This page serves as a supplementary guide for integrating Real-Time Recurring Credit Card transaction payment into the payment flow and is to be read in conjunction with the PayU Enterprise API integration documentation.
Overview
PayU Real-Time Recurring (RTR) transaction processing is a card processing solution where the merchant is allowed to deduct specified amounts from a card holder's account as agreed between card holder and merchant without the card holder initiating the actual transaction. Real-Time Recurring (RTR) Credit Card transaction solution is available on the PayU payment system via both the API and responsive channel through tokenised enterprise API integration. API channel due for release last quarter of 2015 with redirect following shortly during first quarter 2016. Please consult with PayU Sales for more information.
Real-Time recurring transactions are set-up by providing full card data (Card holder provide during agreement process) for transaction authorisation initially and on subsequent transactions only the card number is required to authorise payment to the merchant. To assist Enterprise merchants in reducing PCI exposure with API integrations PayU offers RTR as a tokenised payment solution. The card details will be encrypted by PayU and stored in a token which should be stored against a merchant user profile for future recurring transactions. Future transactions can happen via administrative process or on-line transactions where card holder launch payment process.
Merchant Requirement
Merchant will need to have the following in place before attempting Real-Time Recurring integration.
- User profile system with secure login process for merchant users.
- Capabilities to store one or more PayU created payment tokens against user profiles.
- UI with some processing intelligence to make decisions on:
- displaying card capture for new users or users without tokenised cards.
- ability to add new card to be tokenised against user profile
- Ability to display a list of one or more tokenised cards for payment selection.
- Back-end processing capability to process recurring subscription transactions.
Additional considerations:
For Enterprise Integration: As card holder data is captured on the merchant's hosted pages the merchant needs to be PCI compliant to the level required by the acquiring bank and PCI-DSS guidelines. Merchants do not need to save sensitive card holder information. The merchant needs to be able to save the token value returned in the API response against the user profile to re-use for future payment requests.
For Redirect Integration: No sensitive card holder data will be exposed to the merchant, all card capturing happens at PayU. The merchant can still process back-end transactions via Enterprise API by making use of the tokens.
doTransaction amendments for Real-Time Recurring Credit Card Transactions (RTR)
Setup Call: No token exist at this time.
Merchants will need to make the following amendments to the normal doTransaction API call in order to do Real-Time Recurring Credit Card transactions with and without tokens on the PayU platform. All credit card details are required during setup.
- AuthenticationType = TOKEN
- storePaymentMethod = TRUE
merchantUserId = Identifying value at merchant
Customfield
key = processingType
- value = REAL_TIME_RECURRING
<AuthenticationType>TOKEN</AuthenticationType> Â <AdditionalInformation> <storePaymentMethod>true</storePaymentMethod> </AdditionalInformation> Â <Customer> <merchantUserId>123</merchantUserId> <regionalId>123456</regionalId> <countryCode>27</countryCode> </Customer> Â <Customfield> <key>processingType</key> <value>REAL_TIME_RECURRING</value> </Customfield>
Response: Token created and returned by PayU on successful transaction completion.
- pmId = This value needs to be associated with merchantUserId and used for Enterprise payments. (Back-end Real-Time recurring transactions)
- cardExpiry = Store this value to ensure recurring transactions are not requested beyond expiry date of card
- cardNumber = Purely used by merchants for statistical reasons and UI selection
<pmId>C113C08A96F9E1177DB441EAB08DC046</pmId> <cardExpiry>102018</cardExpiry> <cardNumber>403822******8021</cardNumber>
Additional payments: Tokens exist and used in place of credit card values. No expiry or CVV required.
- AuthenticationType = TOKEN
merchantUserId = Identifying value at merchant
- CreditCard
- pmId = Token representing the card. For additional recurring transactions this can be send without CVV.
Customfield
key = processingType
- value = REAL_TIME_RECURRING
<AuthenticationType>TOKEN</AuthenticationType> Â <Customer> <merchantUserId>123</merchantUserId> <regionalId>123456</regionalId> <countryCode>27</countryCode> </Customer> Â <Creditcard> <amountInCents>1000</amountInCents> <pmId>f1VnURZ/QBV6FVVpJhBgVGdVEHFFDANFFBAWNj5RZkkRekQQehJec1xke1Fl</pmId> <cvv></cvv> </Creditcard> <Customfield> <key>processingType</key> <value>REAL_TIME_RECURRING</value> </Customfield>
Integration payment sequence/flow
When developing a solution with PayU's Enterprise API some de-risking of transactions can be done be performing a transaction.
Set-up flow with Secure 3D de-risking:
Description
- Step 1
- todo
- Step 2
- todo
- Step 3
- todo
- Step 4
- todo
- Step 5
- todo
- Step 6
- Todo
- Step 7
- Todo
Set-up flow without any de-risk (Fraud checks can be added)
Description
- Step 1
- todo
- Step 2
- todo
- Step 3
- todo
- Step 4
- todo
- Step 5
- todo
- Step 6
- Todo
Transaction flow for recurring transactions beyond set-up (Front end - user driven)
Description
- Step 1
- todo
- Step 2
- todo
- Step 3
- todo
- Step 4
- todo
- Step 5
- todo
- Step 6
- Todo
Transaction flow for recurring transactions beyond set-up (Back-end - subscriptions not user driven)
Description
- Step 1
- todo
- Step 2
- todo
- Step 3
- todo
- Step 4
- todo
- Step 5
- todo
API call examples
Please refer to the doTransaction API example page for more information