 68
API Manual
2.2. Submitting API Modifcation Requests
In addition to being able to perform modifcations via the Adyen Customer Area (CA), you may also use the API to initiate
your modifcation requests. Modifcations are submitted using the same API, URL, WSDL, username and password as
used for authorisations but using the modifcation specifc action.
Please refer to the Adyen Merchant Integration Manual for details:
https://support.adyen.com/links/documentation
2.3. Client-Side Encryption (CSE) (optional)
Merchants that require more stringent security protocols or do not want the additional overhead of managing their PCI
compliance, may decide to implement Client-Side Encryption (CSE). This is particularly useful for Mobile payment fows
where only cards are being ofered, as it may result in faster load times and an overall improvement to the shopper fow.
The Adyen Hosted Payment Page (HPP) provides the most comprehensive level of PCI compliancy and you do not have
any PCI obligations. Using CSE reduces your PCI scope when compared to implementing the API without encryption, as
Adyen bears the PCI burden on your behalf.
If you would like to implement CSE, please provide the completed PCI Self Assessment Questionnaire (SAQ) A to the
Adyen Support Team (support@adyen.com). The form can be found here:
https://www.pcisecuritystandards.org/security_standards/documents.php?category=saqs
Transactions that are submitted using Client-Side Encrypted card details follow the same process as a regular
authorisation request. However, instead of the card object, the encrypted data is sent in the additional data felds
described in section 2.3.2.
Adyen has built some code samples for your review, these are available here:
https://github.com/adyenpayments/client-side-encryption
2.3.1.
How Does It Work?
To implement CSE, you will need to follow this high level process:
1.
Build and host the credit card payment form on your servers.
2.
Ensure that the card felds have the attribute “data-encrypted-name” instead of “name”; the use of “name” may
result in the raw card data to be posted to your servers.
3.
Include the “adyen.encrypt.min.js” Client Encryption library.
4.
Set the Adyen public key and tie the Adyen library to your form.
The Client Encryption library will:
1.
Intercept the form submission event before it hits your server.
2.
Encrypt the card felds in-browser using a per transaction unique AES key.
3.
Encrypt the unique AES key with your RSA public key, Adyen retains its private counterpart.
4.
Send the encrypted data, containing the card and encrypted AES key, with the other felds in the form via the
server-to-server API.
Please note, the encrypted data must not be stored on your servers or be available in your logs as this would be a
violation of PCI regulations.
12 / 68
API Manual
2.3.2.
Additional Payment Fields
There are two additional felds that will need to be passed in the authorisation request:
•
generationtime
This feld is used to determine the validity of the payment request, any transactions submitted after 24 hours of
this time will be refused. The format for this feld is the ISO 8601 format: YYYY-MM-DDTHH:mm:ss.sssZ . For
example, “2013-11-15T13:42:40.428Z”. This must be generated server-side as the client (browser) may not have
its system clock synchronised which could cause the payment to fail.
•
adyen-encrypted-data
This feld is used to transmit the encrypted to Adyen.
Please refer to Appendix G for a SOAP CSE example and to Appendix H for a REST CSE example.
2.3.3.
Where Can I Find My Public key?
The public key is tied to the WebService user you will be using to submit the API payment request, as described in section
1.3. If a key has not previously been generated, you will see an option to “Generate” the key. The generated key is preformatted for easy insertion into your page.
2.3.4.
Is CSE Secure?
The CSE solution uses only PCI/NIST approved cryptographic algorithms. The RSA key is 2048 bits and is unique to your
user account. Per transaction the client will generate a unique AES (256bit) key which is used in CCM mode for both
encryption and authentication.
•
The Public Key (RSA) can be downloaded from the Adyen CA.
•
The Secret Key (RSA) is only known to Adyen and stored in encrypted form on Adyen's servers.
•
All card data is End-To-End encrypted and is never visible to merchant.
•
The payment authorisation is done over the server-to-server Adyen API using the encrypted card.
•
The encrypted data is only valid for a period of 24 hours and tied to your public key. It is of no use outside of this
context.
13 / 68
API Manual
2.3.5.
Main Benefts
•
The credit card data is never readable to you.
•
Stateless, synchronous processing; the solution does not rely on a session token.
•
Uses the current API therefore all features are available:
◦
3D Secure.
◦
Recurring.
◦
Installments.
◦
Airline / Level 3 Data.
◦
Risk/Fraud Detection.
2.4. 3-D Secure
3-D Secure (Verifed by VISA / MasterCard SecureCode™) is an additional authentication protocol that involves the shopper
being redirected to their card issuer where they authenticate themselves before the payment can proceed to an
authorisation request.
In order to start processing 3-D Secure transactions the following changes are required:
1.
Your Merchant Account needs to be confgured by Adyen to support 3-D Secure. If you would like to have 3-D
Secure enabled please submit a request to the Adyen Support Team (support@adyen.com).
2.
Your integration should support redirecting the shopper to the card issuer and submitting a second API call to
complete the payment.
The initial API call for both 3-D Secure and non-3-D Secure payments is almost identical, however, for 3-D Secure
payments you must supply the browserInfo object as a sub-element of the payment request, this is a container for the
acceptHeader and userAgent of the shopper's browser.
SOAP example:
<browserInfo xmlns="http://payment.services.adyen.com">
<acceptHeader xmlns="http://common.services.adyen.com">text/html,application/xhtml+xml,
application/xml;q=0.9,*/*;q=0.8</acceptHeader>
<userAgent xmlns="http://common.services.adyen.com">Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.9) Gecko/2008052912 Firefox/3.0</userAgent>
</browserInfo>
SOAP example:
paymentRequest.browserInfo.acceptHeader=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication
%2Fxml%3Bq%3D0.9%2C%2A%2F%2A%3Bq%3D0.8&paymentRequest.browserInfo.userAgent=Mozilla%2F5.0+
%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.31+%28KHTML%2C+like+Gecko%29+Chrome
%2F26.0.1410.63+Safari%2F537.31
Once your account is confgured for 3-D Secure, the Adyen system performs a directory inquiry to verify that the card is
enrolled in the 3-D Secure programme. If it is not enrolled, the response is the same as a normal API authorisation. If,
however, it is enrolled, the response contains these felds:
•
paRequest
The 3-D request data for the issuer.
•
md
The payment session.
•
issuerUrl
The URL to direct the shopper to.
14 / 68
API Manual
•
resultCode
The resultCode will be RedirectShopper.
The paRequest and md felds should be included in a HTML form which needs to be submitted using the HTTP POST
method to the issuerUrl. You must also include a termUrl parameter in this form which contains the URL on your site that
the shopper will be returned to by the issuer after authentication. We recommend that the form is “self-submitting” with a
fallback in case javascript is disabled. A sample form is shown below.
<body onload="document.getElementById('3dform').submit();">
<form method="POST" action="${issuerUrl}" id="3dform">
<input type="hidden" name="PaReq" value="${paRequest}" />
<input type="hidden" name="TermUrl" value="${termUrl}" />
<input type="hidden" name="MD" value="${md}" />
<noscript>
<br/>
<br/>
<div style="text-align: center">
<h1>Processing your 3-D Secure Transaction </h1>
<p>Please click continue to continue the processing of your 3-D Secure transaction.</p>
<input type="submit" class="button" value="continue"/>
</div>
</noscript>
</form>
</body>
After the shopper authenticates at the issuer they will be returned to your site by sending a HTTP POST request to the
TermUrl containing the MD parameter as explained previously and a new parameter called PaRes. These will be needed to
complete the payment.
To complete the payment the following parameters should be submitted to the authorise3d action:
•
merchantAccount
This should be the same as the Merchant Account used in the original authorise request.
•
browserInfo
It is safe to use the values from the original “authorise” request as they are unlikely to change during the course
of a payment.
•
md
The value of the MD parameter received from the issuer.
•
paResponse
The value of the PaRes parameter received from the issuer.
•
shopperIP (recommended)
The IP address of the shopper. We recommend that you provide this data, as it is used in a number of risk
checks, for example, the number of payment attempts and location based checks.
Please refer to Appendix I for an example of an authorise3d request.
15 / 68
API Manual
2.5. AVS
Address Verifcation Service (AVS) is a security feature that verifes the billing address of the card holder. It does so by
comparing the numeric portions of the card holder's registered billing address to those entered by the shopper. AVS is
only supported on a limited set of acquiring connections, card types, and only for a limited set of countries (United States,
Great Britain and Canada).
To use AVS you must supply the full address of the shopper using the billingAddress sub-element of the card element.
<billingAddress xmlns="http://payment.services.adyen.com">
<city xmlns="http://common.services.adyen.com">Burbank</city>
<street xmlns="http://common.services.adyen.com">South Buena Vista Street</street>
<houseNumberOrName xmlns="http://common.services.adyen.com">500</houseNumberOrName>
<postalCode xmlns="http://common.services.adyen.com">91521</postalCode>
<stateOrProvince xmlns="http://common.services.adyen.com">California</stateOrProvince>
<country xmlns="http://common.services.adyen.com">US</country>
</billingAddress>
Please note:
•
If you are submitting the billingAddress object all the sub-elements are mandatory, if some felds are not
provided you will receive an error response.
•
The country value must be provided as the 2-character ISO country code, for example, “GB” for the Great
Britain. An invalid country code may result in the payment request being rejected. The full list is available
here:
http://www.iso.org/iso/english_country_names_and_code_elements
•
The various card brands and networks have their own specifc AVS response codes; these are mapped to
Adyen's generic response codes that are sent to you by default. If you would like to receive the actual
response from the card or network, please contact the Adyen Support Team (support@adyen.com) to have the
Raw AVS Reason enabled for you. This will be included in the Notifcation that you receive.
2.6. Testing AVS and CVC/CVV Results
2.6.1.
Testing AVS Results
It is possible to test the 27 diferent AVS result codes. If the street feld of the billingAddress element has the value “Test
AVS result” you can specify the avsResult value in the houseNumberOrName feld. Note that all other billingAddress felds are
still required but their values do not impact the avsResult that is returned.
Please refer to Appendix K for the complete list of AVS result codes.
SOAP billingAddress element:
<billingAddress xmlns="http://payment.services.adyen.com">
<city xmlns="http://common.services.adyen.com">Burbank</city>
<street xmlns="http://common.services.adyen.com">South Buena Vista Street</street>
<houseNumberOrName xmlns="http://common.services.adyen.com">17</houseNumberOrName>
<postalCode xmlns="http://common.services.adyen.com">91521</postalCode>
<stateOrProvince xmlns="http://common.services.adyen.com">CA</stateOrProvince>
<country xmlns="http://common.services.adyen.com">US</country>
</billingAddress>
16 / 68
API Manual
REST billingAddress element:
paymentRequest.card.billingAddress.city=Burbank&paymentRequest.card.billingAddress.street=Sou
th+Buena+Vista+Street&paymentRequest.card.billingAddress.houseNumberOrName=17&paymentRequest.
card.billingAddress.postalCode=91521&paymentRequest.card.billingAddress.stateOrProvince=CA&pa
ymentRequest.card.billingAddress.country=US
Please note, when testing the AVS results it is important to ensure that you are using one of the AVS test card numbers
found here:
https://support.adyen.com/index.php?/Knowledgebase/Article/View/11/0
2.6.2.
Testing CVC/CVV Results
It is possible to test the 7 diferent CVC/CVV result codes. You will need to use one of the Adyen test cards that includes a
CVC and instead of inputting the CVC, enter the code you want to simulate.
Please refer to Appendix K for the complete list of CVC/CVV result codes.
SOAP card element:
<card xmlns="http://payment.services.adyen.com">
<cvc>004</cvc>
<expiryMonth>06</expiryMonth>
<expiryYear>2016</expiryYear>
<holderName>Adyen Test</holderName>
<number>4111111111111111</number>
</card>
REST card element:
&paymentRequest.card.cvc=004&paymentRequest.card.expiryMonth=06&paymentRequest.card.expiryYea
r=2016&paymentRequest.card.holderName=Test+Tester&paymentRequest.card.number=5555444433331111
Please note, when testing the CVC/CVV results it is important to ensure that you are using one of the test card numbers
that requires a CVC found here:
https://support.adyen.com/index.php?/Knowledgebase/Article/View/11/0
2.6.3.
Testing Error Codes
It is possible to test Refused transactions and their specifc Refusal reasons by placing the following text in the Card
Holder Name:
[Response code] : [The refusal reason raw String that is tested]
For example:
DECLINED : 05 : ISSUER_UNAVAILABLE
Other response codes that are available for testing are:
•
•
•
•
•
•
•
•
•
•
REFERRAL
ERROR
BLOCK_CARD
CARD_EXPIRED
DECLINED
INVALID_AMOUNT
INVALID_CARD
NOT_SUPPORTED
NOT_3D_AUTHENTICATED
NOT_ENOUGH_BALANCE
17 / 68
API Manual
•
APPROVED
Please note:
•
There is a limit in characters of the Card Holder Name. The result may be:
DECLINED : 05 : ISSUER_UNAVAIL
•
You may have to lower the risk score for non-alphabetic characters in the card holder name as the ':' character
will trigger this check and may cause the payment to be declined with reason code "FRAUD".
•
An incorrect CVC or invalid expiry date will override the response code and always lead to a generic
"DECLINE".
2.7. Card Verifcation/Dynamic Zero Value Auth
In order to verify a card's validity, you may submit an authorisation request with an amount value of 0, the currency
should match the eventual transaction currency. This will result in the Adyen system submitting a card verifcation call,
also referred to as a “Zero Value Auth”, to the Acquirer, the resultCode will return either Authorised or Refused.
Not all Acquirers support card verifcation, in the situation where your transactions are routed to an Acquirer that does
not support this feature, the Adyen system will automatically submit a EUR 1 authorisation followed by an automatic
cancel of the authorisation. For other currencies, the EUR 1 approximate equivalent value is used, for example, 1000
Korean Won (KRW) as 1 KRW is too low an amount to be authorised.
18 / 68
API Manual
2.8. Installments
Some Acquirers, most notably in South America, support installments whereby the shopper is not charged the full
payment amount in one charge, but is split at specifed intervals over a fxed period. Please contact the Adyen Support
Team (support@adyen.com) for more details about the Acquirers that support this functionality.
To support installments an additional object must be submitted in the authorise payment request:
•
installments
A container for the installment data.
◦
Value = <the number of installments>
The number of installments must be greater than zero.
There typically is a limit on the maximum number of installments, for example 24, but this is an Acquirer
specifc limit.
Please refer to Appendix J to review a payment request with the number of installments is set to 4.
Please note, Adyen provides a WSDL that contains the installments feld; you can fnd this in Appendix A.
2.9. Additional Payment Response Data
If required, extra response felds can be added to the SOAP response in the additionalData object; these are not enabled
by default. Please contact the Adyen Support Team (support@adyen.com) if you wish to enable this for your Merchant
Account.
•
authCode
The authorisation code if the payment was successful. Blank otherwise.
•
cvcResult
The CVC result of the payment; please refer to Appendix K for the list of possible values that my be returned.
•
avsResult
The AVS result of the payment; please refer to Appendix K for the list of possible values that my be returned.
•
referred
When the payment is referred the value of this feld will be true; otherwise the feld will not be available. Please
note, this is not typically returned for eCommerce transactions.
Where available, you may choose to receive the raw results that we receive from the Acquirer. This is an extra setting that
must be enabled for your Merchant Account by the Adyen Support Team (support@adyen.com). The setting will add the
following felds to the additionalData object of the SOAP response.
•
cvcResultRaw
The raw CVC result received from the Acquirer where available.
•
avsResultRaw
The raw AVS result received from the Acquirer where if available.
•
refusalReasonRaw
The raw refusal reason received from the Acquirer where available.
19 / 68
API Manual
3. Idempotency In The Adyen API
When interfacing with an API, dealing with failures and retries can be challenging. Adyen's API attempts to limit the impact
of such a problem:
•
Asynchronous server-to-server notifcations inform you of the result of a request to the API. This is particularly
useful in the eventuality that an authorisation response is missed, this may occur due to a timeout; please refer
to section 8 for information regarding notifcations.
•
Capture and refunds requests are validated against balances in the accounting system.
◦
It is not possible to capture more than the initial authorisation amount.
◦
By default the system does not allow you to refund more than the original captured amount, but this may
be enabled.
While this is usually sufcient to deal with most exceptions, you may also choose to use the Adyen API in idempotent
mode. Idempotency is an API feature where repeatedly submitting the same message to the API always produces the
same response message but the action requested by the message is only executed once. This allows your system to safely
retry an API call in the case of failure without worrying about the payment being duplicated.
3.1. Idempotency Implementation
To trigger idempotency, you simply need to set the relevant HTTP headers. Messages will be uniquely identifed using a
message key which is a combination of the Merchant Account and Merchant Reference. As such, you will need to ensure
that you are always using a unique Merchant Reference for each payment request. You must also provide a unique
Merchant Reference for each modifcation message (capture/refund/cancel).
A set of standard HTTP request/response headers will trigger the idempotent behaviour and report back the status.
Please refer to http://www.w3.org/Protocols/rfc2616/rfc2616.html for more details.
Idempotent behaviour is triggered using the Pragma directive.
Pragma= "Pragma" ":" 1#pragma-directive
pragma-directive
= "process-idempotent" | "process-idempotent-initial"
When to use "process-idempotent" or "process-idempotent-initial"?
•
"process-idempotent" can be used if your system requires a "Strict Consistency" model to ensure idempotency,
meaning that a “system unavailable” error response may be generated if the idempotency service is not fully
available at the time of processing the request.
•
If your system is issuing an initial payment request, not a retry, the directive "process-idempotent-initial" can be
used and the request will be processed as above. The diference is that, if the idempotency service is unavailable,
the request will still be processed. In this case the response will be added later to the idempotency store in an
"Eventual Consistency" model. To avoid double-processing, this mode should NOT be used when retrying a
request or if your system is unsure if the request is an initial request.
When idempotent behaviour is requested a message generation date header is mandatory.
Date = "Date" ":" HTTP-date
Retries of the original request are, by default, required to pass the same value in the date header. A mismatch between
the value of the date header and the message key will result in a validation error response from the API: “Message request
date does not match original request date”. Values are compared by parsing the value to a GMT timestamp value with
"second" precision.
20 / 68
API Manual
It is possible to bypass this check, by adding “idempotent-no-check-date” to the Pragma directive. Please note, the values in
the Pragma directive are comma-separated.
When processing a request idempotently, the response will contain a Last-Modifed header containing the date the
original response was generated.
Last-Modified = "Last-Modified" ":" HTTP-date
Please note, HTTP-date is required as part of the HTTP standard and should conform to the RFC 1123 format; this difers
from the ISO date format (ISO 8601) that Adyen uses in the APIs.
3.2. Retrying transactions and Idempotency
There may be some scenarios in which you may want to retry a transaction.
3.2.1.
Refused Transactions
If, for example, a transaction is Refused and you want to ofer the customer the ability to enter new payment details, you
would send a new merchantReference, which may be as simple as applying a sufx, such as 12345-2. To avoid any issues
with (mis)identifying duplicates, the Adyen platform does not perform a full message analysis, it only checks the key, and
optionally the date header. We consider a resultCode of Authorised/Refused to be a valid fnal response. With
idempotency re-sending the same key will reproduce this fnal message.
3.2.2.
Transient Errors
If a request fails due to a timeout or a communication error, and we have the expectation that a retry is likely to succeed,
we will mark the response as a transient error. A transient error response will have the Pragma directive set with value
“transient-error”. Transactions marked as transient errors are not considered to be in a fnal state and, if resubmitted, will
be reprocessed. When reprocessing, we will return a new response, which may again be a transient error.
Pragma= "Pragma" ":" 1#pragma-directive
pragma-directive
= "transient-error"
21 / 68
API Manual
4. One-Click Payments
One-Click Payments can be used to allow repeat/known shoppers to pay without re-entering their payment details. The
shopper can be given the opportunity to store their payment details when they frst pay and is able to use these details
for subsequent requests. For One-Click Payments the shopper will have to enter their credit card's CVC. Currently OneClick payments only work for Card payments.
Please refer to the Adyen Recurring Manual for more details regarding managing and submitting Recurring payments.
4.1. The Initial Payment
The initial payment , or subsequent payments with diferent details, are processed as normal payment requests as
described in section 2. The only diference is the addition of the Recurring object to the payment request, and that the
shopperReference and shopperEmail felds are required.
The Recurring object contains the following felds:
•
contract
This should be set to ONECLICK.
•
recurringDetailName (optional)
A short description entered by the shopper to identify their payment details. For example, “My wife's
MasterCard”.
If the payment is successful the details are stored.
4.2. Submitting A One-Click Payment
When submitting a payment using a payment detail returned from listRecurringDetails, you generate a normal payment
request which follows the same rules as the initial payment, meaning that the shopperReference and shopperEmail are
required and that a Recurring object should be present and contain the value ONECLICK for the contract feld. However, the
recurringDetailName should not be supplied.
One additional feld is added to the payment request:
•
selectedRecurringDetailReference
This is the recurringDetailReference you want to use for this payment, the customer will need to provide the CVC
for the selected card and so the value LATEST cannot be used.
In the case of a card payment you should supply a card object in the payment request with only the cvc feld and value
populated.
22 / 68
API Manual
5. Card Deposit (CFT)
Card Deposit, also referred to as Card Funds Transfer (CFT), allows you to transfer funds directly onto a credit card. There
are two methods to do this:
1.
Refund an existing transaction for an amount exceeding the original transaction amount. This does not require
you to know the card details, only a reference to the existing transaction.
2.
Directly deposit funds on a card without an existing transaction. This requires you to submit the card details and
is much like the process for submitting a direct payment.
Both methods are disabled by default. Please contact the Adyen Support Team (support@adyen.com) if you would like to
submit card deposits.
5.1. Card Deposit Using An Existing Transaction
To deposit an amount using an existing transaction send a FundTransferRequest using the fundTransfer action containing
the following felds:
•
merchantAccount
The merchant account the original payment was processed with.
•
modifcationAmount
The amount to deposit. This consists of a currencyCode and a paymentAmount4. The currencyCode must match the
currency used in the original payment.
•
originalReference
This is the pspReference that was assigned to the original payment. It is received with the payment status or with
the authorisation notifcation.
•
reference
Your reference for this payment. This reference will be used in all communication to you regarding the status of
the payment. We recommend using a unique value per payment but this is not a requirement.
•
shopperEmail (optional)
The shopper's email address.
If the message is syntactically valid and the merchantAccount is correct, you will receive a response with the following
felds:
•
pspReference
A new unique reference Adyen has assigned to identify this deposit. This is guaranteed to be globally unique and
should be used when communicating with us about this payment.
•
response
If successful, this value returned will be [fundtransfer-received], if unsuccessful an informational message will be
returned.
Please note, that [fundtransfer-received] does not mean that the card deposit was successful, it means that Adyen has
successfully received the message. The actual transfer is executed ofine and the fnal result communicated using a
notifcation, please see Section 5.3 for details.
5.2. Directly Depositing Funds On A Card
The process to directly deposit funds on to a card, without reference to an existing transaction, is similar to submitting a
payment to the API, please refer to section 2. The request is exactly the same as for a payment request but the request is
submitted to the refundWithData method rather than the authorise method.
4
Please refer to “Explanation of the Session Fields” section in the Adyen Merchant Integration Manual.
23 / 68
API Manual
5.3. CFT Notifcations
Notifcations for card deposits, using both methods, are the same as for payments but the eventCode is
REFUND_WITH_DATA, please refer to the Notifcations section in the Adyen Merchant Integration Manual for more
information. As with regular payments you should check the success parameter to determine if the deposit succeeded.
24 / 68
API Manual
6. Direct Debit Payments
The European Payments Council (EPC) has mandated that as of 1st February 2014, all merchants that are currently
processing, or planning to process, ELV or Incasso payments, must have implemented SEPA Direct Debits (DD).
6.1. US ACH Payments
ACH (Automated Clearing House) payments are a form of Electronic Direct Debit used in the United States.
The payment request is similar to a credit card request but rather than supplying a card you supply a bankAccount
container with the following felds:
•
bankAccountNumber
The US shopper's bank account number, this is a numeric feld.
•
bankLocationId
The shopper's bank transit routing number, a nine digit number – leading zeroes should not be stripped out.
•
bankAccountType
The value 'C' for a checking account or 'S' for a savings account.
•
ownerName
The bank account holder name.
•
countryCode
The value 'US'.
For ACH payments shopperReference and shopperIP are required felds.
6.1.1.
ACH Transaction Types
The ACH transaction types WEB and TEL are supported:
•
WEB - Internet-Initiated Transactions
WEB is used when a merchant is authorised by the consumer, via the Internet, to create an ACHP debit. The WEB
code applies to both single-entry and recurring payments. WEB transactions must be drawn on a consumer
account and are payable in U.S. currency.
•
TEL – Telephone-Initiated Transactions
TEL may only be used when a consumer initiates contact with the merchant or there is a previously existing
relationship between the merchant and the consumer, this is defned as the consumer having made a purchase
from the merchant within the past two years.
A transaction's Shopper Interaction will determine how the transaction will be processed; this is confgured at the Merchant
Account level or using an override per transaction. eCommerce transactions will be processed as WEB, ContAuth will
cause the transaction to be processed as WEB recurring and MOTO transactions will be processed as TEL.
Please refer to Appendix L for a sample SOAP & REST ACH Payment request.
6.1.2.
ACH Response
The response for ACH payments is similar to card payments, however an authorisation code is not generated or returned.
6.1.3.
ACH Chargebacks
ACH payments may be reversed by the account holder after settlement, which will result in a payment status of
Chargeback. The process is comparable with a Credit Card chargeback but without the ability to defend against the
dispute.
25 / 68
API Manual
6.2. SEPA Direct Debits
The Single Euro Payments Area (SEPA) is an EU payment-integration initiative for the simplifcation of bank transfers
denominated in EUR. The European Payments Council (EPC) has mandated that as of 1st August 2014, all merchants
that are currently processing ELV or Incasso (Dutch Direct Debit) payments, must have implemented SEPA Direct Debits
(SDD). Please refer to the SEPA Migration Manual for more details on migrating ELV or Incasso payments to SDD:
https://support.adyen.com/index.php?/Knowledgebase/Article/View/2112/101/sepa-migration-manual
Please note, there is still some ongoing development and as a result this document is subject to change.
6.2.1.
One-of SDD Payment Requests
The payment request will include the bankAccount container that contains the following elements:
•
iban
The IBAN.
•
bic
The unique identifcation code for both fnancial and non-fnancial institutions.
•
ownerName (optional)
The name of the account holder.
In addition to the bankaccount container, you must also include:
•
selectedBrand
The value should be “sepadirectdebit”.
Please refer to Appendix M for an example of a sepadirectdebit one-of API payment request.
6.2.2.
Recurring SDD Payment Requests
The only change to the payment request is that you must include the selectedBrand element.
Please refer to Appendix N for an example of a sepadirectdebit recurring API payment request.
26 / 68
API Manual
6.2.3.
SDD Notifcations
Pending Notifcation
The Pending notifcation is not enabled by default. Once enabled, the notifcation is sent out at the moment the payment
is created. Please contact Adyen support (support@adyen.com) if you want to receive this additional notifcation.
<com.adyen.services.notification.NotificationRequestItem>
<pspReference>9913856361050084</pspReference>
<merchantReference>Test Payment Reference</merchantReference>
<merchantAccountCode>SupportAdyenTest</merchantAccountCode>
<eventDate>2013-11-28 11:55:05.934 CET</eventDate>
<eventCode>PENDING</eventCode>
<amount>
<value>1500</value>
<currency>EUR</currency>
</amount>
<success>true</success>
<paymentMethod>sepadirectdebit</paymentMethod>
<additionalData>
<entry>
<string>sepadirectdebit.dateOfSignature</string>
<string>2013-11-28</string>
</entry>
<entry>
<string>sepadirectdebit.sequenceType</string>
<string>First</string>
</entry>
<entry>
<string>sepadirectdebit.mandateID</string>
<string>9913856361050084</string>
</entry>
</additionalData>
<com.adyen.services.notification.NotificationRequestItem>
Authorisation Notifcation
<com.adyen.services.notification.NotificationRequestItem>
<pspReference>9913856361050084</pspReference>
<merchantReference>Test Payment Reference</merchantReference>
<merchantAccountCode>SupportAdyenTest</merchantAccountCode>
<eventDate>2013-11-28 11:55:05.934 CET</eventDate>
<eventCode>AUTHORISATION</eventCode>
<amount>
<value>1500</value>
<currency>EUR</currency>
</amount>
<success>true</success>
<reason/>
<paymentMethod>sepadirectdebit</paymentMethod>
<com.adyen.services.notification.NotificationRequestItem>
27 / 68
API Manual
Extended Authorisation Notifcation
The extended notifcation is not enabled by default. Please contact Adyen support (support@adyen.com) if you want to
receive the extended notifcation.
<com.adyen.services.notification.NotificationRequestItem>
<pspReference>9913856361050084</pspReference>
<merchantReference>Test Payment Reference</merchantReference>
<merchantAccountCode>SupportAdyenTest</merchantAccountCode>
<eventDate>2013-11-28 11:55:05.934 CET</eventDate>
<eventCode>AUTHORISATION</eventCode>
<amount>
<value>1500</value>
<currency>EUR</currency>
</amount>
<success>true</success>
<reason/>
<paymentMethod>sepadirectdebit</paymentMethod>
<additionalData>
<entry>
<string>sepadirectdebit.dateOfSignature</string>
<string>2013-11-28</string>
</entry>
<entry>
<string>sepadirectdebit.sequenceType</string>
<string>First</string>
</entry>
<entry>
<string>sepadirectdebit.mandateID</string>
<string>9913856361050084</string>
</entry>
</additionalData>
<com.adyen.services.notification.NotificationRequestItem>
6.2.4.
SDD Settlement Timeline
Prior to initiating the DD, you will need to inform the customer that the payment is due.
Core
Event:
SDD First
SDD Recurring
Pre-notifcation
(T-14) T-5
(T-14) T-2
Submit SDD instructions (Moment of payment
request)
T-5
T-2
Latest moment to revoke (cancel) SDD
T-1
T-1
SDD instruction processed by bank
T
T
Reconciliation by Adyen PSP
T+1
T+1
28 / 68
API Manual
Core 1
Core 1 is automatically used in Germany, Spain and Austria.
Event:
SDD
SDD Recurring
Pre-notifcation
(T-14) T-1
(T-14) T-2
Submit SDD instructions
T-1
T-2
Latest moment to revoke (cancel) SDD
N/A
T-1
SDD instruction processed by bank
T
T
Reconciliation by Adyen PSP
T+1
T+1
6.2.5.
SDD Chargebacks
The chargeback process is standardised for all SEPA DD variants. The SEPA DD schemes ensure more protection and
refund rights for consumers:
•
The shopper can have the authorised SEPA DD payment returned within 8 weeks.
•
The shopper has 13 months to report incorrect unauthorised SEPA DD with their bank and request a reversal, as
the debit was not authorised or the mandate was expired or had been cancelled.
Both scenarios result in a payment status of Chargeback. The process is comparable with a Credit Card chargeback but
without the possibility to defend against the dispute.
6.3. ELV Payments – deprecated 1 st August 2014
ELV (Elektronisches Lastschriftverfahren) payments are a form of Electronic Direct Debit which are very popular in
Germany.
The payment request is the same as for a credit card request but rather than supplying a card container you supply an elv
container with the following felds:
•
bankLocation
The city in which the bank (branch) is located.
•
bankName
The name of the bank.
•
bankLocationId
The location ID (Bankleitzahl) of the bank.
•
accountHolderName
The name of the account holder.
•
bankAccountNumber
The account number (Kontonummer).
A sample ELV element is shown below:
<elv xmlns="http://payment.services.adyen.com">
<accountHolderName>S. Hopper</accountHolderName>
<bankAccountNumber>1611613</bankAccountNumber>
<bankLocation>Hamburg</bankLocation>
<bankLocationId>20010020</bankLocationId>
<bankName>Postbank Hamburg</bankName>
</elv>
29 / 68
API Manual
6.4. Dutch Incasso Payments – deprecated 1 st August 2014
Dutch Incasso payments are a form of Electronic Direct Debit used in the Netherlands.
The request is similar to a credit card request but rather than supplying a card object you supply a bankAccount object
with the following felds:
•
bankAccountNumber
A numeric feld for the Dutch bank account number which is either a 9-digit account number that complies with
the Dutch elfproef5 or a Postbank number (see below).
•
ownerName
The bank account holder name.
•
bankName
The feld is set to 'ING' for ING (or former Postbank) accounts, for non-ING accounts the feld is optional but we
recommend that it is provided.
•
countryCode
The value 'NL'.
Please note, Direct Debit payments were formerly submitted to the directdebit action rather than the authorise action.
The directdebit action is deprecated as of January 1 2011, but will be maintained until further notice for backward
compatibility.
Please refer to Appendix O for a sample SOAP Incasso Payment request.
6.4.1.
Incasso Response
For every transaction submitted you will receive an authoriseResponse, for all transactions that are successfully submitted,
Adyen will return a value of Received in the resultCode feld; this is not an indication that the transaction was successful,
just that Adyen has received the request.
For bank account numbers that are invalid, blacklisted or otherwise not acceptable, there are two possible responses:
•
In the case of an invalid bank account number or an invalid message, a SOAP exception will be returned.
•
A resultCode of Refused in the situation where a fraud check was triggered, the response will contain the refusal
reason FRAUD.
If the account number is accepted and the resultCode is Received the transaction will be submitted, by Adyen, to the
banking network in the next Incasso batch, the cutof time for inclusion in the batch is 12pm CET. It is not possible to
schedule Incasso payments for later processing.
When the batch is submitted to the banking network every transaction can end up in one of two statuses:
•
Authorised immediately followed by SentForSettle, followed by Settled: The transaction is accepted, the money has
been received by Adyen, and will be settled to the merchant.
•
Refused: The transaction has been refused by the banking network.
6.4.2.
Incasso Chargebacks
Incasso payments can be reversed by the account holder up to 30 days after settlement, which will result in a payment
status of Chargeback. The process is comparable with a Credit Card chargeback but without the ability to defend against
the dispute.
5
Please refer to the following site for more details: http://nl.wikipedia.org/wiki/Elfproef
30 / 68
API Manual
6.4.3.
Incasso Statement Text
The consumer's statement will contain Adyen's bank account number and the name ADYEN. The actual account holder is
the Adyen Client Management Foundation. Two further lines of information will be printed:
•
PspReference: 16 characters (Payment Reference).
•
Shopper Statement: 32 characters (Fixed or supplied as shopperStatement).
Here is an example of an Incasso statement line that a consumer would see:
1323.94.782
1415362362372721
UW ORDER 122345677889
ADYEN
Please ensure that your customers are informed that they can expect to see Adyen displayed on their statements.
6.4.4.
Incasso Legal Requirements
For Incasso payments you need a signed mandate from the bank account holder, this is true for both one-of and
recurring Incasso payments.
31 / 68
API Manual
7. Boleto Bancário
Boleto Bancário, often simply referred to as Boleto, is an ofine payment method used in Brazil . The consumer will take
the Boleto form to an ATM, bank, an approved facility, or access their online banking system to complete the payment.
Once the Boleto is paid, the bank will send Adyen a fle confrming that the payment was made, this usually takes one day,
but it may occur up to 6 days after the payment. If a Boleto is not paid, the transaction will expire once the expirationDate
is reached.
The payment request will contain the data that is displayed on the Boleto. The billingAddress, deliveryDate and
shopperStatement felds are optional but may be used to customise the Boleto form:
•
deliveryDate (optional)
This is the date by which the consumer must submit their payment; there aren't any time restrictions on the date
inserted, however, if you do not populate this feld the Adyen system will insert a date 5 days from the creation
date.
•
shopperStatement (optional)
In this context the feld can be used to provide the consumer with customised instructions for submitting their
payment; if you do not provide this feld, the default text will be displayed:
Não receber após o vencimento.
Não aceitar o pagamento com cheque.
This translates to:
Do not accept payment after the due date.
Do not accept payment by cheque.
If you would like to add a line break in the shopper statement, you must use the following code:
SOAP:
"&#xA;”
REST:
"%0A"
•
socialSecurityNumber (mandatory)
The consumer will need to provide their Cadastro de Pessoas Físicas (CPF) number.
•
frstName and lastName (mandatory)
Shopper's full name.
Please refer to Appendix P and Appendix Q for examples of SOAP and REST Boleto requests and responses.
When submitting a Boleto payment, the Adyen system will return a URL to you in the feld boletobancario.url. You may use
this to download the PDF of the Boleto or redirect the consumer to it. This will render the Boleto form that the shopper
must use to complete their payment at an ATM, bank or approved facility. The PDF may be accessed until the
expirationDate, this is the deliveryDate + 15 days, at this time the transaction will expire in the Adyen system.
Please refer to Appendix R for sample Boleto forms.
7.1. Boleto Notifcations
Adyen will send a PENDING notifcation once the Boleto transaction is created in the Adyen system. We will return the
additionalData.acquirerReference, in the notifcation, you may want to store this data as it is the Boleto's "Nosso Numero"
or ID at the bank.
Adyen will send an AUTHORISATION notifcation once we have received confrmation from the bank that the Boleto has
been paid.
32 / 68
API Manual
33 / 68
API Manual
7.2. Important Information Regarding Storage Of The
Boleto PDF
The Boleto contains sensitive information, namely the consumer's address and CPF; the Adyen URL is not available via a
direct link but if you do decide to download the PDF and make it available on your systems, it is important to ensure that
it is only available from a secure location, this is the recommended approach. If, however, you do intend to store the fles
in a publicly available area, we suggest ensuring that the content is not indexed, you may use the following command in
the HTTP header where the fle is being served: X-Robots-Tag:noindex. This will prevent the PDF fle from being accessed by
search engines and will not appear in search results pages.
34 / 68
API Manual
8. Notifcations
Whenever a payment is made, a modifcation is processed or when a report is available for download, we will notify you
of the event and whether or not it was performed successfully. Notifcations should be used to keep your backofce
systems up to date with the status of each payment and modifcation.
Notifcations are sent using either a SOAP call or using HTTP POST parameters to a server, that you host, that will receive
and accept the notifcations. We provide code examples in common programming languages for this, please refer to the
link in the Introduction. Your system should be able to handle requests/responses which contain additional felds and
duplicate notifcations for the same transaction.
Due to the nature of the Adyen platform, an AUTHORISATION notifcation may be sent twice. The front end systems (HPP)
will attempt to send the notifcation as soon as the payment is made. However our front-end systems do not register if
this notifcation is received successfully by your servers. This is done on a central application and hardware instance
which updates the accounting journal entries for each transaction. This system not only sends at least one notifcation, it
also records whether or not it was successfully received, this is determined by your server responding to the notifcation
with a message indicating that the notifcation has been [accepted]. Please refer to section 8.2 for more details regarding
accepting notifcations.
Notifcations will be resent if their delivery has failed or if the delivery is uncertain. This at-least-once delivery rule implies
that you may receive the same notifcation twice. A duplicate notifcation is one where the eventCode and pspReference
felds are the same (see below). If a duplicate is received with the success feld set to true it overrules the previous
notifcation. In all other cases you do not need to act on duplicate notifcations.
Notifcation settings are confgured in the Adyen CA. You can set the method (HTTP POST/SOAP), URL to submit to, and
user name/password for HTTP Basic authentication. Default HTTP (TCP port 80) and HTTPS (TCP port 443) are allowed, as
well as extra TCP ports 8080, 8888 (for HTTP) and 8443, 8843 (for HTTPS) if needed.
8.1. Notifcation Message Fields
A notifcation contains the following felds for each transaction that it references:
•
live
boolean (true/false) indicating if the notifcation originated from the LIVE or TEST payment systems.
•
eventCode
The event type of the notifcation. Values include:
Normal Payment Events
◦ AUTHORISATION.
Modifcation Payment Events
◦ CANCELLATION.
◦
REFUND.
◦
CANCEL_OR_REFUND.
◦
CAPTURE.
◦
REFUNDED_REVERSED.
Please note that the success feld in a REFUNDED_REVERSED notifcation will always be set to false.
◦
CAPTURE_FAILED.
◦
REFUND_FAILED.
Dispute Events
◦ REQUEST_FOR_INFORMATION.
◦
35 / 68
API Manual
NOTIFICATION_OF_CHARGEBACK.
◦
ADVICE_OF_DEBIT.
◦
CHARGEBACK.
◦
CHARGEBACK_REVERSED.
For more information about Disputes please refer to the Merchant Manual.
Please note that the success feld in a CHARGEBACK_REVERSED notifcation will always be set to true.
Other Events
◦ REPORT_AVAILABLE.
For more information please refer to the Adyen Reporting Manual.
For specialised applications, such as recurring payments, other values are possible. Please note, Adyen may add new
codes at any time and, as such, your listening service should not be coded to expect a fxed set of values.
•
pspReference
The unique reference that Adyen assigned to the payment or modifcation.
•
originalReference
If this is a notifcation for a modifcation request this will be the pspReference that was originally assigned to the
authorisation, for a payment it will be blank.
•
merchantReference
This is the reference you assigned to the original payment.
•
merchantAccountCode
The merchant Account the payment or modifcation was processed with.
•
eventDate
The time the event was generated.
•
success
Whether or not the event succeeded (boolean true/false).
•
paymentMethod
The payment method used, this is only populated for an AUTHORISATION. e.g. visa, mc, ideal, elv, wallie, etc.
•
operations
This feld displays the modifcation operations supported by this payment as a list of strings, this is only
populated for AUTHORISATION notifcations. The operations will inform you whether you need to capture the
payment (if you don't have auto-capture set up), whether you can cancel the payment (before capture) or if you
can refund the payment (after it has been captured). Values include:
◦
CAPTURE.
◦
REFUND.
◦
CANCEL.
For HTTP POST notifcations, the operations are sent as a single comma-separated string.
•
reason
Text feld with information depending on whether the result is successful or not. For AUTHORISATION events with
the success feld set to true and a payment method of visa, mc or amex this feld contains the authorisation
code, the last 4 digits of the card, and the expiry date in the following format:
6 digit Authorisation Code:Last 4 digits:Expiry Date. For example, 874574:1935:11/2012.
When the success feld is set to false it gives a reason as to why it was refused. For REPORT_AVAILABLE it contains
the URL where the report can be downloaded from.
•
amount
The amount, if applicable, associated with the payment or modifcation. This consists of a currencyCode and a
value which is the amount in minor units. For HTTP POST notifcations, you will receive the currency and value as
parameters.
36 / 68
API Manual
For SOAP notifcations a notifcation message is a container for an array of notifcation items, meaning that you may
receive multiple notifcations within a single message. Please refer to Appendix S for a sample SOAP notifcation and
response. Please refer to Appendix T for a sample REST notifcation and response.
Please note that the eventCode AUTHORISATION does not necessarily mean that the authorisation is successful. The
authorisation is successful if the success feld has the value true. In case of an error or a refusal, it will be false and the
reason feld should be consulted for the cause of the authorisation failure.
8.2. Accepting Notifcations
The Adyen notifcation system requires a response within 30 seconds of receipt of the notifcation, the server is expecting
a response of [accepted], including the brackets. When our systems receive this response all notifcations contained in the
message are marked as successfully sent. It is important that Adyen receives the [accepted] message within 30 seconds
and that this process is not interrupted by any errors in processing the notifcation. As such, we recommend that the
acceptance of notifcations is handled separately from the processing of the notifcations, and that an [accepted]
response is generated when a notifcation has been stored. Please refer to Appendix S for a SOAP notifcation and
response. Please refer to Appendix T for a sample REST notifcation and response.
The URL to send the SOAP notifcation messages to and the authentication are confgurable in the Adyen CA. There is also
a testing facility that you can use to verify that your server is able to correctly receive the notifcations coming from the
Adyen systems.
Please note that if you receive a notifcation which you cannot handle, either because the original transaction is not
recognised or because the eventCode is unknown, you should accept the message and store, or at least log, the item. Not
accepting the message may cause our system to halt sending notifcations.
37 / 68
API Manual
9. API Fault Codes
In the following situations the Adyen platform does not accept or store a submitted request:
•
If the request does not pass validation.
•
If the request violates a security constraint.
•
If the request confguration constraint.
Instead you will receive a SOAP Fault which will contain a description of the problem. Generally this will be handled as an
Exception in your SOAP toolkit. Payment requests which are rejected with a SOAP Fault will not be charged.
If the modifcation was rejected a faultstring is returned that adheres to the following syntax:
<faultstring> ::= <type> ' ' <message>
<type> ::= 'validation' | 'security' | 'confguration' | 'internal'
<message> ::= unicode
SOAP Example:
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>validation 101 Invalid card number</faultstring>
</soap:Fault>
</soap:Body>
</soap:Envelope>
REST Example:
HTTP/1.1 500 Internal Server Error
security 901 Invalid Merchant Account
The way to check the description this is to read the faultstring. If the payment was rejected by our platform the fault string
will start with one of validation, security, or confguration followed by a code and it's descriptive message.
Please refer to Appendix U for a list of the error codes and messages.
38 / 68
API Manual
Appendix A: TEST and LIVE URLs
TEST URLs
SOAP
REST
Payment Service
https://pal-test.adyen.com/pal/servlet/soap/Payment
Payment Service WSDL
https://pal-test.adyen.com/pal/Payment.wsdl
Payment Service WSDL with
Installments
https://pal-test.adyen.com/pal/servlet/Payment/v4?wsdl
HTTP Adapter (Browser)
https://pal-test.adyen.com/pal/adapter/httppost?Payment
Authorisation
https://pal-test.adyen.com/pal/adapter/httppost?Payment.authorise
Test Capture
https://pal-test.adyen.com/pal/adapter/httppost?Payment.capture
Test Refund
https://pal-test.adyen.com/pal/adapter/httppost?Payment.refund
Test Cancel
https://pal-test.adyen.com/pal/adapter/httppost?Payment.cancel
LIVE URLs
SOAP
REST
39 / 68
API Manual
Payment Service
https://pal-live.adyen.com/pal/servlet/soap/Payment
Payment Service WSDL
https://pal-live.adyen.com/pal/Payment.wsdl
Payment Service WSDL with
Installments
https://pal-live.adyen.com/pal/servlet/Payment/v4?wsdl
HTTP Adapter (Browser)
https://pal-live.adyen.com/pal/adapter/httppost?Payment
Authorisation
https://pal-live.adyen.com/pal/adapter/httppost?Payment.authorise
Test Capture
https://pal-live.adyen.com/pal/adapter/httppost?Payment.capture
Test Refund
https://pal-live.adyen.com/pal/adapter/httppost?Payment.refund
Test Cancel
https://pal-live.adyen.com/pal/adapter/httppost?Payment.cancel
Appendix B: SOAP API Payment Request and Response
SOAP Payment Request
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:authorise xmlns:ns1="http://payment.services.adyen.com">
<ns1:paymentRequest>
<amount xmlns="http://payment.services.adyen.com">
<currency xmlns="http://common.services.adyen.com">EUR</currency>
<value xmlns="http://common.services.adyen.com">2000</value>
</amount>
<card xmlns="http://payment.services.adyen.com">
<cvc>737</cvc>
<expiryMonth>06</expiryMonth>
<expiryYear>2016</expiryYear>
<holderName>Adyen Test</holderName>
<number>4111111111111111</number>
</card>
<merchantAccount
xmlns="http://payment.services.adyen.com">SupportAdyenTest</merchantAccount>
<reference xmlns="http://payment.services.adyen.com">Your Reference Here</reference>
<shopperEmail xmlns="http://payment.services.adyen.com">s.hopper@test.com</shopperEmail>
<shopperIP xmlns="http://payment.services.adyen.com">61.294.12.12</shopperIP>
<shopperReference xmlns="http://payment.services.adyen.com">Simon
Hopper</shopperReference>
</ns1:paymentRequest>
</ns1:authorise>
</soap:Body>
</soap:Envelope>
SOAP Payment Response
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:authoriseResponse xmlns:ns1="http://payment.services.adyen.com">
<ns1:paymentResult>
<authCode xmlns="http://payment.services.adyen.com">64158</authCode>
<dccAmount xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<dccSignature xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<fraudResult xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<issuerUrl xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<md xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<paRequest xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<pspReference xmlns="http://payment.services.adyen.com">8313547924770610</pspReference>
<refusalReason xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<resultCode xmlns="http://payment.services.adyen.com">Authorised</resultCode>
</ns1:paymentResult>
</ns1:authoriseResponse>
</soap:Body>
</soap:Envelope>
40 / 68
API Manual
Appendix C: REST API Payment Request and Response
REST Payment Request
action=Payment.authorise
&paymentRequest.merchantAccount=SupportAdyenTest&paymentRequest.amount.value=1234&action=Payment.a
uthorise&paymentRequest.card.expiryYear=2016&paymentRequest.amount.currency=EUR&paymentRequest.car
d.cvc=737&paymentRequest.card.number=5555444433331111&paymentRequest.card.holderName=Test
%2BTester&paymentRequest.card.expiryMonth=06&paymentRequest.reference=testReference1234
REST Payment Response
paymentResult.pspReference=8513939253477759&paymentResult.authCode=9693&paymentResult.resultCode=A
uthorised
41 / 68
API Manual
Appendix D: CSE Source Libraries Used
RSA and ECC in JavaScript
The jsbn library is a fast, portable implementation of large number math in pure JavaScript, enabling public-key crypto
and other applications on desktop and mobile browsers.
http://www-cs-students.stanford.edu/~tjw/jsbn/
Stanford Javascript Crypto Library (AES)
The Stanford Javascript Crypto Library is a project by the Stanford Computer Security Lab to build a secure, powerful, fast,
small, easy-to-use, cross-browser library for cryptography in Javascript.
http://crypto.stanford.edu/sjcl/ .
42 / 68
API Manual
Appendix E: CSE Sample Encrypted Form
<!DOCTYPE html>
<html lang="en">
<head>
<title>Example Payment Form</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<form method="POST" action="#handler" id="adyen-encrypted-form">
<fieldset>
<legend>Card Details</legend>
<div class="field">
<label for="adyen-encrypted-form-number">Card Number
<input type="text" id="adyen-encrypted-form-number" value="5555444433331111" size="20"
autocomplete="off" data-encrypted-name="number" />
</label>
</div>
<div class="field">
<label for="adyen-encrypted-form-holder-name">Card Holder Name
<input type="text" id="adyen-encrypted-form-holder-name" value="John Doe" size="20"
autocomplete="off" data-encrypted-name="holderName" />
</label>
</div>
<div class="field">
<label for="adyen-encrypted-form-cvc">CVC
<input type="text" id="adyen-encrypted-form-cvc" value="737" size="4" autocomplete="off"
data-encrypted-name="cvc" />
</label>
</div>
<div class="field">
<label for="adyen-encrypted-form-expiry-month">Expiration Month (MM)
<input type="text" value="06" id="adyen-encrypted-form-expiry-month" size="2"
autocomplete="off" data-encrypted-name="expiryMonth" /> /
</label>
<label for="adyen-encrypted-form-expiry-year">Expiration Year (YYYY)
<input type="text" value="2016" id="adyen-encrypted-form-expiry-year" size="4"
autocomplete="off" data-encrypted-name="expiryYear" />
</label>
</div>
<div class="field">
<input type="hidden" id="adyen-encrypted-form-expiry-generationtime" value="generate-thisserver-side" data-encrypted-name="generationtime" />
<input type="submit" value="Submit" />
</div>
</fieldset>
</form>
<!-- How to use the Adyen encryption client-side JS library →
<script src="../js/adyen.encrypt.min.js"></script>
<script>
// generate time client side for testing... Don't deploy on a real integration!!!
document.getElementById('adyen-encrypted-form-expiry-generationtime').value = new
Date().toISOString();
+
+
+
+
+
+
+
// the form element to encrypt
var form
= document.getElementById('adyen-encrypted-form');
// the public key – Replace as explained in section 2.3.3
var key
= "10001|80C7821C961865FB4AD23F172E220F819A5CC7B9956BC3458E2788"
"F9D725B07536E297B89243081916AAF29E26B7624453FC84CB10FC7DF386"
"31B3FA0C2C01765D884B0DA90145FCE217335BCDCE4771E30E6E5630E797"
"EE289D3A712F93C676994D2746CBCD0BEDD6D29618AF45FA6230C1D41FE1"
"DB0193B8FA6613F1BD145EA339DAC449603096A40DC4BF8FACD84A5D2CA5"
"ECFC59B90B928F31715A7034E7B674E221F1EB1D696CC8B734DF7DE2E309"
"E6E8CF94156686558522629E8AF59620CBDE58327E9D84F29965E4CD0FAF"
"A38C632B244287EA1F7F70DAA445D81C216D3286B09205F6650262CAB415"
43 / 68
API Manual
+ "5F024B3294A933F4DC514DE0B5686F6C2A6A2D";
var options = {};
// the form will be encrypted before it is submitted
adyen.encrypt.createEncryptedForm( form, key, options);
</script>
</body>
</html>
44 / 68
API Manual
Appendix F: Integration Example – CSE
A full integration example along with the javascript library can be found here:
https://github.com/adyenpayments/client-side-encryption/tree/master/html-js
Identify your form with an “id” attribute
<form method="POST" action="posthandler.action" id="adyen-encrypted-form">
Input felds for the card data should not have a “name” attribute
<input type="text" value="" size="20" autocomplete="off" data-encrypted-name="number">
Add a hidden generationtime feld with the current time on server
The format of this should be in the ISO 8601 standard format for XML as YYYY-MM-DDTHH:mm:ss.sssZ. For example,
2013-04-26T14:02:30.668Z.
It is important to not rely on the client's time, especially in the LIVE environment, which may be incorrect as the encrypted
data is only usable within a 24 hour period of this time.
<input type="hidden" value=”GENERATE_ON_SERVER” id="generationtime"
name=”generationtime”>
data-encrypted-
The JavaScript
Include the JavaScript:
<script src="js/adyen.encrypt.min.js"></script>
var form
var key
= document.getElementById('adyen-encrypted-form'); // the form element to encrypt
= "10001|80C7821C961865FB4AD23F172E220F819A5CC7B9956BC3458E2788"
…
+ "5F024B3294A933F4DC514DE0B5686F6C2A6A2D";
// the public key
adyen.encrypt.createEncryptedForm( form, key ); // the form will be encrypted before it is
submitted
Adjusting the default form post behaviour (e.g. A JAX)
You can change the behaviour of the library by adding options to the “createEncryptedForm()”:
For example, change the name of the encrypted data, the default is “adyen-encrypted-data” and submit the form using
A JAX rather than the default:
var name
= 'fieldnameofyourchoosing';
adyen.encrypt.createEncryptedForm( form, key {
name : name,
onsubmit : function(e) {
… Your AJAX Code Here …
e.preventDefault();
}
});
45 / 68
API Manual
Appendix G: Integration Example – Server Side (SOAP)
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:authorise xmlns:ns1="http://payment.services.adyen.com">
<ns1:paymentRequest>
<additionalData xmlns="http://payment.services.adyen.com">
<entry xmlns="http://payment.services.adyen.com">
<key xmlns="http://payment.services.adyen.com"
xsi:type="xsd:string">card.encrypted.json</key>
<value xmlns="http://payment.services.adyen.com" xsi:type="xsd:string">Your generated
key string from the JavaScript encryption...
adyenjs_0_1_1$eGcJxidHkg5LYQ...6LUio9RipqyTBu11MJIC+rlMYxituYCT7A9yDeF2Rlv2I56KOAap66tTm2uZkto4PKR
W4YCA8dZYQ==</value>
</entry>
</additionalData>
<amount xmlns="http://payment.services.adyen.com">
<currency xmlns="http://common.services.adyen.com">EUR</currency>
<value xmlns="http://common.services.adyen.com">2000</value>
</amount>
<merchantAccount
xmlns="http://payment.services.adyen.com">SupportAdyenTest</merchantAccount>
<reference xmlns="http://payment.services.adyen.com">Your Reference Here</reference>
<shopperEmail xmlns="http://payment.services.adyen.com">s.hopper@test.com</shopperEmail>
<shopperIP xmlns="http://payment.services.adyen.com">61.294.12.12</shopperIP>
<shopperReference xmlns="http://payment.services.adyen.com">Simon
Hopper</shopperReference>
</ns1:paymentRequest>
</ns1:authorise>
</soap:Body>
</soap:Envelope>
46 / 68
API Manual
Appendix H: Integration Example – Server Side (REST with
cURL)
Submit a charge
curl --user 'username:password' https://pal-test.adyen.com/pal/adapter/httppost \
--data-urlencode 'action=Payment.authorise' \
--data-urlencode 'paymentRequest.amount.currency=EUR' \
--data-urlencode 'paymentRequest.amount.value=1234' \
--data-urlencode 'paymentRequest.merchantAccount=SupportAdyenTest' \
--data-urlencode 'paymentRequest.reference=Example Order 1' \
--data-urlencode
'paymentRequest.additionalData.card.encrypted.json=adyenjs_0_1_1$eGcJxidHkg5LYQ...6LUio9RipqyTBu11
MJIC+rlMYxituYCT7A9yDeF2Rlv2I56KOAap66tTm2uZkto4PKRW4YCA8dZYQ=='
Submit initial charge and store customer
curl --user 'username:password' https://pal-test.adyen.com/pal/adapter/httppost \
--data-urlencode 'action=Payment.authorise' \
--data-urlencode 'paymentRequest.amount.currency=EUR' \
--data-urlencode 'paymentRequest.amount.value=1234' \
--data-urlencode 'paymentRequest.merchantAccount=SupportAdyenTest' \
--data-urlencode 'paymentRequest.reference=Example Order 1' \
--data-urlencode 'paymentRequest.recurring.contract=RECURRING' \
--data-urlencode 'paymentRequest.shopperReference=user123' \
--data-urlencode 'paymentRequest.shopperEmail=john.doe@example.com' \
--data-urlencode
'paymentRequest.additionalData.card.encrypted.json=adyenjs_0_1_1$kj7nlobE1rlC2...iaE/cY878H+Op'
------------Response ---paymentResult.authCode=98356
paymentResult.pspReference=9913642236790892
paymentResult.resultCode=Authorised
-------------------------
List recurring details/cards for customer
curl --user 'username:password' https://pal-test.adyen.com/pal/adapter/httppost \
--data-urlencode 'action=Recurring.listRecurringDetails' \
--data-urlencode 'recurringDetailsRequest.merchantAccount=SupportAdyenTest' \
--data-urlencode 'recurringDetailsRequest.recurring.contract=RECURRING'
--data-urlencode 'recurringDetailsRequest.shopperReference=user123' \
--data-urlencode 'recurringDetailsRequest.shopperEmail=john.doe@example.com' \
------------Response ---recurringDetailsResult.shopperReference=user123
recurringDetailsResult.creationDate=2013-03-25T13:23:14+01:00
recurringDetailsResult.lastKnownShopperEmail=john.doe@example.com
recurringDetailsResult.details.0.variant=mc
recurringDetailsResult.details.0.recurringDetailReference=9913642141960010
recurringDetailsResult.details.0.creationDate=2013-03-25T13:23:16+01:00
recurringDetailsResult.details.0.card.number=1111
recurringDetailsResult.details.0.card.expiryMonth=6
recurringDetailsResult.details.0.card.expiryYear=2016
recurringDetailsResult.details.0.card.holderName=John Doe
-------------------------
47 / 68
API Manual
Submit a recurring charge
curl --user 'username:password' https://pal-test.adyen.com/pal/adapter/httppost \
--data-urlencode 'action=Payment.authorise' \
--data-urlencode 'paymentRequest.amount.currency=EUR' \
--data-urlencode 'paymentRequest.amount.value=1234' \
--data-urlencode 'paymentRequest.merchantAccount=SupportAdyenTest' \
--data-urlencode 'paymentRequest.reference=Example Order 2' \
--data-urlencode 'paymentRequest.shopperReference=user123' \
--data-urlencode 'paymentRequest.shopperEmail=john.doe@example.com' \
--data-urlencode 'paymentRequest.shopperInteraction=ContAuth' \
--data-urlencode 'paymentRequest.recurring.contract=RECURRING' \
--data-urlencode 'paymentRequest.selectedRecurringDetailReference=9913642141960010'
------------Response ---paymentResult.authCode=75682
paymentResult.pspReference=9913642244711617
paymentResult.resultCode=Authorised
-------------------------
48 / 68
API Manual
Appendix I: Authorise3d Request
Authorise3d Request
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:authorise3d xmlns:ns1="http://payment.services.adyen.com">
<ns1:paymentRequest3d>
<browserInfo xmlns="http://payment.services.adyen.com">
<acceptHeader
xmlns="http://common.services.adyen.com">text/html,appli.../*;q=0.8</acceptHeader>
<userAgent xmlns="http://common.services.adyen.com">Mozilla/5.0 ...
Firefox/3.0</userAgent>
</browserInfo>
<md xmlns="http://payment.services.adyen.com">31h..........vOXek7w=</md>
<merchantAccount
xmlns="http://payment.services.adyen.com">SupportAdyenTest</merchantAccount>
<paResponse xmlns="http://payment.services.adyen.com">eNqtmF........wGVA4Ch</paResponse>
<shopperIP xmlns="http://payment.services.adyen.com">62.194.82.12</shopperIP>
</ns1:paymentRequest3d>
</ns1:authorise3d>
</soap:Body>
</soap:Envelope>
The response to this request is the same as a non-3-D Secure payment request and the resultCode will be one of
Authorised, Refused or Error.
49 / 68
API Manual
Appendix J: Payment Request with Installments
SOAP Payment Request
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:authorise xmlns:ns1="http://payment.services.adyen.com">
<ns1:paymentRequest>
<amount xmlns="http://payment.services.adyen.com">
<currency xmlns="http://common.services.adyen.com">BRL</currency>
<value xmlns="http://common.services.adyen.com">2000</value>
</amount>
<card xmlns="http://payment.services.adyen.com">
<cvc>737</cvc>
<expiryMonth>06</expiryMonth>
<expiryYear>2016</expiryYear>
<holderName>Adyen Test</holderName>
<number>4111111111111111</number>
</card>
<installments xmlns="http://payment.services.adyen.com">
<value xmlns=4</value>
</installments>
<merchantAccount
xmlns="http://payment.services.adyen.com">SupportAdyenTest</merchantAccount>
<reference xmlns="http://payment.services.adyen.com">Your Reference Here</reference>
<shopperEmail xmlns="http://payment.services.adyen.com">s.hopper@test.com</shopperEmail>
<shopperIP xmlns="http://payment.services.adyen.com">61.294.12.12</shopperIP>
<shopperReference xmlns="http://payment.services.adyen.com">Simon
Hopper</shopperReference>
</ns1:paymentRequest>
</ns1:authorise>
</soap:Body>
</soap: Envelope>
REST Payment Request
action=Payment.authorise
&paymentRequest.amount.currency=BRL&paymentRequest.amount.value=2000&paymentRequest.card.cvc=737
&paymentRequest.card.expiryMonth=06&paymentRequest.card.expiryYear=2016
&paymentRequest.card.holderName=Adyen+Test&paymentRequest.card.number=4111111111111111&paymentRequ
est.merchantAccount=SupportAdyenTest
&paymentRequest.reference=test1234&paymentRequest.installments.value=2
50 / 68
API Manual
Appendix K: CVC/CVV and AVS Result Values
CVC/CVV Result Values
0
Unknown
1
Matches
2
Doesn't match
3
Not checked
4
No CVC/CVV provided, but was required
5
Issuer not certifed for CVC/CVV
6
No CVC/CVV provided
AVS Result
51 / 68
API Manual
0
Unknown
1
Address matches, postal code doesn't
2
Neither postal code nor address match
3
AVS unavailable
4
AVS not supported for this card type
5
No AVS data provided
6
Postal code matches, address doesn't match
7
Both postal code and address match
8
Address not checked, postal code unknown
9
Address matches, postal code unknown
10
Address doesn't match, postal code unknown
11
Postal code not checked, address unknown
12
Address matches, postal code not checked
13
Address doesn't match, postal code not checked
14
Postal code matches, address unknown
15
Postal code matches, address not checked
16
Postal code doesn't match, address unknown
17
Postal code doesn't match, address not checked
18
Neither postal code nor address were checked
19
Name and postal code matches
20
Name, address and postal code matches
21
Name and address matches
22
Name matches
23
Postal code matches, name doesn't match
24
Both postal code and address matches, name doesn't match
25
Address matches, name doesn't match
26
Neither postal code, address nor name matches
Appendix L: ACH Payment Request
SOAP Payment Request
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:authorise xmlns:ns1="http://payment.services.adyen.com">
<ns1:paymentRequest>
<amount xmlns="http://payment.services.adyen.com">
<currency xmlns="http://common.services.adyen.com">USD</currency>
<value xmlns="http://common.services.adyen.com">200</value>
</amount>
<bankAccount xmlns="http://payment.services.adyen.com">
<bankAccountNumber>11111111111111111</bankAccountNumber>
<bankLocationId>011000028</bankLocationId>
<countryCode>US</countryCode>
<ownerName>Andrews</ownerName>
<bankAccountType>C</bankAccountType>
</bankAccount>
<merchantAccount
xmlns="http://payment.services.adyen.com">SupportAdyenTest</merchantAccount>
<reference xmlns="http://payment.services.adyen.com">Your Reference Here</reference>
<shopperIP xmlns="http://payment.services.adyen.com">61.294.12.12</shopperIP>
<shopperReference xmlns="http://payment.services.adyen.com">111541</shopperReference>
<shopperInteraction
xmlns="http://payment.services.adyen.com">Ecommerce</shopperInteraction>
</ns1:paymentRequest>
</ns1:authorise>
</soap:Body>
</soap:Envelope>
REST Payment Request
action=Payment.authorise&paymentRequest.amount.currency=USD&paymentRequest.amount.value=200&paymen
tRequest.merchantAccount=SupportAdyenTest&paymentRequest.reference=testReference1234&paymentReques
t.bankAccount.bankAccountNumber=11111111111111111&paymentRequest.bankAccount.bankLocationId=011000
028&paymentRequest.bankAccount.countryCode=US&paymentRequest.bankAccount.ownerName=Andrews&payment
Request.bankAccount.bankAccountType=C&paymentRequest.shopperIP=212.14.111.12&paymentRequest.shoppe
rReference=111541&paymentRequest.shopperInteraction=Ecommerce
52 / 68
API Manual
Appendix M: SEPA Direct Debit One-of Payment Request
and Response
One-Of Payment Request
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:authorise xmlns:ns1="http://payment.services.adyen.com">
<ns1:paymentRequest>
<ns1:amount>
<currency xmlns="http://common.services.adyen.com">EUR</currency>
<value xmlns="http://common.services.adyen.com">1500</value>
</ns1:amount>
<ns1:bankAccount>
<ns1:bic>RABONL2U</ns1:bic>
<ns1:iban>NL48RABO0132394782</ns1:iban>
<ns1:ownerName>Klaas T. Jansen</ns1:ownerName>
<ns1:countryCode>NL</ns1:countryCode>
</ns1:bankAccount>
<ns1:merchantAccount>SupportAdyenTest</ns1:merchantAccount>
<ns1:reference>Your Reference Here</ns1:reference>
<ns1:shopperEmail>email@shopper.com</ns1:shopperEmail>
<ns1:shopperReference>TheShopperReference</ns1:shopperReference>
<ns1:shopperIP>10.10.100.200</ns1:shopperIP>
<ns1:shopperStatement>UW ORDER 122345677889</ns1:shopperStatement>
<ns1:selectedBrand>sepadirectdebit</ns1:selectedBrand>
</ns1:paymentRequest>
</ns1:authorise>
</soap:Body>
</soap:Envelope>
53 / 68
API Manual
One-Of Payment Response
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:authoriseResponse xmlns:ns1="http://payment.services.adyen.com">
<ns1:paymentResult>
<additionalData xmlns="http://payment.services.adyen.com">
<entry>
<key xsi:type="xsd:string">sepadirectdebit.dateOfSignature</key>
<value xsi:type="xsd:string">2013-11-28</value>
</entry>
<entry>
<key xsi:type="xsd:string">sepadirectdebit.sequenceType</key>
<value xsi:type="xsd:string">First</value>
</entry>
<entry>
<key xsi:type="xsd:string">sepadirectdebit.mandateID</key>
<value xsi:type="xsd:string">9913856361050084</value>
</entry>
</additionalData>
<authCode xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<dccAmount xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<dccSignature xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<fraudResult xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<issuerUrl xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<md xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<paRequest xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<pspReference xmlns="http://payment.services.adyen.com">9913856361050084</pspReference>
<refusalReason xmlns="http://payment.services.adyen.com" xsi:nil="true"/>
<ns1:resultCode>Received</ns1:resultCode>
</ns1:paymentResult>
</ns1:authoriseResponse>
</soap:Body>
</soap:Envelope>
For the feld sepadirectdebit.sequenceType, if this is the frst payment the value will be “First. If this is a subsequent
payment, the value will be 'Recurring'.
54 / 68
API Manual
Appendix N: SEPA Direct Debit Recurring Payment
Request
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:authorise xmlns:ns1="http://payment.services.adyen.com">
<ns1:paymentRequest>
<ns1:amount>
<currency xmlns="http://common.services.adyen.com">EUR</currency>
<value xmlns="http://common.services.adyen.com">2150</value>
</ns1:amount>
<ns1:merchantAccount>SupportAdyenTest</ns1:merchantAccount>
<ns1:reference>Your Reference Here</ns1:reference>
<ns1:shopperEmail>email@shopper.com</ns1:shopperEmail>
<ns1:shopperReference>TheShopperReference</ns1:shopperReference>
<ns1:shopperInteraction>ContAuth</ns1:shopperInteraction>
<ns1:recurring>
<ns1:contract>RECURRING</ns1:contract>
</ns1:recurring>
<ns1:selectedRecurringDetailRetail>LATEST</ns1:selectedRecurringDetailRetail>
<ns1:selectedBrand>sepadirectdebit</ns1:selectedBrand>
</ns1:paymentRequest>
</ns1:authorise>
</soap:Body>
</soap:Envelope>
55 / 68
API Manual
Appendix O: Incasso Payment Request
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:authorise xmlns:ns1="http://payment.services.adyen.com">
<ns1:paymentRequest>
<amount xmlns="http://payment.services.adyen.com">
<currency xmlns="http://common.services.adyen.com">EUR</currency>
<value xmlns="http://common.services.adyen.com">2000</value>
</amount>
<bankAccount xmlns="http://payment.services.adyen.com">
<bankAccountNumber>123456789</bankAccountNumber>
<bankName>POSTBANK</bankName>
<countryCode>NL</countryCode>
<ownerName>Test</ownerName>
</bankAccount>
<merchantAccount
xmlns="http://payment.services.adyen.com">SupportAdyenTest</merchantAccount>
<reference xmlns="http://payment.services.adyen.com">Your Reference Here</reference>
<shopperEmail xmlns="http://payment.services.adyen.com">s.hopper@test.com</shopperEmail>
<shopperIP xmlns="http://payment.services.adyen.com">61.294.12.12</shopperIP>
<shopperReference xmlns="http://payment.services.adyen.com">Simon
Hopper</shopperReference>
<shopperInteraction xmlns="http://payment.services.adyen.com">UW ORDER
122345677889</shopperInteraction>
</ns1:paymentRequest>
</ns1:authorise>
</soap:Body>
</soap:Envelope>
56 / 68
API Manual
Appendix P: Boleto SOAP API Payment Request and
Response
SOAP Payment Request
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<authorise xmlns="http://payment.services.adyen.com">
<paymentRequest>
<amount>
<ns1:currency xmlns:ns1="http://common.services.adyen.com">BRL</ns1:currency>
<ns2:value xmlns:ns2="http://common.services.adyen.com">1000</ns2:value>
</amount>
<billingAddress>
<ns3:city xmlns:ns3="http://common.services.adyen.com">São Paulo</ns3:city>
<ns4:country xmlns:ns4="http://common.services.adyen.com">BR</ns4:country>
<ns5:houseNumberOrName
xmlns:ns5="http://common.services.adyen.com">999</ns5:houseNumberOrName>
<ns6:postalCode xmlns:ns6="http://common.services.adyen.com">04787910</ns6:postalCode>
<ns7:stateOrPrivince
xmlns:ns7="http://common.services.adyen.com">SP</ns7:stateOrPrivince>
<ns8:street xmlns:ns8="http://common.services.adyen.com">Roque Petroni Jr</ns8:street>
</card>
<deliveryDate xmlns="http://payment.services.adyen.com">2013-1029T23:00:00.000Z</deliveryDate>
<merchantAccount
xmlns="http://payment.services.adyen.com">SupportAdyenTest</merchantAccount>
<reference xmlns="http://payment.services.adyen.com">Teste Boleto</reference>
<selectedBrand
xmlns="http://payment.services.adyen.com">boletobancario_santander</selectedBrand>
<shopperName xmlns="http://payment.services.adyen.com">
<ns9:firstName xmlns:ns9="http://common.services.adyen.com">José</ns9:firstName>
<ns10:lastName xmlns:ns10="http://common.services.adyen.com">Silva</ns10:lastName>
</shopperName>
<shopperStatement>Aceitar o pagamento até 15 dias após o vencimento.&#xA;Não cobrar juros.
Não aceitar o pagamento com cheque.</shopperStatement>
<socialSecurityNumber>56861752509</socialSecurityNumber>
</paymentRequest>
</ns1:authorise>
</soap:Body>
</soap:Envelope>
57 / 68
API Manual
SOAP Payment Response
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:authoriseResponse xmlns:ns1="http://payment.services.adyen.com">
<ns1:paymentResult>
<additionaldata xmlns="http://payment.services.adyen.com">
<entry>
<key xsi:type="xsd:string">boletobancario.url</key>
<value xsi:type="xsd:string">https://test.adyen.com/hpp/generationBoleto.shtml?
data=AgABAQAk5QYbuNl9TiV63c5KeLTvXpB03Ml3krv%2FtwYj....2FFq3920vVWRd5HKHT96mCdVXyo4Gzq
%2BTkzNbmT2XcgFf%2FwhYkU4%3D</value>
</entry>
<entry>
<key xsi:type="xsd:string">boletobancario.data</key>
<value
xsi:type="xsd:string">AgABAQAk5QYbuNl9TiV63c5KeLTvXpB03Ml3krv/twYj....2FFq3920vVWRd5HKHT96mCdVXyo4
Gzq+TkzNbmT2XcgFf/whYkU4=</value>
</entry>
<entry>
<key xsi:type="xsd:string">boletobancario.expirationDate</key>
<value xsi:type="xsd:string">2013-08-19</value>
</entry>
<entry>
<key xsi:type="xsd:string">boletobancario.dueDate</key>
<value xsi:type="xsd:string">2013-08-12</value>
</entry>
</additionaldata>
<pspReference xmlns="http://payment.services.adyen.com">8813760397300101</authCode>
<resultCode xmlns="http://payment.services.adyen.com">Received</authCode>
</ns1:paymentResult>
</ns1:authoriseResponse>
</soap:Body>
</soap:Envelope>
58 / 68
API Manual
Appendix Q: Boleto REST API Payment Request and
Response
REST Payment Request
action=Payment.authorise
&paymentRequest.amount.currency=BRL&paymentRequest.amount.value=1000&paymentRequest.billingAddress
.city=Sao+Paulo&paymentRequest.billingAddress.country=BR&paymentRequest.billingAddress.houseNumber
OrName=999&paymentRequest.billingAddress.postalCode=04787910&paymentRequest.billingAddress.stateOr
Province=SP&paymentRequest.billingAddress.street=Rua+Roque+Petroni+Jr&paymentRequest.deliveryDate=
2013-0815T02:00:00+02:00&paymentRequest.merchantAccount=SupportAdyenTest&paymentRequest.reference=Teste+B
oleto&paymentRequest.selectedBrand=boletobancario_santander&paymentRequest.shopperName.firstName=J
osé&paymentRequest.shopperName.lastName=Silva&paymentRequest.shopperStatement=Aceitar+o+pagamento+
até+15+dias+após+o+vencimento.%0A+Não+cobrar+juros.
+Não+aceitar+o+pagamento+com+cheque.&paymentRequest.socialSecurityNumber=65468766205
REST Payment Response
paymentResult.additionalData.boletobancario.url=https://test.adyen.com/hpp/generationBoleto.shtml?
data=AgABAQClZUyg1NqsD7nN5X1uqN4mabJ7A3FH5LgAUbqDnJ6EAQlnSAVL%2Bu7eWIXY%2Fo%2B7F0v04ZEnh6VR%2F
%2BIAUfJoMQba2uHb2%2BqezXU
%2FhgULKuFov7s2ZnwmszAuuHgE6JvahvWtAygC5lnpLEgw34pp7z8Vf2hAQYO9mvELei6ZR8S6DMxVTObYGE6r
%2FanhX1ucteKztIR79zv1wWWzV%2FbccQIqgOEp5b8AYU6mwOlbm0oP2lPZofq4CFAQfs
%2FROyBk0JBQlQDaZHQRmY8YP3236nD6eEr4cBEy6MpULl8w0iin39NxXGsi7OCmuQDe2w1Fy
%2F40Iv6AA2sar3JTo4Ap3eraC6PEN8s5%2BSoOB5MO
%2BfpFbRSfFeSHGh9L3%2FwzuxaXCHopNfwjjgx6aJEVv1FmaPzyVYm9kB7%2B
%2F1IpaxzBIp6nTh5VSMp8iJOyOccCoV4e7Qv6SKNDkvT5lc2KPXg6jUC4tQJWyFFbvgV55rlQojjRecQfLwCiQ51tONSyaw2Q
LewemJJys9Q2AyIXYemGUXdzYAORNlSLJkTQdkoQZKdMwuOx4LDPFkNQuzHLlg4Xg
%2BpWYhgSz0TEZJrS83voNSRTbrIwOPN3&paymentResult.pspReference=8513763283942198&paymentResult.additi
onalData.boletobancario.dueDate=2013-08-15&
paymentResult.additionalData.boletobancario.data=AgABAQClZUyg1NqsD7nN5X1uqN4mabJ7A3FH5LgAUbqDnJ6EA
QlnSAVL+u7eWIXY/o+7F0v04ZEnh6VR/
+IAUfJoMQba2uHb2+qezXU/hgULKuFov7s2ZnwmszAuuHgE6JvahvWtAygC5lnpLEgw34pp7z8Vf2hAQYO9mvELei6ZR8S6DMx
VTObYGE6r/anhX1ucteKztIR79zv1wWWzV/bccQIqgOEp5b8AYU6mwOlbm0oP2lPZofq4CFAQfs/ROyBk0JBQlQDaZHQRmY8YP
3236nD6eEr4cBEy6MpULl8w0iin39NxXGsi7OCmuQDe2w1Fy/40Iv6AA2sar3JTo4Ap3eraC6PEN8s5+SoOB5MO+fpFbRSfFeS
HGh9L3/wzuxaXCHopNfwjjgx6aJEVv1FmaPzyVYm9kB7+/1IpaxzBIp6nTh5VSMp8iJOyOccCoV4e7Qv6SKNDkvT5lc2KPXg6j
UC4tQJWyFFbvgV55rlQojjRecQfLwCiQ51tONSyaw2QLewemJJys9Q2AyIXYemGUXdzYAORNlSLJkTQdkoQZKdMwuOx4LDPFkN
QuzHLlg4Xg+pWYhgSz0TEZJrS83voNSRTbrIwOPN3&
paymentResult.additionalData.boletobancario.expirationDate=2013-0822&paymentResult.resultCode=Received
59 / 68
API Manual
Appendix R: Sample Boleto Forms
Default Form
60 / 68
API Manual
Custom Form
61 / 68
API Manual
Appendix S: SOAP Notifcation Request and Response
SOAP Notifcation Request
<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
<soap:Body>
<ns1:sendNotification xmlns:ns1="http://notification.services.adyen.com">
<ns1:Notification>
<live xmlns="http://notification.services.adyen.com">false</live>
<notificationItems xmlns="http://notification.services.adyen.com">
<NotificationRequestItem>
<additionalData xsi:ns1="true"/>
<amount>
<currency xmlns="http://common.services.adyen.com">EUR</currency>
<value xmlns="http://common.services.adyen.com">1000</value>
</amount>
<eventCode>AUTHORISATION</eventCode>
<eventDate>2009-01-01T01:02:01.111+02:00</eventDate>
<merchantAccountCode>SupportAdyenTest</merchantAccountCode>
<merchantReference>YourMerchantReference1</merchantReference>
<operations>
<string>CANCEL</string>
<string>CAPTURE</string>
<string>REFUND</string>
</operations>
<originalReference xsi:ns1="true"/>
<paymentMethod>visa</paymentMethod>
<pspReference>8888777766665555</pspReference>
<reason>01234:1111:12/2012</reason>
<success>true</success>
</NotificationRequestItem>
<NotificationRequestItem>
<additionalData xsi:ns1="true"/>
<amount>
<currency xmlns="http://common.services.adyen.com">EUR</currency>
<value xmlns="http://common.services.adyen.com">995</value>
</amount>
<eventCode>AUTHORISATION</eventCode>
<eventDate>2009-01-01T01:01:01.111+02:00</eventDate>
<merchantAccountCode>YourMerchantAccount</merchantAccountCode>
<merchantReference>YourMerchantReference2</merchantReference>
<operations>
<string>CANCEL</string>
<string>CAPTURE</string>
<string>REFUND</string>
</operations>
<originalReference xsi:ns1="true"/>
<paymentMethod>mc</paymentMethod>
<pspReference>8888777766665556</pspReference>
<reason>56789:1111:12/2012</reason>
<success>true</success>
</NotificationRequestItem>
</ns1:Notification>
</ns1:sendNotification>
</soap:Body>
</soap:Envelope>
62 / 68
API Manual
SOAP Notifcation Response
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<ns1:sendNotificationResponse xmlns:ns1="http://notification.services.adyen.com"
xmlns:ns2="http://common.services.adyen.com">
<notificationResponse>[accepted]</notificationResponse>
</ns1:sendNotificationResponse>
</soap:Body>
</soap:Envelope>
63 / 68
API Manual
Appendix T: REST Notifcation Request and Response
REST Notifcation Request
eventDate=2012-0925T13%3A41%3A33.81Z&reason=2120%3A1111%3A12%2F2012&originalReference=&merchantReference=reference_
415579&currency=EUR&pspReference=8613485804662747&merchantAccountCode=SupportAdyenTest&eventCode=A
UTHORISATION&value=24205&operations=CANCEL%2CCAPTURE
%2CREFUND&success=true&paymentMethod=mc&live=false
REST Notifcation Response
notificationResponse=&sBaccepted%5D
64 / 68
API Manual
Appendix U: Fault Codes
Error Code
Fault
000
Unknown
010
Not allowed
100
No amount specifed
101
Invalid card number
102
Unable to determine variant
103
CVC is not the right length
104
Billing address problem
105
Invalid paRes from issuer
106
This session was already used previously
107
Recurring is not enabled
108
Invalid bankaccount number
109
Invalid variant
110
BankDetails missing
111
Invalid BankCountryCode specifed
112
This bank country is not supported
113
No InvoiceLines provided
114
Received a incorrect InvoiceLine
115
Total amount is not the same as the sum of the lines
116
Invalid date of birth
117
Invalid billing address
118
Invalid delivery address
119
Invalid shopper name
120
ShopperEmail is missing
121
ShopperReference is missing
122
PhoneNumber is missing
123
The PhoneNumber should be mobile
124
Invalid PhoneNumber
125
Invalid recurring contract specifed
126
Bank Account or Bank Location Id not valid or missing
127
Account holder missing
128
Card Holder Missing
129
Expiry Date Invalid
130
Reference Missing
131
Billing address problem (City)
132
Billing address problem (Street)
65 / 68
API Manual
Error Code
Fault
133
Billing address problem (HouseNumberOrName)
134
Billing address problem (Country)
135
Billing address problem (StateOrProvince)
136
Failed to retrieve OpenInvoiceLines
137
Invalid amount specifed
138
Unsupported currency specifed
139
Recurring requires shopperEmail and shopperReference
140
Invalid expiryMonth[1..12] / expiryYear[>2000], or before now
141
Invalid expiryMonth[1..12] / expiryYear[>2000]
142
Bank Name or Bank Location not valid or missing
143
Submitted total iDeal merchantReturnUrl length is {0}, but max size is {1} for this request
144
Invalid startMonth[1..12] / startYear[>2000], or in the future
145
Invalid issuer countrycode
146
Invalid social security number
147
Delivery address problem (City)
148
Delivery address problem (Street)
149
Delivery address problem (HouseNumberOrName)
150
Delivery address problem (Country)
151
Delivery address problem (StateOrProvince)
152
Invalid number of installments
153
Invalid CVC
154
No additional data specifed
155
No acquirer specifed
156
No authorisation mid specifed
157
No felds specifed
158
Required feld {0} not specifed
159
Invalid number of requests
160
Not allowed to store Payout Details
161
Invalid iban
162
Inconsistent iban
163
Invalid bic
170
Generation Date required but missing
171
Unable to parse Generation Date
172
Encrypted data used outside of valid time period
173
Unable to load Private Key for decryption
174
Unable to decrypt data
175
Unable to parse JSON data
66 / 68
API Manual
Error Code
Fault
180
Invalid shopperReference
181
Invalid shopperEmail
182
Invalid selected brand
183
Invalid recurring contract
184
Invalid recurring detail name
185
Invalid additionalData
186
Missing additionalData feld
187
Invalid additionalData feld
188
Invalid pspEchoData
600
No InvoiceProject provided
601
No InvoiceBatch provided
602
No creditorAccount specifed
603
No projectCode specifed
604
No creditorAccount found
605
No project found
606
Unable to create InvoiceProject
607
InvoiceBatch already exists
608
Unable to create InvoiceBatch
609
InvoiceBatch validity period exceeded
690
Error while storing debtor
691
Error while storing invoice
692
Error while checking if invoice already exists for creditorAccount
693
Error while searching invoices
694
No Invoice Confguration confgured for creditAccount
695
Invalid Invoice Confguration confgured for creditAccount
800
Contract not found
801
Too many PaymentDetails defned
802
Invalid contract
803
PaymentDetail not found
804
Failed to disable
805
RecurringDetailReference not available for provided recurring-contract
806
No applicable contractTypes left for this payment-method
901
Invalid Merchant Account
902
Shouldn't have gotten here without a request!
903
Internal error
904
Unable To Process
905
Payment details are not supported
67 / 68
API Manual
Error Code
Fault
906
Invalid Request: Original pspReference is invalid for this environment!
950
Invalid AcquirerAccount
951
Confguration Error (acquirerIdentifcation)
952
Confguration Error (acquirerPassword)
953
Confguration Error (apiKey)
954
Confguration Error (redirectUrl)
955
Confguration Error (AcquirerAccountData)
956
Confguration Error (currencyCode)
957
Confguration Error (terminalId)
958
Confguration Error (serialNumber)
959
Confguration Error (password)
960
Confguration Error (projectId)
961
Confguration Error (merchantCategoryCode)
962
Confguration Error (merchantName)
68 / 68
API Manual