Skip to content

Secure payment notification

Multiple payment notification methods

Voyado Elevate 3 RESTful API includes two different payment notification methods. The recommended notification method to use is Secure payment notification.

Server side operation only

The payment notification with cost can not be made as a client side operation with the JavaScript library.

The secure payment notification is to be sent when the visitor has placed an order of one or more products and completed payment. Secure payment notifications are payment notifications using a security token to ensure the notification has not been tampered with by a third party. If the parameter paymentToken is not submitted, the request will be considered as not secure and will be rejected if a cost is specified. In fact, cost can only be notified in secure payments.

Method

POST

URL format

/api/v1/notifications/payment?paymentToken={paymentToken}

Parameters

Name Type Description Example
market string Visitor Market Sweden
customerKey string Visitor id. SHA256 hash if the visitor is signed in, otherwise a UUID / GUID.
Required		 5G7HJ...R77T1
sessionKey string A unique id. UUID / GUID. 2F75A...EAFA6
token string Unique token generated by the CustomerKeyAuthentication class. Should only be set for signed in visitors. EAFA6...2F75A
lines array[ ] Array with payment information. productKey: P1, quantity: 2, sellingPrice: 20.0, cost: 15.2
productKey string The unique key of the product. Not mandatory when variantKey is set. shirt_79709
variantKey string The unique key of the variant. Not mandatory when productKey is set. shirt_blue_79709
quantity int The quantity of the purchased product. 2
sellingPrice double The selling price of the purchased product. 20.0
cost double The cost of the purchased product. If the cost is not available, cost should not be included in the notification. 15.2
paymentToken string Unique token generated by stringifying the payment object and signing it with the MessageAuthentication class. For more information, see Payment tokens. 6ffc1...a1921

Request body

{
    "market": "string",
    "customerKey": "string",
    "sessionKey": "string",
    "token": "string",
    "lines": [
        {
            "productKey": "string",
            "variantKey": "string",
            "quantity": "int",
            "sellingPrice": "double",
            "cost": "double"
        } 
    ]
}

Request content-type

application/json

Response content-type

N/A

Responses

Response Description
204 Notifications was received successfully.
400 The payment was invalid (e.g. no order lines, cost was sent without paymentToken or both productKey and variantKey were null or empty).
403 A personal customer key was used, but it could not be validated, or client side payment notifications has been disabled for this cluster.
5xx Server error such as cluster unavailable or busy. The response body may contain more information about the error.

Example

Request

request-body.json

{
    "market": "UK",
    "customerKey": "d9528030-509c-4e0f-b585-7168f1e9feca",
    "sessionKey": "b106299c-eac0-4f6f-96d2-93e57c255784",   
    "lines": [
        {
            "productKey":"P_555452-0446_UK",
            "quantity": 1,
            "sellingPrice": 10.35,
            "cost": 5.1,
            "variantKey": null
        }
    ]
}

Stringified payment object

{"market":"UK","customerKey":"d9528030-509c-4e0f-b585-7168f1e9feca","sessionKey":"b106299c-eac0-4f6f-96d2-93e57c255784","token":null,"lines":[{"productKey":"P_555452-0446_UK","quantity":1,"sellingPrice":10.35,"cost":5.1,"variantKey":null}]}

Payment tokens

//Example in C#.
var auth = new MessageAuthentication("{private-key}");
var paymentString = "{\"market\":\"UK\",\"customerKey\":\"d9528030 - 509c - 4e0f - b585 - 7168f1e9feca\",\"sessionKey\":\"b106299c - eac0 - 4f6f - 96d2 - 93e57c255784\",\"token\":null,\"lines\":[{\"productKey\":\"P_555452 - 0446_UK\",\"quantity\":1,\"sellingPrice\":10.35,\"cost\":5.1,\"variantKey\":null}]}";   
var paymentToken = auth.Sign(paymentString);

cURL

#!/bin/bash
curl -i \
-X POST \
-T request-body.json \
-H "Content-Type: application/json" \
"https://{cluster-id}.api.esales.apptus.cloud/api/v1/notifications/payment?paymentToken=6ffc11ef974c1cda438ef9382e2cedf452d4e8f496d8405187583cf1c26a1921"

Response

HTTP/1.1 204 No Content
×
Copyright

This online publication is intellectual property of Voyado Lund AB. Its contents can be duplicated in part or whole, provided that a copyright label is visibly located on each copy and the copy is used in conjunction with the product described within this document.

All information found in these documents has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither Voyado Lund AB nor the authors shall be held liable for possible errors or the consequences thereof.

Software and hardware descriptions cited in these documents might be registered trademarks. All trade names are subject to copyright restrictions and may be registered trademarks. Voyado Lund AB essentially adheres to the manufacturer’s spelling. Names of products and trademarks appearing in this document, with or without specific notation, are likewise subject to trademark and trade protection laws and may thus fall under copyright restrictions.

CLOSE