Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Data is sent as a server-to-server request, authenticated with HTTP Basic Auth. All server-to-server requests use UTF-8 charset.

  1. A new payment request (Create Paymenthttps://sveapayments.atlassian.net/wiki/spaces/DOCS2022/pages/1657012476/Create+Payment#Request-(S2S-HTTP-POST) ) is sent by the web store software (with no payer browser intervention).

  2. The server-to-server request is authenticated by using standard Basic Authentication Header.

    1. Use merchant's seller_id as the username and secret key as the password for Basic Auth Header.

  3. The success response (Create Paymenthttps://sveapayments.atlassian.net/wiki/spaces/DOCS2022/pages/1657012476/Create+Payment#Response-(XML) ) is in XML document with root element <pmt>.

    1. These values are usually the same as in the request: pmt_action, pmt_version, pmt_id, pmt_reference, pmt_amount, pmt_currency

    2. pmt_paymenturl

      1. This is the address where the payer can be redirected instantly to continue the payment process

      2. or this address could be used as "payment link" that is sent to the payer for example by email

      3. or this link can be shown somewhere in the web store.

  4. Payer is redirected to the pmt_paymenturl.

  5. When the payer returns to the web store after payment, web store must validate the payment confirmation and make sure it was not fabricated by a malicious user. Use Payment Status Query instantly to validate the payment.

  6. OPTIONAL (yet recommended): Later a callback request (Callback functions) from Svea’s server is made to web store. If payment has not yet been confirmed earlier, web store must use Payment Status Query to validate the payment.

  7. OPTIONAL: pmt_paymenturl expiration time can be updated Payment URL and URL Expiration

...