Skip to content

Customer validation code

Jump to bottom
Ondřej Zaoral edited this page Jun 17, 2022 · 1 revision

This extension enables transmission of a code to the card statement the customer receives from the issuer. Merchant can use this code to validate (beyond the payment authentication performed by the payment gateway) that the customer is actually the cardholder who has access to the card statement. The validation code is generated by the merchant - the payment gateway only facilitates the transmission to the carholders' statements.

This extension is not available in the basic setup. Please contact akceptacekaret@csob.cz for activation of the extension for your merchant account.

Extension parameters in payment/init operation

Newly added parameter is extensions, contains a list of all activated extensions for a given operation. Extension validationCode is accepted in the payment/init operation.

Description of validationCode extension used in the payment/init operation

Parameters marked in bold are mandatory

Item Type Description
extension String Extension ID (assigned by gateway). It is always validationCode for this particular extension.
dttm String Date and Time of the request (format YYYYMMDDHHMMSS).
code String Validation code (max. 12 digits).
signature String Extension signature, BASE64 encoded.

Example of a payment/init request with the validationCode extension

curl -v –X POST https://api.platebnibrana.csob.cz/api/v1.9/payment/init \
-H "Content-Type:application/json" \
-d '{
  "merchantId":"M1MIPS0000",
  "orderNo":"55471",
  "dttm":"20220125131601",
  "payOperation":"payment",
  "payMethod":"card",
  "totalAmount":12300,
  "currency":"CZK",
  "closePayment": true,
  "returnUrl":"https://example.com/return",
  "returnMethod":"POST",
  "cart":[
    {
      "name": "Nákup: example.com",
      "quantity": 1,
      "amount": 12300
    }
  ],
  "language":"cs",
  "signature":"base64-encoded-signature-of-payment-request",
  "extensions":[
    {
      "extension": "validationCode",
      "dttm": "20220125131601",
      "code": "X167CS",
      "signature": "base64-encoded-extension-signature"
    }
  ]
}'

Cryptographic signature calculation is based on the string of parameters in exactly the same order as listed in the specification (see above).

validationCode|20220125131601|X167CS

Note: Signature of the core parameters remains unchanged. The extensions item does not affect the calculation of the payment/init response. Each extension has its own signature.

Extension signature and its validation uses the same algorithm SHA1withRSA (for API 1.7 and older) or SHA256withRSA (for API 1.8 and newer).

Description of validationCode extension used in the payment/status operation

The response from the payment gateway payment/status includes the validationCode extension only after the correct use of the extension by the merchant in the payment/init call.

Description of extension parameters for validationCode used in the payment/status operation

Parameters in bold will always be returned

Item Type Description
extension String Extension ID (assigned by gateway). It is always validationCode for this particular extension.
dttm String Date and Time of the response (format YYYYMMDDHHMMSS).
code String Validation code (max. 12 digits) - the same value as provided by the merchant in payment/init).
verified3DS Boolean Flag indicating wtether the transaction was authenticated in 3DS2 or not.
signature String Extension signature, BASE64 encoded.

Example of the payment/status response from the payment gateway that includes the validationCode extension

{
  "dttm": "20220125131810",
  "payId": "ff41e84b7e33@HA",
  "resultCode": 0,
  "resultMessage": "OK",
  "paymentStatus": 7,
  "authCode": "453708",
  "signature": "base64-encoded-response-signature",
  "extensions": [
    {
      "extension": "validationCode",
      "dttm": "20220125131810",
      "code": "X167CS",
      "verified3DS": true,
      "signature": "base64-encoded-extension-signature"
    }
  ]
}

Cryptographic signature calculation is based on the string of parameters in exactly the same order as listed in the specification (see above).

validationCode|20220125131810|X167CS|true

Note: Signature of the core parameters remains unchanged. The extensions item does not affect the calculation of the payment/status response. Each extension has its own signature.

Extension signature and its validation uses the same algorithm SHA1withRSA (for API 1.7 and older) or SHA256withRSA (for API 1.8 and newer).

💳 Payment gateway

  1. Payment lifecycle
  2. Integration and API security
  3. Activation of the production environment
  4. Test cards and credentials
  5. API Sunset

💰 Payments

  1. Payment Authentication
  2. Basic Payment
  3. OneClick Payment
  4. Custom Payment
  5. Apple Pay
  6. Google Pay
  7. Collecting partial card payment
  8. ČSOB Payment Button
  9. Payment Skip Pay

🔬 eAPI 1.9

  1. API Integration
  2. Request Signing and Response Signature Validation
  3. API Methods Overview
  4. Basic Methods
  5. Methods for OneClick Payment
  6. Methods for Apple Pay
  7. Methods for Google Pay
  8. Methods for ČSOB Payment Button
  9. Methods for Skip Pay
  10. Purchase metadata

📐 Tools & how-to

  1. Payment method presentation
  2. Merchant Logo
  3. Colour scheme

📟 API extensions

  1. Extensions concept
  2. Exact date and time of transaction authorization
  3. Card data for OneClick Payment
  4. Card data for Basic Payment
  5. Tokenization
  6. Customer validation code

🔧 Frequently Asked Questions

  1. Payment methods and processing FAQ
  2. Technical FAQ
Clone this wiki locally