Introduction

WL Sips is a secure multi-channel e-commerce payment solution that complies with the PCI DSS standard. It allows you to accept and manage payment transactions by taking into account business rules related to your activity (payment on despatch, deferred payment, recurring payment, payment in instalments, etc.).

The purpose of this document is to explain the implementation steps of the Sips Paypage SOAP solution up to live operations.

Who does this document target?

This document is intended for merchants wishing to subscribe to the WL Sips offer and use a connector based on HTTPS exchanges in SOAP mode between their websites and the Sips Paypage SOAP payment servers.

It is an implementation guide for your technical team.

To get an overview of the WL Sips solution, we advise you to consult the following documents:

  • Functional presentation
  • Functionality set-up guide

Prerequisites

Knowledge of standards related to web programming languages used today, such as Java, PHP or .Net, is necessary to develop a connection to Sips Paypage SOAP .

Note: all code sections in this document are provided as samples, you will need to adapt them to your website for them to be fully operable.

Secret key management

Upon your subscription, Worldline provides a secret key on the Sips Download extranet that will allow you to secure exchanges between your website and the WL Sips server.

You are responsible for looking after this key and should take all measures to:

  • Restrict access to the key
  • Safeguard it by encrypting it
  • Never copy it onto a non-secure disc or device
  • Never send it (via e-mail or regular mail) in a non-secure method.

A secret key compromised (and used by a malicious third party) might disrupt the regular operation of your shop and might in particular generate unauthorised sales or cash transactions (e.g. refunds).

IMPORTANT: in the event that a secret key is compromised, you are required to ask as quickly as possible for its revocation then for its renewal via the Sips Download extranet (please refer to the "Secret key revocation and renewal" section in the Quick start guide).

The very same secret key is used on the various Sips Paypage , Sips Office , Sips In-App and Sips Walletpage connectors.

IMPORTANT: a secret key is associated with a version. After getting a new secret key, you must modify your request and populate the keyVersion field with the new version, otherwise you will get an answer code 34 (suspected fraud).

Contacting the support

For any technical question or request for assistance, our services are available:

  • by telephone at: +33 (0) 811 10 70 33
  • by e-mail: sips@worldline.com

In order to facilitate the processing of your requests, please provide your merchantId (15-digit number).

Understanding payment with Sips Paypage SOAP

The general principle for a payment process is as follows:

1. When the customer makes a payment, a payment request must be sent to Sips Paypage SOAP . The URL of this connector is provided by Worldline . The request is then checked, and encryted if valid (it is named RedirectionData in the system). The request is sent through a POST form via HTTPS. Any other solution that can send such requests also works.

2. The merchant site redirects the calling application to the WL Sips payment pages. The customer must enter the information of the means of payment for the WL Sips payment server to process the transaction. It is worth noting that payment details can be entered directly on the server that provides the means of payment (e.g. PayPal or SEPA mandate). At the end of the payment process, whether successful or not, two responses are created and sent to the URL specified as part of flow No. 1.

There are two independent response notifications:

3. The payment server sends the manual responses in HTTP(S) POST format to the manual response  URL. This URL is specified in the payment request and is used when the customer clicks on the Continue button of the payment page. It is the page the user is redirected to at the end of the payment. As nothing guarantees that the customer will click on this link, you have no guarantee of receiving the manual response either.

4. Automatic responses are sent separately from manual responses. They also use the HTTP(S) POST requests sent by the WL Sips payment servers, this time using the automatic response  URL specified in the payment request. This means you receive the response as soon as the payment is made on the WL Sips payment pages.

Note: if the payment has failed and the customer is redirected to your website, it is no longer possible to return to the WL Sips payment pages and attempt to pay again or correct card data. The role of your website is to initialise a new payment request, beginning with calling the Sips Paypage connector.

Getting started with Sips Paypage SOAP in 5 steps

Step 1: registering the shop

In order to register your shop as live, you are required to complete the registration form sent by Worldline and send the form back to the latter.

When filling in the form, you must appoint an administrator contact and a technician contact so that Worldline can send you the information needed to launch your shop.

Worldline will then register your shop and e-mail you your merchant ID, together with your IDs and passwords for Sips Download (to retrieve the secret key) and (cash management).

Note: for Sips Office Extranet , the ID and password are sent to the administrator contact. For Sips Download , the ID is sent to the administrator contact and the password is sent to the technician contact.

Registering the shop is not needed to start integrating the connector and testing the connection on the customer test environment. It is possible to defer requesting shop registration until you perform live operation tests.

Step 2: making a payment

The payment request is a call to a REST web service ( SOAP ) located on the WL Sips payment platform.

Generating the payment request

All the fields requested by the transaction must be supplied (please refer to the "Filling in the request fields" chapter).

The value of the interfaceVersion field must be set to IR_WS_ 2.33 .

Request syntax

The request is built in line with the SOAP format.

Sample payment request with an amount of 52.50 euros:

      <soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/'>
  <soapenv:Body>
    <urn:paymentWebInit xmlns:urn='urn:sips:cn:contract:payment:v2'>
      <urn:input>
        <urn:amount>5250</urn:amount>
        <urn:currencyCode>978</urn:currencyCode>
        <urn:interfaceVersion> IR_WS_2.20</urn:interfaceVersion>
        <urn:merchantId>011223744550001</urn:merchantId>
        <urn:normalReturnUrl> http://www.normalreturnurl.com </urn:normalReturnUrl>
        <urn:orderChannel>INTERNET</urn:orderChannel>
        <urn:responseKeyVersion>1</urn:responseKeyVersion>
        <urn:transactionReference>TREF0808151333</urn:transactionReference>
        <urn:keyVersion>3</urn:keyVersion>
      <urn:seal>3a02205859ffd2eff4d7dd015ce01fda11d80f03fa88e2caa188c5eea5a42c61</urn:seal></urn:input>
    </urn:paymentWebInit>
  </soapenv:Body>
</soapenv:Envelope>
    

Request fields presence

Some fields of the payment request are required:

  • Only when using certain means of payment. Please read the dedicated means of payment guide to know the mandatory fields.
  • Depending on your shop configuration. Please read the Functionality set-up guide to find out the mandatory fields.
  • Only in certain use cases (e.g. recurring payment). Please read the Functionality set-up guide to know the mandatory fields.

Those fields are marked as "conditional".

Securing the request

The request includes the transaction parameters and is sent by the customer's web browser. Theoretically, a third party can intercept the request and modify its content before the data reaches the payment server.

Therefore it is necessary to strengthen security so as to ensure the integrity of the parameters of the transaction sent. The WL Sips solution meets this challenge by exchanging signatures. An effective signature control comprises two elements:

  • The integrity of the request and response messages.
  • The issuer and recipient authentication, as they share the same secret key.
IMPORTANT: if your secret key is compromised, or if you suspect this might be the case, you should always go to Sips Download to request a new one.

How to secure the request

The request is secured by calculating the hash value in line with the transaction parameters. Then, the secret key is added to it. All character strings are converted to UTF-8 before being hashed.

The hashing algorithm generates an irreversible result. When such a message is received, the recipient needs to recalculate the hash value and compare it with the one received. Any difference indicates that the data exchanged was falsified, or that the recipient and the issuer do not share the same secret key.

The result must be sent in hexadecimal format in the data element named Seal .

Calculating the Seal data element

HMAC-SHA algorithm

The value of the Seal data element is computed as follows:

  • Concatenation of data field values in the alphabetical order of field names (in accordance with ASCII character codes), without integrating the keyVersion and sealAlgorithm fields. Giving the field data , mentioned in the examples below.
    • as an example, a field that would be named authorMessageReference must be positioned before another field named authorisationId
  • Obtaining the UTF-8 encoding of the data from the previous result
  • HMAC with SHA256 encryption of bytes obtained with the secret key

This procedure can be summarised as follows:

      HMAC-SHA256( UTF-8(sortedDataValues), UTF-8(secretKey))
    
Note: by default, the seal is calculated with the HMAC-SHA-256 algorithm. For a seal to be computed with the SHA-256 algorithm, the input parameters of the request must include the sealAlgorithm field populated with the following value: “SHA-256”.
Hmac Sha256 sample code
  • Sample Hmac Sha256 encoding in Php 5
            
    <?php
    
    …
    
    // Seal computation thanks to hash sorted data hash with merchant key
    
    $data_to_send= utf8_encode($data)
    
    $seal=hash_hmac('sha256', $data_to_send, $secretKey);
    
    …
    …
    
    ?> 
          

    data_to_send and secretKey must use a UTF-8 character set. Please refer to the utf8_encode function for the conversion of ISO-8859-1 characters in UTF-8.

  • Sample Hmac Sha256 encoding in Java
            
    import java.security.InvalidKeyException;
    import java.security.NoSuchAlgorithmException;
    
    import javax.crypto.Mac;
    import javax.crypto.spec.SecretKeySpec;
    
    public class ExampleHMACSHA256 {
    
    /**
     * table to convert a nibble to a hex char.
     */
    static final char[] hexChar = {
       '0' , '1' , '2' , '3' ,
       '4' , '5' , '6' , '7' ,
       '8' , '9' , 'a' , 'b' ,
       'c' , 'd' , 'e' , 'f'};
    
    /**
     * Fast convert a byte array to a hex string
     * with possible leading zero.
     * @param b array of bytes to convert to string
     * @return hex representation, two chars per byte.
     */
    public static String encodeHexString ( byte[] b )
       {
       StringBuffer sb = new StringBuffer( b.length * 2 );
       for ( int i=0; i<b.length; i++ )
          {
          // look up high nibble char
          sb.append( hexChar [( b[i] & 0xf0 ) >>> 4] );
    
          // look up low nibble char
          sb.append( hexChar [b[i] & 0x0f] );
          }
       return sb.toString();
       }
    
    /**
     * Computes the seal
     * @param Data the parameters to cipher
     * @param secretKey the secret key to append to the parameters 
     * @return hex representation of the seal, two chars per byte.
     */
    public static String computeSeal(String data, String secretKey) throws Exception
    {
      Mac hmacSHA256 = Mac.getInstance("HmacSHA256");
      SecretKeySpec keySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA256");
      hmacSHA256.init(keySpec);
    
      return encodeHexString(hmacSHA256.doFinal(data.getBytes()));
    }
    
    /**
     * @param args
     */
    public static void main(String[] args) {
    try {
    System.out.println (computeSeal("parameters", "key"));
    } catch (Exception e) {
    e.printStackTrace();
    }
    }
    
    }
          
  • Sample Hmac Sha256 encoding in .net

    (Carried out using a simple form called "Form1" containing two text fields to enter data and txtSecretKey , and another field to display  lblHEX ).

            
    using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Drawing;
    using System.Text;
    using System.Windows.Forms;
    using System.Security.Cryptography;
    
    namespace ExampleDotNET
    {
        public partial class Form1 : Form
        {
            public Form1()
            {
                InitializeComponent();
            }
    
            private void cmdGO_Click(object sender, EventArgs e)
            {
                String sChaine = data.Text;
                UTF8Encoding utf8 = new UTF8Encoding();
                Byte[] encodedBytes = utf8.GetBytes(sChaine);
            
                byte[] shaResult;
                
                HMAC hmac = new HMAC.Create("HMACSHA256");
                var key = "YourSecretKey";
                hmac.Key = utf8.GetBytes(key); 
                hmac.Initialize();
    
                shaResult = hmac.ComputeHash(encodedBytes);
    
                lblHEX.Text = ByteArrayToHEX(shaResult);
            }
    
            private string ByteArrayToHEX(byte[] ba)
            {
                StringBuilder hex = new StringBuilder(ba.Length * 2);
                foreach (byte b in ba)
                    hex.AppendFormat("{0:x2}", b);
                return hex.ToString();
            }
    
        }
    }
          
Seal calculation validation

Once you have set up your seal calculation, here is a sample request to help you verify that you find the correct seal:

            <urn:paymentWebInit>
         <urn:input>
            <urn:amount>2500</urn:amount>
            <urn:urn:automaticResponseUrl>https://automatic-response-url.fr/</urn:urn:automaticResponseUrl>
            <urn:normalReturnUrl>https://normal-return-url/</urn:normalReturnUrl>
            <urn:captureDay>0</urn:captureDay>
            <urn:captureMode>AUTHOR_CAPTURE</urn:captureMode>
            <urn:currencyCode>978</urn:currencyCode>
            <urn:customerContact>
                <urn:email>customer@email.com</urn:email>
            </urn:customerContact>
            <urn:interfaceVersion>IR_WS_2.22</urn:interfaceVersion>
            <urn:keyVersion>1</urn:keyVersion>
            <urn:merchantId>011223344550000</urn:merchantId>
            <urn:orderChannel>INTERNET</urn:orderChannel>
            <urn:orderId>ORD101</urn:orderId>
            <urn:returnContext>ReturnContext</urn:returnContext>
            <urn:transactionOrigin>SO_WEBAPPLI</urn:transactionOrigin>
            <urn:transactionReference>TREFEXA2012</urn:transactionReference>
            <urn:seal>322b943d833417c1570e0a282641e8e29d6a5b968c9b846694b5610e18ab5b81</urn:seal>
         </urn:input>
      </urn:paymentWebInit>
    

For the above request, the concatenated string which must be calculated is:

      2500https://automatic-response-url.fr/0AUTHOR_CAPTURE978customer@email.comIR_WS_2.22011223344550000https://normal-return-url/INTERNETORD101ReturnContextSO_WEBAPPLITREFEXA2012
    

With a HMAC-SHA-256 hash algorithm and the following secret key:

      secret123
    

The expected seal is:

      322b943d833417c1570e0a282641e8e29d6a5b968c9b846694b5610e18ab5b81
    

Sample payment request

Below is a sample request in SOAP format:

      <soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/'>
  <soapenv:Body>
    <urn:paymentWebInit xmlns:urn='urn:sips:cn:contract:payment:v2'>
      <urn:input>
        <urn:amount>5250</urn:amount>
        <urn:currencyCode>978</urn:currencyCode>
        <urn:interfaceVersion> IR_WS_2.20</urn:interfaceVersion>
        <urn:merchantId>011223744550001</urn:merchantId>
        <urn:normalReturnUrl> http://www.normalreturnurl.com </urn:normalReturnUrl>
        <urn:orderChannel>INTERNET</urn:orderChannel>
        <urn:responseKeyVersion>1</urn:responseKeyVersion>
        <urn:transactionReference>TREF0808151333</urn:transactionReference>
        <urn:keyVersion>3</urn:keyVersion>
      <urn:seal>3a02205859ffd2eff4d7dd015ce01fda11d80f03fa88e2caa188c5eea5a42c61</urn:seal></urn:input>
    </urn:paymentWebInit>
  </soapenv:Body>
</soapenv:Envelope>
    

Sample redirection form to Sips Paypage SOAP

In return to this request, you should receive a response (also in  SOAP ) containing the following fields:

Field name Description
redirectionData Request token to be provided during the redirection to the payment pages.
redirectionStatusCode List of possible response codes.
redirectionStatusMessage Short message providing the initialisation status.
redirectionUrl URL of the WL Sips payment pages you have to redirect the customer to.
redirectionVersion Redirection version.
seal Output seal.
reponseEncoding Encoding type used for responses.

If the payment initialisation was successful, the redirectionStatusCode field must be populated with "00". The redirectionData, redirectionVersion and redirectionUrl fields will likewise be populated to allow the redirection to the WL Sips payment pages.

To redirect the customer to the payment pages, you must implement a POST form sending the two following fields: redirectionData and redirectionVersion. The POST form shall redirect the customer to the URL provided in the redirectionUrl field.

Below is a sample form that must be submitted automatically:

      <form method="post" action=”value of redirectionURL”>
    <input type="hidden" name="redirectionVersion" value=”value of redirectionVersion”>
    <input type="hidden" name="redirectionData" value=”value of redirectionData”>
  </form>
    

Processing payment initialisation errors

All fields received by Sips Paypage SOAP through the connector are checked individually. The table below lists the error messages that might be displayed during this step, and the solutions to be implemented.

redirectionStatusCode Description
00 Standard situation followed by the standard process used to display the payment pages.
03 The merchantId or the acquirer contract is not correct.
12 The transaction parameters are not correct. Please check the request parameters.
30 The request format is not correct.
34 Security issue: e.g. the computed seal is not correct.
94 The transaction already exists.
99 Service temporarily unavailable.

There are four possible situations:

  • RedirectionStatusCode = 00

The user must be redirected to the payment page.

  • RedirectionStatusCode = 03, 12, 30, 34

These error codes indicate that the request has an issue that needs to be fixed. The payment process must be stopped.

  • RedirectionStatusCode = 94

The transaction reference has already been used. You need to try again with another transaction reference.

  • RedirectionStatusCode = 99

The payment service is unavailable. Try to submit the request again. A new transaction reference must be used to prevent response code 94 from being returned.

Populating the request fields

Generic fields

Field Presence As of Version Comments
amount Mandatory IR_WS_ 2.0
automaticResponseUrl Optional IR_WS_ 2.0
captureDay Optional IR_WS_ 2.0
captureMode Optional IR_WS_ 2.0
currencyCode Mandatory IR_WS_ 2.0
customerEmail Optional IR_WS_ 2.0
customerId Optional IR_WS_ 2.0
customerLanguage Optional IR_WS_ 2.0
fraudData Optional IR_WS_ 2.0 See the Containers part
hashSalt1 Optional IR_WS_ 2.0
hashSalt2 Optional IR_WS_ 2.0
hashAlgorithm1 Optional IR_WS_ 2.0
hashAlgorithm2 Optional IR_WS_ 2.0
interfaceVersion Mandatory IR_WS_ 2.0
merchantId Mandatory IR_WS_ 2.0
merchantSessionId Optional IR_WS_ 2.0
merchantTransactionDateTime Optional IR_WS_ 2.0
merchantWalletId Optional IR_WS_ 2.0
normalReturnUrl Mandatory IR_WS_ 2.0
orderChannel Mandatory IR_WS_ 2.0
orderId Optional IR_WS_ 2.0
paymentMeanBrandList Optional IR_WS_ 2.0
paymentMeanData Optional IR_WS_ 2.0 See the Containers part
responseKeyVersion Optional IR_WS_ 2.0
returnContext Optional IR_WS_ 2.0
templateName Optional IR_WS_ 2.0
transactionActors Optional IR_WS_ 2.0
transactionReference Conditional IR_WS_ 2.0 Mandatory if you do not use the s10TransactionReference or WL Sips does not calculate it for you, depending on your merchant configuration
transactionOrigin Optional IR_WS_ 2.0
invoiceReference Optional IR_WS_ 2.0
bypassReceiptPage Optional IR_WS_ 2.0
customerIpAddress Optional IR_WS_ 2.0
customerTimestampIpAddress Optional IR_WS_ 2.26
bypassDcc Optional IR_WS_ 2.0
instalmentData Optional IR_WS_ 2.0 See the Containers part
billingAddress Optional IR_WS_ 2.0 See the Containers part
billingContact Optional IR_WS_ 2.0 See the Containers part
customerAddress Optional IR_WS_ 2.0 See the Containers part
customerContact Optional IR_WS_ 2.0 See the Containers part
deliveryAddress Optional IR_WS_ 2.0 See the Containers part
deliveryContact Optional IR_WS_ 2.0 See the Containers part
holderAddress Optional IR_WS_ 2.0 See the Containers part
holderContact Optional IR_WS_ 2.0 See the Containers part
customerData Optional IR_WS_ 2.0 See the Containers part
paymentPattern Conditional IR_WS_ 2.0
statementReference Optional IR_WS_ 2.0
authenticationData Optional IR_WS_ 2.0 See the Containers part
mandateId Optional IR_WS_ 2.0
billingFirstDate Optional IR_WS_ 2.0
customer3DSTransactionDate Optional IR_WS_ 2.0
customerBillingNb Optional IR_WS_ 2.0
customerDeliverySuccessFlag Optional IR_WS_ 2.0
customerPhoneValidationMethod Optional IR_WS_ 2.0
customerRegistrationDateOnline Optional IR_WS_ 2.0
customerRegistrationDateProxi Optional IR_WS_ 2.0
deliveryFirstDate Optional IR_WS_ 2.0
evidenceAcquisitionDate Optional IR_WS_ 2.0
evidenceNumber Optional IR_WS_ 2.0
evidenceType Optional IR_WS_ 2.0
valueDate Optional IR_WS_ 2.0
deliveryData Optional IR_WS_ 2.6 See the Containers part
shoppingCartDetail Optional IR_WS_ 2.6 See the Containers part
holderData Optional IR_WS_ 2.6 See the Containers part
s10TransactionReference Conditional IR_WS_ 2.7 Mandatory if you do not use the transactionReference or WL Sips does not calculate it for you, depending on your merchant configuration. See the Containers part
holderAdditionalReference Optional IR_WS_ 2.9
riskManagementCustomDataList Optional IR_WS_ 2.9 List of container riskManagementCustomData . See the Containers part
intermediateServiceProviderId Optional IR_WS_ 2.10
seal Mandatory IR_WS_ 2.0
keyVersion Mandatory IR_WS_ 2.0
sealAlgorithm Optional IR_WS_ 2.10
paypageData Optional IR_WS_ 2.11 See the Containers part
subMerchantId Optional IR_WS_ 2.15
subMerchantShortName Optional IR_WS_ 2.15
subMerchantCategoryCode Optional IR_WS_ 2.15
subMerchantLegalId Optional IR_WS_ 2.15
subMerchantAddress Optional IR_WS_ 2.15 See the Containers part
orderContext Optional IR_WS_ 2.16 See the Containers part
travelContext Optional IR_WS_ 2.16 See the Containers part
responseEncoding Optional IR_WS_ 2.19
subMerchantName Optional IR_WS_ 2.20
subMerchantContractNumber Optional IR_WS_ 2.20
customerAccountHistoric Optional IR_WS_ 2.21 See the Containers part
merchantName Optional IR_WS_ 2.23 Allow to change the name displayed on the 3-D Secure authentication page
merchantUrl Optional IR_WS_ 2.29 Allow to change the merchant website url displayed on the 3-D Secure authentication page

Optional fields pertaining to cardholder authentication

Content of authenticationData

Field As of Version Comments
cardAuthPolicy IR_WS_ 2.0 See the Containers part
issuerWalletAuthPolicy IR_WS_ 2.0 See the Containers part

Content of cardAuthPolicy

Field As of Version Comments
checkAVS IR_WS_ 2.0
ignoreCSCCheckResult IR_WS_ 2.0
ignorePostcodeCheckResult IR_WS_ 2.0
ignoreAddressCheckResult IR_WS_ 2.0

Content of issuerWalletAuthPolicy

Field As of Version Comments
check3DS IR_WS_ 2.0
checkCSC IR_WS_ 2.0

Optional fields pertaining to the customer's billing address

Content of billingAddress

Field As of Version Comments
addressAdditional1 IR_WS_ 2.0
addressAdditional2 IR_WS_ 2.0
addressAdditional3 IR_WS_ 2.0
city IR_WS_ 2.0
company IR_WS_ 2.0
country IR_WS_ 2.0
postBox IR_WS_ 2.0
state IR_WS_ 2.0
street IR_WS_ 2.0
streetNumber IR_WS_ 2.0
zipCode IR_WS_ 2.0
businessName IR_WS_ 2.17

Content of billingContact

Field As of Version Comments
email IR_WS_ 2.0
firstname IR_WS_ 2.0
gender IR_WS_ 2.0
lastname IR_WS_ 2.0
mobile IR_WS_ 2.0
phone IR_WS_ 2.0
title IR_WS_ 2.0
initials IR_WS_ 2.11
legalId IR_WS_ 2.17
positionOccupied IR_WS_ 2.17
workPhone IR_WS_ 2.21

Content of customerAccountHistoric

Field As of Version Comments
creationDate IR_WS_ 2.21
numberOfAttemptsAddCard24Hours IR_WS_ 2.21
numberOfPurchase IR_WS_ 2.26
numberOfPurchase180Days IR_WS_ 2.21
numberOfTransaction24Hours IR_WS_ 2.21
suspiciousActivityIndicator IR_WS_ 2.21
firstPurchaseDate IR_WS_ 2.24
lastPurchaseDate IR_WS_ 2.24
changeDate IR_WS_ 2.27
passwordChangeDate IR_WS_ 2.27
numberOfTransactionYear IR_WS_ 2.27
addPaymentMeanDate IR_WS_ 2.27
customerAccountId IR_WS_ 2.27

Optional fields pertaining to the customer's address

Content of customerAddress

Field As of Version Comments
addressAdditional1 IR_WS_ 2.0
addressAdditional2 IR_WS_ 2.0
addressAdditional3 IR_WS_ 2.0
city IR_WS_ 2.0
company IR_WS_ 2.0
country IR_WS_ 2.0
postBox IR_WS_ 2.0
state IR_WS_ 2.0
street IR_WS_ 2.0
streetNumber IR_WS_ 2.0
zipCode IR_WS_ 2.0
businessName IR_WS_ 2.17

Content of customerContact

Field As of Version Comments
email IR_WS_ 2.0
firstname IR_WS_ 2.0
gender IR_WS_ 2.0
lastname IR_WS_ 2.0
mobile IR_WS_ 2.0
phone IR_WS_ 2.0
title IR_WS_ 2.0
initials IR_WS_ 2.11
legalId IR_WS_ 2.17
positionOccupied IR_WS_ 2.17
workPhone IR_WS_ 2.21

Content of customerData

Field As of Version Comments
birthCity IR_WS_ 2.0
birthCountry IR_WS_ 2.0
birthDate IR_WS_ 2.0
birthZipCode IR_WS_ 2.0
nationalityCountry IR_WS_ 2.0
newPassword IR_WS_ 2.0
password IR_WS_ 2.0
maidenName IR_WS_ 2.18

Optional fields pertaining to the customer's delivery address

Content of deliveryAddress

Field As of Version Comments
addressAdditional1 IR_WS_ 2.0
addressAdditional2 IR_WS_ 2.0
addressAdditional3 IR_WS_ 2.0
city IR_WS_ 2.0
company IR_WS_ 2.0
country IR_WS_ 2.0
postBox IR_WS_ 2.0
state IR_WS_ 2.0
street IR_WS_ 2.0
streetNumber IR_WS_ 2.0
zipCode IR_WS_ 2.0
businessName IR_WS_ 2.17

Content of deliveryContact

Field As of Version Comments
email IR_WS_ 2.0
firstname IR_WS_ 2.0
gender IR_WS_ 2.0
lastname IR_WS_ 2.0
mobile IR_WS_ 2.0
phone IR_WS_ 2.0
title IR_WS_ 2.0
initials IR_WS_ 2.11
legalId IR_WS_ 2.17
positionOccupied IR_WS_ 2.17
workPhone IR_WS_ 2.21

Content of deliveryData

Field As of Version Comments
deliveryChargeAmount IR_WS_ 2.6
estimatedDeliveryDate IR_WS_ 2.6
deliveryMode IR_WS_ 2.6
deliveryMethod IR_WS_ 2.6
deliveryOperator IR_WS_ 2.6
estimatedDeliveryDelay IR_WS_ 2.6
deliveryAddressCreationDate IR_WS_ 2.21
electronicDeliveryIndicator IR_WS_ 2.21
deliveryAddressStatus IR_WS_ 2.26

Optional fields pertaining to fraud

Content of fraudData

Field As of Version Comments
bypassCtrlList IR_WS_ 2.0
bypassInfoList IR_WS_ 2.0
bypass3DS IR_WS_ 2.0
allowedCardCountryList IR_WS_ 2.0
deniedCardCountryList IR_WS_ 2.0
allowedIpCountryList IR_WS_ 2.0
deniedIpCountryList IR_WS_ 2.0
allowedCardArea IR_WS_ 2.0
deniedCardArea IR_WS_ 2.0
allowedIpArea IR_WS_ 2.0
deniedIpArea IR_WS_ 2.0
riskManagementDynamicSettingList IR_WS_ 2.0 List of container riskManagementDynamicSetting . See the Containers part
challengeMode3DS IR_WS_ 2.21
addressDeliveryBillingMatchIndicator IR_WS_ 2.21
nameDeliveryCustomerMatchIndicator IR_WS_ 2.21
reorderProductIndicator IR_WS_ 2.21
productAvailabilityIndicator IR_WS_ 2.21
merchantCustomerAuthentMethod IR_WS_ 2.23
merchantCustomerAuthentDateTime IR_WS_ 2.27
merchantCustomerAuthentData IR_WS_ 2.27
productAvailabilityDate IR_WS_ 2.27

Content of riskManagementDynamicSetting

Field As of Version Comments
riskManagementDynamicParam IR_WS_ 2.0
riskManagementDynamicValue IR_WS_ 2.0

Optional fields pertaining to cardholder data

Content of holderAddress

Field As of Version Comments
addressAdditional1 IR_WS_ 2.0
addressAdditional2 IR_WS_ 2.0
addressAdditional3 IR_WS_ 2.0
city IR_WS_ 2.0
company IR_WS_ 2.0
country IR_WS_ 2.0
postBox IR_WS_ 2.0
state IR_WS_ 2.0
street IR_WS_ 2.0
streetNumber IR_WS_ 2.0
zipCode IR_WS_ 2.0
businessName IR_WS_ 2.17

Content of holderContact

Field As of Version Comments
email IR_WS_ 2.0
firstname IR_WS_ 2.0
gender IR_WS_ 2.0
lastname IR_WS_ 2.0
mobile IR_WS_ 2.0
phone IR_WS_ 2.0
title IR_WS_ 2.0
initials IR_WS_ 2.11
legalId IR_WS_ 2.17
positionOccupied IR_WS_ 2.17
workPhone IR_WS_ 2.21

Content of holderData

Field As of Version Comments
birthCity IR_WS_ 2.6
birthCountry IR_WS_ 2.6
birthDate IR_WS_ 2.6
birthZipCode IR_WS_ 2.6
nationalityCountry IR_WS_ 2.6
newPassword IR_WS_ 2.6
password IR_WS_ 2.6
maidenName IR_WS_ 2.18

Optional fields pertaining to AMEX-EA (Enhanced authorization)

Content of orderContext

Field As of Version Comments
customerHostName IR_WS_ 2.16
customerBrowserType IR_WS_ 2.16
customerANI IR_WS_ 2.16
customerANIInformationIdentifier IR_WS_ 2.16

Content of travelContext

Field As of Version Comments
departureDate IR_WS_ 2.16
passengerName IR_WS_ 2.16
originAirport IR_WS_ 2.16
numberOfRoutingCities IR_WS_ 2.16
routingCityList IR_WS_ 2.16
numberOfAirlineCarriers IR_WS_ 2.16
airlineCarrierList IR_WS_ 2.16
fareBasis IR_WS_ 2.16
numberOfPassengers IR_WS_ 2.16
destinationAirport IR_WS_ 2.16
reservationCode IR_WS_ 2.16

Optional fields pertaining to means of payment

Content of paymentMeanData

Field As of Version Comments
paypal IR_WS_ 2.0 See the Containers part
sdd IR_WS_ 2.0 See the Containers part
cofinoga3xcb IR_WS_ 2.0 See the Containers part
passbe IR_WS_ 2.0 See the Containers part
accord IR_WS_ 2.0 See the Containers part
facilypay IR_WS_ 2.0 See the Containers part
accordkdo IR_WS_ 2.0 See the Containers part
presto IR_WS_ 2.0 See the Containers part
cofidis3x IR_WS_ 2.0 See the Containers part
unEuroCom IR_WS_ 2.0 See the Containers part
cofidis4x IR_WS_ 2.0 See the Containers part
cofinoga IR_WS_ 2.14 See the Containers part
cetelem3x IR_WS_ 2.15 See the Containers part
cetelem4x IR_WS_ 2.15 See the Containers part
franfinance3xcb IR_WS_ 2.18 See the Containers part
franfinance4xcb IR_WS_ 2.18 See the Containers part
visaCheckout IR_WS_ 2.21 See the Containers part
bcacb3X IR_WS_ 2.24 See the Containers part
bcacb4X IR_WS_ 2.24 See the Containers part
oney34x IR_WS_ 2.29 See the Containers part

Content of paypal

Field As of Version Comments
landingPage IR_WS_ 2.0
addrOverride IR_WS_ 2.0
invoiceId IR_WS_ 2.0
dupFlag IR_WS_ 2.0
dupDesc IR_WS_ 2.0
dupCustom IR_WS_ 2.0
dupType IR_WS_ 2.0
mobile IR_WS_ 2.0
orderDescription IR_WS_ 2.16

Content of sdd

Field As of Version Comments
mandateAuthentMethod IR_WS_ 2.0
mandateUsage IR_WS_ 2.0
mandateCertificationType IR_WS_ 2.0

Content of cofinoga3xcb

Field As of Version Comments
creditIndicator IR_WS_ 2.0

Content of passbe

Field As of Version Comments
settlementModeList IR_WS_ 2.0

Content of accord

Field As of Version Comments
settlementMode IR_WS_ 2.0
additionalAuthorisationNumber IR_WS_ 2.0

Content of facilypay

Field As of Version Comments
settlementMode IR_WS_ 2.0
settlementModeVersion IR_WS_ 2.0
receiverType IR_WS_ 2.0
depositRefundIndicator IR_WS_ 2.0

Content of accordkdo

Field As of Version Comments
additionalAuthorisationNumber IR_WS_ 2.0
blockAmountModification IR_WS_ 2.18

Content of presto

Field As of Version Comments
paymentMeanCustomerId IR_WS_ 2.0
financialProduct IR_WS_ 2.0
prestoCardType IR_WS_ 2.0

Content of cofidis3x

Field As of Version Comments
preScoreValue IR_WS_ 2.0
cofidisDisplayCancelButton IR_WS_ 2.0
cofidisPrivateData IR_WS_ 2.0
basket IR_WS_ 2.20

Content of unEuroCom

Field As of Version Comments
preScoreValue IR_WS_ 2.0
cofidisPrivateData IR_WS_ 2.0
basket IR_WS_ 2.19

Content of cofidis4x

Field As of Version Comments
preScoreValue IR_WS_ 2.0
cofidisDisplayCancelButton IR_WS_ 2.0
cofidisPrivateData IR_WS_ 2.0

Content of cofinoga

Field As of Version Comments
paymentMeanTradeOptionList IR_WS_ 2.14 List of container paymentMeanTradeOption . See the Containers part

Content of paymentMeanTradeOption

Field As of Version Comments
paymentMeanTradingName IR_WS_ 2.14
settlementModeList IR_WS_ 2.14

Content of cetelem3x

Field As of Version Comments
cetelemPrivateMerchantData IR_WS_ 2.15
cetelemPrivateData IR_WS_ 2.15

Content of cetelem4x

Field As of Version Comments
cetelemPrivateMerchantData IR_WS_ 2.15
cetelemPrivateData IR_WS_ 2.15

Content of franfinance3xcb

Field As of Version Comments
authenticationKey IR_WS_ 2.18
pageCustomizationCode IR_WS_ 2.18
redirectionTimer IR_WS_ 2.18
testEnvironment IR_WS_ 2.18
birthPlaceCode IR_WS_ 2.18
conversionCurrency IR_WS_ 2.26
convertedAmount IR_WS_ 2.26

Content of franfinance4xcb

Field As of Version Comments
authenticationKey IR_WS_ 2.18
pageCustomizationCode IR_WS_ 2.18
redirectionTimer IR_WS_ 2.18
testEnvironment IR_WS_ 2.18
birthPlaceCode IR_WS_ 2.18
conversionCurrency IR_WS_ 2.26
convertedAmount IR_WS_ 2.26

Content of visaCheckout

Field As of Version Comments
visaCheckoutCallID IR_WS_ 2.21

Content of bcacb3X

Field As of Version Comments
agencyCode IR_WS_ 2.24
challengeMode3DS IR_WS_ 2.24
numberOfCapturedTransaction IR_WS_ 2.24
numberOfRejectedTransaction IR_WS_ 2.24

Content of bcacb4X

Field As of Version Comments
agencyCode IR_WS_ 2.24
challengeMode3DS IR_WS_ 2.24
numberOfCapturedTransaction IR_WS_ 2.24
numberOfRejectedTransaction IR_WS_ 2.24

Content of oney34x

Field As of Version Comments
settlementMode IR_WS_ 2.29

Optional fields pertaining to payment pages

Content of paypageData

Field As of Version Comments
bypassReceiptPage IR_WS_ 2.11

Optional fields pertaining to the WL Sips 1.0 transactionId

Content of s10TransactionReference

Field As of Version Comments
s10TransactionId IR_WS_ 2.7
s10TransactionIdDate IR_WS_ 2.7 This field is computed by our server. There is no need to set a value in this field (as it will be ignored if set)

Optional fields pertaining to the shopping cart

Content of shoppingCartDetail

Field As of Version Comments
shoppingCartTotalAmount IR_WS_ 2.6
shoppingCartTotalQuantity IR_WS_ 2.6
shoppingCartTotalTaxAmount IR_WS_ 2.6
mainProduct IR_WS_ 2.6
shoppingCartItemList IR_WS_ 2.6 List of container shoppingCartItem . See the Containers part
mainProductCategoryList IR_WS_ 2.24
discountAmount IR_WS_ 2.24
giftCardAmount IR_WS_ 2.27
giftCardCurrencyCode IR_WS_ 2.27
giftCardCount IR_WS_ 2.27

Content of shoppingCartItem

Field As of Version Comments
productName IR_WS_ 2.6
productDescription IR_WS_ 2.6
productCode IR_WS_ 2.6
productSKU IR_WS_ 2.6
productUnitAmount IR_WS_ 2.6
productQuantity IR_WS_ 2.6
productTaxRate IR_WS_ 2.6
productUnitTaxAmount IR_WS_ 2.6
productCategory IR_WS_ 2.6
productTaxCategory IR_WS_ 2.6

Setting up the payment request

Here is an example of how to set up the payment request for each funtionality available in Sips Paypage SOAP (the details of these functionalities are described in the Functionality set-up guide).

Dynamic display of the means of payment

You need to use the paymentMeanBrandList field to filter the means of payment that will be displayed on the means of payment selection page:

      ..
        <urn:paymentMeanBrandList>
          <urn:paymentMeanBrand>VISA</urn:paymentMeanBrand>
          <urn:paymentMeanBrand>MASTERCARD</urn:paymentMeanBrand>
        </urn:paymentMeanBrandList>
..
    

Receipt display by WL Sips

The payment confirmation page that WL Sips displays by default can be deactivated using the paypageData.bypassReceiptPage field:

      ..
          <urn:bypassReceiptPage>true</urn:bypassReceiptPage>
..
    

Payment channel

To choose your payment channel, you must fill in the orderChannel field in the payment request:

      ..
        <urn:orderChannel>INTERNET</urn:orderChannel>
..
    

End-of-day payment

For end-of-day payments, simply fill in the captureMode and captureDay fields:

      ..
        <urn:captureDay>0</urn:captureDay>
        <urn:captureMode>AUTHOR_CAPTURE</urn:captureMode>
..
    

Deferred payment

For payments that must be captured N days after they were accepted online, simply fill in the captureMode and captureDay fields (3 days in the following example):

      ..
        <urn:captureDay>3</urn:captureDay>
        <urn:captureMode>AUTHOR_CAPTURE</urn:captureMode>
..
    

Payment on despatch

For payments on despatch, the transaction is captured during your validation. You just need to fill in the captureMode and captureDay fields (in the following example, a period of up to 3 days before the validation is set):

      ..
        <urn:captureDay>3</urn:captureDay>
        <urn:captureMode>VALIDATION</urn:captureMode>
..
    

Payment in instalments

For payments with instalments linked to a very same transaction, you need to populate the paymentPattern field with the INSTALMENT value and provide details about instalments in the instalmentData field (in the following example, €600 paid in 3 instalments) :

      ..
        <urn:amount>60000</urn:amount>
..
        <urn:transactionReference>tref1</urn:transactionReference>
..
        <urn:instalmentData>
          <urn:number>3</urn:number>
          <urn:datesList>
            <urn:date>20170504</urn:date>
            <urn:date>20170604</urn:date>
            <urn:date>20170704</urn:date>
          </urn:datesList>
          <urn:transactionReferencesList>
            <urn:transactionReference>tref1</urn:transactionReference>
            <urn:transactionReference>tref2</urn:transactionReference>
            <urn:transactionReference>tref3</urn:transactionReference>
          </urn:transactionReferencesList>
          <urn:amountsList>
            <urn:amount>10000</urn:amount>
            <urn:amount>20000</urn:amount>
            <urn:amount>30000</urn:amount>
          </urn:amountsList>
        </urn:instalmentData>
..
        <urn:paymentPattern>INSTALMENT</urn:paymentPattern>
..
    

Immediate payment

For immediate payment (available with certain means of payment only), the transaction is paid for during the online authorisation:

      ..
        <urn:captureMode>IMMEDIATE</urn:captureMode>
..
    

Multicurrency acceptance

For multicurrency transactions, the currency code must be specified in the request. The payment currency is specified in the acquiring contract.

      ..
        <urn:currencyCode>840</urn:currencyCode>
..
    

Payment in foreign currencies

Acceptance and payment are carried out in the same currency, which must be specified in the request. Payment in foreign currencies is an option of the acquiring contract.

      ..
        <urn:currencyCode>826</urn:currencyCode>
..
    

Dynamic Currency Conversion (DCC)

If a Dynamic Currency Conversion (DCC) service is used, the reference currency code must be specified:

      ..
        <urn:currencyCode>978</urn:currencyCode>
..
    

3-D Secure dynamic deactivation

3-D Secure authentification can be deactivated dynamically using the fraudData.bypass3DS field:

      ..
        <urn:fraudData>
..
          <urn:bypass3DS>ALL</urn:bypass3DS>
..
        </urn:fraudData>
..
    

3-D Secure dynamic deactivation for OneClick payments

3-D Secure authentification can be deactivated dynamically for OneClick payments using the fraudData.bypass3DS field:

      ..
        <urn:fraudData>
..
          <urn:bypass3DS>MERCHANTWALLET</urn:bypass3DS>
..
        </urn:fraudData>
..
    

OneClick registration and payment

For OneClick payments, the customer's wallet ID must be provided in the merchantWalletId field.

      ..
        <urn:merchantWalletId>1205987</urn:merchantWalletId>
..
    

Provider acting on behalf of a merchant

The provider's ID must be passed in the intermediateServiceProvider field of the request, and the provider's secret key must be used to calculate the Seal field:

      ..
        <urn:intermediateServiceProviderId>241591</urn:intermediateServiceProviderId>
..
    

Response processing

There are two types of responses. Although the protocol, format and content of both responses are identical, the latter must be managed differently because they meet different needs.

Responses are HTTP(S) POST responses sent to the normalReturnUrl (mandatory) and automaticResponseUrl (optional) URLs specified in the request.

You must set up the system that will decode these responses so you can know the result of the request.

The following four data are defined in the responses:

Field name Comments/rules
Data Fields concatenation in the response.
Encode Type of encoding used to encode the Data field. This field is populated using the responseEncoding field from the request.
Seal Response message signature.
InterfaceVersion Connector interface version.

If the value of the Encode field is “base64” or “base64url”, the Data field must be encoded using Base64/Base64Url so the concatenated string of fields is reconstructed. The concatenated string is structured as follows: key1=value1|key2=value2, etc. The seal ( Seal field) of both responses is hashed with the same algorithm as the one supplied as input in the sealAlgorithm field. If no value was defined, SHA-256 is used by default.

Note: for a seal to be computed with the HMAC-SHA-256 algorithm, the input parameters of the request must include the sealAlgorithm field populated with the following value: “HMAC-SHA-256”.

The value of the Seal field is computed as follows:

For the HMAC-SHA algorithm:

  • use of the shared secret key to generate the HMAC variant of the message
  • use of the Data field only (encoded if the corresponding option is selected)
  • UTF-8 encoding of the data constituting the result of the previous operation
  • HMAC-SHA hashing of the bytes obtained

This procedure can be summarised as follows:

      HMAC-SHA256( UTF-8(Data), UTF-8(secretKey))
    

For the SHA-256 algorithm (although this is the default value, this algorithm is no longer recommended):

  • concatenation of the Data field and of the secret key (encoded if the corresponding option is selected)
  • UTF-8 encoding of the data constituting the result of the previous operation
  • SHA256 hashing of the bytes obtained

This procedure can be summarised as follows:

      SHA256( UTF-8(Data+secretKey ) )
    

Specifying the manual response URL

The main goal of the manual response is to redirect the customer to your website with the result of the payment so you can make the right decision about it. For instance, if an error occurred, you may suggest to the customer to attempt the payment again. If the payment is successful, you can display a “thank you” message and start despatching the goods.

During the final step, a 'Continue' button is displayed on the WL Sips payment page, with a link that redirects the user to your site. When the customer clicks on this link, the WL Sips server redirects them to the URL contained in the normalReturnUrl field supplied in the request. The redirection is a HTTP(s) POST request that contains the data of the response as described above. It is your responsibility to retrieve these parameters and check the signature, thus ensuring the integrity of the response. Besides, you are in charge of displaying relevant messages to your customer (i.e. messages pertaining to the details of the response).

This normalReturnUrl field is also used for all payment results (cancellation, refusal,etc.) so as to perform the redirection to your site.

It is important to note that the receipt of the response cannot be guaranteed, since this response is sent by the customer’s Web browser. First, the customer may choose not to click on the link. Then he might encounter connection issues that block the transmission of this response. Therefore, your business processes cannot be based only on this response.

Note: the current version of InterfaceVersion is HP_ 2.33 . Please refer to the Data dictionary for a comprehensive description of parameters included in the response.

Specifying the automatic response URL

The automatic response is sent only if the automaticResponseUrl field was sent in the payment request. If that is the case, the WL Sips server sends a HTTP(S) POST response to the URL address received.

The fields of the automatic response are the same as those of the manual response. The only difference between both procedures is that the automatic response is sent directly by the WL Sips server and does not go through the customer's Web browser. Therefore, this response is much more reliable since it is always sent. The WL Sips server does not expect any response after the automatic response has been sent.

It is your responsibility to retrieve the various data of the response, check the signature to make sure the fields of the response have not been tampered with, and update your back office.

Note: the current version of InterfaceVersion is  HP_ 2.33 . Please refer to the Data dictionary for a comprehensive description of the settings included in the response.
Attention: the automatic response is systematic, asynchronous and sent back through the network; it is inherently dependent on potential technical troubles on the various network elements and can now and then be received with a more or less substantial delay, or even never be received at all.

The automatic response is sent at the end of the payment. However, if your customer drops their purchase, for example by exiting their browser, the automatic response is sent when the user session expires (after 15 minutes of inactivity). Therefore, if your customer drops their purchase, you will only receive the automatic response (not the manual response), with an answer code set at 97, about 15 to 16 minutes after the customer has been redirected to the payment pages.

If an automatic response is not received after approximately 16 minutes, you can get the result of a payment by calling the getTransactionData method of the Sips Office interface, or by analysing the contents of the Transactions report. You may also search for a transaction and see its status using Sips Office Extranet .

Solving response receipt issues

Below is a list of the most common issues that block the receipt of automatic and manual responses. Please make sure you have checked them before you call the technical support:

  • Make sure the response URLs are provided in the payment request and are valid. To do this, simply copy and paste them into the address bar of your browser.
  • The supplied URLs must be accessible from the outside, i.e. the Internet. Access control mechanisms (login/password or IP address filter) or a firewall might block access to your server.
  • Access to response URLs must be confirmed in the notifications report of your web browser.
  • If you use a non-standard port, it must be within the 80 to 9999 range to ensure compatibility with WL Sips .
  • Context parameters cannot be added to the response URLs. However, some fields can still be used, e.g. the orderID or returnContext fields make it possible to provide extra parameters. You may also use the sessionId field to retrieve information about your customer at the end of the payment process.

In some error cases, the WL Sips Server is unable to sign the response message. This applies, for instance, to the "Unknown merchantID" error and to the situation where the secret key is unkwown to WL Sips . For these particular reasons, the payment server will send a response without a signature in the Seal field.

Retrieving response fields

The content of the automatic and manual responses sent by Sips Paypage is identical. This content may vary according to the payment result (successful or other).

Note: in the responses, depending on the transaction status and the payment mean chosen, some fields can be null, empty or not returned. Please refer to the payment means documentations to know the fields present in the responses.
Field Version Comments
acceptanceSystemApplicationId HP_ 2.18
acquirerContractNumber HP_ 2.25
acquirerNativeResponseCode HP_ 2.12
acquirerResponseCode HP_ 2.0
acquirerResponseIdentifier HP_ 2.8
acquirerResponseMessage HP_ 2.8
additionalAuthorisationNumber HP_ 2.8
amount HP_ 1.0 Same as in the request
authentExemptionReasonList HP_ 2.31
authorisationId HP_ 1.0
authorisationTypeLabel HP_ 2.18
authorMessageReference HP_ 2.18
avsAddressResponseCode HP_ 2.17
avsPostcodeResponseCode HP_ 2.17
captureDay HP_ 1.0 Request field that WL Sips may override.
captureLimitDate HP_ 2.3
captureMode HP_ 1.0 Request field that WL Sips may override.
cardCSCResultCode HP_ 2.0
cardProductCode HP_ 2.12
cardProductName HP_ 2.12
cardProductProfile HP_ 2.12
cardProductUsageLabel HP_ 2.18
complementaryCode HP_ 1.0
complementaryInfo HP_ 2.0
creditorId HP_ 2.7
currencyCode HP_ 1.0 Same as in the request
customerBusinessName HP_ 2.17
customerCompanyName HP_ 2.17
customerEmail HP_ 2.0 Same as in the request
customerId HP_ 2.0 Same as in the request
customerIpAddress HP_ 2.0 Same as in the request, or recomputed by Sips Paypage if missing
customerLegalId HP_ 2.17
customerMobilePhone HP_ 2.1 Same as in the request
customerPositionOccupied HP_ 2.17
dccAmount HP_ 2.3
dccCurrencyCode HP_ 2.3
dccExchangeRate HP_ 2.3
dccExchangeRateValidity HP_ 2.3
dccProvider HP_ 2.3
dccStatus HP_ 2.3
dccResponseCode HP_ 2.3
dueDate HP_ 2.3
guaranteeIndicator HP_ 2.0
hashPan1 HP_ 2.0
hashPan2 HP_ 2.0
holderAuthentMethod HP_ 2.4
holderAuthentProgram HP_ 2.5
holderAuthentRelegation HP_ 2.0
holderContactEmail HP_ 2.20
holderAuthentStatus HP_ 2.0
holderAuthentType HP_ 2.24
instalmentAmountsList HP_ 2.6
instalmentDatesList HP_ 2.6
instalmentNumber* HP_ 2.6
instalmentTransactionReferencesList HP_ 2.6
interfaceVersion HP_ 1.0
intermediateServiceProviderOperationId HP_ 2.23
invoiceReference HP_ 2.10
issuerCode HP_ 2.12
issuerCountryCode HP_ 2.12
issuerEnrollementIndicator HP_ 2.0
issuerWalletInformation HP_ 2.9
keyVersion HP_ 1.0 Same as in the request
mandateAuthentMethod HP_ 2.2
mandateCertificationType HP_ 2.7
mandateId HP_ 2.3
mandateUsage HP_ 2.2
maskedPan HP_ 1.0
merchantId HP_ 1.0 Same as in the request
merchantSessionId HP_ 2.0 Same as in the request
merchantTransactionDateTime HP_ 2.0 Same as in the request
merchantWalletId HP_ 2.0 Same as in the request
orderChannel HP_ 2.0 Same as in the request
orderId HP_ 1.0 Same as in the request
panEntryMode HP_ 2.4
panExpiryDate HP_ 2.0
paymentAccountReference HP_ 2.31
paymentAttemptNumber HP_ 2.18
paymentMeanBrand HP_ 1.0
paymentMeanBrandSelectionStatus HP_ 2.14
paymentMeanData HP_ 2.2
paymentMeanId HP_ 2.6
paymentMeanTradingName HP_ 2.8
paymentMeanType HP_ 1.0
paymentPattern HP_ 2.0 Same as in the request
preAuthenticationColor HP_ 2.10
preAuthenticationInfo HP_ 2.10
preAuthenticationProfile HP_ 2.10
preAuthenticationProfileValue HP_ 2.14
preAuthenticationRuleResultList HP_ 2.14 List of preAuthenticationRuleResult objects.
Please see below for its content and format.
preAuthenticationThreshold HP_ 2.10
preAuthenticationValue HP_ 2.10
preAuthorisationProfile HP_ 2.14
preAuthorisationProfileValue HP_ 2.14
preAuthorisationRuleResultList HP_ 2.14 List of preAuthenticationRuleResult objects.
Please see below for its content and format.
responseCode HP_ 1.0
returnContext HP_ 1.0 Same as in the request.
s10TransactionId HP_ 2.9
s10TransactionIdDate HP_ 2.9
s10transactionIdsList HP_ 2.11
schemeTransactionIdentifier HP_ 2.31
scoreColor HP_ 2.0
scoreInfo HP_ 2.0
scoreProfile HP_ 2.0
scoreThreshold HP_ 2.0
scoreValue HP_ 2.0
secureReference HP_ 2.26
settlementMode HP_ 2.7
settlementModeComplement HP_ 2.13
statementReference HP_ 2.4
tokenPan HP_ 2.0
transactionActors HP_ 2.2 Same as in the request.
transactionDateTime HP_ 1.0
transactionOrigin HP_ 2.0 Same as in the request.
transactionPlatform HP_ 2.16 For future use (for now, its value is systematically set to ‘PROD’).
transactionReference HP_ 1.0
walletType HP_ 2.4

Optional fields pertaining to fraud checks

  • Content of preAuthenticationRuleResult
Field Version Comments
ruleCode HP_ 2.14
ruleType HP_ 2.14
ruleWeight HP_ 2.14
ruleSetting HP_ 2.14
ruleResultIndicator HP_ 2.14
ruleDetailedInfo HP_ 2.14
  • Content of preAuthorisationRuleResult
Field Version Comments
ruleCode HP_ 2.14
ruleType HP_ 2.14
ruleWeight HP_ 2.14
ruleSetting HP_ 2.14
ruleResultIndicator HP_ 2.14
ruleDetailedInfo HP_ 2.14

Syntax of lists of complex objects in responses

The format of a list of complex objects in automatic and manual responses is defined as follows ( bold text ):

      ..|amount=1000|currencyCode=978|      objectNameList=[{"field1":"value1a",
"field2":"value2a","field3":"value3a"…},{"field1":"value1b",
"field2":"value2b","field3":"value3b"}…]|transactionReference=1452687287828
|..
    
  • The content of the list is in square brackets [ ] .
  • Each entry of the list is in curly brackets { } .
  • Each field is represented as "fieldName" = "fieldValue" .
  • Please note that the name and the value of the field are both in double quotes "" .
  • Pairs of adjacent names/values are separated by a comma .

Sample preAuthorisationRuleResultList field

Breakdown of the fraud rules executed during preauthorisation (bold text):

      ..|amount=1000|currencyCode=978      |preAuthorisationRuleResultList=[
{”ruleCode”:"SC",”ruleType”:"NG",”ruleWeight”:"I",”ruleSetting”:"S",
”ruleResultIndicator”:"0",“ruleDetailedInfo”:"TRANS=1:5;
CUMUL=1000:99999900"},{”ruleCode”:"GC",”ruleType”:"NG",”ruleWeight”:
"D",”ruleSetting”:"N",”ruleResultIndicator”:"0",“ruleDetailedInfo”:
""},{”ruleCode”:"CR",”ruleType”:"NG",”ruleWeight”:"D",”ruleSetting”
:"S",”ruleResultIndicator”:"N",“ruleDetailedInfo”:"CARD_COUNTRY=USA"}]

|transactionReference=1452687287828|..
    

Payment response analysis

If you carry out the authentication steps by means of an electronic seal, you should make sure the seal you received actually matches the seal you recomputed using the response fields.

In case the seal you received does not match the seal you recomputed, the transaction status is considered unknown, please leave the transaction as it is, contact the support and do not re-execute the transaction in any automated way.

Status Response fields Actions to be carried out

Payment accepted

responseCode  = 00

acquirerResponseCode  = 00

garanteeIndicator  = Y,N,U, empty

You can deliver the order according to the guarantee level of your choosing ( garanteeIndicator field).

WL Sips fraud refusal

Go-No-Go

responseCode  = 05

complementaryCode  = XX

preAuthorisationRuleResultList

The payment has been refused by the WL Sips fraud engine that you configured.

Do not deliver the goods.

Analyse in detail the fraud rules executed by WL Sips to know the reason for the refusal ( preAuthorisationRuleResultList field).

WL Sips fraud refusal

Business Score

responseCode  = 05

scoreColor  = RED, BLACK

scoreValue  = X (transaction score)

scoreThreshold  = X,Y (orange threshold, green threshold)

The payment has been refused by the WL Sips fraud engine that you configured.

Do not deliver the goods.

Analyse in detail the fraud rules executed by WL Sips to know the reason for the refusal ( preAuthorisationRuleResultList field).

WL Sips fraud warning

Business Score

responseCode  = 05

scoreColor  = ORANGE

scoreValue  = X (transaction score)

scoreThreshold  = X,Y (orange threshold, green threshold)

The acquirer has authorised the payment, but the WL Sips fraud engine issued a warning due to the rules you configured.

Analyse in detail the fraud rules executed by WL Sips to know the reason for the warning ( preAuthorisationRuleResultList field).

If the transaction poses no risk, accept it using the acceptChallenge function.

If the transaction poses a risk, refuse it using the refuseChallenge function.

The acceptChallenge and refuseChallenge functions are available on the extranet and the Sips Office connectors.

3-D Secure refusal

reponseCode  = 05

holderAuthenStatus  = FAILURE

Customer authentication failed. This is not necessarily due to fraud. You can suggest to your customer to attempt the payment again with another means of payment, by generating a new request.

Banking refusal from the acquirer

responseCode  = 05

acquirerResponseCode  = XX

Authorisation refused for a reason not related to fraud.

You can suggest to your customer to attempt the payment again with another means of payment, by generating a new request.

Soft decline

responseCode  = 05

acquirerResponseCode  = A1

The payment has been refused by the acquirer because the 3-D Secure data is missing in the authorisation request.
Please try to pay again with a 3-D Secure payment process.

Fraud refusal from the acquirer

responseCode  = 34

acquirerResponseCode = XX

Authorisation refused because of fraud.

Do not deliver the order.

Refusal because the maximum number of attempts has been reached

responseCode  = 75

acquirerResponseCode  = XX

The customer made several failed attempts because the information entered was incorrect. There are two possibilities:

  • Your customer has difficulties entering their card information.
  • Carding attempt (search for possible card numbers).

Please contact your customer to define what to do next.

Refusal due to a technical issue

responseCode  = 90, 99

acquirerResponseCode  = 90 to 98

Temporary technical issue while processing the transaction.

Please tell your customer to attempt the payment again later.

Abandonment of payment responseCode = 97

acquirerResponseCode = not filled

Do not deliver the order.

Step 3: testing in the simulation environment

Once you have developed the connection to Sips Paypage , you can do a test on the Sips Paypage simulation server.

To do this test, you must use the credentials according to the transaction identification mode you wish to use:

Simulation server URL https://payment-webinit.simu.sips-services.com/services/v2/paymentInit
transactionReference generated by the merchant

Merchant ID (merchantId)

Key version (keyVersion)

Secret key

002001000000001

1

002001000000001_KEY1

transactionReference generated by WL Sips

Merchant ID (merchantId)

Key version (keyVersion)

Secret key

002001000000002

1

002001000000002_KEY1

transactionId generated by the merchant

Merchant ID (merchantId)

Key version (keyVersion)

Secret key

002001000000003

1

002001000000003_KEY1

transactionId generated by WL Sips

Merchant ID (merchantId)

Key version (keyVersion)

Secret key

002001000000004

1

002001000000004_KEY1

This simulation server is not connected to the actual banking servers, because it serves to validate the connection between your website and the payment server.

Therefore, Sips Paypage simulates the call to the authorisation servers so you can test the various results of a payment.

Consequently, using actual cards is not necessary for tests.

Attention: since the merchantId is shared by all merchants and prospects, there might be transactionReference duplicates. This is why it is highly recommended to prefix all transactionReferences with the name of the future shop that will be used in the production environment. This also makes support easier if you call the technical support.

You use a generic shop without any payment page customisation. Step 4 will enable you to customise your payment pages.

Testing CB, VISA, MASTERCARD and AMEX transactions

The following simulation rules apply:

  • The PAN (Primary Account Number) must consist of 15 to 19 digits (depending on the means of payment used).
  • The first six digits of the PAN determine the type of card as per the table below.
    Card type Card number begins with
    AMEX 340000
    VPAY 400000
    VISA 410000
    CB 420000
    CB-VISA co-branded cards 430000
    CB-VPAY co-branded cards 440000
    CB-VISA_ELECTRON co-branded cards 450000
    VISA-MASTERCARD co-branded cards 460000
    MAESTRO 500000
    MASTERCARD 510000
    CB-MASTERCARD co-branded cards 520000
    CB-MAESTRO co-branded cards 530000
  • The WL Sips response code ( responseCode field) is computed from the last two digits of the card number.
  • The security code (CVV) consists of 3 or 4 digits. This value does not matter when it comes to the result of the simulation.

Example: if you use the card number 4100 00 00 0000 00 05 , the card will be identified as a VISA card and the payment will be refused ( WL Sips response code  05 ).

Note: if the computed WL Sips response code is not referenced, the transaction is accepted ( respondeCode  = 00).

Co-branded cards can be used with every brand defined in the table.

All cards are enrolled in the 3-D Secure programme. You will be redirected to the 3-D Secure simulation server on which you will choose the desired 3-D Secure authentication result.

Testing iDeal transactions

If you choose to test iDeal, you will be redirected to the simulation server that simulates iDeal transactions according to their amounts. You will then be taken back to the payment server that will display the receipt showing the transaction result.

Rules for simulating iDeal payments:

Transaction amount iDeal response
EUR2.00 Transaction cancelled
EUR3.00 Transaction expired
EUR4.00 Transaction not carried out
EUR5.00 Transaction failed
Other cases Transaction OK

Testing PayPal transactions

If you choose to test PayPal, you will be redirected to the simulation server that simulates PayPal transactions according to their payment result on PayPal’s side. You will then be taken back to the payment server that will display the receipt showing the result of the payment.

Step 4: validating the switch to the production environment

Once you have tested your website connection to Sips Paypage SOAP , you can validate the connection to the production version of Sips Paypage SOAP .

Prior to this, we recommend you block public access to your website to prevent customers from carrying out transactions during this validation phase.

If you would like to customise your payment pages, you can use our CustomPages tool to test and view the rendering on payment pages. To do so, please refer to the CustomPages documentation to use the tool.

To switch to the production server, you must change the URL in order to connect to the WL Sips production server using the merchantId , secretKey and keyVersion credentials you received during the registration phase.

WL Sips URL https://payment-webinit.sips-services.com/services/v2/paymentInit
merchantId Shop identifier received by e-mail
SecretKey Secret key you can retrieve from the Sips Download extranet
keyVersion Secret key version retrieved from Sips Download (obviously 1 for the first key)
Note: forgetting one of these 4 parameters is a common mistake that systematically results in an error.

How to validate the proper functioning in the production environment

Immediately:

  • Make a transaction using a real payment card (your own, if possible). If the transaction is accepted, it will be sent to the bank to credit your merchant account and to debit the card account.
  • Check that your payment pages include your customisation settings.
  • Check the transaction via Sips Office Extranet , using the transactionReference.

The next day:

  • Make sure the transaction is in the Transactions report.
  • Check your account to make sure the operation was credited.
  • Refund the transaction via Sips Office Extranet (optional).

Two days later:

  • Check that the refund transaction is in the Operations report.
  • Make sure the debited amount has been refunded to your merchant account.

This validation process is also applicable to the PayPal means of payment.

Step 5: launching live operation

Once the validation for the transition to live operation has been carried out, make your site and/or application public so your customers can make purchases and payments.

On the same day:

  • Monitor acceptance rates (number of responseCode  00 per total number of transactions)
  • Check the nature of non-banking declines:
    • Technical issue: responseCode  90, 99
    • Fraud: responseCode  34
    • Max. number of payment attempts reached: responseCode  75
    • Abandonment: responseCode 97

The next day:

  • Check that all transactions processed (accepted and refused) are in the Transactions report.
  • Check the operations you have carried out and remittances (report option) in the Operations report.