2. Configuration Information
2.1 Minimum API Developer Requirements
- For PCI compliance the merchant is not permitted to host their own payment page where credit card details are captured. This must be done using the Vodacom Payment page (hosted in Vodacom's secure PCI environment).
- Payment page templates (such as Amazon Payments, eWay, PayPoint, PayPal, SagePay, WooCommerce, World Pay etc), are not supported.
2.2 Payment Gateway: Operational and Maintenance Hours
2.2.1 QA Environment
Please note that the payment systems undertake maintenance on their QA environment during the following times (SAST):
- 07h00 – 08h00
- 12h00 – 13h00
- 16h00 – 17h00
- In addition, please note that scheduled payments are an asynchronous operation with the acquiring bank.
Turn-around times for processing scheduled payment batch requests are not guaranteed in any way.
The acquiring banks are also not available outside of normal business hours (SAST/UTC+2) for processing scheduled payment requests
2.2.2 PROD Environment
- The PROD environment undertake regular releases for which you will be notified prior to implementations.
The implementation window for these are usually between 23h00–01h00 (SAST).
Please send a request to PSP-ServiceRequests@vodacom.co.za to be included in the distribution list for these release notifications.
In addition, please note that tokenisation and scheduled tokenised payments are an asynchronous operation with the acquiring bank.
Take note, this is a lengthy batch process and runs as scheduled tasks between VFS and the acquiring bank.
It should never be relied upon to be returned quickly or included in a synchronous user–journey with the customer.
Return to 2. Developer Information
2.3 Security
2.3.1. Transport Layer Security and Firewall Requirements
- TLS 1.2 is required for all browser access to the hosted pages.
- The Merchant end–points to which recurring payments will respond back to, must be accessible from the PCI Payment Gateway.
As a consequence firewall rules must be applied to successfully post–back to the Merchant.
The Merchant end–point must be TLS1.2 compliant and be accessible on the internet.
Please complete the table below and return it to PSP-ServiceRequests@vodacom.co.za and VFSIntegration@vodacom.co.za in order for the firewall change to be logged.
Please note that firewall changes at Vodacom require a minimum of 48-hour turn–around time.
Table 4. Firewall Request for Asyncrhonous Call-Backs
Payments
Environment |
Payments Soruce
I.P/Subnet |
Payments
Host Name |
Merchant Destination
I.P/Subnet |
Merchant Destination
Host Name |
TCP
UDP
ICMP |
Port(s) |
Port
Description |
| QA |
172.24.246.202 |
QVPSW01ZAFSWI |
|
|
TCP |
443 |
https |
| PROD 1 |
172.24.53.193 |
PVPSW01ZATCWI |
|
|
TCP |
443 |
https |
| PROD 2 |
172.24.53.194 |
PVPSW02ZATCWI |
|
|
TCP |
443 |
https |
| DR 1 |
172.24.53.197 |
PVPSW01ZAFSWI |
|
|
TCP |
443 |
https |
| DR 2 |
172.24.53.198 |
PVPSW02ZAFSWI |
|
|
TCP |
443 |
https |
The following payment gateway public addresses must be white–listed on the merchant's firewall, for their corresponding environment in order to receive successful post–backs.
2.3.2. Payload Encryption
All payloads sent to Vodacom Payment Gateway must be encrypted (see referenced documentation for details).
2.3.3. Control Key
A Control Key must be used between the merchant and the Vodacom Payment Gateway to detect any tampering with messages exchanged (see referenced documentation for details).
Continue
Return