Backend2Backend Integration

With the Backend2Backend Integration the merchant collects all required data from the customer directly on the merchant's website and submits it to the mPAY24 system. The payment data is than processed to the corresponding financial institution by mPAY24. Afterwards the merchant is informed by the result, which could be the end of the transaction or instructions for the next step of the process (e.g. redirection). Since the merchant decides to accept sensitive data (e. g. credit card data) on the web site, the merchant is obliged to maintain the system secure and only allow secure connections between the customer’s browser client, the merchant's web server and mPAY24 for requests.

When processing credit cards, the merchant must take care of the Payment Card Industry Data Security Standard (PCI DSS) and the merchant's implementation would be responsible for all the sensitive data of customers. Among others, the merchant is obligated to complete the Self-Assessment Questionnaire D of PCI SSC. More information about PCI DSS: https://www.pcisecuritystandards.org

Additional the merchant may be required to perform an acceptance test with the acquirer before switching to productive system.

📘
In any case, the merchant system has to be adjusted by interface changes made due to 3rd party or security requirements.

The Backend2Backend Integration uses the AcceptPayment operation, which has to be provided with all payment and order information.

📘
It is highly recommended to contact the mPAY24 Support to discuss merchant specific use cases and to receive guide through the implementation process.

Integration steps

Processing a basic payment

655 — Workflow diagram of the Backend2Backend Integration variant

The customer requests a payment (e.g. by filling out a form with all payment details such as credit card number, expiry and cvc and confirming the payment by pressing a Pay button).

📘
The merchant is responsible to handle and/or store the entered data secure!

The merchant sends an AcceptPayment call including all order and payment details to mPAY24.

📘
When processing credit cards the merchant is required to be PCI DSS certificated.

<SOAP-ENV:Envelope 
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
  xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <etp:AcceptPayment>
      <merchantID>90000</merchantID>
      <tid>21736</tid>
      <pType>ELV</pType>
      <payment xsi:type="etp:PaymentELV">
        <amount>1000</amount>
        <currency>EUR</currency>
        <brand>HOBEX-AT</brand>
        <iban>AT771400000123456789</iban>
        <bic>BAWAATWWXXX</bic>
        <mandateID>ID-12751-2014-08-14</mandateID>
        <dateOfSignature>2014-08-14</dateOfSignature>
      </payment>
      <customerName>John Doe</customerName>
      <order>
        <clientIP>131.130.70.8</clientIP>
        <desciption>Direct debit example</desciption>
      </order>
    </etp:AcceptPayment>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

<SOAP-ENV:Envelope 
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
  xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
  xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <etp:AcceptPaymentResponse>
      <status>OK</status>
      <returnCode>OK</returnCode>
      <mpayTID>1683862</mpayTID>
    </etp:AcceptPaymentResponse>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

mPAY24 returns the AcceptPaymentResponse with information about the transaction result.
The merchant informs the customer about the payment/transaction.
mPAY24 communicates the payment result via push using the confirmationURL (see chapter Payment notification for more information). (Confirmation Interface). Note that this step could occur before mPAY24 returned the AcceptPaymentResponse.

http://www.hotelmuster.com/conf.php?OPERATION=CONFIRMATION&TID=4002451&
  STATUS=BILLED&PRICE=1000&CURRENCY=EUR&P_TYPE=ELV&BRAND=HOBEX-AT&MPAYTID=1683862
  USER_FIELD=&ORDERDESC=Example+payment&CUSTOMER=John+Doe&CUSTOMER_EMAIL=&LANG
  CUSTOMER_ID=&PROFILE_STATUS=IGNORED&FILTER_STATUS=OK&APPR_CODE=%2Dtest%2D

The merchant confirms the receipt of the transaction notification with either OK or ERROR (status depends if the confirmation could successfully update the merchant' system).

📘
In PHP this could be achieved by echo 'OK'

Processing a redirection payment

725 — Extended workflow of the Backend2Backend integration variant

The customer requests a payment (e.g. by filling out a form with all payment details such as name and desired payment system and confirming the payment by pressing a Pay button).

📘
The merchant is responsible to handle and/or store the user input data secure!

The merchant sends an AcceptPayment call including order and payment specific details to mPAY24.

<SOAP-ENV:Envelope 
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
  xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <etp:AcceptPayment>
      <merchantID>90000</merchantID>
      <tid>2626281</tid>
      <pType>SOFORT</pType>
      <payment xsi:type="etp:PaymentSOFORT">
        <amount>1000</amount>
        <currency>EUR</currency>
      </payment>
      <customerName>John Doe</customerName>
      <order>
        <description>Example payment</description>
      </order>
      <successURL>http://www.hotelmuster.at/succ.php</successURL>
      <errorURL>http://www.hotelmuster.at/err.php</errorURL>
      <confirmationURL>http://www.hotelmuster.at/conf.php</confirmationURL>
    </etp:AcceptPayment>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

<SOAP-ENV:Envelope 
  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
  xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" 
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
  xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
  xmlns:etp="https://www.mpay24.com/soap/etp/1.5/ETP.wsdl">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <etp:AcceptPaymentResponse>
      <status>OK</status>
      <returnCode>REDIRECT</returnCode>
      <mpayTID>1690804</mpayTID>
      <location>https://www.sofort.com/payment/go/[...]</location>
    </etp:AcceptPaymentResponse>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

mPAY24 returns the AcceptPaymentResponse including a returnCode = REDIRECT and a location value (if status = OK).
The customer is redirected to the 3rd party location URL by the merchant (e.g. by supplying the location as a link or just forwarding the browser to the URL).
The customer follows the payment process specified by the 3rd party.
mPAY24 is informed about the 3rd party server result.
The customer is redirected to mPAY24 by the 3rd party site. It is possible that the customer is redirected immediately and does not notice this redirection (see diagram step Redirect to successURL or ErrorURL).
mPAY24 communicates the payment result via the push method using the confirmationURL (see chapter Payment notification for more information).

http://www.hotelmuster.com/conf.php?OPERATION=CONFIRMATION&TID=2626281&STATUS=BILLED&PRICE=1000&CURRENCY=EUR&P_TYPE=SAFETYPAY&BRAND=&MPAYTID=1690804&USER_FIELD=&ORDERDESC=Example+order&CUSTOMER=John+Doe&CUSTOMER_EMAIL=&LANGUAGE=DE&CUSTOMER_ID=&PROFILE_STATUS=IGNORED&FILTER_STATUS=OK&APPR_CODE=%2Dtest%2D

The merchant confirms the receipt of the transaction notification with either OK or ERROR (status depends if the confirmation could successfully update the merchant' system).

📘
In PHP this could be achieved by echo 'OK'

mPAY24 forwards the customer to the successURL or errorURL specified by the merchant dynamically within the AcceptPayment request or static over the merchant portal.
The customer requests the successURL or errorURL.
The merchant informs the customer about the payment/transaction.

Payment system integration

The following overview shows the payment system requirements and relevant chapters for integration as well as additional notes.

Description	pType	Brand	Integrated by chapter	Additional note
Billpay	`BILLPAY`	`HP`	Hire purchase	After integration the Billpay activation needs to be performed.
Billpay	`BILLPAY`	`INVOICE`	Invoice	After integration the Billpay activation needs to be performed.
Creditcards	`CC`	`AMEX`, `DINERS`, `JCB`,`VISA`, `MASTERCARD`	Creditcard	The merchant is obligated to complete the `VISA`, `MASTERCARD` Self-Assessment Questionnaire D of PCI SSC.
Debit cards	`MAESTRO`	n/a	Debit cards	The merchant is obligated to complete the Self-Assessment Questionnaire D of PCI SSC.
Direct debit	`ELV`	`ATOS`	Direct debit	mPAY24 highly recommends the merchant to additionally request a written SEPA mandate from the customer (see SEPA Direct Debit).
Direct debit	`ELV`	`HOBEX-AT`, `HOBEX-DE`, `HOBEX-NL`	Direct debit	None
Direct debit	`ELV`	`BILLPAY`	Direct debit	After integration the Billpay activation needs to be performed.
Klarna	`KLARNA`	`HP`	Hire purchase	None
Klarna	`KLARNA`	`INVOICE`	Invoice	None
MasterPass	`MASTERPASS`	n/a	Masterpass	None
mpass	`MPASS`	n/a	Redirect payment systems	None
PayPal	`PAYPAL`	n/a	Paypal	None
paysafecard	`PSC`	`PSC`	Redirect payment systems	None
paysafecash	`PSC`	`PAYSAFECASH`	Redirect payment systems	None
Online-Banking	`EPS`	n/a	Online Banking	None
Online-Banking	`GIROPAY`	n/a	Online Banking	None
Online-Banking	`SOFORT`	n/a	Online Banking	None
@Quick	`QUICK`	n/a	Redirect payment systems	None

Backend2Backend Integration

📘
In any case, the merchant system has to be adjusted by interface changes made due to 3rd party or security requirements.

📘
It is highly recommended to contact the mPAY24 Support to discuss merchant specific use cases and to receive guide through the implementation process.

Integration steps

Processing a basic payment

📘
The merchant is responsible to handle and/or store the entered data secure!

📘
When processing credit cards the merchant is required to be PCI DSS certificated.

📘
In `PHP` this could be achieved by `echo 'OK'`

Processing a redirection payment

📘
The merchant is responsible to handle and/or store the user input data secure!

📘
In `PHP` this could be achieved by `echo 'OK'`

Payment system integration

📘In any case, the merchant system has to be adjusted by interface changes made due to 3rd party or security requirements.

📘It is highly recommended to contact the mPAY24 Support to discuss merchant specific use cases and to receive guide through the implementation process.

Integration steps

Processing a basic payment

📘The merchant is responsible to handle and/or store the entered data secure!

📘When processing credit cards the merchant is required to be PCI DSS certificated.

📘In PHP this could be achieved by echo 'OK'

Processing a redirection payment

📘The merchant is responsible to handle and/or store the user input data secure!

📘In PHP this could be achieved by echo 'OK'

Payment system integration

📘
In any case, the merchant system has to be adjusted by interface changes made due to 3rd party or security requirements.

📘
It is highly recommended to contact the mPAY24 Support to discuss merchant specific use cases and to receive guide through the implementation process.

📘
The merchant is responsible to handle and/or store the entered data secure!

📘
When processing credit cards the merchant is required to be PCI DSS certificated.

📘
In `PHP` this could be achieved by `echo 'OK'`

📘
The merchant is responsible to handle and/or store the user input data secure!

📘
In `PHP` this could be achieved by `echo 'OK'`