3. Merchant Integration Flow: Card Tokenisation and Tokenised Payments

3.1.5 Tokenisation: Step 3 – HTTPS Form Post to Payment Gateway

The merchant must create an order submission form for the HTTPS Form Post to VPG.
The encXml field will contain the encrypted transaction object.
The form post must be submitted via HTTPS to VPG using the appropriate endpoint.
Take note, this is a lengthy batch process and runs as scheduled tasks between VFS and the bank.
It should never be relied upon to be returned quickly or included in a synchronous user–journey with the customer.

3.1.5.1 Credit Card Payments and Tokenisation End-Points

Table 8. Tokenisation: Step 3 – End–Points

Tokenisation Phase : End–Points
PROD ^ https://psp.vodacompaymentgateway.co.za/recurringPayment/tokenize
UAT ^ https://uat.vodacompaymentgateway.co.za/recurringPayment/tokenize
QA ^ https://qa.vodacompaymentgateway.co.za/recurringPayment/tokenize

3.1.5.2 Credit Card Payment and Tokenisation Form Post

The merchant must create an order submission form for the HTTPS Form Post to VPG.
The "encxml" field will contain the encrypted XML generated in 3.1.4. Tokenisation: Step 2 – Encryption.

Figure 6. Tokenisation: Step 3 – Credit Card Payment and Tokenisation Form Post

3.1.5.3 Credit Card Payment and Tokenisation Form Post Field Definitions

Table 9. Tokenisation: Step 3 – Credit Card Payment and Tokenisation Form Post Field Definition
# Field
(Case-Sensitive)		 Required
Mandatory
Optional		 Type Length Description
1. PayserverUser ^ M String <= 50 Merchant username (maximum length 50) as defined by the Payserver service account
2. EncType O String 8 This is encryption algorithm the merchant has elected to use. Permitted Values:
  • BLOWFISH (Recommended)
  • AES
  • TWOFISH
(if omitted default value is BLOWFISH)
3. EncSalt O String 32 Random string used by merchant to salt the password used to encrypt the message passed in encXML/encJSON
and used by Vodacom to decrypt the message Mandatory if encType is TWOFISH or AES
4. EncIterations O Numeric Number of iterations used to derive the key (along with the salt and stored encryption key) using password-based
key derivation functionality, PBKDF2 Mandatory if encType is TWOFISH or AES.
5. EncIv O String 16 Random string used by merchant used as the Initialisation Vector to encrypt the message passed in
encXML/encJSON and used by Vodacom to decrypt the message.
Mandatory if encType is TWOFISH or AES.
6. EncXml M String The encrypted XML Transaction object created in 3.1.3. Tokenisation: Step 1: Create Transaction Object and 3.1.4. Tokenisation Step 2: Encryption must be passed in this field.
See 4.2 Appendix B: Encryption Algorithms for further detail.
7. ReturnUrl ^ O String <= 500 This is the redirect end–point to which payment gateway will respond synchronously, after the payment has been completed successfully (either Auth. or Auth. & Settle).
Overrides the transaction object value.
8. FailureUrl ^ O String <= 500 This is the redirect end–point to which payment gateway will respond synchronously, after the payment has been completed unsuccessfully (either Auth. or Auth. & Settle).
Overrides the transaction object value.
9. NotifyUrl ^ O String <= 500 This is the end–point to which the asynchronous tokenisation response, will be posted back to the merchant's server,
once the bank has responded with the token creation (success or failure).
This is an asynchronous post–back to the merchant. See 3.1.9.2 Tokenisation Response Field Definitions for further details.
Overrides the transaction object value.

Continue

Return