Recurring Payments

It is possible to save a customers card securely at DIBS for recurring payments, so that the customer will not have to type in their card information for each purchase.

Ticket via preauth

Saving card information through DIBS requires use of the FlexWin parameter, called “preauth

The following events take place when sending in the preauth-parameter to DIBS:

  • We replace the amount that is sent in, and authorize towards an amount of 1,-
  • The Card-number and expiration date are stored at DIBS.
  • A reference to the card number is returned to the callbackurl and accepturl in the return value “transact” as well as a statuscode “13”

This is a ticket, which is used along with our API-Solutions to make recurring payments. Alternatively, the ticket can also be charged through the DIBS administration.

There are no limits to how many payments that can be made or the amount that can be used, but every payment attempt must be authorized by the end-customers bank through a balance check.

The process of saving a card would therefore be to first save the card via preauth, then make the actual payment by making the API-call ticket_auth.cgi - (explained with an example below)

Illustrated:

 

Example of a post towards FlexWin:
<FORM ACTION="https://payment.architrade.com/paymentweb/start.action" METHOD="POST" CHARSET="UTF -8">
<INPUT TYPE="hidden" NAME="accepturl" VALUE="http://www.domene.com/accept.php">
<INPUT TYPE="hidden" NAME="cancelurl" VALUE="http://www.domene.com/cancel.php">
<INPUT TYPE="hidden" NAME="callbackurl" VALUE="http://www.domene.com/callback.php">
<INPUT TYPE="hidden" NAME="amount" VALUE="100">
<INPUT TYPE="hidden" NAME="currency" VALUE="578">
<INPUT TYPE="hidden" NAME="merchant" VALUE="XXXXXXXX">
<INPUT TYPE="hidden" NAME="orderid" VALUE="kunde 1">
<INPUT TYPE="hidden" NAME="lang" VALUE="NO">
<INPUT TYPE="hidden" NAME="preauth" VALUE="1">
<INPUT TYPE="hidden" NAME="test" VALUE="1">
<INPUT TYPE="hidden" NAME="decorator" VALUE="responsive" />
<INPUT type="Submit" value="TICKET DEMO">
</FORM>

The orderId used should be a reference to the customer in the store’s own database. Such that the returned ticket can easily be attached to the correct customer.

The subsequent payments should use the same orderId as a reference, with an added reference to the payment itself, as either a prefix or postfix to the original orderId.

Example:

  • orderId when saving card: "customer1"
  • orderId for the first recurring payment: "customer1-payment1"

Example of payment window during auth:

Example of a GET acceptUrl:

http://www.domene.com/accept.php?merchant=XXXXXXXX&test=1&callbackurl=http%3A%2F%2Fwww.domene.com%2F‌callback.php‍&acquirer=TEST&approvalcode=123456&preauth=1&lang=NO&currency=578&amount=100&cardnomask=XXXXXXXXXXXX0000&transact=949893577&paytype=VISA&flexwin_cardlogosize=3&orderid=kunde+1&cardexpdate=2406&statuscode=13&cardprefix=471110&accepturl=http%3A%2F%2Fwww.domene.com%2Faccept.php&cancelurl=http%3A%2F%2Fwww.domene.com%2Fcancel.php

Decoded GET acceptUrl:

GET request variables:
merchant: XXXXXXXX
test: 1
callbackurl: http://www.domene.com/callback.php
acquirer: TEST
approvalcode: 123456
preauth: 1
lang: NO
currency: 578
amount: 100
cardnomask: XXXXXXXXXXXX0000
transact: 949893577
paytype: VISA
flexwin_cardlogosize: 3
orderid: kunde 1
cardexpdate: 2406
statuscode: 13
cardprefix: 471110
accepturl: http://www.domene.com/accept.php
cancelurl: http://www.domene.com/cancel.php

In the example, you can see that the ticket is not a separate parameter, but the parameter transact contains the ticket reference.

«transact: 949893577» Ticket reference.

«statuscode: 13» Indicates that the transaction is a ticket.

«cardprefix: 471110» The first 6 digits of the credit card used

«cardnomask: XXXXXXXXXXXX0000» The last 4 digits of the credit card used.

«cardexpdate: 2406» The expiration date of the stored card in the format “yymm”

ticket_auth.cgi

To initiate a recurring payment, you send an API-call to ticket_auth.cgi containing the ticket reference and the amount to be charged.

A balance check is made towards the customers bank account, and if accepted, a transact is returned as a reference to the payment.

If the ticket is to be used as a convenience function for the customer (so that the customer can chose to have the card saved and only type in the security code), the parameter 'postype' should be used with the value 'savedcard'. Furthermore, the parameter 'securityCode' should be sent with the customers cvc value. It is important to note that you are not allowed to save the cvc value, as this requires a PCI certification. Please contact your acquirer as well if you wish to use the ticket function this way.

<form action="https://payment.architrade.com/cgi-ssl/ticket_auth.cgi" method="post">
<input type="hidden" name="merchant" value="XXXXXXXX" />
<input type="hidden" name="ticket" value="949893577" />
<input type="hidden" name="amount" value="100" />
<input type="hidden" name="currency" value="578" />
<input type="hidden" name="orderid" value="kunde 1 – betaling 1" />
<input type="hidden" name="textreply" value="true" />
<input type="hidden" name="capturenow" value="yes" />
<input type="hidden" name="test" value="yes" />
<button type="submit" style="width:50px; height:50px;">Ticket auth</button>
</form>

Response:

status=ACCEPTED&transact=949880569&authkey=0acb3221d13db3a96ca83567279ab12b&cardtype=VISA&approvalcode=123456

If the parameter capturenow is used, the transaction will be captured simultaneously with the authorization.

If capturenow is not used, you have to make a second API-call to capture.cgi, to capture the amount towards the specified transact.

capture.cgi
<form method="post" action="https://payment.architrade.com/cgi-bin/capture.cgi">
<input type="hidden" name="merchant" value="XXXXXXXX">
<input type="hidden" name="amount" value="100">
<input type="hidden" name="transact" value="949880569">
<input type="hidden" name="orderid" value="ticket">
</form>

Response:

status=ACCEPTED&transact=949880569&result=0&cardtype=VISA
DIBS Bulk Service API

Alternatively, you can make use of our BULK Service solution to authorize and capture payments made via tickets.

When the credit card information is no longer valid

If the credit card information connected to a ticket is no longer valid i.e. because the card has expired.

The customer must be prompted to make a new ticket with updated information by going through the ticket registration process once more.

The old ticket should then be replaced by the newly created ticket, and deleted by using the delticket.cgi API.

If a customer cancels their subscription

This API requires that you use a login and password in the URL for the API call, it is possible to create separate API users by logging on to the DIBS administration and going to Setup > User Setup > API users

Example of a delticket.cgi call:

<form method="post" action="https://login:password@payment.architrade.com/cgi-adm/delticket.cgi">
<input type="hidden" name="merchant" value="XXXXXXXX">
<input type="hidden" name="ticket" value="949893577">
</form>
Do you have a question or need help?
Follow us
DIBS Payment Services
Stockholm +46 (0)8-527 525 00
Göteborg +46 031-600 800
København +45 7020 3077
Oslo +47 21 55 44 00