This site requires javascript to be enabled.

UnionPay International - SecurePay

Results for

Results for Searching

Integration

Before you begin

To follow along with this guide, please ensure that you have the following ready:

Using MyCheckout hosted payment pages

Since we host the pages ourselves and manage the card data on your behalf, you're only required to comply with PCI SAQ A standards, which are less strict than higher-level requirements.

  1. Make a POST /v1/{merchantId}/hostedcheckouts API call.
  2. Create the order object containing the following elements:
  • amountOfMoney, including amount and currencyCode
  • customer, including billingAddress and countryCode

Additionally, you can add hostedCheckoutSpecificInput object, featuring variant and locale properties:

  • variant - the created styling of the checkout page tailored to your consumer's preferences
  • locale- the language, that will be used for your hosted checkout page

For more information on customizing the MyCheckout hosted payment pages, please refer to our detailed guide

POST HOSTEDCHECKOUTS REQUEST
{
    "order": {
        "amountOfMoney": {
            "amount": 100,
            "currencyCode": "SEK"
        },
        "customer": {
            "billingAddress": {
                "countryCode": "SE"
            }
        }
    },
    "hostedCheckoutSpecificInput": {
        "variant": "264",
        "locale": "en_GB"
    }
}
POST HOSTEDCHECKOUTS RESPONSE

{
   "RETURNMAC":"ee66d1e7-f424-4bbf-a419-935dec4e1f63",
   "hostedCheckoutId":"065e59de-e5c4-71ff-be4f-4994da16bd64",
   "partialRedirectUrl":"pay1.preprod.checkout.worldline-solutions.com/checkout/9991-7781475d59094ee6856c4884be86ab7f:065e59de-e5c4-71ff-be4f-4994da16bd64:04405251e389400e806bd4ff4f98e34c"
}

From the response, the important properties are:

  • hostedCheckoutId can be used in subsequent API calls to retrieve the transaction details, such as GET/v1/{merchantId}/hostedcheckouts/{hostedCheckoutId}
  • partialRedirectUrl is used to create the URL to which the customer needs to be redirected (by default, we configure every account with the subdomain payment, so you can always connect https://payment. with the partialRedirectUrl, for example:

https://payment.pay1.preprod.checkout.worldline-solutions.com/checkout/9991-7781475d59094ee6856c4884be86ab7f:065e59de-e5c4-71ff-be4f-4994da16bd64:04405251e389400e806bd4ff4f98e34c

The hostedCheckoutId is only valid for 2 hours, please ensure to store the createdPaymentOutput.payment.id from the GET /v1/{merchantId}/hostedcheckouts/{hostedCheckoutId} response to be able to retrieve data after 2 hours have elapsed via the GET /v1/{merchantId}/payments/{paymentId} API call. Alternatively, we can also optionally send a webhook event that will contain it.

Using your own checkout page

You can build a direct integration using our SDKs (or integrate our API from scratch). Depending on your integration needs, there are several options available.

Client encryption

Our Client API allows you to perform various actions, such as collecting card data without being PCI SAQ D compliant. All you need is to be able to create a session via the POST/v1/{merchantId}/sessions API call, which will grant you access to the Client API.

It's highly recommended that you use our Client SDKs, provided for the following programming languages:

We also have reference implementations showing how to use these SDKs on GitHub

Non-encrypted data

Use this option if you wish to do a direct server-to-server API call and handle the card data directly. The difference with the other options is that you don't need to submit an encryptedCustomerInputproperty. After the consumer selects the payment product, you need to perform the following:

  1. Make a POST /v1/{merchantId}/payments API call.
  2. Create the order object requiring the following properties:
  • amountOfMoney, including amount and currencyCode
  • customer, including billingAddress and countryCode
  1. Create the cardPaymentMethodSpecificInput object requiring the following properties:
  • paymentProductId
  • card, including cvv, cardNumber, expiryDate, and cardholderName

The cardholderName is often different from the name a customer uses when registering an account. The cardholderName refers to the official name the customer uses with their issuing bank.

POST PAYMENTS REQUEST

{
   "order":{
      "amountOfMoney":{
         "amount":100,
         "currencyCode":"SEK"
      },
      "customer":{
         "billingAddress":{
            "countryCode":"SE"
         }
      }
   },
   "cardPaymentMethodSpecificInput":{
      "paymentProductId":430,
      "card":{
         "cvv":"123",
         "cardNumber":"4111111111111111",
         "expiryDate":"1233",
         "cardholderName":"Foo Bar"
      }
   }
}
POST PAYMENTS RESPONSE

    {
   "creationOutput":{
      "additionalReference":"00000099911009937944",
      "externalReference":"000000999110099379440000100001"
   },
   "payment":{
      "id":"000000999110099379440000100001",
      "paymentOutput":{
         "amountOfMoney":{
            "amount":100,
            "currencyCode":"SEK"
         },
         "references":{
            "paymentReference":"0",
            "providerId":"3500",
            "providerReference":"27181230"
         },
         "paymentMethod":"card",
         "cardPaymentMethodSpecificOutput":{
            "paymentProductId":430,
            "fraudResults":{
               "fraudServiceResult":"no-advice",
               "avsResult":"0",
               "cvvResult":"0"
            },
            "card":{
               "cardNumber":"411111******1111",
               "cardholderName":"Foo Bar",
               "expiryDate":"1233"
            }
         }
      },
      "status":"CAPTURE_REQUESTED",
      "statusOutput":{
         "isCancellable":true,
         "isRetriable":false,
         "statusCategory":"PENDING_CONNECT_OR_3RD_PARTY",
         "statusCode":800,
         "statusCodeChangeDateTime":"20240304114153",
         "isAuthorized":true,
         "isRefundable":false
      }
   }
}
Next Process flows