Management API

Automate your invoicing process with Saferpay

Documentation

Request Specification and technical documentation is available under https://saferpay.github.io/jsonapi/#ChapterRestApi.

Secure PayGate links

With the Saferpay Rest API, you can fully automate your invoicing process whether by e-mail, mail or online. This not only saves you time, but also enables your customers to settle the invoice using their preferred payment method.

Requirements

The following requirements have to be met, in order to use the Secure PayGate REST API:

You need a Saferpay Secure PayGate contract, in order to use the Secure PayGate in the first place
- In conjunction with that, you need at least one Secure PayGate terminal, with attached payment methods of your choice.
A Saferpay eCommerce licence and thus the existence of a valid identification with a username and password for the Saferpay system, to access the necessary API-functions.

Versioning

If you are implementing new payment methods and/or features, please make sure to implement the correct SpecVersion of our API.

Attention: This guide will always assume the latest SpecVersion of the Saferpay JSON API, unless stated otherwise! While some features do work with older versions, please always consult the specification and, if need be, the version, you have currently implemented, as stated below!

Furthermore, it is possible to go back to previous spec-versions, by adding the version to the url. For example, if you want to go back to the 1.4 specification, simply add the version to the url like this:

https://saferpay.github.io/jsonapi/1.14/

Breaking changes

SpecVersion

Changes

1.26+

The BillingAddressForm.Display parameter got removed.

Configuration

Before you can begin using the Secure PayGate, you need to configure it inside the Backoffice under Secure PayGate > Settings.

Creating a single-use link

A single-use link is meant to be payed once. Until it has been payed, it can be opened multiple-times, unlike links, created by the payment API.

In order to create such a link, one must execute the SecurePayGate Create SingleUsePaymentLink request:

POST: /rest/customers/[customerId]/terminals/[terminalId]/spg-offers

{
  "Payment": {
    "Amount": {
      "Value": "404",
      "CurrencyCode": "CHF"
    },
    "OrderId": "094c2a7ce1374f7ca184591f123b154d",
    "Options": {
      "PreAuth": true
    }
  },
  "ExpirationDate": "2020-04-23",
  "Payer": {
    "LanguageCode": "de",
    "BillingAddress": {
      "FirstName": "John",
      "LastName": "Doe",
      "Company": "Worldline",
      "Gender": "MALE",
      "Street": "Mustergasse 123",
      "Zip": "8008",
      "City": "Zurich",
      "CountryCode": "CH",
      "Email": "payer@provider.com"
    }
  }
}

{
  "OfferId": "503a3d7b-072b-400f-9e7e-8ec15191c737",
  "PaymentLink": "https://www.saferpay.com/SecurePayGate/Payment/123456/12345678/503a3d7b-072b-400f-9e7e-8ec15191c737"
}

Sending the Offer

An offer is not sent automatically!

It is intended for you to send the payment link, using your own mail client, which is supported by a lot of environments and programming languages by default. This way, you have full control over the text and especially look and feel of your e-mail.

Queue status of a single use link

If you want to know the status of a single-use link, you may use the SecurePayGate Get SingleUsePaymentLink request, using the OfferId returned within the SecurePayGate Create SingleUsePaymentLink response (see above):

GET: /rest/customers/[customerId]/terminals/[terminalId]/spg-offers/[offerId]

No payload needed

{
  "OfferId":"503a3d7b-072b-400f-9e7e-8ec15191c737",
  "PaymentLink":"https://www.saferpay.com/SecurePayGate/Payment/123456/12345678/503a3d7b-072b-400f-9e7e-8ec15191c737"
  "Status":"OPEN",
  "Payment":{
    "Amount":{
      "Value":"100",
      "CurrencyCode":"CHF",
    },
    "OrderId":"cd0005bf21bb4906bcbea939d74cee72",
    "Description":"Hallo"
  },
  "CreationDate":"2023-03-01T11:37:47.682+01:00",
  "ExpirationDate":"2023-04-01T00:00:00.000+02:00"
}

Inside the Backoffice

Payment links, that are created with the REST Api, will also be displayed inside the Saferpay Backoffice.

The Application will be marked as RestApi.

The details of API-created links may be viewed, however it cannot be modified.

Connecting the JSON API

The Secure PayGate Management API can be connected with the Saferpay JSON-API, specifically the Payment Page interface, enabling you, to fully automate the creation, sending and processing of your Secure PayGate offers. For that, you must define the {{{PAYMENTPAGETOKEN}}}, as described during the initial set-up, otherwise you do not have the necessary data to execute the next step.

Once the redirect and/or the notification call arrives at your webserver, you can extract the {{{PAYMENTPAGETOKEN}}} and simply execute the Payment Page Assert. That will return the payment data of the Secure PayGate transaction to your system. This transaction is like a normal Payment Page transaction and further steps may be applied to it, for example the Capture, Partial Capture, or Cancel. Refunds via the API may also be executed, if you wish.

As of now the automatic capturing-option, as described in the Secure PayGate manual, does not apply to transactions, made via the Secure PayGate API! You always either have to capture them manually through the Saferpay Backoffice, or via the JSON API, as described above!

Try it!

We do offer a Demo Environment, where you can test the Secure PayGate Rest Api.

Secure Card Data

Similar to the Payment Page, the Secure PayGate API also has the ability to save a card, during a transaction, using Secure Card Data. Simply add the RegisterAlias container to your request, as described in the request specification:

Similar to the Payment Page, the Secure PayGate API also has the ability to save a card, during a transaction. Simply add the RegisterAlias container to your request, as described in the request specification:

Example

{
  "Payment": {
    "Amount": {
      "Value": "404",
      "CurrencyCode": "CHF"
    },
    "OrderId": "094c2a7ce1374f7ca184591f123b154d",
    "Options": {
      "PreAuth": true
    }
  },
  "ExpirationDate": "2020-04-23",
  "Payer": {
    "LanguageCode": "de",
    "BillingAddress": {
      "FirstName": "John",
      "LastName": "Doe",
      "Company": "Worldline",
      "Gender": "MALE",
      "Street": "Mustergasse 123",
      "Zip": "8008",
      "City": "Zurich",
      "CountryCode": "CH",
      "Email": "payer@provider.com"
    }
  },
  "BillingAddressForm": {
    "Display": true
  },
  "RegisterAlias": {
    "IdGenerator": "RANDOM"
  }
}

At this moment, only the IdGenerator value RANDOM is supported!

To use said data, you have to use the Saferpay JSON API. Please refer to this chapter, on how this can be done.

Delete an offer

It is possible to delete an already created offer, using the Management API. However, for that, you must pay special attention, as it may not be trivial at first glance.

The request-endpoint is the same, as with the creation of the payment link. However the HTTP-method is not. For deletion of the link, one must use HTTP-DELETE, instead of HTTP-GET.

It is important to note, that DELETE only deletes the offer itself, but does not kill the Payment session. If the customer already arrived on the payment page to pay the offer, SPG-delete will have no effect on the outcome of the payment.

It only prevents the payment link itself from being opened. If the Link already has been opened, a payment can still be made. Though it will still void the payment link itself.

Here is an example from Mozilla about HTTP-DELETE.

Queue information & account management

The Management API offers several methods to queue account information and to manage said account. This enables you for instance to automatically configure your systems, should the need arise. It is also very helpful, if you have multiple shops, or franchises below you, that all need a full list of payment methods and their configured currencies, or information about available Saferpay functions in order to function properly. While this information can be gathered manually, the Management API offers a way to automatically configure everything, also eliminating the possibility for user-error.

Customer License Configuration

The Licensing CustomerLicenseConfiguration request lets you queue information about available Saferpay functions, giving you an overview about everything, that is available on this Saferpay account.

This is especially interesting for integrators, that are offering their services to multiple merchants, that want to use Saferpay, enabling their software to automatically set itself up.

Get Terminal configuration

The Management-API offers a way to gather information about any terminal, that is activated on the given Saferpay account.

There are two functions of interest:

Terminals GetTerminals

This request will return a list of all activated terminals on a given CustomerId, containing their ID, type and descriptor. This is especially interesting for cases, where the terminalId is not known and also offer a selection for the merchant, if multiple terminals are activated.

Terminal GetTerminal

Please mind the missing "s".

Once the terminalId is known, the Management API can be used to gather information about the terminal itself. The Terminal GetTerminal request will return the configuration of the terminal itself. Like activated payment methods, available currencies for the given payment method and also a URL to the currently used payment method logo, so you can easily stay up-to date, even if the branding should change.

Create Access Token

The Management Api offers the possibility, to create Access Tokens for the Saferpay Fields, enabling you, to automatically set the fields up, for the use in your webshop.

Delete Access Token

Fields Access Tokens can also be deleted via the same endpoint. Further information on this can be found in the API specification: Delete Access Token

PreviousPayment API (aka JSON API)NextBackoffice

Last updated 1 month ago

Was this helpful?