Professional Documents
Culture Documents
Version 1.0
Table of Contents
1 License Conditions REST API .................................................................................................................................. 3
2 Introduction ............................................................................................................................................................ 5
2.1 Who is this document for? ...................................................................................................... 5
2.2 Glossary ................................................................................................................................... 5
2.3 Integration with ICEPAY ........................................................................................................... 5
2.3.1 Payment process.............................................................................................................. 5
2.3.2 Webshop Modules ........................................................................................................... 6
2.3.3 API.................................................................................................................................... 6
3 Starting your implementation ............................................................................................................................... 6
3.1 REST and JSON ......................................................................................................................... 6
3.2 Security .................................................................................................................................... 6
3.3 Important considerations during implementation................................................................... 6
3.4 How to make a request to the API ........................................................................................... 7
3.5 URL........................................................................................................................................... 7
3.6 HTTP headers ........................................................................................................................... 7
3.7 Basic object structure .............................................................................................................. 8
3.8 Examples .................................................................................................................................. 8
3.8.1 Request ............................................................................................................................ 8
3.8.2 Response.......................................................................................................................... 8
3.9 Available services and operations ............................................................................................ 9
3.9.1 Payment operations......................................................................................................... 9
3.9.2 Refund operations ........................................................................................................... 9
4 Checksum ................................................................................................................................................................ 9
4.1 How to calculate ...................................................................................................................... 9
5 Operation parameters..........................................................................................................................................10
5.1 Payment Service .................................................................................................................... 11
5.1.1 Checkout ........................................................................................................................ 11
5.1.2 VaultCheckout ............................................................................................................... 12
5.1.3 AutomaticCheckout ....................................................................................................... 13
5.1.4 GetPayment ................................................................................................................... 13
5.1.5 GetMyPaymentMethods ............................................................................................... 14
5.2 Refund service ....................................................................................................................... 15
5.2.1 RequestRefund .............................................................................................................. 15
5.2.2 CancelRefund ................................................................................................................. 16
5.2.3 GetPaymentRefunds ...................................................................................................... 16
Change Log
Version Date Changes Author
1.0 2015-10-01 Initial version Simon Strijbos
Related Documents
Title Version Document location
Supported Parameters Sheet Latest https://icepay.com/downloads/tech-
docs/ICEPAY_Supported_Parameters_Sheet.pdf
ICEPAY Terms & Conditions EN Latest https://icepay.com/downloads/pdf/company/TC-2015-EN.pdf
ICEPAY Terms & Conditions NL Latest https://icepay.com/downloads/pdf/company/AV-2015-NL.pdf
ICEPAY Terms & Conditions FR Latest https://icepay.com/downloads/pdf/company/TC-2015-FR.pdf
1. Definitions
1.2 License:
A written public act from the Dutch Central Bank (De Nederlandsche Bank) or other
governmental body which provides ICEPAY B.V. with these rights.
2.1 This User License Agreement applies to the use of this ICEPAY REST API, as supplied
by ICEPAY B.V. (further referred to as ICEPAY B.V.).
2.2 BY USING THE ICEPAY REST API YOU FULLY AGREE TO THE CONDITIONS OF THIS USER
LICENSE AGREEMENT. IF YOU DO NOT AGREE TO THIS USER LICENSE AGREEMENT,
YOU SHOULD REFRAIN FROM USING THE ICEPAY REST API.
2.3 You may only use the ICEPAY REST API if such is directly obtained from ICEPAY B.V.
and provided from www.icepay.eu and if you or the organization where you work has
entered into an official contract with ICEPAY B.V. and is therefore a Client in
accordance with these conditions.
2.4 This User License Agreement and the use of the ICEPAY REST API are governed by the
laws of The Netherlands. Any disagreement will be placed b efore a qualified court in
The Hague, The Netherlands. The United Nations Convention on Contracts for the
International Sale of Goods (CISG) is not applicable.
3.1 ICEPAY B.V. grants Client the non-exclusive right to use this ICEPAY REST API and
corresponding documentation. The license shall go into effect after Client has
fulfilled all its obligations.
4. Warranty Disclaimer
4.1 The ICEPAY REST API is made available on an ‘as is’ basis only and without any
warranty or indemnity of any kind.
5.1 Client agrees to indemnify ICEPAY B.V. from all liability, losses, actions, damages or
claims (including all reasonable costs and attorney costs) which flow forth or are
regarding the use or dependency upon the ICEPAY REST API.
5.2 Under no circumstances will ICEPAY B.V. be liable to Client, or any other person or
entity, for any loss of use, revenue or profit, lost or damaged data, or other
commercial or economic loss or for any direct, indirect, special, statutory, or
consequential damages whatsoever related to the use or reliance upon ICEPAY REST
API, even if advised of the possibility of such damages or if such damages are
foreseeable. This limitation shall apply to each breach of this User License Agreement
by ICEPAY B.V.
6.1 All activities that ICEPAY B.V. must perform upon request of Client related to the use
of the ICEPAY REST API that has been made available at no charge, shall be invoiced as
additional work (or support) on the basis of actual costs according to the applica ble
rates of ICEPAY B.V.
6.2 (Future) incompatibility problems (products are unable to interoperate with each
other) can be resolved on the basis of additional work.
6.3 It will be assumed that Client has agreed with the performance of additional work
and the connected costs, if Client has allowed additional work to take place without
raising objections in writing prior to the commencement of additional work.
7. Duration
7.1 This agreement is effective as of the moment of acceptance and may be terminated
at any time by ICEPAY B.V. whereby a notice period of one week shall apply.
8.1 The ICEPAY General Terms & Conditions apply to the agreement. The General
Conditions ICEPAY are filed at the Chamber of Commerce in The Hague under number
27348492. The applicability of purchase conditions or any other conditions from
Client or third parties is, then, expressly rejected by ICEPAY B.V. Client explicitly
declares to have received, read and agreed to the ICEPAY General Terms &
Conditions.
2.2 Glossary
Term Definition
Merchant A company that processes payments through the ICEPAY transaction
platform. An ICEPAY client can have several Merchants (websites/webshops).
Consumer The customer of the Merchant. The end-user who makes a payment through
the website/webshop of the Merchant. Also referred to as Customer.
Postback Asynchronous message sent when the payment status changes.
Checksum Digital signature used to sign all messages.
Secret Pre-shared key used in checksum calculation. You can find your secret when
you log in to https://portal.icepay.com
An exception to the above is credit card, since PCI regulation puts heavy requirements on merchants
who offer credit card number inputs directly in their webshop. Entry of credit card data takes place
exclusively on a payment screen hosted by ICEPAY or by the credit card acquirer.
The most popular method of web service integration today is using a JSON message structure over a
RESTful API. RESTful architecture has the following properties:
2.3.3 API
For PHP developers, ICEPAY also offers a reusable API client that allows for quick implementation.
Since most operations involve performing a payment or refund, the verb POST is used by nearly all
operations on the ICEPAY REST API.
JSON (JavaScript Object Notation) is a notation style to represent complex object structures in a
serialized manner (i.e. transferable over the internet). It has the same role as XML, but is much less
verbose and therefore faster.
3.2 Security
The ICEPAY REST API uses two layers of security to ensure two-way authentication of sender and
receiver, and to prevent interception of messages and tampering.
SSL is used for transport security. All calls to the REST API must be done over HTTPS, ensuring end-to-
end encryption of the message and authentication of ICEPAY as the recipient of your requests. A
custom checksum algorithm using SHA256 is used to sign requests and responses. Using a pre-shared
secret code, this algorithm authenticates the sender of requests and ensures that any response you
receive really came from ICEPAY.
3.5 URL
The base URL for the API is: https://connect.icepay.com/webservice/api/v1/
The service and operation name follow on after the base URL. See Chapter 3.9 for a list of available
services, and Chapter 5 for a list of operations per service.
This URL calls the Checkout operation under the Payment service.
The header Checksum verifies that the merchant mentioned in the header MerchantID is also the
sender of the message. See Chapter 4 for an explanation of how this is done.
{
"Timestamp": "2015-01-01 00:00:00",
...
}
Property Description
Timestamp The date and time in UTC when your request was generated.
3.8 Examples
The examples below show what a basic message exchange between the web shop and the ICEPAY
REST API involves. The parameters per operation are listed under Chapter 5.
3.8.1 Request
A basic HTTP request to the REST API may look like this:
{
"Timestamp": "2015-01-01T00:00:00",
"Amount": "100",
"Country": "NL",
"Currency": "EUR",
"Description": "Order from the webshop",
"EndUserIP": "127.0.0.1",
"PaymentMethod": "IDEAL",
"Issuer": "ABNAMRO",
"Language": "NL",
"OrderID": "1000000123",
"URLCompleted": "https://mywebshop.com/Payment/Success",
"URLError": "https://mywebshop.com/Payment/Failure"
}
3.8.2 Response
The response to the above message is the following:
MerchantID: 12345
Checksum:
b969a1fbb129fe623128b6b34b5a577af44a00b0e9d2ca322c2d5bdfaa0faf91
{
"Amount": 100,
"Country": "NL",
"Currency": "EUR",
"Description": "Order from the webshop",
"EndUserIP": "127.0.0.1",
"Issuer": "ABNAMRO",
"Language": "NL",
"OrderID": "1000000123",
"PaymentID": 123456789,
"PaymentMethod": "IDEAL",
Service Description
Payment All methods related to performing payments, retrieving active payment
methods, retrieving payment information, etc.
Refund All refund operations.
4 Checksum
The checksum is a digital signature that authenticates the sender of the message. This prevents others
from sending payment requests in your name and prevents request tampering. It also assures you that
any response or Postback you receive actually originated from ICEPAY.
There should be no spaces or other characters inserted between the above data.
Example:
https://connect.icepay.com/webservice/api/v1/payment/checkout/POST1234
5AbCdEfGhIjKlMnOpQrStUvWxYz1234567890AbCd{"Timestamp":"2015-01-
01T00:00:00"}
3) Calculate a SHA256 hash over the base string and format the output as hexadecimal. Note:
use a regular SHA256 hash, not an HMAC.
Example:
4c8b79bf77d6162df3305b32c698de20c8b79b38ac23b515826134dc311624e29364eb
With these steps you should have a 64-character, hex encoded string. This will be the value of the
Checksum header.
5 Operation parameters
This chapter lists all possible parameters per API operation. For a list of all allowed values, and value
combinations, please consult the parameters sheet available here:
https://icepay.com/downloads/tech-docs/ICEPAY_Supported_Parameters_Sheet.pdf
The parameters mentioned in this chapter form the JSON-formatted body of each request and
response.
Important notes:
- The field ‘issuer’ must always contain a value allowed under the chosen payment method. For
example when paying with iDEAL, the issuer must be a Dutch consumer bank supporting
iDEAL. When paying with credit cards, the issuer must be a supported credit card scheme for
which you have a subscription.
- Most payment methods are limited to certain countries. Some payment methods (iDEAL,
Giropay, Carte Bleue etc.) are limited to one country, while others (Wire Transfer, SOFORT
Banking) are limited to the SEPA area or to a certain part of the SEPA area. The Supported
Response
5.1.2 VaultCheckout
Request
Response
Response
5.1.4 GetPayment
Request
Response
5.1.5 GetMyPaymentMethods
Request
Response
Issuer object
Country object
5.2.2 CancelRefund
Request
Response
5.2.3 GetPaymentRefunds
Request
Refund object
6 Error messages
6.1 General
Error code Description
ERR_0000 Internal server error: XXX
An unexpected error occurred.
Please contact support@icepay.eu with the full merchant web shop database log
to resolve.
ERR_0001 Request is missing
You did not provide a request object with the web method.
ERR_0002 Please provide a valid 'MerchantID' member
You must provide a valid numeric 'MerchantID' member.
ERR_0003 Please provide the 'XXX' member
You forgot to include a member in your web method request object.
Where XXX is the name of the member that you forgot to include.
ERR_0004 Please provide the IP address of your end-user
You forgot to include the IP address of the end-user.
ERR_0005 Merchant 'XXXXX' is disabled
Your API key is disabled.
Please contact your account manager regarding this issue.
ERR_0006 Merchant 'XXXXX' was not found
Unknown MerchantID
ERR_0007 Checksum for 'XXX' is invalid
The provided checksum did not match.
Where XXX is the name of the web method for which the checksum failed.