3D Secure 2

3D Secure 2

SCA is a European regulatory requirement to combat and reduce fraud and make online payments more secure in every aspect.

There are three elements, that must be independent of one appendix-caption other, have to be considered to verify the identity of the consumer: PIN or password, smartphone, and scan or fingerprint.

Supported brands are Mastercard, VISA, American Express, Diners Club, and Discover.

Commands

Pre Transaction Commands

The first step is to generate a unique order number with the command CREATEORDER.

Transaction Commands

INITIATEPAYMENT

Authorizations: Basic Auth

Request

Required Parameters Optional Parameters

MERCHANTKEY

LOGPATH

COMMAND

LANGUAGE

INITTYPE

DEPOSITAMOUNT

PAYMENTTYPE

ORDERREFERENCE

AMOUNT

CUSTOMERSTATEMENT

CURRENCY

APPLICATIONTYPE

ORDERNUMBER

USER_AGENT

ORDERDESCRIPTION

ACCEPT_HEADERS

PAN [1]
EXPIRY [1]
SOURCEORDERNUMBER [1]
CARDVERIFYCODE [1]

FALLBACK

SUCCESSURL

OVERWRITE_WAKEUPMESSAGE

SERVICEURL

WAKEUPMESSAGE_METHOD

CONSUMER_EMAIL

IP_ADDRESS

CONSUMER_BILLING_FIRST_NAME

CARDHOLDERNAME

CONSUMER_BILLING_LAST_NAME

ISSUE_NUMBER

BROWSER_ACCEPT_HEADERS

ISSUE_DATE

BROWSER_CHALLENGE_WINDOW_SIZE

PERIODIC_TYPE

BROWSER_COLOR_DEPTH

MERCHANT_TOKENIZATION_FLAG

BROWSER_JAVA_ENABLED

ISO_TRANSACTION_TYPE

BROWSER_LANGUAGE

ORIGINATOR

BROWSER_SCREEN_RESOLUTION

CONSUMER_IP_ADDRESS

BROWSER_TIME_ZONE

CONSUMER_MERCHANT_CRM_ID

BROWSER_USER_AGENT

CONSUMER_AUTHENTICATION_METHOD

BROWSER_JAVASCRIPT_ENABLED

CONSUMER_AUTHENTICATION_TIMESTAMP

CONSUMER_CARD_PROVISION_DATE

CONSUMER_CARD_PROVISION_ATTEMPTS_PAST_DAY

CONSUMER_CHALLENGE_INDICATOR

CONSUMER_ACCOUNT_CREATION_DATE

CONSUMER_ACCOUNT_PASSWORD_CHANGE_DATE

CONSUMER_ACCOUNT_PURCHASES_PAST_SIX_MONTHS

CONSUMER_SHIPPING_ADDRESS_FIRST_USE_DATE

CONSUMER_SUSPICIOUS_ACTIVITY

CONSUMER_ACCOUNT_TRANSACTIONS_PAST_DAY

CONSUMER_ACCOUNT_TRANSACTIONS_PAST_YEAR

CONSUMER_ACCOUNT_UPDATE_DATE

CONSUMER_SHIPPING_ITEM_AVAILABILITY

CONSUMER_DELIVERY_TIMEFRAME

CONSUMER_PREORDER_DATE

CONSUMER_REORDER_ITEMS

CONSUMER_SHIPPING_METHOD

CONSUMER_RECURRING_FREQUENCY

CONSUMER_RECURRING_EXPIRY_DATE
All consumer billing data parameters are optional, except CONSUMER_BILLING_FIRST_NAME, CONSUMER_BILLING_LAST_NAME, and CONSUMER_EMAIL which are required.
If "emerchantpay" is the chosen acquirer, parameters CONSUMER_BILLING_ADDRESS_1, CONSUMER_BILLING_CITY, CONSUMER_BILLING_ZIP_CODE, and CONSUMER_BILLING_COUNTRY must be added.
Required Parameters

MERCHANTKEY

COMMAND

INITTYPE

PAYMENTTYPE

AMOUNT

CURRENCY

ORDERNUMBER

ORDERDESCRIPTION

PAN [1]
EXPIRY [1]
SOURCEORDERNUMBER [1]
CARDVERIFYCODE [1]

SUCCESSURL

SERVICEURL

CONSUMER_EMAIL

CONSUMER_BILLING_FIRST_NAME

CONSUMER_BILLING_LAST_NAME
All browser parameters are required.

Optional Parameters

LOGPATH

LANGUAGE

DEPOSITAMOUNT

ORDERREFERENCE

CUSTOMERSTATEMENT

APPLICATIONTYPE

USER_AGENT

ACCEPT_HEADERS

FALLBACK

OVERWRITE_WAKEUPMESSAGE

WAKEUPMESSAGE_METHOD

IP_ADDRESS

CARDHOLDERNAME

ISSUE_NUMBER

ISSUE_DATE

PERIODIC_TYPE

MERCHANT_TOKENIZATION_FLAG

ISO_TRANSACTION_TYPE

ORIGINATOR

CONSUMER_IP_ADDRESS

CONSUMER_MERCHANT_CRM_ID

CONSUMER_AUTHENTICATION_METHOD

CONSUMER_AUTHENTICATION_TIMESTAMP

CONSUMER_CARD_PROVISION_DATE

CONSUMER_CARD_PROVISION_ATTEMPTS_PAST_DAY

CONSUMER_CHALLENGE_INDICATOR

CONSUMER_ACCOUNT_PASSWORD_CHANGE_DATE

CONSUMER_ACCOUNT_PURCHASES_PAST_SIX_MONTHS

CONSUMER_SHIPPING_ADDRESS_FIRST_USE_DATE

CONSUMER_SUSPICIOUS_ACTIVITY

CONSUMER_DELIVERY_TIMEFRAME

CONSUMER_ACCOUNT_TRANSACTIONS_PAST_DAY

CONSUMER_ACCOUNT_TRANSACTIONS_PAST_YEAR

CONSUMER_ACCOUNT_UPDATE_DATE

CONSUMER_SHIPPING_ITEM_AVAILABILITY

CONSUMER_DELIVERY_TIMEFRAME

CONSUMER_PREORDER_DATE

CONSUMER_REORDER_ITEMS

CONSUMER_SHIPPING_METHOD

CONSUMER_RECURRING_FREQUENCY

CONSUMER_RECURRING_EXPIRY_DATE
All consumer billing data parameters are optional, except CONSUMER_BILLING_FIRST_NAME, CONSUMER_BILLING_LAST_NAME, and CONSUMER_EMAIL which are required.
If "emerchantpay" is the chosen acquirer, parameters CONSUMER_BILLING_ADDRESS_1, CONSUMER_BILLING_CITY, CONSUMER_BILLING_ZIP_CODE, and CONSUMER_BILLING_COUNTRY must be added.

Optional request parameters CUSTOMERSTATEMENT and ORDERREFERENCE, are more restricted about their length and allowed characters than usual.

3D Secure payment method can be initialized if the merchant sends 3DSECURE for parameter INITTYPE.

Responses

201 Successful initialization.

Table 1. Response Parameters
Required Parameters Optional Parameters

status

header

version

body

errorCode

message

paySysMessage

originator

400 Validating the request data failed

Parameters

errorCode

message

paySysMessage

POST / https://api.qenta.com/enterprise

Request samples

COMMAND=INITIATEPAYMENT&
MERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_&
INITTYPE=3DSECURE&
PAYMENTTYPE=CREDITCARD&
ORDERNUMBER=14286231&
DEPOSITAMOUNT=0&
LANGUAGE=en&
AMOUNT=1&
CURRENCY=EUR&
SERVICEURL=http://yourimprint.com/&
MERCHANT_TOKENIZATION_FLAG=TRUE&
CONSUMER_CHALLENGE_INDICATOR=04&
OVERWRITE_WAKEUPMESSAGE=TRUE&
USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36 Edg/104.0.1293.47&
ACCEPT_HEADERS=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9&
BROWSER_JAVA_ENABLED=0&
BROWSER_JAVASCRIPT_ENABLED=1&
BROWSER_ACCEPT_HEADERS=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9&
BROWSER_SCREEN_RESOLUTION=1920x1080&
BROWSER_COLOR_DEPTH=24&
BROWSER_USER_AGENT=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36 Edg/104.0.1293.47&
BROWSER_LANGUAGE=en-GB&
BROWSER_CHALLENGE_WINDOW_SIZE=05&
BROWSER_TIME_ZONE=-120&
EXPIRY=01/2025&
PAN=4000012892688323&
CARDVERIFYCODE=123&
CARDHOLDERNAME=Test005&
CONSUMER_IP_ADDRESS=172.20.0.231&
CUSTOMERSTATEMENT=Test005&
SUCCESSURL=https://yoursuccessurl.com&
FALLBACK=FALSE&
ORDERDESCRIPTION=Test:0000&
CARDHOLDERNAMED=Test005&
IP_ADDRESS=172.20.0.231&
APPLICATIONTYPE=S&
WAKEUPMESSAGE_METHOD=PAGE&

Response samples

header=Content-Type%3A+text%2Fhtml%0D%0A&
body=%3Chtml%3E%0A%3Chead%3E%0A%3Ctitle%3EACS+Anfrage+Seite%3C%2Ftitle%3E%0A%3C%2Fhead%3E%0A%3Cbody+OnLoad%3D%22OnLoadEvent%28%29%3B%22%3E%0A%3Cform+name%3D%22downloadForm%22+action%3D%22https%3A%2F%2Fapi.qenta.com%2Fpage%2Facs.php%22+method%3D%22post%22%3E%0A%3Ccenter%3E%0A%3Cnoscript%3E%0A%3Cbr+%2F%3E%3Cbr+%2F%3E%0A%3Ch1%3E3-D+Secure+Transaktion%3C%2Fh1%3E%0A%3Ch2%3EJavaScript+ist+in+Ihrem+Browser+deaktiviert%3C%2Fh2%3E%0A%3Ch3%3EBitte+klicken+Sie+auf+den+Button%2C+um+die+3-D+Secure+Transaktion+fortzusetzen%3C%2Fh3%3E%0A%3Cinput+type%3D%22submit%22+value%3D%22fortsetzen%22+%2F%3E%0A%3C%2Fnoscript%3E%0A%3C%2Fcenter%3E%0A%3Cinput+type%3D%22hidden%22+name%3D%22PaReq%22+value%3D%22eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSIsImFjc1N0YXJ0UHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJhY3NFbmRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzU3RhcnRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzRW5kUHJvdG9jb2xWZXJzaW9uIjoiMi4yLjAiLCJoaWdoZXN0Q29tbW9uU3VwcG9ydGVkUHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJ0aHJlZURTTWV0aG9kVVJMIjoiaHR0cHM6Ly8zZHMtc2ltLWRldi5jb21wdXRvcC5jb20vL2Fjcy8zZHMtbWV0aG9kIiwidGhyZWVEU01ldGhvZERhdGFGb3JtIjoiZXlKMGFISmxaVVJUVFdWMGFHOWtUbTkwYVdacFkyRjBhVzl1VlZKTUlqb2lhSFIwY0hNNkx5OTNkM2N1WTI5dGNIVjBiM0F0Y0dGNVoyRjBaUzVqYjIwdlkySlVhSEpsWlVSVExtRnpjSGdfWVdOMGFXOXVQVzEwYUdST2RHWnVJaXdpZEdoeVpXVkVVMU5sY25abGNsUnlZVzV6U1VRaU9pSmxORFZtWWpBNFppMDFPVFE1TFRRM01UUXRPRFJsWVMxak0yVTNPR0kyTmpZd05HRWlmUSIsInRocmVlRFNNZXRob2REYXRhIjp7InRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJodHRwczovL3d3dy5jb21wdXRvcC1wYXlnYXRlLmNvbS9jYlRocmVlRFMuYXNweD9hY3Rpb249bXRoZE50Zm4iLCJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSJ9fQ%3D%3D%22+%2F%3E%0A%3Cinput+type%3D%22hidden%22+name%3D%22TermUrl%22+value%3D%22https%3A%2F%2Fyoursuccessurl.com%22+%2F%3E%0A%3Cinput+type%3D%22hidden%22+name%3D%22MD%22+value%3D%22Q1JFRElUQ0FSRC0zRFMyfDg0MHwtMXwxMjMyODkwNg%3D%3D%22+%2F%3E%0A%3C%2Fform%3E%0A%3Cscript+type%3D%22text%2Fjavascript%22%3E%0A%3C%21--%0Afunction+OnLoadEvent%28%29%0A%7B%0Adocument.downloadForm.submit%28%29%3B%0A%7D%0A%2F%2F--%3E%0A%3C%2Fscript%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0A*& +
version=*qtillserver+3.23.0.47&
status=0

  1. Decode the text with URL Decoder. Use Notepad ++ or some other URL Decoder. After decoding the response should look like this.

    header=Content-Type: text/html
&body=<html>
<head>
<title>ACS Anfrage Seite</title>
</head>
<body OnLoad="OnLoadEvent();">
<form name="downloadForm" action="https://api.qenta.com/page/acs.php" method="post">
<center>
<noscript>
<br /><br />
<h1>3-D Secure Transaktion</h1>
<h2>JavaScript ist in Ihrem Browser deaktiviert</h2>
<h3>Bitte klicken Sie auf den Button, um die 3-D Secure Transaktion fortzusetzen</h3>
<input type="submit" value="fortsetzen" />
</noscript>
</center>
<input type="hidden" name="PaReq" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSIsImFjc1N0YXJ0UHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJhY3NFbmRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzU3RhcnRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzRW5kUHJvdG9jb2xWZXJzaW9uIjoiMi4yLjAiLCJoaWdoZXN0Q29tbW9uU3VwcG9ydGVkUHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJ0aHJlZURTTWV0aG9kVVJMIjoiaHR0cHM6Ly8zZHMtc2ltLWRldi5jb21wdXRvcC5jb20vL2Fjcy8zZHMtbWV0aG9kIiwidGhyZWVEU01ldGhvZERhdGFGb3JtIjoiZXlKMGFISmxaVVJUVFdWMGFHOWtUbTkwYVdacFkyRjBhVzl1VlZKTUlqb2lhSFIwY0hNNkx5OTNkM2N1WTI5dGNIVjBiM0F0Y0dGNVoyRjBaUzVqYjIwdlkySlVhSEpsWlVSVExtRnpjSGdfWVdOMGFXOXVQVzEwYUdST2RHWnVJaXdpZEdoeVpXVkVVMU5sY25abGNsUnlZVzV6U1VRaU9pSmxORFZtWWpBNFppMDFPVFE1TFRRM01UUXRPRFJsWVMxak0yVTNPR0kyTmpZd05HRWlmUSIsInRocmVlRFNNZXRob2REYXRhIjp7InRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJodHRwczovL3d3dy5jb21wdXRvcC1wYXlnYXRlLmNvbS9jYlRocmVlRFMuYXNweD9hY3Rpb249bXRoZE50Zm4iLCJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSJ9fQ==" />
<input type="hidden" name="TermUrl" value="https://yoursuccessurl.com" />
<input type="hidden" name="MD" value="Q1JFRElUQ0FSRC0zRFMyfDg0MHwtMXwxMjMyODkwNg==" />
</form>
<script type="text/javascript">
<!--
function OnLoadEvent()
{
  document.downloadForm.submit();
}
//-->
</script>
</body>
</html>
&version=qtillserver 3.23.0.47&status=0

  2. Beautify code (delete everything above and below html tag and uncomment function OnLoadEvent(), replace every "+" with empty space).

    <html>
  <head>
    <title>ACS Anfrage Seite</title>
  </head>
  <body OnLoad="OnLoadEvent();">
    <form name="downloadForm" action="https://api.qenta.com/page/acs.php" method="post">
      <center>
        <noscript>
          <br /><br />
          <h1>3-D Secure Transaktion</h1>
          <h2>JavaScript ist in Ihrem Browser deaktiviert</h2>
          <h3>Bitte klicken Sie auf den Button, um die 3-D Secure Transaktion fortzusetzen</h3>
          <input type="submit" value="fortsetzen" />
        </noscript>
      </center>
      <input type="hidden" name="PaReq" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSIsImFjc1N0YXJ0UHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJhY3NFbmRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzU3RhcnRQcm90b2NvbFZlcnNpb24iOiIyLjEuMCIsImRzRW5kUHJvdG9jb2xWZXJzaW9uIjoiMi4yLjAiLCJoaWdoZXN0Q29tbW9uU3VwcG9ydGVkUHJvdG9jb2xWZXJzaW9uIjoiMi4xLjAiLCJ0aHJlZURTTWV0aG9kVVJMIjoiaHR0cHM6Ly8zZHMtc2ltLWRldi5jb21wdXRvcC5jb20vL2Fjcy8zZHMtbWV0aG9kIiwidGhyZWVEU01ldGhvZERhdGFGb3JtIjoiZXlKMGFISmxaVVJUVFdWMGFHOWtUbTkwYVdacFkyRjBhVzl1VlZKTUlqb2lhSFIwY0hNNkx5OTNkM2N1WTI5dGNIVjBiM0F0Y0dGNVoyRjBaUzVqYjIwdlkySlVhSEpsWlVSVExtRnpjSGdfWVdOMGFXOXVQVzEwYUdST2RHWnVJaXdpZEdoeVpXVkVVMU5sY25abGNsUnlZVzV6U1VRaU9pSmxORFZtWWpBNFppMDFPVFE1TFRRM01UUXRPRFJsWVMxak0yVTNPR0kyTmpZd05HRWlmUSIsInRocmVlRFNNZXRob2REYXRhIjp7InRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJodHRwczovL3d3dy5jb21wdXRvcC1wYXlnYXRlLmNvbS9jYlRocmVlRFMuYXNweD9hY3Rpb249bXRoZE50Zm4iLCJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImU0NWZiMDhmLTU5NDktNDcxNC04NGVhLWMzZTc4YjY2NjA0YSJ9fQ==" />
      <input type="hidden" name="TermUrl" value="https://yoursuccessurl.com" />
      <input type="hidden" name="MD" value="Q1JFRElUQ0FSRC0zRFMyfDg0MHwtMXwxMjMyODkwNg==" />
  </form>
  <script type="text/javascript">
    function OnLoadEvent()
      {
        document.downloadForm.submit();
      }
  </script>
  </body>
</html>

  3. Execute the HTML, and the 3D Secure mask should be seen in a browser. Enter specific test data for 3D Secure payment method. After that, the merchant will be redirected to the successUrl (which is invalid in this example).

VERIFYPAYMENT

After every INITIATEPAYMENT, VERIFYPAYMENT needs to be done for 3D Secure.

Authorizations: Basic Auth

Request

Required Parameters Optional Parameters

MERCHANTKEY

LOGPATH

COMMAND

LANGUAGE

ORDERNUMBER

APPLICATIONTYPE

PAYMENTNUMBER

DEPOSITFLAG

QTILL_CLIENT_IP_ADDRESS

ORIGINATOR

Responses

201 Successful verification.

Required Parameters Optional Parameters

status

orders

version

errorCode

message

paySysMessage

originator
Order as a basis type of properties in the response can be returned for this command.

400 Validating the request data failed

Parameters

errorCode

message

paySysMessage

POST / https://api.qenta.com/enterprise

Request samples

MERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_&
COMMAND=VERIFYPAYMENT&
APPLICATIONTYPE=S&
DEPOSITFLAG=FALSE&
ORDERNUMBER=14286231&
LANGUAGE=en&

Response samples

order.1.amount=1.00&
payment.1.1.paymentNumber=14286231&
payment.1.1.depositAmount=0.00&
order.1.orderText=Test%3A0000&
order.1.contractNumber=Qenta_Test1&
payment.1.1.timeModified=26.10.2022+09%3A39%3A54&
payment.1.1.operationsAllowed=DEPOSIT%2CAPPROVEREVERSAL&
payment.1.1.paymentType=CREDITCARD&
order.1.merchantNumber=840&
payment.1.1.state=payment_approved&
order.1.depositAmount=0&
order.1.customerStatement=Test005&
order.1.providerContractNumber=Qenta_Test1&
order.1.timeModified=26.10.2022+09%3A39%3A54&
payment.1.1.providerReferenceNumber=09fe67a91b2b4ecd93b8e79fd0b502bc&
order.1.orderNumber=14286231&
payment.1.1.gatewayReferenceNumber=0741d39e24e841ea9005edbb5e98de76&
payment.1.1.orderNumber=14286231&
payment.1.1.approveAmount=1.00&
payment.1.1.providerTokenId=0527152527152323&
order.1.approveAmount=1.00&
order.1.credits=0&
payment.1.1.merchantNumber=840&
order.1.payments=1&
order.1.currency=EUR&
version=qtillserver+3.23.0.48&
order.1.refundAmount=0&
payment.1.1.currency=EUR&
order.1.timeCreated=26.10.2022+09%3A38%3A42&
order.1.state=ORDERED&
order.1.orderDescription=Test%3A0000&
orders=1&
payment.1.1.timeCreated=26.10.2022+09%3A39%3A54&
order.1.acquirer=QENTA&
order.1.paymentType=CREDITCARD&
order.1.brand=Verified+by+Visa&
status=0

Post Transaction Commands

GETORDERDETAILS

Authorizations: Basic Auth

Request

Required Parameters Optional Parameters

MERCHANTKEY

LOGPATH

COMMAND

LANGUAGE

ORDERNUMBER

APPLICATIONTYPE

ADMIN_PASSWORD

ORIGINATOR

Responses

201 Successful getting order details.

Required Parameters Optional Parameters

status

orders

version

errorCode

message

paySysMessage

originator
Order as a basis type of properties in the response can be returned for this command.

400 Validating the request data failed

Parameters

errorCode

message

paySysMessage

POST / https://api.qenta.com/enterprise

Request samples

MERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_&
COMMAND=GETORDERDETAILS&
APPLICATIONTYPE=S&
ORDERNUMBER=14286231&
ADMIN_PASSWORD=9p3a0m5f&

Response samples

order.1.amount=1.00&
payment.1.1.paymentNumber=14286231&
payment.1.1.timeModified=26.10.2022+09%3A39%3A54&
payment.1.1.operationsAllowed=DEPOSIT%2CAPPROVEREVERSAL&
payment.1.1.paymentType=CREDITCARD&
order.1.merchantNumber=840&
order.1.depositAmount=0&
payment.1.1.providerReferenceNumber=09fe67a91b2b4ecd93b8e79fd0b502bc&
payment.1.1.orderNumber=14286231&
payment.1.1.providerTokenId=0527152527152323&
order.1.approveAmount=1.00&
order.1.credits=0&
payment.1.1.merchantNumber=840&
order.1.payments=1&
version=qtillserver+3.23.0.48&
order.1.state=ORDERED&
payment.1.1.currency=EUR&
order.1.refundAmount=0&
orders=1&
order.1.brand=Verified+by+Visa&
order.1.acquirer=QENTA&
status=0&
payment.1.1.depositAmount=0.00&
order.1.orderText=Test%3A0000&
order.1.contractNumber=Qenta_Test1&
payment.1.1.state=payment_approved&
order.1.customerStatement=Test005&
order.1.providerContractNumber=Qenta_Test1&
order.1.orderNumber=14286231&
order.1.timeModified=26.10.2022+09%3A39%3A54&
payment.1.1.gatewayReferenceNumber=0741d39e24e841ea9005edbb5e98de76&
objectsTotal=1&
payment.1.1.approveAmount=1.00&
order.1.currency=EUR&
order.1.timeCreated=26.10.2022+09%3A38%3A42&
order.1.orderDescription=Test%3A0000&
payment.1.1.timeCreated=26.10.2022+09%3A39%3A54&
order.1.paymentType=CREDITCARD

DEPOSIT

The transaction can be deposited:

  1. By using the command DEPOSIT.

    This is only possible if the transaction is not deposited in any other way.

  2. By sending the parameter DEPOSITAMOUNT for the INITIATEPAYMENT and the parameter DEPOSITFLAG for VERIFYPAYMENT.
    In this case, the command DEPOSIT isn’t used.

Authorizations: Basic Auth

Request

Required Parameters Optional Parameters

MERCHANTKEY

LOGPATH

COMMAND

LANGUAGE

ORDERNUMBER

CURRENCY

PAYMENTNUMBER

CUSTOMERSTATEMENT

AMOUNT

MERCHANTREFERENCE

APPLICATIONTYPE

ORIGINATOR

Responses

201 Successful deposit.

Required Parameters Optional Parameters

status

orders

version

errorCode

message

paySysMessage

originator

400 Validating the request data failed

Parameters

errorCode

message

paySysMessage

POST / https://api.qenta.com/enterprise

Request samples

MERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_&
COMMAND=DEPOSIT&
ORDERNUMBER=14286231&
PAYMENTNUMBER=14286231&
AMOUNT=1.00&
CURRENCY=EUR&
LANGUAGE=en&
APPLICATIONTYPE=S&

Response samples

version=qtillserver+3.23.0.48&
paymentNumber=14286231&
status=0

DEPOSITREVERSAL

Authorizations: Basic Auth

Request

Required Parameters Optional Parameters

MERCHANTKEY

LOGPATH

COMMAND

LANGUAGE

ORDERNUMBER

CURRENCY

PAYMENTNUMBER

AMOUNT

ADMIN_PASSWORD

APPLICATIONTYPE

ORIGINATOR

Responses

201 Successful reversal deposit.

Required Parameters Optional Parameters

status

orders

version

errorCode

message

paySysMessage

originator

400 Validating the request data failed

Parameters

errorCode

message

paySysMessage

POST / https://api.qenta.com/enterprise

Request samples

MERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_&
COMMAND=DEPOSITREVERSAL&
ORDERNUMBER=14286231&
PAYMENTNUMBER=14286231&
CURRENCY=EUR&
ADMIN_PASSWORD=9p3a0m5f&
LANGUAGE=en&
APPLICATIONTYPE=S&

Response samples

version=qtillserver+3.23.0.48&
status=0

APPROVEREVERSAL

For using the command APPROVEREVERSAL, payment needs to be in an approved state. Look at the order flow diagram of the payment method for closer information.

Authorizations: Basic Auth

Request

Required Parameters Optional Parameters

MERCHANTKEY

LOGPATH

COMMAND

LANGUAGE

ORDERNUMBER

CURRENCY

PAYMENTNUMBER

AMOUNT

ADMIN_PASSWORD

APPLICATIONTYPE

ORIGINATOR

Responses

201 Successful approving reversal.

Required Parameters Optional Parameters

status

orders

version

errorCode

message

paySysMessage

originator

400 Validating the request data failed

Parameters

errorCode

message

paySysMessage

POST / https://api.qenta.com/enterprise

Request samples

MERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_&
COMMAND=APPROVEREVERSAL&
ORDERNUMBER=27541&
PAYMENTNUMBER=27541&
ADMIN_PASSWORD=9p3a0m5f&
LANGUAGE=en&
APPLICATIONTYPE=S&

Response samples

version=qtillserver+3.23.0.47&
status=0

RECURPAYMENT

Authorizations: Basic Auth

Request

Required Parameters Optional Parameters

MERCHANTKEY

LOGPATH

COMMAND

LANGUAGE

ORDERNUMBER

APPLICATIONTYPE

SOURCEORDERNUMBER

DEPOSITAMOUNT

CURRENCY

CUSTOMERSTATEMENT

AMOUNT

PERIODIC_TYPE

ORDERDESCRIPTION

MERCHANT_TOKENIZATION_FLAG

ADMIN_PASSWORD

ORIGINATOR

Responses

201 Successful approving reversal.

Required Parameters Optional Parameters

status

orders

version

errorCode

message

paySysMessage

originator

400 Validating the request data failed

Parameters

errorCode

message

paySysMessage

POST / https://api.qenta.com/enterprise

Request samples

COMMAND=RECURPAYMENT&
MERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_&
ORDERNUMBER=11649764&
SOURCEORDERNUMBER=14286231&
AMOUNT=1&
CURRENCY=EUR&
ORDERDESCRIPTION=Test:0000&
MERCHANT_TOKENIZATION_FLAG=TRUE&
PERIODIC_TYPE=ucof&
ADMIN_PASSWORD=9p3a0m5f&
APPLICATIONTYPE=S&

Response samples

version=qtillserver+3.23.0.47&
status=0

REFUND

Authorizations: Basic Auth

Request

Required Parameters Optional Parameters

MERCHANTKEY

LOGPATH

COMMAND

LANGUAGE

ORDERNUMBER

APPLICATIONTYPE

AMOUNT

CREDITNUMBER

ADMIN_PASSWORD

CURRENCY

MERCHANTREFERENCE

CUSTOMERSTATEMENT

ISO_TRANSACTION_TYPE

ORIGINATOR
For refunds, basket item data are additional optional parameters.

Responses

201 Successful refunding.

Required Parameters Optional Parameters

status

orders

version

errorCode

message

paySysMessage

originator

creditNumber

400 Validating the request data failed

Parameters

errorCode

message

paySysMessage

POST / https://api.qenta.com/enterprise

Request samples

MERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_&
COMMAND=REFUND&
ORDERNUMBER=6958930&
CURRENCY=EUR&
AMOUNT=1.00&
ADMIN_PASSWORD=9p3a0m5f&
APPLICATIONTYPE=S&
LANGUAGE=en&

Response samples

creditNumber=15236111&
version=qtillserver+3.23.0.48&
status=0

REFUNDREVERSAL

Authorizations: Basic Auth

Request

Required Parameters Optional Parameters

MERCHANTKEY

LOGPATH

COMMAND

LANGUAGE

ORDERNUMBER

APPLICATIONTYPE

CREDITNUMBER

ORIGINATOR

ADMIN_PASSWORD

Responses

201 Successful reversal refunding .

Required Parameters Optional Parameters

status

orders

version

errorCode

message

paySysMessage

originator

400 Validating the request data failed

Parameters

errorCode

message

paySysMessage

POST / https://api.qenta.com/enterprise

Request samples

MERCHANTKEY=43gADp5.UOZxPTet6O8o8K6o-7RefQB3BO21OMu4chB65LJUI_&
COMMAND=REFUNDREVERSAL&
ORDERNUMBER=6958930&
CREDITNUMBER=15236111& (1)
ADMIN_PASSWORD=9p3a0m5f&
APPLICATIONTYPE=S&
LANGUAGE=en
1 Use a credit number got from the refund.

Response samples

version=qtillserver+3.23.0.47&
status=0

Query Commands

For every payment method commands QUERYORDERS, QUERYCREDITS, and QUERYBATCHES are used.

3DS2 Use Cases

One-Time Payment

One-time payment is a fast way to make a single, non-recurring payment. Every transaction is consumer-initiated, therefore SCA based on PSD2 is required.

One-Click Checkout

Each One-click checkout transaction falls under the SCA requirements because it’s executed by the consumer in session. Merchants have to store credit card data as a token in their webshops for recurring payments. The advantage is that consumers can initialize the transaction just in a few steps with data stored in the shop. Every transaction is consumer-initiated so they need to give permission the first time for one-click checkout.

These parameters need to be set in the first request:

  • CONSUMER_BILLING_FIRST_NAME, CONSUMER_BILLING_LAST_NAME, and CONSUMER_EMAIL are mandatory parameters

  • CONSUMER_CHALLENGE_INDICATOR must be set to 04

  • MERCHANT_TOKENIZATION_FLAG must be set to TRUE.

The optional parameters CONSUMER_AUTHENTICATION_METHOD and CONSUMER_SHIPPING_ITEM_AVAILABILITY are recommended.

If the payment is done and the result is received, the 3DS2 process is also completed for the first payment. If the consumer wants to pay again, the checkout has to be initialized once again as above by the consumer, set the parameter SOURCEORDERNUMBER with the ORDERNUMBER value from the previous payment in the new request.

Subscription Model

With this model, consumers must be informed regarding the terms of the agreement when setting up the recurring payment plan and the first transaction needs an SCA since transactions are merchant-initiated.

These parameters need to be set in the first request:

  • CONSUMER_BILLING_FIRST_NAME, CONSUMER_BILLING_LAST_NAME, and CONSUMER_EMAIL are mandatory parameters

  • CONSUMER_CHALLENGE_INDICATOR must be set to 04

  • MERCHANT_TOKENIZATION_FLAG must be set to TRUE.

The optional parameters CONSUMER_AUTHENTICATION_METHOD and CONSUMER_SHIPPING_ITEM_AVAILABILITY are recommended.

If the payment is done and the result is received, the 3DS2 process is also completed for the first payment.

The merchant has to use the RECURPAYMENT command with the SOURCEORDERNUMBER, the MERCHANT_TOKENIZATION_FLAG with the value TRUE and the PERIODIC_TYPE with the value recurring. The SOURCEORDERNUMBER is the ORDERNUMBER from the last recurring transaction and if the last transaction was the initial transaction, use this ORDERNUMBER for the SOURCEORDERNUMBER instead.

Recurring payments with different amounts by each payment

Unlike the subscription model where recurring payments happen with the same amount on a fixed date, PSD2 has the possibility to execute unscheduled merchant-initiated transactions (UCOF). Merchants have to consider that consumers must be informed regarding the terms of the unscheduled credential on file. The first transaction needs an SCA since transactions are merchant-initiated.

These parameters need to be set in the first request:

  • CONSUMER_BILLING_FIRST_NAME, CONSUMER_BILLING_LAST_NAME, and CONSUMER_EMAIL are mandatory parameters

  • CONSUMER_CHALLENGE_INDICATOR must be set to 04

  • MERCHANT_TOKENIZATION_FLAG must be set to TRUE.

The optional parameters CONSUMER_AUTHENTICATION_METHOD and CONSUMER_SHIPPING_ITEM_AVAILABILITY are recommended.

If the payment is done and the result is received, the 3DS2 process is also completed for the first payment.

The merchant has to use the RECURPAYMENT command with the SOURCEORDERNUMBER, the MERCHANT_TOKENIZATION_FLAG with the value TRUE and the PERIODIC_TYPE with the value ucof. The SOURCEORDERNUMBER is the ORDERNUMBER from the last recurring transaction and if the last transaction was the initial transaction, use this ORDERNUMBER for the SOURCEORDERNUMBER instead.

1. For initiation of 3D Secure, parameters PAN, EXPIRY, and CARDVERIFYCODE are mandatory. The parameter SOURCEORDERNUMBER can not be used with these three parameters. If sent SOURCEORDERNUMBER, parameters PAN, EXPIRY, and CARDVERIFYCODE will be ignored, so they don’t need to be sent.