Introduction
The Global Payments ViComm API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. JSON is returned by all API responses, including errors, although our API libraries convert responses to appropriate language-specific objects.
You should never expose your Server Credentials in any public website's client-side code.
To start the integration you will need to request to Global Payments ViComm Team integraciones@gpvicomm.com for a Development/Sandbox account. Please send us your e-mail to identify you as a developer and the name of your company.
We will create an Application and give you the application code. From now this will be the identifier for your Application in the whole integration. We also give you a developer account based on the e-mail you provided. We will send you the password via e-mail to access to your developer account. You can access to this configuration here:
| Environment | URL |
|---|---|
| development | https://dashboard-stg.gpvicomm.com |
| production | https://dashboard.gpvicomm.com |
You can change you account password or if you forget it you can always use the forgot password option to recover it. In the Global Payments ViComm admin system you will see your transactions, application settings (including application URLs and application key) and so more.
Configurations have to be done for the application in development environment and production environment, URLs and application key are different for every environment. Development environment will be always available for tests even after launching your application to production.
Environments
In order to use the API, you need to use one of the following base URLs depending of the environment:
Cards payment method
| Environment | URL |
|---|---|
| development | https://ccapi-stg.gpvicomm.com |
| production | https://ccapi.gpvicomm.com |
Bank Transfer / Wallets / Link To Pay payment methods
| Environment | URL |
|---|---|
| development | https://noccapi-stg.gpvicomm.com |
| production | https://noccapi.gpvicomm.com |
Authentication
To build the auth_token, you can use this code:
#!/usr/bin/env python
import time
import hashlib
from base64 import b64encode
print '#########################################################'
print '####### AUTH TOKEN TEST'
print '#########################################################'
server_application_code = ''
server_app_key = ''
unix_timestamp = str(int(time.time()))
print 'UNIX TIMESTAMP: %s' % unix_timestamp
uniq_token_string = server_app_key + unix_timestamp
print 'UNIQ STRING: %s' % uniq_token_string
uniq_token_hash = hashlib.sha256(uniq_token_string).hexdigest()
print 'UNIQ HASH: %s' % uniq_token_hash
auth_token = b64encode('%s;%s;%s' % (server_application_code,
unix_timestamp, uniq_token_hash))
print 'AUTH TOKEN: %s' % auth_token
All the requests must have the header Auth-Token:
APPLICATION-CODE;UNIXTIMESTAMP;UNIQ-TOKEN
| Element | Description |
|---|---|
| APPLICATION-CODE | Ask the Global Payments ViComm team for it. |
| UNIXTIMESTAMP | This must be created at the same time as the request, be aware that the time is in UTC and in SECONDS, you will have 15 seconds before you need to create a new one, or your request will be rejected (error.type: Invalid timestamp). |
| UNIQ-TOKEN | Is the hexa representation of a hash sha256 generate from the string “secret-key”+”timestamp”, the secret-key is given by Global Payments ViComm team. |
Once you have the UNIQ-TOKEN you need to apply the sha256 and the hexa convertion, you can use the next python example, just add your server_application_code and server_app_key:
Payment Methods
Cards
In this platform we can securely store the sensitive credit card data.
This data is transformed into an encrypted code called token, which can be stored in a database. With the platform, the store will be able to offer features like “One click buy” and “Retry transaction”, always preserving the integrity and the confidentiality of the information.
Add a Card
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "test@example.com"
},
"card": {
"number": "5119159076977991",
"holder_name": "citlali calderon",
"expiry_month": 9,
"expiry_year": 2020,
"cvc": "123",
"type": "vi"
}
}' 'https://ccapi-stg.gpvicomm.com/v2/card/add'
The above request returns JSON structured like this:
{
"card": {
"bin": "511915",
"status": "review",
"token": "17121538682542236138",
"message": "",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-488",
"type": "vi",
"number": "7991",
"origin": "ORIGIN"
}
}
This endpoint add a card to the platform related to a user.
HTTP Request
POST https://ccapi-stg.gpvicomm.com/v2/card/add
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| user.email | String | Yes | Buyer email, with valid e-mail format. |
| user.phone | String | No | Buyer phone. |
| user.ip_address | String | No | User IP address. Valid v4 IP address. |
| user.fiscal_number | String | No | The fiscal number given by the buyer Note: For card types ex, ak, vr, sx, ol, ep and cd this field is mandatory. |
| card.number | String | Yes | A valid credit card number. |
| card.holder_name | String | Yes | The credit card holder name. |
| card.expiry_month | Number | Yes | The credit card expiry month. |
| card.expiry_year | Number | Yes | The credit card expiry year. |
| card.cvc | String | Yes | The credit card security number. |
| card.type | String | No | Abbreviated card type. See the valid options |
| card.account_type | String | No | The corresponding values for: Credit, Checking and Savings accounts are: C, R and A respectively. |
| extra_params | Json | No | Optional params (3DS 2 objects included) used for some commerce in Json format. Please contact your commercial executive for more details. |
| billing_address | Json | No | Object with the billing address, see the specification of address. |
Response
| Parameter | Description |
|---|---|
| card.bin | The BIN of the card (First six digits of the card). |
| card.status | Either of the following status: valid, review, pending and rejected. If the response is "review" or "pending", the transaction associated to the attempt to add a card (transaction_reference) needs to be verified by the user, to set this card as valid. |
| card.token | New card identifier. This code is unique among all cards, only returned if status is valid or review, "" otherwise. |
| card.message | If any, would be the message of the carrier for example in case of rejected by carrier. |
| card.expiry_year | The expiry year of the card. |
| card.expiry_month | The expiry month of the card. |
| card.transaction_reference | The transaction.id that origin the addition of the card (only if it was sent to review, by the anti-fraud system, null otherwise). |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
| card.origin | The origin of the credit card. Could be one of the following: ViComm, VisaCheckout, Masterpass. |
Get all Cards
curl \
-k -L -H 'Content-Type: application/json' \
-H 'Auth-Token: auth_token' \
'https://ccapi-stg.gpvicomm.com/v2/card/list?uid=4'
The above request returns JSON structured like this:
{
"cards": [
{
"bin": "511915",
"status": "review",
"token": "17121538682542236138",
"holder_name": "citlali calderon",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-473",
"type": "vi",
"number": "7991"
},
{
"bin": "422023",
"status": "valid",
"token": "15363681013452573066",
"holder_name": "citlali calderon",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": null,
"type": "mc",
"number": "8431"
},
{
"bin": "453254",
"status": "valid",
"token": "10135134879450157925",
"holder_name": "citlali calderon",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": null,
"type": "vi",
"number": "8311"
}
],
"result_size": 3
}
This endpoint retrieves all Cards related to a user.
HTTP Request
GET https://ccapi-stg.gpvicomm.com/v2/card/list
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| uid | String | Yes | Customer identifier. This is the identifier you use inside your application. |
Response
A list of cards
| Parameter | Description |
|---|---|
| result_size | Number of items of the list of cards. |
| card.bin | The BIN of the card (First six digits of the card). |
| card.status | Either of the following status: valid, review, pending and rejected. If the response is "review" or "pending", the transaction associated to the attempt to add a card (transaction_reference) needs to be verified by the user, to set this card as valid. |
| card.token | Card identifier. This code is unique among all cards |
| card.holder_name | The credit card holder name. |
| card.expiry_year | The expiry year of the card. |
| card.expiry_month | The expiry month of the card. |
| card.transaction_reference | The transaction.id that origin the addition of the card (only if it was sent to review, by the anti-fraud system, null otherwise). |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
Delete a Card
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"card": {
"token": "2293795539132514250"
},
"user": {
"id": "4"
}
}' 'https://ccapi-stg.gpvicomm.com/v2/card/delete/'
The above request returns JSON structured like this:
{
"message": "card deleted"
}
This endpoint delete a Card related to a user
HTTP Request
POST https://ccapi-stg.gpvicomm.com/v2/card/delete/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| card.token | String | Yes | Card Identifier. This code is unique among all cards. Format: Long Integer. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
Init a Reference
This is an example of basic request for init reference
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"locale":"es",
"order":{
"amount":100.00,
"description":"Jhon Doe",
"vat":0,
"dev_reference":"Jhon Doe Buying",
"installments_type":0
},
"user":{
"id":"117",
"email":"jhon@doe.com"
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/init_reference/'
This is an example of request with all parameters for init reference
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"locale":"es",
"session_id":"",
"origin":"",
"antifraud":{
"device_fingerprint":"testa.a92176a7552eb582e1b10b30edc7ac522085d15c54f6",
"server_ip_address":"54.236.214.202",
"shopping_cart":[
{
"category":"16",
"tax_value":0,
"name":"Testing product",
"price":399.9,
"id":"1119",
"quantity":1
},
{
"category":"10",
"tax_value":0,
"name":"Testing name",
"price":399.9,
"id":"1119",
"quantity":1
}
],
"merchant_custom_data":{
"1":"campo1",
"2":"dos"
}
},
"order":{
"amount":100.00,
"description":"Jhon Doe",
"vat":0,
"dev_reference":"Jhon Doe Buying",
"installments_type":0
},
"user":{
"id":"117",
"email":"jhon@doe.com"
},
"conf":{
"theme":{
"logo": "https://mysite.com/images/logo.png",
"primary_color": "#00BF84",
"secondary_color": "#545454"
}
}
},
"billing_address":{
"street":"Calle 1 Sur",
"city":"Chia",
"country":"COL",
"district":"Chia",
"zip":"69885",
"state":"CU",
"house_number":"179",
"additional_address_info":"Casa 53"
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/init_reference/'
The above request returns JSON structured like this:
{
"checkout_url":"https://ccapi-stg.gpvicomm.com/v2/transaction/checkout?reference=12438255612471559230",
"reference":"12438255612471559230"
}
This endpoint is used for initialize a reference for checkout.
HTTP Request
POST https://ccapi-stg.gpvicomm.com/v2/transaction/init_reference/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| locale | String | Yes | User's preferred language (es, en, pt). English will be used by default. |
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| antifraud | Json | No | Object with antifraud data, see the specification of antifraud. |
| order.amount | Number | Yes | Amount to debit. Format: Decimal with two fraction digits. |
| order.description | String | Yes | Description of the order to be purchase. Format: (Maximum Length 250) |
| order.vat | Number | Yes | Sales tax amount, included in product cost. Format: Decimal with two fraction digits. |
| order.dev_reference | String | Yes | Merchant order reference. You will identify this purchase using this reference. |
| order.installments_type | Number | No | Only available for Ecuador and Mexico. See the valid values |
| conf | Json | No | Object with data for conf , see the specification for conf. |
| billing_address | Json | No | Object with the billing address, see the specification of address. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| user.email | String | Yes | Buyer email, with valid e-mail format. |
Response
| Parameter | Description |
|---|---|
| checkout_url | Checkout URL, use for render checkout |
| reference | Reference, use for render checkout, is required a reference for render. |
Data for conf
Required from conf, when integration is API
| Parameter | Type | Required | Description |
|---|---|---|---|
| conf.allowed_card_brands | String | No | Allowed card brands to this operation. See the valid options |
| conf.allowed_card_types | String | No | Allowed card types |
| conf.invalid_card_type_message | String | No | Define a custom message to show for invalid card types. |
| conf.theme | JSON | No | Data for custom checkout color's |
Debit with token
Base Case
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order": {
"amount": 99.0,
"description": "pozole",
"dev_reference": "referencia",
"vat": 0.00
},
"card": {
"token": "2293795539132514250",
"cvc": "123"
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/debit/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2017-09-26T21:00:47",
"amount": 11.1,
"authorization_code": "088428",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": "6",
"id": "CI-489",
"status_detail": 3,
"installments_type": "Revolving credit",
"payment_method_type": "0",
"product_description": "pozole"
},
"card": {
"bin": "450700",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-489",
"type": "vi",
"number": "6651",
"origin": "ORIGIN"
}
}
This is an example of response for 3DS 2 with objects for authentication:
{
"transaction": {
"status": "failure",
"payment_date": null,
"amount": 11.1,
"authorization_code": null,
"installments": 1,
"dev_reference": "referencia",
"message": null,
"carrier_code": null,
"id": "RB-5969",
"status_detail": 37
},
"card": {
"bin": "401600",
"status": "",
"token": "",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "RB-5969",
"type": "vi",
"number": "0051",
"origin": "ORIGIN"
},
"3ds": {
"sdk_response": {
"acs_trans_id": "00000000-0005-5a5a-8000-016ab2e4246c",
"acs_signed_content": null,
"acs_reference_number": "JCB0002"
},
"authentication": {
"status": "U",
"return_message": "U-status/Challenge authentication via ACS: ",
"version": null,
"xid": "MDAwMDAwMDAwMDAwMDAwMDAyMDg=",
"reference_id": "ffffffff-9002-51a3-8000-0000000345a2",
"cavv": null,
"return_code": "5",
"eci": null
},
"browser_response": {
"hidden_iframe": "",
"challenge_request": ""
}
}
}
This endpoint creates a debit transaction with a stored credit card. If you want to debit with 3D Secure 2 authentication. You will need to include extra_params in the request, that are used for authentication (See objects for authentication)
HTTP Request
POST https://ccapi-stg.gpvicomm.com/v2/transaction/debit/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| order.amount | Number | Yes | Amount to debit. Format: Decimal with two fraction digits. |
| order.description | String | Yes | Description of the order to be purchase. Format: (Maximum Length 250) |
| order.dev_reference | String | Yes | Merchant order reference. You will identify this purchase using this reference. |
| order.vat | Number | Yes | Sales tax amount, included in product cost. Format: Decimal with two fraction digits. |
| order.installments | Number | No | The number of installments for the payment, only for COP, MXN, BRL, PEN, CLP and USD (Ecuador). |
| order.installments_type | Number | No | Only available for Ecuador and Mexico. See the valid values |
| order.months_grace | Number | No | Only available for Mexico and Ecuador (Medianet), the number of months of grace for a deferred payment. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| user.first_name | String | No | User name. |
| user.last_name | String | No | User last name. |
| user.email | String | Yes | Buyer email, with valid e-mail format. |
| user.phone | String | No | Buyer phone. |
| user.ip_address | String | No | User IP address. Valid v4 IP address. |
| user.fiscal_number | String | No | The fiscal number given by the buyer Note: For card types ex, ak, vr, sx, ol, ep and cd this field is mandatory. |
| card.token | String | No | Card Identifier. This code is unique among all cards. Format: Long Integer. |
| card.cvc | String | No | The credit card security number. |
| wallet.type | String | No | Type of wallet, the valid are : 'VisaCheckout', 'Masterpass' and 'CyberSource'. |
| wallet.key | String | No | The id of the wallet (either callid, transactionId or subscriptionID ). |
| extra_params | Json | No | Optional params (3DS 2 objects included) used for some commerce in Json format. Please contact your commercial executive for more details. |
Response
| Parameter | Description |
|---|---|
| transaction.status | Could be success, failure or pending. |
| transaction.payment_date | If staging environment the date will be in UTC, otherwise will depend on carrier. |
| transaction.amount | The amount of the transaction. |
| transaction.authorization_code | If success the authorization code responded from carrier. |
| transaction.installments | The number of installments for the payment. |
| transaction.dev_reference | Merchant order reference. |
| transaction.message | The returned message from carrier or fraud analysis system. |
| transaction.carrier_code | The returned code from carrier. |
| transaction.id | Transaction identifier. This code is unique among all transactions. |
| transaction.status_detail | The status detail of the transaction, for more information status detail |
| transaction.installments_type | Only available for Ecuador and Mexico. See the valid values |
| transaction.payment_method_type | Payment method of the transaction, type string. For more information payment_method_types |
| transaction.product_description | Order description. |
| transaction.trace_number | Only available for Ecuador and Mexico. |
| transaction.lot_number | Only available for Ecuador. |
| card.bin | The BIN of the card (First six digits of the card). |
| card.expiry_year | The expiry year of the card. |
| card.expiry_month | The expiry month of the card. |
| card.transaction_reference | If any, the transaction.id |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
| card.origin | The origin of the credit card. Could be one of the following: ViComm, VisaCheckout, Masterpass. |
In case of transactions that were authenticated with 3DS 2, the response will include:
| Parameter | Description |
|---|---|
| 3ds.sdk_response.acs_trans_id | Transaction ID from ACS. |
| 3ds.sdk_response.acs_signed_content | Signed content from ACS. |
| 3ds.sdk_response.acs_reference_number | ACS reference number. |
| 3ds.authentication.status | Authentication status, could be: "Y", "N", "U", "A", "R", "C" or "-" if value not available due errors or not enrolled, for more information authentication_status. |
| 3ds.authentication.xid | Transaction identifier sent to MPI. |
| 3ds.authentication.return_code | Returned code from MPI, that provides all the information that is needed to determine how to manage the transaction, for more information return code mpi |
| 3ds.authentication.eci | Electronic Commerce Indicator, with visa cards, the value to be passed in Authorization message. |
| 3ds.authentication.return_message | Description of the return_code. |
| 3ds.authentication.version | 3DS message version used. |
| 3ds.authentication.cavv | Cardholder Authentication Verification Value, determined by ACS. Format: base64 |
| 3ds.authentication.reference_id | DS Transaction Id. |
| 3ds.browser_response.challenge_request | If cardholder was enrolled and or challenge authentication requested, payment page application must redirects the user browser to the ACS. If this field is not empty, it will contain the html to redirect. |
| 3ds.browser_response.hidden_iframe | If this field is not empty, the content should be render into an intermediate page into an invisible iframe and wait about 5 seconds. |
| 3ds.service | The name of the MPI that has authenticated the transaction. |
Objects for authentication
Before perform a payment whether through a debit with token, a debit with card or an authorization, it is possible to first perform a 3D Secure authentication, sending this objects in extra_params:
| Object name | Description |
|---|---|
| threeDS2_data | If authentication will be performed directly in debit/authorization this object is required. |
| browser_info | Required for device_type browser. |
| auth_data | Use this object if you performed the authentication first. |
| risk_indicator | Additional risk fields for 3DS 2. Include this in your request whenever available. |
| Parameter | Type | Required | Description |
|---|---|---|---|
| extra_params.threeDS2_data.term_url | String | Yes | Merchant page url, where ACS will post (via user browser) CRes message after authentication. |
| extra_params.threeDS2_data.device_type | String | Yes | Device type. Valid strings: browser, SDK. |
| extra_params.threeDS2_data.process_anyway | Boolean | No | Process anyway, ie. no matter the result of the authentication, perform the debit/authorize. If not provided default false. |
| extra_params.threeDS2_data.reference_id | String | Yes* | Mandatory only for MPI CyberSource, the id used to build the jwt sent in the init method in front end. |
| extra_params.browser_info.ip | String | C | User IP address. Valid v4 IP address. |
| extra_params.browser_info.language | String | C | Language of the browser. |
| extra_params.browser_info.java_enabled | Boolean | C | If java is enabled in the browser. |
| extra_params.browser_info.js_enabled | Boolean | C | If Java Script is enabled in the browser. |
| extra_params.browser_info.color_depth | Number | C | Color depth of the browser. |
| extra_params.browser_info.screen_height | Number | C | Screen height of the browser. |
| extra_params.browser_info.screen_width | Number | C | Screen width of the browser. |
| extra_params.browser_info.timezone_offset | Number | C | Time Zone Offset. |
| extra_params.browser_info.user_agent | String | C | User agent. |
| extra_params.browser_info.accept_header | String | C | Accept header. |
| extra_params.auth_data.cavv | String | Yes | Cardholder Authentication Verification Value, determined by ACS. Format: base64 |
| extra_params.auth_data.xid | String | No | Transaction identifier sent to MPI. |
| extra_params.auth_data.eci | String | Yes | Electronic Commerce Indicator, with visa cards, the value to be passed in Authorization message. |
| extra_params.auth_data.version | String | Yes | 3DS message version used. |
| extra_params.auth_data.reference_id | UUID | Yes | DS Transaction Id. |
| extra_params.auth_data.status | String | Yes | Authentication status, could be: "Y", "N", "U", "A", "R" or "C", for more information authentication_status |
Address
This is an example of request with Billing Address Object:
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com",
"phone": "1234567890123"
},
"order":{
"amount": 11.1,
"description": "una paleta",
"vat": 0,
"dev_reference": "referencia",
"installments": 4
},
"card": {
"number": "4456530000001047",
"holder_name": "citlali calderon",
"expiry_month": 12,
"expiry_year": 2024,
"cvc": "123",
"type": "vi"
},
"billing_address": {
"street": "Street Test",
"house_number": "24",
"city": "ciudad de mexico",
"zip": "67890",
"state": "DF",
"country": "MEX",
"district": "colonia",
"additional_address_info": ""
},
"extra_params": {
"threeDS2_data": {
"term_url": "https://your.url.com/YOUR_3DS_NOTIFICATION_URL",
"device_type": "browser",
"reference_id": "2"
},
"browser_info": {
"ip": "88.196.25.166",
"language": "en-US",
"java_enabled": false,
"js_enabled": true,
"color_depth": 24,
"screen_height": 1200,
"screen_width": 1920,
"timezone_offset": 0,
"user_agent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
"accept_header": "text/html"
}
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/debit_cc'
In case you are sending the billing or shipping address, this is the Json Object Format:
| Parameter | Type | Required | Description |
|---|---|---|---|
| first_name | String | No | Address owner name |
| last_name | String | No | Address owner last name |
| street | String | No | The name of the street. |
| city | String | No | The city, max length of 50 characters. |
| state | String | No | The state: ISO 3166-2 country subdivision code in case of 3DS authentication, free format otherwise |
| district | String | No | The district. |
| zip | String | No | The zip or postal code. Max length allowed of 50 characters. |
| house_number | String | No | The house number |
| country | String | No | Country in ISO 3166-1 alpha-3 format, for example: COL, MEX, ECU. |
| additional_address_info | String | No | Additional address info, without format. |
Installments Type
The installments type are only available for Ecuador and Mexico. For this countries if you send installments, then the installments_type are mandatory. The valid values are:
| Type | Description |
|---|---|
| 2 | Deferred with interest. |
| 3 | Deferred without interest. | 9 | Deferred without interest and months of grace. |
Debit with credit card
Base Case
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order":{
"amount": 11.1,
"description": "una paleta",
"vat": 0,
"dev_reference": "referencia"
},
"card": {
"number": "4507000397186651",
"holder_name": "citlali calderon",
"expiry_month": 9,
"expiry_year": 2020,
"cvc": "123",
"type": "vi"
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/debit_cc'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2017-10-12T21:07:22",
"amount": 11.1,
"authorization_code": "472921",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": "6",
"id": "CI-507",
"status_detail": 3,
"installments_type": "Revolving credit",
"product_description": "una paleta",
"payment_method_type": "0"
},
"card": {
"bin": "450700",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-507",
"type": "vi",
"number": "6651",
"origin": "ORIGIN"
}
}
An example of request with extra_params:
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order":{
"amount": 11.1,
"description": "una paleta",
"vat": 0,
"dev_reference": "referencia"
},
"card": {
"number": "4507000397186651",
"holder_name": "citlali calderon",
"expiry_month": 9,
"expiry_year": 2020,
"cvc": "123",
"type": "vi"
},
"extra_params": {
"config_01": "value_01",
"config_02": {"name_01": "name_v01"}
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/debit_cc'
This is an example of request making the request with 3ds 2 objects for authentication:
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order":{
"amount": 11.1,
"description": "una paleta",
"vat": 0,
"dev_reference": "referencia"
},
"card": {
"number": "4507000397186651",
"holder_name": "citlali calderon",
"expiry_month": 9,
"expiry_year": 2020,
"cvc": "123",
"type": "vi"
},
"extra_params": {
"threeDS2_data": {
"term_url": "https://your.url.com/YOUR_3DS_NOTIFICATION_URL",
"device_type": "browser",
"process_anyway": false
},
"browser_info": {
"ip": "88.196.25.166",
"language": "en-US",
"java_enabled": false,
"js_enabled": true,
"color_depth": 24,
"screen_height": 1200,
"screen_width": 1920,
"timezone_offset": 0,
"user_agent": "Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/70.0.3538.110 Safari\/537.36",
"accept_header": "text/html"
}
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/debit_cc'
This endpoint creates a debit transaction with a credit card.
If you want to debit with 3D Secure 2 authentication. You will need to include extra_params in the request, that are used for authentication (See objects for authentication)
HTTP Request
POST https://ccapi-stg.gpvicomm.com/v2/transaction/debit_cc/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| order.amount | Number | Yes | Amount to debit. Format: Decimal with two fraction digits. |
| order.description | String | Yes | Description of the order to be purchase. Format: (Maximum Length 250) |
| order.dev_reference | String | Yes | Merchant order reference. You will identify this purchase using this reference. |
| order.vat | Number | Yes | Sales tax amount, included in product cost. Format: Decimal with two fraction digits. |
| order.installments | Number | No | The number of installments for the payment, only for COP, MXN, BRL, PEN, CLP and USD (Ecuador). |
| order.installments_type | Number | No | Only available for Ecuador and Mexico. See the valid values |
| order.months_grace | Number | No | Only available for Mexico and Ecuador (Medianet), the number of months of grace for a deferred payment. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| user.first_name | String | No | User name. |
| user.last_name | String | No | User last name. |
| user.email | String | Yes | Buyer email, with valid e-mail format. |
| user.phone | String | No | Buyer phone. |
| user.ip_address | String | No | User IP address. Valid v4 IP address. |
| user.fiscal_number | String | No | The fiscal number given by the buyer Note: For card types ex, ak, vr, sx, ol, ep and cd this field is mandatory. |
| card.number | String | Yes | A valid credit card number. |
| card.holder_name | String | Yes | The credit card holder name. |
| card.expiry_month | Number | Yes | The credit card expiry month. |
| card.expiry_year | Number | Yes | The credit card expiry year. |
| card.cvc | String | Yes | The credit card security number. |
| card.type | String | No | Abbreviated card type. See the valid options |
| extra_params | Json | No | Optional params (3DS 2 objects included) used for some commerce in Json format. Please contact your commercial executive for more details. |
| billing_address | Json | No | Object with the billing address, see the specification of address. |
| <!-- order.discount | Number | No | Amount to be discounted. This field is informative only, doesn't affect the final amount. Format: Decimal with two fraction digits. --> |
Response
Authorize
Case a) sending only the card.token
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order": {
"dev_reference": "referencia",
"amount": 99.0,
"description": "pozole",
"vat": 0.00
},
"card": {
"token": "6221308792087238335"
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/authorize/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2017-09-26T21:03:04",
"amount": 99.0,
"authorization_code": "148177",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": "4",
"id": "CI-490",
"status_detail": 0
},
"card": {
"bin": "453254",
"status": "valid",
"token": "10135134879450157925",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-490",
"type": "vi",
"number": "8311",
"origin": "ORIGIN"
}
}
Case b) sending all the information of the card (pci commerce)
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4",
"email": "user@example.com"
},
"order": {
"dev_reference": "referencia",
"amount": 99.0,
"description": "pozole",
"vat": 0.00
},
"card": {
"number": "4507000397186651",
"holder_name": "citlali calderon",
"expiry_month": 9,
"expiry_year": 2020,
"cvc": "123",
"type": "vi"
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/authorize/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2017-09-26T21:02:04",
"amount": 99.0,
"authorization_code": "148177",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": "4",
"id": "CI-491",
"status_detail": 0
},
"card": {
"bin": "450700",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-491",
"type": "vi",
"number": "6651"
}
}
This endpoint send for authorization a transaction of Credit Card (Only for Cielo (BRL), Prosa (MXN) Procesos and Visanet (PEN))
If you want to authorize with 3D Secure 2 authentication, there are two possible ways:
Direct authorization with Global Payments ViComm. This will include extra params in the request, that are used for authentication (See objects for authentication)
HTTP Request
POST https://ccapi-stg.gpvicomm.com/v2/transaction/authorize/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| session_id | String | No | Fraud related parameter. 32-length numeric hash. |
| order.amount | Number | Yes | Amount to debit. Format: Decimal with two fraction digits. |
| order.description | String | Yes | Description of the order to be purchase. Format: (Maximum Length 250) |
| order.dev_reference | String | Yes | Merchant order reference. You will identify this purchase using this reference. |
| order.vat | Number | Yes | Sales tax amount, included in product cost. Format: Decimal with two fraction digits. |
| order.installments | Number | No | The number of installments for the payment, only for COP, MXN, BRL, PEN, CLP and USD (Ecuador). |
| order.installments_type | Number | No | Only available for Ecuador and Mexico. See the valid values |
| order.months_grace | Number | No | Only available for Mexico and Ecuador (Medianet), the number of months of grace for a deferred payment. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| user.first_name | String | No | User name. |
| user.last_name | String | No | User last name. |
| user.email | String | Yes | Buyer email, with valid e-mail format. |
| user.phone | String | No | Buyer phone. |
| user.ip_address | String | No | User IP address. Valid v4 IP address. |
| card.token | String | No (*) | Card Identifier. This code is unique among all cards. Format: Long Integer. |
| card.number | String | No | A valid credit card number. |
| card.holder_name | String | No (*) | The credit card holder name. |
| card.expiry_month | Number | No (*) | The credit card expiry month. |
| card.expiry_year | Number | No (*) | The credit card expiry year. |
| card.cvc | String | No (*) | The credit card security number. |
| card.type | String | No (*) | Abbreviated card type. See the valid options |
| extra_params | Json | No | Optional params (3DS 2 objects included) used for some commerce in Json format. Please contact your commercial executive for more details. |
| billing_address | Json | No | Object with the billing address, see the specification of address. |
| <!-- order.discount | Number | No | Amount to be discounted. This field is informative only, doesn't affect the final amount. Format: Decimal with two fraction digits. --> |
Response
Capture
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"transaction": {
"id": "CI-325"
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/capture/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2017-09-26T21:03:04",
"amount": 99.0,
"authorization_code": "148177",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": "6",
"id": "CI-490",
"status_detail": 3
},
"card": {
"bin": "453254",
"status": "valid",
"token": "10135134879450157925",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "CI-490",
"type": "vi",
"number": "8311"
}
}
This endpoint capture an authorized transaction (Only for Cielo (BRL), Prosa (MXN) Procesos and VisaNet (PEN))
HTTP Request
POST https://ccapi-stg.gpvicomm.com/v2/transaction/capture/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| transaction.id | String | Yes | Transaction identifier. This code is unique among all transactions. |
| order.amount | Number | No | The order amount to capture, could be greater o lower than original (Prosa MXN), or only lower (Cielo, BRL Procesos and VisaNet (PEN)). Format: Decimal with two fraction digits. If not provided, the full amount of the original authorize will be captured. |
Response
Verify
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"user": {
"id": "4"
},
"transaction": {
"id": "CI-316"
},
"type": "BY_AMOUNT",
"value": "99.99"
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/verify'
The above request returns JSON structured like this:
{
"status": 1,
"payment_date": "2017-09-26T21:16:00",
"amount": 99.0,
"transaction_id": "CI-491",
"status_detail": 3,
"message": ""
}
In case of more_info = true, this is an example:
{
"transaction": {
"status": "failure",
"payment_date": null,
"amount": 11.1,
"authorization_code": null,
"installments": 1,
"dev_reference": "referencia",
"message": null,
"carrier_code": null,
"id": "RB-5969",
"status_detail": 37
},
"card": {
"bin": "401600",
"status": "",
"token": "",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "RB-5969",
"type": "vi",
"number": "0051",
"origin": "ORIGIN"
},
"3ds": {
"sdk_response": {
"acs_trans_id": "00000000-0005-5a5a-8000-016ab2e4246c",
"acs_signed_content": null,
"acs_reference_number": "JCB0002"
},
"authentication": {
"status": "U",
"return_message": "U-status/Challenge authentication via ACS: ",
"version": null,
"xid": "MDAwMDAwMDAwMDAwMDAwMDAyMDg=",
"reference_id": "ffffffff-9002-51a3-8000-0000000345a2",
"cavv": null,
"return_code": "5",
"eci": null
},
"browser_response": {
"hidden_iframe": "",
"challenge_request": ""
}
}
}
After have been performed a transaction, whether through an add card, a debit with token, a debit with card or an authorization, if the response transaction status is pending, this end point should be posted after that.
Sometimes an add card or debit transaction would need to be verified with a code from the financial entity that charges the card. Another case that needs verification is when the card issuer send a OTP to the user in order to continue with the transaction, or after the buyer have been challenged in a 3DS 2 transaction.
When the buyer gets the verification code from his bank, or when the buyer obtain the SMS with the OTP, or when the merchant gets the result of the challenge response, its possible to verify the operation making a request to:
HTTP Request
POST https://ccapi-stg.gpvicomm.com/v2/transaction/verify
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| transaction.id | String | Yes | Transaction identifier. This code is unique among all transactions. |
| user.id | String | Yes | Customer identifier. This is the identifier you use inside your application. |
| type | String | Yes | The type of value that is going to be sent in the request. Valid strings "BY_AMOUNT", "BY_AUTH_CODE", "BY_OTP", "BY_CRES" and "AUTHENTICATION_CONTINUE". |
| value | String | Yes | Could be the authorization code provided by the financial entity to the buyer, the transaction amount, the One Time Password (OTP), the Challenge Response (CRES), or empty string in case of AUTHENTICATION_CONTINUE. |
| more_info | Boolean | No | true or false to determine if the response will include more info about the transaction. |
Response
| Parameter | Description |
|---|---|
| status | The status of the transaction, for more information status detail |
| payment_date | If staging environment the date will be in UTC, otherwise will depend on carrier. |
| amount | The amount of the transaction. |
| transaction_id | Transaction identifier. This code is unique among all transactions. |
| status_detail | The status detail of the transaction, for more information status detail |
| message | If the type of verification was "BY_OTP", the response message in case of failure. |
If you send more_info with value true: See Objects in response
| Currency | Amount |
|---|---|
| COP | 256 |
| CRC | 256 |
| CLP | 256 |
| USD | 2.56 |
| BRL | 2.56 |
| PEN | 2.56 |
| SGD | 2.56 |
| MXN | 25.6 |
| HNL | 25.6 |
| NIO | 25.6 |
| UYU | 25.6 |
| ARS | 128 |
Refund
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"transaction": {
"id": "CI-311"
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/refund/'
The above request returns JSON structured like this:
{
"status": "success",
"detail": "Completed"
}
Example of refund with partial amount
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"transaction": {
"id": "CI-311"
},
"order": {
"amount": 11.10
}
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/refund/'
Example of request, with param 'more_info'
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"transaction": {
"id": "PR-11"
},
"order": {
"amount": 8.00
},
"more_info": true
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/refund/'
Example of response with more info
{
"status": "success",
"transaction": {
"status": "success",
"payment_date": "2020-02-11T00:39:58.477",
"authorization_code": "TEST00",
"refund_amount": 8.0,
"dev_reference": "referencia",
"carrier_code": null,
"status_detail": 34,
"amount": 11.1,
"installments": 1,
"message": "Reverse by mock",
"id": "PR-11"
},
"detail": "Completed partial refunded with 8.0",
"card": {
"bin": "400000",
"status": "",
"token": "",
"expiry_year": "2020",
"expiry_month": "9",
"transaction_reference": "PR-11",
"type": "vi",
"number": "0077",
"origin": "ORIGIN"
}
}
This endpoint is used to refund a transaction
HTTP Request
POST https://ccapi-stg.gpvicomm.com/v2/transaction/refund/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| transaction.id | String | Yes (*) | Transaction identifier. This code is unique among all transactions. |
| order.amount | Number | No | The order amount to refund. Format: Decimal with two fraction digits. If not provided, the full amount of the transaction. Works with Cielo (BRL), Prosa (MXN), Credibanco and Redeban (COP) (**). |
| more_info | Boolean | No | true or false to determine if the response will include more info about the transaction. |
Response
| Parameter | Description |
|---|---|
| status | Could be one of the following: success, pending or failure |
| detail | If success could be Completed or Completed partial refunded with NN.NN where NN.NN is the amount of the partial refund. If failure could be Error: Not completed, Transaction already refunded or Invalid Status. If pending, Waiting gateway confirmation or Waiting gateway confirmation for partial refund with NN.NN. |
Void
curl -k -L -X POST -H 'Content-Type: application/json' -H 'Auth-Token: auth_token' -d '{
"transaction": {
"id": "PR-11"
},
}' 'https://ccapi-stg.gpvicomm.com/v2/transaction/void/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "success",
"payment_date": "2022-08-11T18:52:32",
"amount": 99.0,
"authorization_code": "148177",
"installments": 1,
"dev_reference": "referencia",
"message": "Operation Successful",
"carrier_code": null,
"id": "PR-11",
"status_detail": 29
},
"card": {
"bin": "453254",
"status": "valid",
"token": "10135134879450157925",
"expiry_year": "2025",
"expiry_month": "10",
"transaction_reference": "PR-11",
"type": "vi",
"number": "8311"
}
}
This endpoint cancels an authorized transaction (Prosa (MXN))
HTTP Request
POST https://ccapi-stg.gpvicomm.com/v2/transaction/void/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| transaction.id | String | Yes (*) | Transaction identifier. This code is unique among all transactions. |
Response
Transaction Info
curl -k -L -H 'Content-Type: application/json' -H 'Auth-Token: auth_token'
'https://ccapi-stg.gpvicomm.com/v2/transaction/<transaction_id>/'
The above request returns JSON structured like this:
{
"transaction": {
"status": "pending",
"payment_date": "2018-01-26T23:49:51.100Z",
"amount": 10,
"authorization_code": "",
"installments": 1,
"dev_reference": "",
"status_detail": 0,
"carrier_code": "",
"message": "",
"id": ""
},
"card": {
"bin": "400552",
"holder_name": "First Dev",
"number": "4821",
"expiry_year": "2020",
"expiry_month": "12",
"type": "vi",
"origin": "ORIGIN"
}
}
This endpoint is used to obtain transaction info
HTTP Request
GET https://ccapi-stg.gpvicomm.com/v2/transaction/<transaction_id>
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| transaction_id | String | Yes | Global Payments ViComm transaction_id |
Response
| Parameter | Description |
|---|---|
| transaction.status | Could be success, failure, pending, expired or canceled. |
| transaction.payment_date | If staging environment the date will be in UTC, otherwise will depend on carrier. |
| transaction.amount | The amount of the transaction. |
| transaction.authorization_code | If success the authorization code responded from carrier. |
| transaction.installments | The number of installments for the payment. |
| transaction.dev_reference | Merchant order reference. |
| transaction.message | The returned message from carrier or fraud analysis system. |
| transaction.carrier_code | The returned code from carrier. |
| transaction.id | Transaction identifier. This code is unique among all transactions. |
| transaction.status_detail | The status detail of the transaction, for more information status detail |
| card.bin | The BIN of the card (First six digits of the card). |
| card.expiry_year | The expiry year of the card. |
| card.expiry_month | The expiry month of the card. |
| card.transaction_reference | If any, the transaction.id |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
| card.origin | The origin of the credit card. Could be one of the following: ViComm, VisaCheckout, Masterpass. |
Card Brands
Internationals
| Card type | Brand | Logo |
|---|---|---|
| vi | Visa |  |
| mc | Mastercard |  |
| ax | American Express |  |
| di | Diners |  |
| dc | Discover |  |
| ms | Maestro |  |
Mexico
| Card type | Brand | Logo |
|---|---|---|
| cn | Carnet |  |
LinkToPay
In this platform, we can generate a payment link, which can be completed with any of the payment methods assigned to the access credentials.
Generate a link
Example of request to generate link.
curl --request POST
--url https://noccapi-stg.gpvicomm.com/linktopay/init_order/
--header 'auth-token: auth-token'
--header 'content-type: application/json'
--data '{
"user": {
"id": "117",
"email": "dummy@foo.com",
"name": "Gabriel",
"last_name": "Cruz"
},
"order": {
"dev_reference": "1",
"description": "Product description",
"amount": 1000,
"installments_type": 0,
"currency": "COP"
},
"configuration": {
"partial_payment": true,
"expiration_days": 1,
"allowed_payment_methods": ["All"],
"success_url": "https://url-to-success.com",
"failure_url": "https://url-to-failure.com",
"pending_url": "https://url-to-pending.com",
"review_url": "https://url-to-review.com"
}
}'
Example of request to generate a link with billing_address.
curl --request POST
--url https://noccapi-stg.gpvicomm.com/linktopay/init_order/
--header 'auth-token: auth-token'
--header 'content-type: application/json'
--data '{
"user": {
"id": "117",
"email": "dummy@foo.com",
"name": "Gabriel",
"last_name": "Cruz"
},
"order": {
"dev_reference": "1",
"description": "Product description",
"amount": 1000,
"installments_type": 0,
"currency": "COP"
},
"configuration": {
"partial_payment": true,
"expiration_days": 1,
"allowed_payment_methods": ["Card"],
"success_url": "https://url-to-success.com",
"failure_url": "https://url-to-failure.com",
"pending_url": "https://url-to-pending.com",
"review_url": "https://url-to-review.com"
},
"billing_address": {
"street": "Calle 1 Sur",
"city": "Chia",
"country": "COL",
"district": "Chia",
"zip": "#5",
"state": "CU",
"house_number": "179",
"additional_address_info": "Casa 53"
}
}'
The above request returns JSON structured like this:
{
"success": true,
"detail": "Operation completed successfully.",
"data": {
"user": {
"id": "117",
"email": "dummy@foo.com"
},
"order": {
"id": "8REV4qMyevlR4xGm3OL",
"status": "Init",
"dev_reference": "1",
"description": "Product description",
"currency": "COP",
"amount": 1000.0,
"taxes": [
{
"type": "vat",
"amount": 0
},
{
"type": "inc",
"amount": 0
}
],
"additional_amounts": [
{
"type": "tip",
"amount": 0
}
]
},
"configuration": {
"expiration_date": "2022-11-19 18:45:39",
"partial_payment": true,
"allowed_payment_methods": [
"All"
],
"allow_retry": true
},
"payment": {
"payment_url": "https://link-stg.gpvicomm.com./checkout/8REV4qMyevlR4xGm3OL",
"payment_qr": "iVBORw0KGgoAAAANSUhEUgAAAZoAAAGaAQAAAAAefbjOAAADC0lEQVR4nO2cXa7aMBBGz9SReDRSF8BSzA7ukq66s2Q
pLAApeURK9PXBdhJoVaniFigZP6Ak5Ahbsebnmwkm/np03/6eAYcccsghhxxy6D0hK6PJRzCYme2Bbjk1Mzs+ZXoOPR
5KkqQe1MYRO0aJ1E9GkmRHgiRJ19DjpufQ46GhGoB02kk/9kBnO2VDAWBmzfOm59DDoObm3IgXUzoZAvh9bvria3LoS6
HUgx0JotsDMJnaf/JLDr0kVG1EFDDUq90+YGAIQrYTa2vx4mty6AugzmpywbATqQdSH2THocGOTFaSkOdMz6FH24hfwo
V4MbrDxej2WLEgz5ieQw+HyFllkoplII4lGW1v7ozlPrUvviaH7oHqjuhB0ojUl8CB1AdJGoFYNkhWJXxHvDNUHrL6UL
ZFG8e6NyTV0+ujF1+TQ/dAV15D8+iD1BJUnMhsLdxrvD1UdkQOEuo+qB5iBLgxHr4j3hyac42pUXcYsSTKR/5i+I6KVh
W8rrEBqMYR2R5QPES7MhnMX3hkuQUo2wgjnlH3cc6GAoByFM+NuiNopVq8+Jocuh/KUWQ67QRDg332U9Uns4QZZLafXL
PcALT2GqlmEyWUJJSeCVXByr3GZqBuHwTDrjz4FlgkzGIe4ngDPW56Dj3BRix6xFgz0jyCFtXK9Yj3h2aXUPOKlGXrpb
hRXMf62ouvyaF7oLmuEVTLF+FKq4ql1uFxxEagqlANIAZDSQDxYsVtDA10HyMkTbW95sXX5NA90NxnOZmIgu7jPGsUPU
Y8N5ZjTNcsNwTV9qm5SyqHFZNlPaJ0WLkesQVolWssGcZS5FIbrzQKjyM2Ai3vdOUYs6vvZtiRoBJMHFyP2AK06o/IKc
Xy0UaJXA3Pt3g1fAvQqquupKCrnJN1k533WW4TUhsvOZ4029f6Vs41hqbI2//bmhy6C0qnhlLDiCNqo2qThNc1NgXND7
47jNjnqUFtTUbNDvO2eNL0HHoYdFvVysHE3FiZrxGvimEeR7wzZL9/+/uPw/+ZzCGHHHLIIYccAvgJATB20GiZw/kAAA
AASUVORK5CYII="
}
}
}
To generate a link to pay, certain information is required, this allows to consume any payment method provided by Global Payments ViComm
HTTP Request
POST https://noccapi-stg.gpvicomm.com/linktopay/init_order/
URL Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| user.id | String | Yes | Buyer identifier. Max length 250 characters. |
| user.email | String | Yes | Buyer email, with valid e-mail format. Max length 250 characters. |
| user.name | String | Yes | Buyer name. Max length 100 characters. |
| user.last_name | String | Yes | Buyer name. Max length 100 characters. |
| user.fiscal_number_type | String | No | Indicates the type of fiscal number (user identification). |
| user.fiscal_number | String | No | Fiscal number (identification number) given by the user. Max length 100 characters. |
| order.dev_reference | String | Yes | Id from commerce to identify the order. Max length 100 characters. |
| order.description | String | Yes | The order description. Max length 250 characters. |
| order.amount | Number | Yes | Total amount to pay. Format: Decimal with two fraction digits. |
| order.installments_type | Number | Yes | Only available Ecuador and Mexico see the valid types. For the rest of the countries, 0 to allow installments, -1 otherwise. Only available to card payment method. |
| order.vat | Number | Yes | Sales tax amount, included in order amount. Format: Decimal with two fraction digits. |
| order.inc | Number | No | National consumption tax, included in order amount. Format: Decimal with two fraction digits. |
| order.tip | Number | No | Only available for pay with Qr code . Tip, not included in order amount. Format: Decimal with two fraction digits. |
| order.currency | String | Yes | Order currency see the valid types. |
| configuration.partial_payment | Boolean | Yes | Indicates if the partial payment is allowed. |
| configuration.expiration_days | Number | No(*) | Number of days in which the link to pay expires. |
| configuration.expiration_time | Number | No(*) | Time in seconds it will take for the link to pay to expire. |
| configuration.allowed_payment_methods | Array (String) | No | Indicates allowed payment methods. 'All' is the default. See the valid types. |
| configuration.currency_exchange | String | No | Currency in which the link to pay will be paid see the valid types. |
| configuration.success_url | String | Yes | URL to redirect when transaction is success. (max 500) |
| configuration.failure_url | String | Yes | URL to redirect when transaction is failure. (max 500) |
| configuration.pending_url | String | Yes | URL to redirect when transaction is pending. (max 500) |
| configuration.review_url | String | Yes | URL to redirect when transaction is in review. (max 500) |
| configuration.card.capture_cellphone | Boolean | No | Indicates if it is required or not to ask for the phone number in card payment (By default is True). |
| billing_address.street | String | No | The name of the street. |
| billing_address.city | String | Yes | The city, max length of 50 characters. |
| billing_address.state | String | No | The state: ISO 3166-2 country subdivision code in case of 3DS authentication, free format otherwise |
| billing_address.district | String | No | The district. |
| billing_address.zip | String | Yes | The zip or postal code. Max length allowed of 50 characters. |
| billing_address.house_number | String | No | The house number |
| billing_address.country | String | Yes | Country in ISO 3166-1 alpha-3 format, for example: COL, MEX, ECU. |
| billing_address.additional_address_info | String | No | Additional address info, without format. |
Response
| Parameter | Description |
|---|---|
| user.id | Buyer identifier. |
| user.email | Buyer email registered to order. |
| order.dev_reference | Reference from commerce. |
| order.amount | Total amount to pay. |
| order.description | Order description. |
| configuration.expiration_date | Date limit to pay. |
| configuration.partial_payment | Indicates if the partial payment is allowed. |
| configuration.allowed_payment_methods | Indicates allowed payment methods. |
| payment.payment_url | Link To Pay, URL to do redirect. |
| payment.payment_qr | Code Qr base64, URL to do redirect. |
Currencies
Allowed currencies:
| Currency | Country | USD | México |
|---|---|
| MXN | Mexico |
Allowed payment methods
Allowed payment methods by country:
| Key | Description |
|---|---|
| All | All payment methods |
| Card | Only card payment method (All countries) |
Test Cards
You can use the following cards for your tests. For adding a card or direct purchase in staging environment:
| Card | Return Code | Scenarios |
|---|---|---|
| 4111111111111111, 36417002140808 | valid | Charge succeeds |
| 4242424242424242, 347763907473248 | rejected | Not Authorized |
| 4520121813132351, 378196561987405 | rejected | Rejected by Fraud System |
| 375953548754701, 376337093362277 | rejected | Card in black list |
| 4016360000000002 | valid | 3DS challenge flow |
For a card not listed above, the system will leave the card as valid. Once you add a valid card in the platform you can prove the debit using a specific description as follow:
| order.description | Result |
|---|---|
| Approved transaction | status = success, status_detail = 3 |
| Denied transaction | status = failure, status_detail = 9 |
| Reviewed transaction | status = pending, status_detail = 1 |
| Rejected by fraud system transaction | status = failure, status_detail = 11 |
| Card in black list | status = failure, status_detail = 12 |
You can use either the test cards or the description to prove, but not both.
WebHook
The above is the JSON returned in the WebHook:
{
"transaction": {
"status": "1",
"order_description": "ORDER #1507155336536",
"authorization_code": "113310",
"status_detail": "3",
"date": "04/10/2017 22:15:37",
"message": "Operation Successful",
"id": "CI-502",
"dev_reference": "1507155336536",
"carrier_code": "6",
"amount": "10.5",
"paid_date": "04/10/2017 19:15:00",
"installments": "1",
"ltp_id": "LeNgJbx57Vnj9Rnq",
"stoken": "e03f67eba6d730d8468f328961ac9b2e",
"application_code": "AndroidTest",
"terminal_code": "12334"
},
"user": {
"id": "4",
"email": "user@example.com"
},
"card": {
"bin": "411111",
"holder_name": "Martin Mucito",
"type": "vi",
"number": "1111",
"origin": "ORIGIN",
"fiscal_number": "2365448809"
}
}
Example of stoken generation (python):
So the
stokenfor this example is e242e78ae5f1ed162966f0eacaa0af01The above is an example of JSON returned for the case of Split Payment:
{
"transaction": {
"status": "1",
"order_description": "ORDER #1507155336536",
"authorization_code": "113310",
"status_detail": "3",
"date": "04/10/2017 22:15:37",
"stoken": "e03f67eba6d730d8468f328961ac9b2e",
"application_code": "AndroidTest",
"status": "1",
"paid_date": "04/10/2017 22:15:37",
"amount": "19000.0",
"authorization_code": "615246",
"installments": "1",
"dev_reference": "11372",
"message": "Aprobado",
"carrier_code": "00",
"id": "RB-37",
"status_detail": "3"
},
"split": {
"transactions": [
{
"installments": "1",
"amount": "10000.0",
"id": "RB-37-1",
"application_code": "App2",
"authorization_code": "615246"
},
{
"installments": "1",
"amount": "9000.0",
"id": "RB-37-2",
"application_code": "App1",
"authorization_code": "580705"
}
]
},
"card": {
"bin": "377813",
"holder_name": "Martin Mucito",
"type": "ax",
"number": "9063",
"origin": "ORIGIN"
}
}
The following is an example of returned JSON for the case of payment with Cash or Bank Transfer:
{
"transaction": {
"status": "1",
"order_description": "ORDER #1507155336536",
"status_detail": "3",
"date": "04/01/2020 22:15:37",
"id": "PSE-1000",
"payment_method_type": "2",
"dev_reference": "1507155336536",
"amount": "10.5",
"paid_date": "04/10/2017 19:15:00",
"ltp_id": "LeNgJbx57Vnj9Rnq",
"stoken": "e03f67eba6d730d8468f328961ac9b2e",
"application_code": "AndroidTest",
"terminal_code": "12334"
},
"user": {
"id": "4",
"email": "user@example.com"
}
}
Every time a transaction gets approved or cancelled you will get an HTTP POST request from Global Payments ViComm to your callback_url (you need to provide this url to our staff). The POST includes the following fields:
| Parameter | Description |
|---|---|
| transaction.status | The status of the transaction, for more information status |
| transaction.order_description | Description of the order to be purchase. Format: (Maximum Length 250) |
| transaction.authorization_code | If success the authorization code responded from carrier. |
| transaction.status_detail | The status detail of the transaction, for more information status detail |
| transaction.date | Transaction date (used for approved numbers in the Dashboard). |
| transaction.message | The returned message from carrier or fraud analysis system. |
| transaction.id | Transaction identifier. This code is unique among all transactions. |
| transaction.dev_reference | Merchant order reference. |
| transaction.carrier_code | The returned code from carrier. |
| transaction.amount | The amount of the transaction. |
| transaction.paid_date | Transaction paid date (used for approved numbers in the Dashboard). |
| transaction.installments | The number of installments for the payment. |
| transaction.stoken | MD5 hash of [transaction_id]_[application_code]_[user_id]_[app_key] |
| transaction.ltp_id | Reference to the link to pay used to pay. |
| transaction.application_code | The transaction belongs to this application code. |
| transaction.payment_method_type | Payment method of the transaction, type string. For more information payment_method_types |
| transaction.terminal_code | Terminal id of the transaction. |
| user.id | Customer identifier. This is the identifier you use inside your application. |
| user.email | Buyer email, with valid e-mail format. |
| card.bin | The BIN of the card (First six digits of the card). |
| card.holder_name | The credit card holder name. |
| card.type | Abbreviated card type. See the valid options |
| card.number | The last four digits of the card. |
| card.origin | The origin of the credit card. Could be one of the following: ViComm, VisaCheckout, Masterpass. |
| card.fiscal_number | Fiscal number of the payer of the transaction. |
For every transaction you must return an HTTP status, this status is only used to know that you received correctly the call:
| Status | Case |
|---|---|
| 200 | success |
| 203 | token error |
You just need to generate the stoken and match the token against the one you receive to be sure that the POST came from Global Payments ViComm
. You must store this information from all transactions in your database and always check the transaction.id to make sure you are not getting a duplicated POST.
If your server doesn’t respond with an HTTP 200 OK message, the POST will be retrying until get an status HTTP 200, this during 48 hours, with incremental period of time in each retry, first retry will be at 5 min aprox., second retry at 10 min aprox. and so on. In case of receiving any HTTP status >= 500 we will stop trying.
Additionally to approve transactions we also send you those approved transactions that get cancelled, this time the only difference is the status value, which will be 2. In this case you should answer with 200 (so we don’t send it again) and should update the transaction status so you ensure your data and accounting matches with Global Payments ViComm
Status details
The Global Payments ViComm API uses the following status and status details:
| Status | Meaning |
|---|---|
| 0 | Pending |
| 1 | Approved |
| 2 | Cancelled |
| 4 | Rejected |
| 5 | Expired |
| Status Detail | Meaning |
|---|---|
| 0 | Waiting for Payment. |
| 1 | Verification required, please see Verification section. |
| 2 | Paid Partially |
| 3 | Paid. |
| 4 | In Dispute. |
| 5 | Overpaid. |
| 6 | Fraud. |
| 7 | Refund. |
| 8 | Chargeback |
| 9 | Rejected by carrier. |
| 10 | System error. |
| 11 | Global Payments ViComm fraud. |
| 12 | Global Payments ViComm blacklist. |
| 13 | Time tolerance. |
| 14 | Expired by Global Payments ViComm |
| 15 | Expired by carrier. |
| 16 | Rejected by Global Payments ViComm |
| 17 | Abandoned by Global Payments ViComm |
| 18 | Abandoned by Customer |
| 19 | Invalid Authorization Code. |
| 20 | Authorization code expired. |
| 21 | Global Payments ViComm Fraud - Pending refund. |
| 22 | Invalid AuthCode - Pending refund. |
| 23 | AuthCode expired - Pending refund. |
| 24 | Global Payments ViComm Fraud - Refund requested. |
| 25 | Invalid AuthCode - Refund requested. |
| 26 | AuthCode expired - Refund requested. |
| 27 | Merchant - Pending refund. |
| 28 | Merchant - Refund requested. |
| 29 | Annulled. |
| 30 | Transaction seated (only Ecuador). |
| 31 | Waiting for OTP. |
| 32 | OTP successfully validated. |
| 33 | OTP not validated. |
| 34 | Partial refund. |
| 35 | 3DS method requested, waiting to continue. |
| 36 | 3DS challenge requested, waiting CRES. |
| 37 | Rejected by 3DS. |
| 47 | Failure cpf validation |
| 48 | Authenticated by 3DS |
Errors
The Global Payments ViComm API uses the following error codes:
| Http Status Code | Meaning |
|---|---|
| 400 | Bad Request -- For example json not well formatted, data type or parameters missing. |
| 401 | Unauthorized -- Your auth_token is wrong or expired. |
| 403 | Forbidden -- For several reasons, for example invalid card, card already added, carrier not configured or operation not allowed. |
| 404 | Not found -- The resource does not exist. |
| 409 | Conflict -- For several reasons, for example transaction could not be created, a miss configuration, the response from third party service response with error. |
| 500 | Internal Server Error -- We had a problem with our server. Try again later. |
| 503 | Service Unavailable -- We're temporarily offline for maintenance. Please try again later. |
Response in case of error
An example of an error returns JSON structured like this:
{
"error": {
"type": "Invalid Token",
"help": "Auth-Token: should have a format like b64encode(application_code;unix_timestamp;token)",
"description": "{}"
}
}
| Parameter | Description |
|---|---|
| error.type | Type of error. |
| error.help | In some cases a useful help for the developers. |
| error.description | A description of the error. |
Payment Method Types
These are the meanings of the different payment method types.
| Payment Method Type Code | Meaning |
|---|---|
| 0 | Credit Card |
| 1 | Boleto (Bank Ticket) |
| 5 | Vouchers Card |
| 7 | Debit Card |
| 8 | Prepaid Card |