Form (redirect)

  • 15 minute(s) read
Prev Next

This documentation provides a comprehensive guide to integrating Monri
Redirect Form into your web application for secure and flexible payment
processing.

1. Overview

The WebPay Form is a straightforward web service designed to facilitate online payments. Merchants collect essential buyer profile and order information on their own website, then securely submit this data to our service using an HTTP POST request which then redirects user/buyer to new browser tab with Monri Form.

1.1 Key Benefits:

  • PCI DSS Compliance: Sensitive data is handled directly by Monri.
  • Simplified Integration: Streamlined process for card and crypto payments.
  • Customizable Style: Form can be styled in limited capacity to match your brand.
    Note: For more comprehensive customization options please refer to Components integration logic.

1.2 Requirements

Integration must be done within our test environment first. When this process is finished and approved by our staff, you may go live and start processing with real money.
To start integrating with WebPay Form service you will need the following:

  • Test merchant account - If you don’t have a test merchant account, please contact us at helpdesk@monri.com and we will open one for you.
    Then you can login into your account at https://ipgtest.monri.com/en/login with login and password provided.
  • HTTP client library - If you need to programmatically manage approved transactions through API
  • All submissions of payment information using Monri Form are made via a secure HTTPS connection. To ensure maximum security the page containing your payment form MUST also be served over HTTPS https:// rather than just http://.

2. Getting Started / QuickStart Guide

Here you can find step-by-step guide to achieve a basic successful integration

2.1 Integration Endpoints:

For testing and development, submit data to: https://ipgtest.monri.com/v2/form
For production, submit data to: https://ipg.monri.com/v2/form

Important Note on URLs:
The production URL subdomain will differ from https://ipgtest.monri.com. Ensure you parameterize this URL for easy transition to the production environment. When we say parameterize, we mean put your URL in some kind of config you so can easily change it when merchant production is due.

2.2 Payment Flow

How payment flow looks:

  1. Request From Your System To Monri: Upon a valid request from the merchant system, the WebPay service presents a secure payment form to the buyer/user.
  2. Card Details Entry: The user enters their card details and everything else what is needed after which he presses Pay and the form is submitted.
  3. Authorization Process:
    • The service sends an authorization request to the acquirer bank from the Morni side.
    • If authorization is approved, the buyer is redirected back to the merchant's site if option was set (SuccessURL).
    • If authorization is declined, an appropriate message is displayed to the buyer directly on Monri form.
  4. Response message:
    • Await response message from the Monri system

Important Note: Declined Transactions
3DS declines don't count as declined authorization transactions
If a transaction is declined, the buyer remains on Monri side and the form is displayed with an appropriate message, allowing them to retry. At this point, there is no direct means for the system to communicate the transaction failure back to the merchant.

2.3 Obtain API Credentials

API settings can be found under your merchant account. This information is necessary for service to work properly. API settings values reflect a configuration at the merchant site:

API Key name Function And Explanation
key primary / secret / master cryptographic key
authenticity_token secondary / public / slave cryptographic key
Success URL URL at the merchant site where a buyer is redirected after approved authorization.
Redirect to success URL Mandatory/should be set to true if merchant uses Success URL.
Callback URL should be set under merchant profile if the merchant wants us to send POST request message for each approved authorization
Cancel URL URL that leads to the merchant site where a buyer is redirected if cancel link is clicked at payment form

IMPORTANT Parametrize these values for API settings, we strongly advice a merchant to have both, testing and production environments.

  • 'key': This is your primary cryptographic key used to secure communication with Monri, specifically for calculating the digest for outgoing requests (e.g., initial POST to the payment form).
  • 'authenticity_token': This token identifies your merchant account to the Monri system for each request, ensuring the transaction is associated with your account.
  • 'Redirect to success URL': This is a checkbox/flag in your merchant profile settings. When enabled (set to true), Monri will automatically redirect the buyer to your specified Success URL after a successful payment authorization. If disabled, the buyer will remain on the Monri payment page/form even after payment success.

2.4 Construct The Basic POST Request

The most common and flexible way to send data to Monri's WebPay Form is by dynamically creating and submitting an HTML form using JavaScript. This allows you to securely calculate the necessary digest client-side before submission.

Digest Calculation:

The digest parameter is a SHA-512 hash calculated from the concatenation of your merchantKey, order_number, amount, and currency (as strings).

Formula: SHA512(merchantKey + order_number + amount + currency)
Example: If merchantKey is 2345klj, order_number is abcdef, amount is 54321, and currency is EUR, the plaintext to hash would be 2345kljabcdef54321EUR.

Digest formula above gives a result as follows: digest = SHA512.hexdigest(2345kljabcdef54321EUR) =>

f71b8c1560bd7511ba2f0307b3823c06dd39042cd77480543e3d7bf9f3eefa6debed252979ba8edc7a82d9f111

You can check digest on this link Calculate Digest

Example Code (script.js):

// These values would typically come from your server-side configuration,
// but are hardcoded here for a quick demonstration.
const merchantKey = "key-8edd04c2ffccf82280fa36a65d999c49";
const authToken = "c81a1ac53bf3b7e553583a7cd2f542f92ad50671";

async function redirectToMonriForm() {
    // Generate dynamic order details for demonstration
    const orderNumber = `ORD-${Math.floor(Math.random() * 1000000)}`;
    const amount = (Math.floor(Math.random() * 900) + 100); // Amount in minor units (e.g., 100 = 1.00 EUR)
    const currency = 'EUR';

    // Calculate the SHA-512 digest
    const encoder = new TextEncoder();
    const dataToHash = merchantKey + orderNumber + amount + currency;
    const buffer = encoder.encode(dataToHash);
    const hashBuffer = await crypto.subtle.digest('SHA-512', buffer);
    const digest = Array.from(new Uint8Array(hashBuffer)).map(byte => byte.toString(16).padStart(2, '0')).join('');

    // Prepare the essential form data
    const formData = {
        "authenticity_token": authToken,
        "ch_full_name": "Monri Test User",
        "ch_email": "test@example.com",
        "order_info": "QuickStart Integration Demo",
        "amount": amount,
        "order_number": orderNumber,
        "currency": currency,
        "transaction_type": "purchase", // Or "authorize"
        "digest": digest,
        "language": "en",
        "success_url_override": "[https://yourDomain.com/success](https://yourDomain.com/success)", // Optional: Provide your override URL
        "callback_url": "[https://yourDomain.com/callback](https://yourDomain.com/callback)",     // Optional: Provide your callback URL
        "cancel_url": "[https://yourDomain.com/cancel](https://yourDomain.com/cancel)"         // Optional: Provide your cancel URL
    };

    // Create and submit the form
    const form = document.createElement('form');
    form.method = 'post';
    form.action = '[https://ipgtest.monri.com/v2/form](https://ipgtest.monri.com/v2/form)'; // Test endpoint

    Object.entries(formData).forEach(([key, value]) => {
        const input = document.createElement('input');
        input.type = 'hidden';
        input.name = key;
        input.value = value;
        form.appendChild(input);
    });
    document.body.appendChild(form);
    form.submit();
}`

Example HTML (index.html):

<!DOCTYPE html>
<html>
<head>
    <title>Monri WebPay Form QuickStart</title>
</head>
<body>
    <h1>Click to proceed to payment</h1>
    <button type="button" onclick="redirectToMonriForm()">Proceed to Payment</button>
    <script src="script.js"></script>
</body>
</html>

Please refer to the Variables - names lengths and formats section to see a complete list of all available parameters, including their lengths, formats, and mandatory requirements.

2.5 Process A Test Transaction

After constructing your form (from step 2.2), you can submit it to the test endpoint (https://ipgtest.monri.com/v2/form)

Use the following test card details for testing approved or declined authorization:

No.Card numberCard type3DS enabled
14341792000000044  VisaYes
24058400000000005
VisaNo
35464000000000008MastercardNo
46769064219992611
MaestroYes

NOTE: Use any CVV and set the card's expiration date to a future date

Test declined transaction

To test a declined transaction, you can:

  1. Set the amount parameter to '10000' (equivalent to 100.00€). This will simulate general decline.
  2. Use a 3DS-enabled card and then cancel the transaction when the 3DS authentication form is displayed. This will simulate 3DS decline.


2.6. Verify Response (Callback & Success URL Endpoints)

2.6.1 Callback Mechanism

Callback is back-off system that sends response to endpoint you define and can be set under your merchant profile, under option Callback URL. Callback is a HTTP POST request with all the transaction parameters for each approved transaction.

Other response options

For declined transactions and/or specific transaction steps please refer to WebHooks

Monri system expects HTTP 200 OK status response code to terminate the job, otherwise we’ll send the data periodically until we receive 200.

POST request is sent to your endpoint in JSON format and here is a list of parameters included in callback request:

{
   "id":186562,
   "acquirer":"integration_acq",
   "order_number":"a6b62d07cc89aa0",
   "order_info":"order info for a6b62d07cc89aa0",
   "amount":100,
   "currency":"EUR",
   "ch_full_name":"John Doe",
   "outgoing_amount":100,
   "outgoing_currency":"EUR",
   "approval_code":"914783",
   "response_code":"0000",
   "response_message":"approved",
   "reference_number":"000002902038",
   "systan":"186561",
   "eci":"05",
   "xid":"fake authenticated xid +=",
   "acsv":"fake authenticated cavv +=",
   "cc_type":"visa",
   "status":"approved",
   "created_at":"2019-09-06T14:24:44.906+02:00",
   "transaction_type":"purchase",
   "enrollment":"Y",
   "authentication":"Y",
   "pan_token":null,
   "masked_pan":"434179-xxx-xxx-0044",
   "issuer":"zaba-hr",
   "number_of_installments":null,
   "custom_params":"{a:b, c:d}"
}



Callback source check
To confirm that a callback request originates from Monri, inspect the POST request headers. The authorization and http_authorization headers contain a digest used for validation.

Sample Headers:

header value
accept-encoding gzip;q=1.0,deflate;q=0.6,identity;q=0.3
authorization WP3-callback d5e4528ad8a0e0f4262e518c663d5ff83cd4a8f381db68f9d30f99961409ceebb719c16d423757fc36c532b902c987012f5825dc8d32dde3a9b7ed95876be77a
content-type application/json
http_authorization WP3-callback d5e4528ad8a0e0f4262e518c663d5ff83cd4a8f381db68f9d30f99961409ceebb719c16d423757fc36c532b902c987012f5825dc8d32dde3a9b7ed95876be77a
user-agent Faraday v0.15.4
content-length 621
connection keep-alive

The authorization and http_authorization headers are generated using the following logic:

  • digest = sha512(merchant_key + body)
  • authorization_header_value = WP3-callback digest

Validation Steps
To validate the callback request:

  1. Check the Authorization Scheme
    Ensure the authorization header starts with WP3-callback.
  2. Extract the Digest
    Retrieve the digest value that follows the scheme.
  3. Verify the Digest
    Recalculate the digest using your merchant_key and the raw request body, then compare it to the one provided in the header.


2.6.2 Success URL Mechanism

Redirect to success URL is made after transaction is approved and if redirect flag is set in API settings. Data for this transaction is returned back to merchant site in this step.

Following variables are set in redirect GET request to success URL:

• acquirer
• amount
• approval_code
• authentication
• cc_type
• ch_full_name
• currency
• custom_params
• enrollment
• language
• masked_pan
• number_of_installments
• order_number
• response_code
• digest (returned digest)

Success URL (HTTP GET request) looks like this:

https://ipgtest.monri.com/shop/success?acquirer=integration_acq&amount=100&approval_code=629762&authentication=Y&cc_type=visa&ch_full_name=John+Doe&currency=USD&custom_params=%7Ba%3Ab%2C+c%3Ad%7D&enrollment=Y&language=en&masked_pan=434179-xxx-xxx-0044&number_of_installments=&order_number=02beded6e6106a0&response_code=0000&digest=575 c64b2f5a0701997c8f9cfe4293706e88203cd911695ab747ce45830e4e3cbf71577c401e476988e4a4e1b0b 5f3ecbc56277394df07fa51fbe05869d1b067a

Success URL source check

Returned digest for Success URL is calculated as SHA512(key+success_url without digest). You must check for this value at merchant application before updating status of transaction because malicious user can forge this URL.

You can check digest on this link Calculate Digest

Success URL return digest is calculated using following formula: digest = SHA512(key + succesURL(without DIGEST))

  • key:
2345klj
  • success url (without digest):
https://ipgtest.monri.com/shop/success?acquirer=integration_acq&amount=100&approval_code=629762&authentication=Y&cc_type=visa&ch_full_name=John+Doe&currency=USD&custom_params=%7Ba%3Ab%2C+c%3Ad%7D&enrollment=Y&language=en&masked_pan=434179-xxx-xxx-0044&number_of_installments=&order_number=02beded6e6106a0&response_code=0000
  • digest:
digest = SHA512('2345kljhttps://ipgtest.monri.com/shop/success?acquirer=integration_acq&amount=100&approval_code=629762&authentication=Y&cc_type=visa&ch_full_name=John+Doe&currency=USD&custom_params=%7Ba%3Ab%2C+c%3Ad%7D&enrollment=Y&language=en&masked_pan=434179-xxx-xxx-0044&number_of_installments=&order_number=02beded6e6106a0&response_code=0000')
  • resulting digest:
b96025517326db3b952ba783281701bf48cd1fffa4fb61f0c05847e6498919f99630fbfd575ce9ea9f361ec8bb9bf9e0d349dee0c5474a5141ce91b3e1f95ef3

IMPORTANT Success URL should expire after some sensible amount of time or protected using session.



3. Advanced Features

3.1 Request Restriction: Forced Installments

To mandate that a payment be made with installments, use the force_installments option.

Supported values for this parameter are boolean true and string 'true'. If false is provided, or if the parameter is omitted, it will default to false.

When this option is enabled, the buyer is required to select one of the available installment options and is unable to make a single, one-off payment.

Force Installments Prerequisite

Forcing installments will only function if installments are already enabled on your merchant profile. Attempting to force installment payments for a merchant setup where installments are not enabled will result in an error.

3.2 Request Restriction: Tokenize brands

tokenize_brands - provide this value if you want to limit card tokenization to card brand(s). Multiple brands can be sent (separated by comma).

This value is used in conjunction with tokenize_pan_offered = true .

Supported brands:

  • visa
  • master
  • maestro
  • diners
  • amex
  • jcb
  • discover
  • dina

Example:

  • Set tokenize_pan_offered to true
  • Set value tokenize_brands to master,maestro (comma separated values)
  • Submit prepared data
  • Enter mastercard or maestro card number in card number field
    • Save card for future payments is shown
    • Check Save card for future payments
    • Proceed with payment
    • Entered card is successfully tokenized
    • pan_token value is added to success_url if redirect to success url is enabled and callback is set in the merchant profile
  • Enter visadinersdiscover or amex card number in card number field
    • Save card for future payments is now hidden & disabled
    • Proceed with payment
    • Card is not tokenized upon transaction approval

3.3 Request Restriction: Custom Attributes

Provide custom_attributes value if you want to customize form behaviour. This value (if provided) must be valid json.

Currently we support following keys:

  • installments_config
  • fields_config

Example:

{
  "installments_config": {
    "rules": [
      {
        "brand": "visa",
        "min_installments": 2,
        "max_installments": 12
      },
      {
        "brand": "master",
        "min_installments": 12,
        "max_installments": 24
      }
    ]
  },
  "fields_config": {
    "fields": [
      {
        "name": "ch_email",
        "readonly": true
      },
      {
        "name": "ch_full_name",
        "readonly": true
      }
    ]
  }
}

3.3.1 Installments Config

Used to customize installments selection after user’s card number input.

This extension can be used to fulfil contract between merchant and buyer, where buyer can only pay with one of supported card brands (provided in rules list) by selecting installments from min_installments to max_installments defined in installments config.

Types:

  • InstallmentConfig
    • type = object
    • properties
      • rules
        • type = Array<InstallmentsConfigRule>
        • description = includes one or more installments config rule. Rule’s brand must be unique per rules
          array. This means you cannot include multiple brand = ‘brand’ rules.
  • InstallmentsConfigRule
    • type = object
    • properties
      • brand
        • type = string
        • description = one of visa,master,maestrodinersamex
      • min_installments
        • type = number, integer
        • description = min installments, must be < than max_installments
      • max_installments
        • type = number, integer
        • description = max installments, must be > than min_installments

Installments config example:

{
  "installments_config": {
    "rules": [
      {
        "brand": "visa",
        "min_installments": 2,
        "max_installments": 12
      },
      {
        "brand": "master",
        "min_installments": 12,
        "max_installments": 24
      }
    ]
  }
}

Usage example

Requirements

  • installments are enabled in merchant’s profile
  • merchant’s acquiring account is enabled for installments

If you need helping enabling installments contact support@monri.com

Example steps

  • Set custom attributes field to
'{"installments_config":{"rules":[{"brand":"visa","min_installments":2,"max_installments":12},{"brand":"master","min_installments":12,"max_installments":24}]}}'
  • Submit prepared data
  • Enter visa or master card number in card number field
    • Installments selection is updated using rules provided in installments config. If visa is entered installments
      selection is one time payment (jednokratno) and then from 2 to 12 installments.
      If master is entered installments selection is one time payment (jednokratno) and then from 12 to 24
      installments
    • Select desired number of installments
    • Proceed with payment
    • Payment completed
  • Enter amex (eg 3704 387472 13977) in card number field
    • installments selection is only one time payment - jednokratno
    • appropriate error message is shown - Card 'amex' not supported
    • payment is disabled

3.3.2 Fields Config

Used to customize installments selection after user’s card number input.

This extension can be used to fulfil contract between merchant and buyer, where buyer can only pay with one of supported card brands (provided in rules list) by selecting installments from min_installments to max_installments defined in installments config.

Types:

  • FieldsConfig
    • type = object
    • properties
      • fields
        • type = Array<FieldConfig>
        • description = includes one or more field configs
  • FieldConfig
    • type = object
    • properties
      • name
        • type = string
        • description = one of ch_email,ch_full_name
      • readonly
        • type = boolean
        • description = true or false. Field is readonly for input only if initial value is provided and valid

Fields config example:

{
   "fields_config":{
      "fields":[
         {
            "name":"ch_email",
            "readonly": true
         },
         {
            "name":"ch_full_name",
            "readonly": true
         }
      ]
   }
}

Usage example

Example steps

  • Set custom attributes field to
'{"fields_config":{"fields":[{"name":"ch_email","readonly":true},{"name":"ch_full_name","readonly":true}]}}'
  • Submit prepared data
  • Inputs for email and full name (if provided) are readonly

3.4 Request Restriction: Rules

Currently Rules functionality is in BETA phase. If you are interested in using custom rules please contact us at support@monri.com

To limit payment with rules simply provide comma separated list of rules for the payment.
An example would be: rules=rule-id-1,rule-id-2,rule-id-3

Transaction is declined if one of rules is not satisfied.

3.5 Request Additional Information: Custom Parameters

Merchant can also send custom parameters/variables if needed. Those parameters will be passed back in redirect (callback) after approved authorization. Just pack all the data you wish to send in JSON format and submit that under custom_params variable.

3.6 Response: Overrides

Use the following parameters to override set endpoints that are enabled in merchant’s profile:
NOTE: Success and Cancel overrides will only work if original endpoints are enabled and set

name length format additional info
success_url_override predefined valid HTTPS URL provide this value in initial request if you want to override success URL
cancel_url_override predefined valid HTTPS URL provide this value in initial request if you want to override cancel URL
callback_url_override predefined valid HTTPS URL provide this value in initial request if you want to override callback URL

3.7 Response: WebHooks (Callback mechanism)

Important
  • Monri Webhook endpoints can only be set by a Monri support agent.
  • For webhook(s) to be set please provide webhook from the table and matching endpoints at support@monri.com

Possible triggering events:

No. Webhook Triggers on
1. transaction:refund:approved approved refund transaction
2. transaction:refund:declined declined refund transaction
3. transaction:void:approved approved void
4. transaction:void:declined declined void
5. transaction:capture:approved approved capture
6. transaction:capture:declined declined capture
7. transaction:purchase:approved approved purchase
8. transaction:purchase:declined declined purchase
9. transaction:authorize:approved approved pre-authorization
10. transaction:authorize:declined declined pre-authorization
11. transaction:approved approved transaction (any)
12. transaction:declined declined transaction (any)
13. payment-method:tokenized when tokenized card

Webhook response structure:
Unlike callback Webhook's have two additional parameters (one more level):

  1. event - information on what event it was triggered (see list above)
  2. payload - matches callback payload

Example:

{
  "event": "transaction:approved",
  "payload": {
    "id": 996660,
    "acquirer": "xml-sim",
    "order_number": "0d4546c748b9c4f",
    "order_info": "Monri Test",
    "amount": 100,
    "currency": "EUR",
    ...
 }

3.8 Form: Visual Changes

The visual appearance of the merchant form can be customized through the merchant’s profile. These customizations are divided into two main categories:

  1. UI Customization Settings – Adjust the visual elements of the form (e.g., colors, layout, branding).
  2. Customized Translations – Modify the text displayed on the form to match the desired language or terminology.

Note: The V3 version of the form also includes an option to select different form sizes for improved layout flexibility.

3.8.1 V2 Form (legacy)

UI Customization Settings

  • Order info color
  • Order info label color
  • Submit button color
  • Order info value color

Customized Translations

  • Language
  • Amount field title
  • Store name title
  • Order number title
  • Pay button caption

3.8.2 V3 Form

UI Customization Settings

  • Order info color
  • Order info label color
  • Submit button color
  • Order info value color

Customized Translations

  • Language
  • Amount field title
  • Store name title
  • Order number title
  • Pay button caption

Form Size
Possible options:

  • Default/Standard Form
  • Form without user data
  • Card data, amount and order number
  • Card data only
  • Logo, header and card data
  • Form with user and payment type

3.9 Additional Module: Customers

The Customers Module was developed to address a merchant's need for a streamlined process of storing customer data, eliminating the complexity of handling it manually.

This module introduces advanced functionality and should be considered only after the integration logic is fully understood, due to its complexity and dependencies.

For detailed usage instructions and implementation guidelines, please refer to the official documentation:
👉 Customers Module

3.10 Additional Module: Discounts

Discounts module is developed for the need to calculate different discounts before authorization is initiated.

4. Variable Reference

Please refer to Variables - names lengths and formats

5. Additional Features

  • Demo:
    See a live demonstration of the redirect payment flow here: Demo Redirect.

  • Email Notifications:
    Optionally, email notifications can be sent to both the merchant and the buyer upon a successful purchase. These notifications, along with custom email templates, can be configured within your merchant account settings.

Related articles
  • Variables - names lengths and formats
    Manuals > Monri Online (IPG) > WebPay > Integrations > Form (redirect) > Variables - names lengths and formats
  • Components
    Manuals > Monri Online (IPG) > WebPay > Integrations > Components
  • LightBox
    Manuals > Monri Online (IPG) > WebPay > Integrations