Professional Documents
Culture Documents
Notice: The Company Confidential label signifies that the information in this document is
confidential and proprietary to UniversalPay, and is only intended for use by merchant customers of
UniversalPay, internal staff, and authorised business partners of UniversalPay.
This document is protected by copyright restricting its use, replication in any format, and distribution.
No part of this document may be reproduced in any form by any means without the express
permission of UniversalPay.
UniversalPay reserves the right to amend, delete or add to the contents of the document, at any
time, and to make improvements and/or changes to the products and/or programmes described in
this document.
Every reasonable attempt will be made to ensure that the contents of the document are accurate,
and a true reflection of the products and programmes described herein. However, UniversalPay will
not be held liable for any inaccuracies of any nature, however communicated by UniversalPay.
UniversalPay and other trademarks are trademarks or registered trademarks of their respective
owners.
All other product names mentioned in this document are the trademarks of their respective owners.
© UniversalPay 2018
1.2. Assumptions
In this document it is assumed that merchants will handle the scheduling of the recurring payments.
It is also assumed that the merchant is referring to the UniversalPay API Specification Document Version
2.0 for integration.
It is also assumed that merchants will take the first customer authorisation via the hosted payment pages –
using channel ECOM with 3D Secure Authentication.
It is also assumed that after the first customer authorisation the merchants will store the card token in relation
to the customer ID for subsequent pay-per-use recurring payments.
It is also assumed that merchants will perform the subsequent recurring payments for the same customer via
Server-Server HTTP Requests to the UniversalPay API using the card token provided after the completion
of the first transaction.
Standard Example:
1) Session Token Request (Server-Server HTTP POST call from Merchant Web-Service):
(ECOM Channel, with CVV and with 3D Secure)
POST https://api.test.universalpay.es/token
POST data:
merchantId={Merchant_ID}&action=PURCHASE&password={API_Password}&allowOriginUrl=
{Server_URL}×tamp={Milliseconds}&channel=ECOM&amount=10¤cy=EUR&countr
y=ES&merchantNotificationUrl={Listener_URL}&merchantLandingPageUrl={Web_URL}&bra
ndId={Brand_ID}&specinProcessWithoutCvv2=false&forceSecurePayment=true
At the end of the above payment – if the merchant would have provided the merchantNotificationUrl
parameter in the Session Token Request, the UniversalPay gateway will post a transaction result call
with the following elements:
POST http://{Merchant_Notification_URL}
POST data:
acquirer=UniversalPay&acquirerAmount=10.00&acquirerCurrency=EUR&acquirerTxId=F72DF1
CF3CF7463DAFFE1C4FD18A3B51&action=PURCHASE&amount=10.00&brandId={Brand_ID}&country=
ES¤cy=EUR&customerId={Customer_ID}&merchantId={Merchant_ID}&merchantTxId=lnwx
P5ap0UnGeKV8x0ts&pan=3674506345311111&paymentSolutionDetails=authCode%3DApprov&paym
entSolutionId=500&status=CAPTURED&txId=11543444
The merchant needs to store the pan (card token), and the customerId parameter to which it is related
to perform subsequent transactions without the intervention of the customer.
Standard Example:
1) Session Token Request (Server-Server HTTP POST call from Merchant Web-Service):
(MOTO Channel, without CVV and without 3D Secure)
POST https://api.test.universalpay.es/token
POST data:
merchantId={Merchant_ID}&action=PURCHASE&password={API_Password}&allowOriginUrl={Se
rver_URL}×tamp={Milliseconds}&channel=MOTO&amount=20¤cy=EUR&country=ES&p
aymentSolutionId=500&specinCreditCardToken={pan}&customerId={Customer_ID}&brandId={
Brand_ID}&merchantNotificationUrl={Listener_URL}&specinProcessWithoutCvv2=true&forc
eSecurePayment=false
Then submit the confirmation of the payment using the session token obtained in the previous request
without the CVV. (Section 6.9 on the API Specification).
3) Confirm Payment Request (Server-Server HTTP POST call from Merchant Web-Service):
POST https://api.test.universalpay.es/payments
POST data:
token={Session_Token}&merchantId={Merchant_ID}
5) Merchant Notification:
If the merchant would have provided the merchantNotificationUrl parameter in the Session Token
Request, the UniversalPay gateway will post a transaction result call as described on point 4, page 8 on
this document.
UniversalPay
Customer Merchant Gateway
Session Token
Hosted Page
request
Result
Call
Recurring Payment
Session Token Request, Customer ID,
Card Token, no CVV
Session Token
Confirm Payment
Response