Stored credentials and transactions types
This section describes supported types of stored-credential transactions.
Types of stored credentials
Payment Gateway allows to create and use the following type of stored credentials:
- Common – for payments that are not related to any plan or schedule. For example, when a customer makes a new order and pays for it using previously saved card data.
Transaction types
Stored-credential transactions belong to either of the two groups depending on the initiator of a transaction:
-
CIT (Cardholder-initiated Transactions) – e-commerce transactions where a cardholder takes part in the payment. This group includes the following types of transactions:
- C/CI – common initial transaction, when a common credential is stored for further payments.
- F – unscheduled transaction, performed by a cardholder using a common stored credential.
-
MIT (Merchant-initiated Transactions) – e-commerce transactions performed by the merchant without participation of a cardholder. This group includes the following type of transactions:
- U – unscheduled transaction performed using a common stored credential. For example, penalty charge. Note that there is no CVC or 3DS verification for such operation as a cardholder does not take part in it and cannot enter any data.
The type of a transaction should be passed in the tii (Transaction Intitiator Indicator) parameter of API payment requests. Possible values of tii:
tii value |
Description | Transaction type | Transaction initiator | Card data for transaction | Card data saved after transaction | Note |
|---|---|---|---|---|---|---|
| Empty | Regular | Customer | Entered by Customer | No | An e-commerce transaction, credential is not stored. | |
| CI | Initial Common CIT | Initiating | Customer | Entered by Customer | Yes | An e-commerce transaction, credential is stored. |
| F | Unscheduled CIT | Subsequent | Customer | Customer selects card instead of manual entry | No | An e-commerce transaction that uses a stored credential. |
| U | Unscheduled MIT | Subsequent | Merchant | No manual entry, Merchant passes the data | No | An e-commerce transaction that uses a stored credential. Used for one-phase payments only. |
An initial transaction that stores the credental can be done as a Redirect or a Direct payment with corresponding requirements for PCI DSS compliance. For any further payment by binding, PCI DSS compliance is not required because card data is not passed.
Managing stored credentials via API
Below you can find examples of storing and using payment credentials of different types via API using your own payment page:
Common stored credentials
Store a common credential
To store a common credential, run the instantPayment.do request with clientId parameter.
As a result, the order will be registered and payed and the credential will be stored for the client with the initially specified clientId. You can run the getBindings.do request to make sure that the credential was stored.
Example of the instantPayment.do request:
curl --request POST \
--url https://gateway-test.jcc.com.cy/payment/rest/instantPayment.do \
--header 'content-type: application/x-www-form-urlencoded' \
--data userName=test_user \
--data password=test_user_password \
--data amount=100 \
--data currency=978 \
--data description=my_first_order \
--data orderNumber=1218637308 \
--data pan=5000001111111115 \
--data cvc=123 \
--data expiry=203012 \
--data cardHolderName="TEST CARDHOLDER" \
--data clientId=12345 \
--data language=en \
--data backUrl=https%3A%2F%2Fmybestmerchantreturnurl.com \
--data failUrl=https%3A%2F%2Fmybestmerchantreturnurl.com{
"errorCode": "0",
"orderId": "eee72f6e-b980-79c5-92e8-6f4200b1eae0",
"info": "Your order is proceeded, redirecting...",
"redirect": "https://www.test.com/payment/merchants/gateway/finish.html?orderId=eee72f6e-b980-79c5-92e8-6f4200b1eae0&lang=en",
"orderStatus": {
"expiration": "202612",
"cardholderName": "TEST CARDHOLDER",
"depositAmount": 100,
"currency": "978",
"approvalCode": "123456",
"authCode": 2,
"ErrorCode": "0",
"ErrorMessage": "Success",
"OrderStatus": 2,
"OrderNumber": "2011",
"Pan": "500000**1115",
"Amount": 100,
"Ip": "x.x.x.x"
}
}Pay with a common stored credential
To pay for an order with a common stored credential, use the following flow:
- Run the register.do request with
clientIdparameter → getorderIdin response. -
Get the list of stored credentials using the getBindings.do request with the same value of
clientIdandbindingType=C→ getbindingIdin response.Example of the
getBindings.dorequest:curl --request POST \ --url https://gateway-test.jcc.com.cy/payment/rest/getBindings.do \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data userName=test_user \ --data password=test_user_password \ --data clientId=259753456 \ --data bindingType=C{ "errorCode":"0", "errorMessage":"Success", "bindings": [ { "bindingId": "b83317e0-1679-7d85-b375-a63200b4f820", "maskedPan": "411111**1111", "expiryDate": "203412", "paymentWay": "TOKEN_PAY", "paymentSystem": "CARD", "displayLabel": "XXXXXXXXXXXX1111", "bindingCategory": "COMMON" } ] } -
Run paymentOrderBinding.do request. Pass the
orderIdvalue (received on the step 1) in themdOrderparameter, pass the receivedbindingId. Availabletiivalues:F,U.Example of the
paymentOrderBinding.dorequest:curl --request POST \ --url https://gateway-test.jcc.com.cy/payment/rest/paymentOrderBinding.do \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data mdOrder=24c3d392-4c60-7f0b-9ff5-b00100b4f820 \ --data ip=127.0.0.1 \ --data cvc=123 \ --data bindingId=b83317e0-1679-7d85-b375-a63200b4f820 \ --data userName=test_user \ --data password=test_user_password \ --data language=en \ --data tii=F{ "redirect": "https://gateway-test.jcc.com.cy/payment/merchants/pay/finish.html?orderId=24c3d392-4c60-7f0b-9ff5-b00100b4f820&lang=en", "info": "Your order is proceeded, redirecting...", "errorCode": 0 }As a result, the order will be payed using the stored credential with the specified
bindingId.