Error Handling
While executing a successful payment is of the upmost importance for Saferpay, technical difficulties, or just simply a failed transaction, are unavoidable. This chapter will help you understand, how Saferpay handles these cases and how you are able to gather information about what went wrong.
Http status != 200
A NOK, or an http status-code != 200 (OK), does not necessarily mean, that the connection to Saferpay failed. Saferpay uses other status-codes to indicate the error-type and that something has gone wrong in the first place.
However alongside this code, Saferpay will also return a JSON-message, that contains information abou what exactly happened. You should always take a look at the message-body and not just the returned error-code.
Please take a look at the Saferpay Specification for a list of status codes and parameters, in case of an error.
Failed payments and processor-errors
Lets take a look at how you would gather the error-response, that is returned from the processor, in case of a failed payment attempt, or other difficulties.
In the back, Saferpay communicates with a wide array of processors, in order to process payments. In case of an error, or just a simple failed payment, Saferpay does pass the processor-response through to you, so you may know the reason of the failure.
To gather said response, you simply proceed as you would in a success case. So for example in case of the Payment Page, or the Transaction Interface, Saferpay would redirect the payer to the ReturnUrl.Url and also call the Notification.FailNotifyUrl and you simply would proceed, as you would normally. So with the Payment Page, you'd simply execute the Payment Page Assert and with the Transaction Interface the Transaction Authorize.
Some direct requests, like with Recurring Payments, or Refunds, also return the error-response right away, as there is no redirect.
Please note, that it also depends on the processor and/or the card holders bank on what information is shared. Saferpay returns as much information as possible to you, but in some cases, the bank simply does not want to share the exact reasons of a failure. In these cases, only the card holder may ask his/her bank for the exact reasons.
Example
An example of a rejected payment could look like this:
HTTP status code: 402 Payment Required
Don't just retry
If a transaction fails, do not just retry the transaction.
Doing an unauthorized retry can lead to additional charges put upon you.
Saferpay does return a recommended Behavior and ErrorName telling you, if you can attempt at a later date:
More about the meaning
These behaviors and error names specifically apply to the request itself and not necessarily to the payment itself.
As an example:
This example indicates, that the 3D Secure authentication failed for this transaction. The behavior itself applies to this request, in this case the Payment Page Assert, or Transaction Authorize. These requests will always yield this exact result, so a retry does not help.
However, what this does not mean is, that you cannot reattempt the payment itself. Given the above example, a 3D Secure authentication could also fail, if the card holder simply did a mistake. Reattempting the overall payment could lead to a success, if the card holder fixes his/her mistake.
Retry behavior and polling
In some cases, a retry may be the right thing to do, e.g. in case of a timeout and the like. However, please consider the following things:
The processing timeout is 100 seconds. Saferpay communicates with all manner of internal and external systems. Especially external ones can increase the processing-time by a considerable margin. Please wait for 100 seconds, before reattempting a request.
Do not use polling to continiously ask for information! Saferpay prohibits the use of polling. Violating this rule will lead to your account being blocked.
However, you are allowed to voluntarely execute requests, in order to gain information on a transaction. For example, if you haven't gotten any notification, you may execute the Payment Page Assert, in order to check, if there has been an activity.
While polling is forbidden, you are allowed to implement a retry mechanic. We'd also recommend, after you have retried the request, to wait for a while, in order to circumvent longer lasting issues. For example, if you haven't gotten a response after 100 seconds, you may retry immediately. If this still fails, you should wait a minute, then retry. If that fails, wait for an hour and so on. This staggered retry mechanic is the best compromise between time and ressource investment.
The RequestId and RetryIndicator
The RequestHeader.RequestId and RequestHeader.RetryIndicator are soely meant for debugging-purposes and indication of retries.
The RequestId is meant to identify this one request. Not the whole payment, only this one request. It has to be generated by the merchant-system. Please make sure, that it is unique for each different request.
If your request fails with a Behavior of RETRY and RETRY_LATER, you may reattempt the request with the same RequestId, but then you should increase the RetryIndicator by one, to indicate, that this is a retry of a previously failed attempt.
The maximum number of retries/value for RetryIndicator is 9.
Common error messages and their meaning
There are certain error-messages returned by Saferpay, that have a very specific meaning and thus a very specific solution.
Here is a list of common error-messages you may encounter and ways of solving the issue at hand:
AUTHENTICATION_FAILED - "Invalid credentials":
In this case , your application could not authenticate itself against the Saferpay gateway, which could be caused by one, or more of the following things:
Your CustomerId is incorrect.
Your API-User is incorrect.
Your API-Password is incorrect.
You are running on the wrong environment, e.g. using a Live account on the test environment and vice versa.
Please make sure, that all of these do match up and are set correctly.
TRANSACTION_ABORTED
This transaction has been aborted by the payer, through clicking the Cancel-button.
3DS_AUTHENTICATION_FAILED
This error is thrown, if the 3D Secure authentication failed. Since 3D Secure is an anti-fraud measure, Saferpay will not attempt a transaction, if the authentication is attempted, but ending up failed, which could be an indicator for a payer with stolen card details and malicious intents.
NO_CONTRACT:
In this case, you are either asking for a payment method, that is not activated on your account, or the requested currency is not set up for you. You can check these things inside the Saferpay Backoffice under Settings > Terminals. If something is not correct, please contact your Account Manager at our sales, to solve this issue.
TRANSACTION_IN_WRONG_STATE:
This means, that there are steps in the transaction flow you have to execute, before the currently executed one. For example missing a redirect, or initializing and then authorizing the transaction, without providing the necessary means of payment.
The previous step (e.g. actions by the payer, after he has been redirected) may also still be in
TRANSACTION_ALREADY_CAPTURED:
This is not so much an error, than it is a warning/information telling you, that the capturing of the transaction has already happened. The transaction did not fail, nor did the capture, it simply just already happened, as a capture can only happen once.
Please see this chapter about the capture and its importance.
Missing permissions to perform PayPal transactions
With it being a 3rd party payment method, PayPal needs a special setup, so Saferpay has the permission to perform actions/transactions on your PayPal account.
If Paypal has not been set up correctly, you will get the following error response, when trying to execute a PayPal payment:
Soft decline/Additional customer authentication required
This is a special rejection, that is exclusive to the PSD2 area. This error means, that this transaction must be secured with Strong Consumer Authentication (SCA), which is most commonly done via 3D Secure.
The whole PSD2-topic is explained in more detail over here.
General decline
The most common rejection you'll probably encounter during normal business is the "General decline", or code "05".
This code is thrown, when the cardholders bank, or the processor refuse to elaborate on the exact reason of the rejection. The only way to get more information would be either for the cardholder to ask his bank, or, if the first option yielded no result, for you -the merchant- to ask your account manager for more details.
Last updated