Payment Method API
Last updated
Last updated
Documentation below describes:
api url values
required headers
authentication header
| environment | value |
|---|---|
NOTE Parametrize api url value.
| name | value | description |
|---|---|---|
Every request to the Monri's backend requires authentication. Depending on HTTP method algorithm used to create Authorization header differs.
To create authorization header you'll need:
merchant_key (available on merchant’s dashboard)
authenticity_token (available on merchant’s dashboard)
Authorization header for GET|POST request is created from:
Digest generation
Digest example
If we have:
url: https://ipgtest.monri.com/v2/payment/new
method: POST
fullpath is then: /v2/payment/new
merchant_key: qwert1234
timestamp: 1593457122
authenticity_token: 7db11ea5d4a1af32421b564c79b946d1ead3daf0
body:
Then we create digest as:
You can check digest on this link Calculate Digest
Monri's API adheres to following principles:
status field is always in response and has values:
If response code is 2**: Request is accepted and processed, response is returned
If response code is 401: Authorization failed, there's probably an issue with Authorization header
If response code is 400: Request processing failure, eg. attempted to create resource with invalid amount
Example of valid response:
Example of invalid-request response:
Example of error response:
To create a Payment you'll need to provide:
Valid Authorization header (see above how to create one)
Required fields (described below)
Request endpoint details
Request body:
Scenario charge charges customer amount. Depending on transaction_type amount is reserved (authorize) or captured (purchase).
Scenario add_payment_method provides simple way to implement 'Save card for future payments' functionality.
Supported payment methods
supported_payment_methods in an array of valid payment methods.
Valid payment methods are:
card - representing new card
<pan_token> - secure vault token - Secure Vault Tokens
Requirements / options:
If payment method card is provided then user will be able to enter new card instead of selecting one of saved cards
User must enter card number
Expiry date
Cvv
If payment method <pan_token> is provided provided and valid(cards not expired, valid tokens etc)
Then only cvv input will be updaten on the payment form.
All other information (masked pan, expiry date etc) will be pre filled.
Multiple tokens can be sent. In that case, the user will have an option which card to use.
Example of valid payment methods:
Setup above will result in:
preselected saved card with token f167252fecfeff8f134001bf8e7a700c53e8653f631362dd84913e23260199bf
with an option to select card with token 0df5d4eac4f36d0dee9f48c17ddac2f66c12e5edfc4f92a92d3e6085f31368ea
with an option to enter new card
Example of response:
To update previously created Payment you'll need to provide:
Valid Authorization header (see above how to create one)
Create resource beforehand
Provide valid resource id
Request body:
Example of response:
| name | value | description |
|---|---|---|
| name | value | description |
|---|---|---|
| status | status code | description |
|---|---|---|
| name | value | description |
|---|---|---|
| field | length | type | required | description |
|---|---|---|---|---|
| field | length | type | description |
|---|---|---|---|
| name | value | description |
|---|---|---|
| field | length | type | required | description |
|---|---|---|---|---|
| field | length | type | description |
|---|---|---|---|
test
https://ipgtest.monri.com
prod
https://ipg.monri.com
Content-Type
application/json
All api endpoints require application/json Content-Type header
Accept
application/json
All api endpoints require application/json Accept header
Authorization
<authorization_header>
All api endpoints require Authorization header. See below how to generate one
schema
WP3-v2.1
authenticity_token
<authenticity_token>
Available on merchant's dashboard
timestamp
<timestamp>
Unix timestamp, eg PHP's time()
digest
<digest>
See docs for digest generation
merchant_key
<merchant_key>
Value available on merchant's dashboard
timestamp
<timestamp>
Same timestamp value used in authorization header
authenticity_token
<authenticity_token>
Value available on merchant's dashboard
fullpath
<fullpath>
Full path of request, eg, /v2/terminal-entries/create
body
<body>
Empty string if GET request, request body if POST request
created
200
Resource is created
updated
200
Resource is updated
approved
200
Request successful
invalid-request
4**
There's something wrong with request
error
500
Something went wrong while processing the request
base_url
ipgtest.monri.com or ipg.monri.com
Parametrize this value
path
v2/payment/new
This path is used for create action
method
POST
We are creating/updating resource, hence POST method
amount
1-11
Integer
YES
amount is in minor units, ie. 10.24 USD is sent as 1024
order_number
2-40
String
YES
unique order identifier
currency
3
String
YES
One of supported currencies (BAM, EUR, USD, CHF etc)
transaction_type
enum
String
YES
possible values are: authorizeor purchase
order_info
3-100
String
YES
short description of order being processed
scenario
enum
String
NO
possible values are: chargeor add_payment_method
supported_payment_methodsnew
predefined
Array<String>
NO
An array of pan-tokens and/or card (see below for more details)
status
enum
String
approved, invalid-request or error
client_secret
40
String
Client secret
id
40
String
Payment id
message
-
String
OPTIONAL - available if status is error or invalid-request
base_url
ipgtest.monri.com or ipg.monri.com
Parametrize this value
path
/v2/payment/<payment-id>/update
id of previously created resource
method
POST
We are creating/updating resource, hence POST method
amount
1-11
Integer
YES
amount is in minor units, ie. 10.24 USD is sent as 1024
status
enum
String
approved, invalid-request or error
client_secret
40
String
Client secret
amount
1-11
Integer
amount is in minor units, ie. 10.24 USD is sent as 1024
currency
3
String
One of supported currencies (BAM, EUR, USD, CHF etc)
id
40
String
Payment id
message
-
String
OPTIONAL - available if status is error or invalid-request