PayFacto API - v1.0 - Feature : Recurring Payments (Tokens)

PayFacto API - v1.0 - Feature : Recurring Payments (Tokens)

PayFacto API - v1.0 - Feature : Recurring Payments (Tokens)

How PayFacto's recurring payment module associates a cardholder's credit card with a token so merchants can run future transactions — and automatic recurring payments — without the cardholder present, across integrated, redirect, card-present, and Payment Manager input modes.

  Introduction

The recurrent payment module allows the merchant to execute transactions according to criteria established with the client and without the presence of the cardholder. It also allows automatically making payments at regular intervals.

Once the registration and data entry of the cardholder is completed, the card number is stored in the PayFacto secured database and a token, associated with the card, is returned to the merchant. The following financial operations are available with the use of tokens:

#OperationEndpoint
1Purchase with Tokenhttps://test.api.payfacto.cloud/v1/purchaseWithToken
2Preauthorization with Token (Pré-autorisation avec jeton)https://test.api.payfacto.cloud/v1/preAuthorizationWithToken
3Refund with Token (Remboursement avec jeton)https://test.api.payfacto.cloud/v1/refundWithToken
ℹ️

Financial transactions 1, 2, and 3 must be acknowledged using the Ack endpoint.

#OperationEndpoint
4Recurrence — Add Subscription (Ajout d'abonnement)https://test.api.payfacto.cloud/v1/recur/AddSubscription
5Recurrence — Modify Subscription (Modification d'abonnement)https://test.api.payfacto.cloud/v1/recur/ModSubscription
6Recurrence — Delete Subscription (Suppression d'abonnement)https://test.api.payfacto.cloud/v1/recur/DelSubscription
ℹ️

Subscription management transactions 4, 5, and 6 must be acknowledged using the Recur Ack endpoint.

#OperationEndpoint
7Recurrence — User Information (Information d'usager)https://test.api.payfacto.cloud/v1/recur/InfoUser
8Recurrence — User Verification (Vérification d'usager)https://test.api.payfacto.cloud/v1/recur/VerifyUser
9Recurrence — Subscription Information (Information d'abonnement)https://test.api.payfacto.cloud/v1/recur/InfoSubscription

PayFacto's management of stored card numbers significantly eases the constraints related to PCI-DSS certification for the merchant.

This document covers the following sections:

  • Functional architecture
  • Technological architecture
  • Use of recurrence via the Payment Manager
🚧

Missing Section

The source material lists a "Technological architecture" section in this overview, but no such section's content was included in what was provided. [CONFIRM: please provide the Technological Architecture content, or confirm it should be omitted]

🏗️

  Functional Architecture

General Operation

The basic functionality of recurring payment is the association of the cardholder's credit card number to a token. To perform transactions with a token (without the presence of the cardholder), this information must have been previously input and registered for future use. Storage of this information is made in the PayFacto database according to the security standards required by PCI-DSS.

There are three possible action categories:

  • Client's information input
  • Recurrence management
  • Recurring transaction, or transaction without card present

Operation Security

For all transactions on a customer profile or a subscription performed server-to-server, a security token is necessary. This token is provided:

  1. To the merchant at the time of the creation of the customer profile, from the addUser function.
  2. To the merchant at the time of a card-present transaction, when the feature is enabled for the merchant.

It is used as a reference for the client's information: credit card number and expiry date of the card.

📝

  Client's Information Input Modes

Integrated Input Mode (via the Payment API)

In this server-to-server mode, the merchant server calls the PayFacto server through the Payment API, which is integrated into the merchant systems to allow communication with PayFacto systems. Once the information is transmitted to PayFacto, it is stored in the PayFacto database and associated with a token that is returned to the merchant in the response parameters. Once the information is input, the merchant can create or modify existing customer profiles from calls to the Payment API.

ℹ️

With this input mode, the client's card numbers pass through the merchant's computer systems, which must therefore comply with PCI-DSS standards.

To add a token in integrated mode, the merchant calls the Payment API using the following function:

APIEndpoint
Recurring - Add Userhttps://test.api.payfacto.cloud/v1/recur/AddUser

The merchant collects the customer account information and sends it via this call. The following information is required to complete the token addition:

FieldMandatory?
CompanyNumber[CONFIRM]
MerchantNumber[CONFIRM]
CustomerNumber[CONFIRM]
Name[CONFIRM]
Email[CONFIRM]
CardNumber[CONFIRM]
ExpirationDate[CONFIRM]
Cvv2Cvc2Number[CONFIRM]
LanguageCode[CONFIRM]
OperatorID[CONFIRM]
CardHolderAddress[CONFIRM]
CardHolderPostalCode[CONFIRM]
🚧

Source Gap Flagged

The source table has a "Mandatory?" column but no values were filled in for any field, for this table or the equivalent table under Redirect Input Mode below. [CONFIRM: which fields are actually mandatory?]

In the response of this call, PayFacto provides the merchant with the token and a Return Codes List indicating whether or not the operation was successful. Finally, the e-commerce application must send the acknowledgment ("Ack") to the PayFacto server to finalize the addition of the token. The merchant has 3 minutes to send the acknowledgment to PayFacto.

APIEndpoint
Recurring - Ackhttps://test.api.payfacto.cloud/v1/recur/ack
⚠️

Important

If the result of this acknowledgment is not received, or returns a negative answer ("FALSE"), the token will be automatically deleted. The merchant must wait for the result of the acknowledgment (which must return "TRUE") before considering the addition of the token successful.

Redirect Input Mode

The secure redirection service is an exemplary, efficient, and safe way for merchants to add a token. It requires the merchant to take a customer's information in order to add the token without an associated credit card, then call a web page hosted on the PayFacto servers via the PayFacto Payment API. This page asks the customer to enter their credit card information. Once this is done, PayFacto creates the token/credit-card association, then redirects the user to a success or failure page specified by the merchant. From this page, a call to the Payment API must be made to communicate with PayFacto and retrieve the response parameters of adding the token.

The PayFacto entry page contains links to information pages hosted on PayFacto payment servers, displayed in the PayFacto Customer Payment Service, describing the security solution. All communications between the merchant application and the PayFacto application are made securely over the HTTP protocol, using worldwide-approved encryption. Internet clients must have a browser that supports 128-bit encryption to use the PayFacto Payment Solution redirection service.

Description of the Stages

To add a token in redirect mode, the merchant uses the Payment API with the same Recurring - Add User function used in integrated mode. The merchant collects the information from the customer account and sends it via this call — the card number and expiry date parameters must still be sent, but with an "empty" value. The following information is required to complete the token addition:

FieldMandatory?
CompanyNumberY
MerchantNumberY
CustomerNumberY
NameY
EmailY
CardNumber (send empty)Y
ExpirationDate (send empty)Y
LanguageCodeY
OperatorIDY

In the response of this call, PayFacto provides the merchant with the token and a return code indicating whether the operation succeeded. The e-commerce application must then send the "Ack" to the PayFacto server to finalize the addition of the token, within 3 minutes:

APIEndpoint
Recurring - Ackhttps://test.api.payfacto.cloud/v1/recur/ack
⚠️

Important

If the result of this acknowledgment is not received, or returns a negative answer ("FALSE"), the token will be automatically deleted. The merchant must wait for the result of the acknowledgment (which must return "TRUE") before considering the addition of the token successful.

Next, the merchant's e-commerce application calls PayFacto's Payment API with the payment input parameters of the following call, which transfers the data to the PayFacto payment servers:

APIEndpoint
Recurring - Create Sessionhttps://test.api.payfacto.cloud/v1/recur/CreateSession

The PayFacto server retains the received parameters and returns a session number in the transactionOutput of the "Recurring - Create Session" call. The e-commerce application then redirects the client's browser to the PayFacto redirection page, including the session number, so the payment server can retrieve the transaction data. The format of the redirect URL is:

PayFacto then displays the customer's credit card information input page (referred to in the source as Image 1: Customer Credit Card Information Input Page).

Validation of the 3-digit verification code and the cardholder's address are configurable options at the merchant's request. These values are validated only on the initial addition of the token, not on subsequent transactions made with that token. For more details, refer to the Verification Code (CVV) documentation and the Address Verification System (AVS) documentation.

The customer enters their credit card number, expiry date, and — if required — the 3-digit validation code and address information, then presses "Continue." The customer has a maximum time to enter this information. If the customer makes a mistake, an error page appears (referred to in the source as Image 2: Error Page Regarding the Input of the Customer's Credit Card Information) with the option to cancel or restart the transaction. The customer has a maximum of three attempts to correctly complete the addition of the credit card.

When the customer presses "Continue," the PayFacto server automatically associates the entered credit card with the token provided during session creation. After validating the verification code, the cardholder's address, and the card-to-token association, PayFacto redirects the customer to the merchant — to a success page if the operation succeeds, or a failure page if there is a problem or a non-success of the verification code or address validation — with the transaction's session number as a parameter.

The merchant's success or failure page must use the session number received from the PayFacto redirection to make a new call to the Payment API, returning the result of the card-to-token association in the response parameters:

APIEndpoint
Recurring - Get Responsehttps://test.api.payfacto.cloud/v1/recur/GetResponse
ℹ️

The source material references four screenshots (Images 1–4: the credit card input page, the input error page, and two PayFacto information pages) that were not included with the content provided. [CONFIRM: attach these screenshots before publishing]

Card Present Input Mode

The Payment API also supports creating a token during a card-present transaction performed on a point-of-sale terminal running the PayFacto application. In this mode, the merchant server calls the PayFacto server via the Payment API to send a purchase transaction to a physical terminal installed at the merchant. The Payment API is integrated into the merchant's systems to allow communication with PayFacto systems. During this call, PayFacto sends the transaction information to the device to perform the card transaction.

To add a token in card-present mode, the merchant calls the Payment API using one of the following functions:

APIEndpoint
Purchasehttps://test.api.payfacto.cloud/v1/purchase
PreAuthorizationhttps://test.api.payfacto.cloud/v1/preAuthorization

In the response of this call, PayFacto provides the merchant with the token, a predetermined customer number, and a return code indicating the result of the financial transaction made at the terminal. The merchant must retrieve the token, along with the CustomerNumber, from the response of the Purchase or PreAuthorization call, for future use in a card-not-present transaction. If the financial transaction is not allowed, no token will be created or returned.

ℹ️

No tokens are returned when the transaction is made using a debit card, or when the payment is made using a mobile wallet (e.g. Apple Pay, Android Pay, Google Pay, etc.).

Input Mode from the Payment Manager

This is a manual input mode between the merchant and PayFacto. The PayFacto Payment Manager allows manually entering customer profile and subscription information. With this input method, the customer's card number does not pass through the merchant's computer systems, but must pass through a merchant employee.

🖥️

  Using Recurrence via the Payment Manager

To access the recurrence module, select the User menu from the Payment Manager's main menu. Clicking Recurring transactions in the User menu displays a list of Internet and MOTO merchants — choose the merchant with which recurring transactions will be configured.

Manage Clients

Select Manage Clients to access customer-related features. From the list of all customers, you can manage additions, modifications, and deletions of customer profiles.

Client Addition

Creates a client in the database and associates a credit card number and a token. The card number itself is never given back to the merchant once entered. The client number should be unique to facilitate the merchant's management. When you click Add, the form contains five fields: Merchant (the merchant for which a new client will be added), Name (the credit card holder's name), Client # (identifies the customer with the merchant), Email, and Language (French or English). After filling the fields, click Create, then enter the customer's credit card number and expiration date and click Add.

✏️

Client Modification

Select the client name from the list to modify general information, credit card parameters, or the subscription list. In the Customer Information tab: Name, Client #, Email, Language. In the Credit Card Parameters tab: expiration date, and the credit card number (the expiry date must also be specified if the card number is changed).

🗑️

Client Deletion

Erases a client from the database. Select the client in the list, click the delete option, and confirm the deletion.

The client list can be downloaded as an Excel file, containing:

  • Client number
  • Name
  • Email
  • Token
  • Card number
  • Expiration date of the card
  • Language
  • Status

Manage Subscriptions

Select Manage Subscriptions to access subscription features. From the list of all customers, you can manage additions and deletions of subscriptions.

Subscription Addition

Creates a subscription. The client number and token are essential to correctly identify which client is being subscribed. Clicking Add displays a form with seven fields:

  1. Name — the customer for whom a new subscription will be added.
  2. Account # — a reference for the merchant.
  3. Amount — the amount of the financial transaction, in one of three categories: Total (a total amount divided into a number of equal payments at a specific frequency), Recurring (equal amounts at a specific frequency), or Deferred (a single amount on a specific date).
  4. Frequency — how often the subscription will be paid.
  5. Date of the contract — From — the date of the first withdrawal.
  6. End of contract by — either an End Date (end date of withdrawals) or a # of equal payments (the withdrawal count).
  7. Description — a reference for the merchant to identify the subscription.

After filling the fields, click Create.

✏️

Subscription Modification

Select the subscription from the list to change the account number, status, or subscription description. The two possible statuses are "Active" and "Pause." If a subscription is paused, scheduled withdrawals wait for the subscription to become active before being attempted.

🗑️

Subscription Deletion

Ends a subscription immediately. Select the subscription from the list and click the delete option.

Billing Report

Select Billing Report to access invoice information. The report contains:

  • Bill number
  • Amount
  • Expected date
  • Executed date
  • Transaction number
  • Status

To view a specific transaction receipt, click the transaction number in the billing report.

ℹ️

The source material references numerous Payment Manager screenshots throughout this section ("the following screen is displayed") that were not included with the content provided. [CONFIRM: attach these screenshots before publishing]