createPayment

Creating a payment transaction with 3D Secure authentication

Four files are required for creating a payment transaction with 3D Secure authentication :

  • a "function.php" file for functions

  • a "v5.php" file for defining objects

  • createPayment file (operation):
    <?php
    include_once 'v5.php'; 	// File containing the definition of different objects 
    include_once 'function.php';// File containing all the useful functions (generation of the uuid, etc.)
    
    //Initialization of variables
    $shopId = "123456789";
    $key = "123456789123456";	
    $mode = "TEST";
    $wsdl = "https://paiement.systempay.fr/vads-ws/v5?wsdl";
    
    //Example of initialization of a SOAP client with SNI management
    		/*
    		$client = new soapClient($wsdl,	$options = array('trace'=>1, 
    					'exceptions'=> 0, 			
    					'encoding' => 'UTF-8','soapaction' => '',
    					'uri' => 'http://v5.ws.vads.lyra.com/',	            
    					'cache_wsdl' => WSDL_CACHE_NONE, 
    					//Proxy parameters
    					'proxy_host' => 'my.proxy.host',
    					'proxy_port' => 3128,
    					'stream_context' => stream_context_create (array('ssl' => array( 
    						'SNI_enabled' => true,
    						'SNI_server_name' => 'paiement.systempay.fr')))
    					));
    		*/			
    
    //Exemple d'Initialisation d'un client SOAP sans proxy		
    		$client = new soapClient($wsdl, $options = array(
    					'trace'=>1, 
    					'exceptions'=> 0, 			
    					'encoding' => 'UTF-8',
    					'soapaction' => '')
    		);
    
    //Génération du header
    			$requestId = gen_uuid ();
    			$timestamp = gmdate ( "Y-m-d\TH:i:s\Z" );			
    			$authToken = base64_encode(hash_hmac('sha256',$requestId.$timestamp, $key, true));			
    			setHeaders ($shopId, $requestId, $timestamp, $mode, $authToken, $key, $client);
    			
    //Génération du body
    		$commonRequest = new commonRequest;
    			$commonRequest->paymentSource = 'EC';
    			$commonRequest->submissionDate = new DateTime('now',new DateTimeZone('UTC'));		
    		
    		$threeDSRequest = new threeDSRequest;			
    			$threeDSRequest->mode = "ENABLED_CREATE";
    			
    		$paymentRequest = new paymentRequest;			
    			$paymentRequest->amount = "2990";
    			$paymentRequest->currency = "978";			
    			$paymentRequest->manualValidation = '0';			
    			
    		$orderRequest = new orderRequest;
    			$orderRequest->orderId = "myOrder";					
    
    		$cardRequest = new cardRequest;
    			$cardRequest->number = "4970100000000000";
    			$cardRequest->scheme = "VISA";
    			$cardRequest->expiryMonth = "12";
    			$cardRequest->expiryYear = "2023";
    			$cardRequest->cardSecurityCode = "123";
    			$cardRequest->cardHolderBirthDay = "2008-12-31";
    					
    		$customerRequest = new customerRequest;
    			$customerRequest->billingDetails = new billingDetailsRequest;				
    				$customerRequest->billingDetails->email="test@example.com";						
    			
    		$customerRequest->extraDetails = new extraDetailsRequest;
    		
    		$techRequest = new techRequest;
    			
    //Appel de l'opération createPayment		
    	  try {		
    		$createPaymentRequest = new createPayment;
    			$createPaymentRequest->commonRequest = $commonRequest; 
    			$createPaymentRequest->threeDSRequest =  $threeDSRequest;
    			$createPaymentRequest->paymentRequest = $paymentRequest;
    			$createPaymentRequest->orderRequest = $orderRequest;
    			$createPaymentRequest->cardRequest = $cardRequest; 
    			$createPaymentRequest->customerRequest = $customerRequest;
    			$createPaymentRequest->techRequest = $techRequest;
    		$createPaymentRequest->commonRequest->submissionDate = $createPaymentRequest->commonRequest->submissionDate->format(dateTime::W3C);
    		$createPaymentResponse= new createPaymentResponse();
    		$createPaymentResponse = $client->createPayment($createPaymentRequest);
    	} catch (SoapFault $fault) {
    	
    //Exception management		
    	trigger_error("SOAP Fault: (faultcode: {$fault->faultcode}, faultstring: {$fault->faultstring})", E_USER_ERROR);
    				 }
    	
    		/* Displaying XML logs that must be replaced in a log file.	
    	*
    		 * WARNING DO NOT REGISTER CARD NUMBERS IN YOUR LOGS
    		 */
    			echo "<hr> [Request Header] <br/>", htmlspecialchars($client->__getLastRequestHeaders()), "<br/>";
    			echo "<hr> [Request] <br/>", htmlspecialchars($client->__getLastRequest()), "<br/>";	
    			echo "<hr> [Response Header]<br/>", htmlspecialchars($client->__getLastResponseHeaders()), "<br/>";
    			echo "<hr> [Response]<br/>", htmlspecialchars($client->__getLastResponse()), "<br/>";
    			echo '<hr>';			
    			echo "<hr> [Response SOAP Headers]<br/>";
    
    //Response analysis
    	//Retrieving the SOAP Header of the response to store the headers in a table (here $responseHeader)	
    		$dom = new DOMDocument;
            $dom->loadXML($client->__getLastResponse(), LIBXML_NOWARNING);
            $path = new DOMXPath($dom);
            $headers = $path->query('//*[local-name()="Header"]/*');			
    		$responseHeader = array();				
    		foreach($headers as $headerItem) {			
    			$responseHeader[$headerItem->nodeName] = $headerItem->nodeValue;				
    		}	
    	
    //Computation of the authentication token of the response				
    		$authTokenResponse = base64_encode(hash_hmac('sha256',$responseHeader['timestamp'].$responseHeader['requestId'], $key, true));			
    		if ($authTokenResponse !== $responseHeader['authToken']){			
    			//Computation error or attempted fraud			
    				echo 'Internal error';
    		}
    		else{		
    			//Response analysis
    				if ($createPaymentResponse->createPaymentResult->commonResponse->responseCode != "0"){				
    				//process error				
    				}
    				else{
    				//Process successfully completed					
    					//Checking the presence of the transactionStatusLabel:
    					if (isset ($createPaymentResponse->createPaymentResult->commonResponse->transactionStatusLabel)){
    						//The card is not enrolled or 3DS deactivated											
    						
    							// The payment is accepted	
    								// The code below must be modified to integrate database updates etc.
    								switch ($createPaymentResponse->createPaymentResult->commonResponse->transactionStatusLabel) {							
    									case "AUTHORISED":
    											echo "payment accepted";
    									break;
    									case "WAITING_AUTHORISATION":
    											echo "payment accepted";
    									break;
    									case "AUTHORISED_TO_VALIDATE":
    											echo "payment accepted";
    									break;
    									case "WAITING_AUTHORISATION_TO_VALIDATE":
    											echo "payment accepted";
    									break;							
    								// The payment is declined							
    									default:
    											echo "payment declined";
    									break;									
    								}						
    					}
    					else{			
    					// if absent = the transaction has not been created, we are in the case of an enrolled card
    					// we move on to generating the  3DS redirection form
    						
    						//we retrieve the session id for maintaining the session during the analysis of the response from the ACS
    						$cookie = getJsessionId($client);
    						
    						// we store the session id in the MD field. This field will be returned unchanged by the ACS
    						$MD=setJsessionId($client)."+".$createPaymentResponse->createPaymentResult->threeDSResponse->authenticationRequestData->threeDSRequestId;
    						
    						//we initialize the other fields required for redirection to ACS
    						$threeDsAcsUrl = $createPaymentResponse->createPaymentResult->threeDSResponse->authenticationRequestData->threeDSAcsUrl;						
    						$threeDsEncodedPareq = $createPaymentResponse->createPaymentResult->threeDSResponse->authenticationRequestData->threeDSEncodedPareq;
    						$threeDsServerResponseUrl = "http://127.0.0.1/webservices/ws-v5/retour3DS.php";
    													
    						
    						//WARNING in TEST mode, the session id must be added to the ACS URL for maintaining the HTTP session
    							$JSESSIONID=setJsessionId($client);
    							if ($mode == "TEST"){
    								$threeDsAcsUrl = $threeDsAcsUrl.";jsessionid=".$JSESSIONID;
    							}							
    						formConstructor ($threeDsAcsUrl,$MD,$threeDsEncodedPareq,$threeDsServerResponseUrl);
    					}
    				}
    			}
    ?>
  • A file for processing the response of the 3D Secure authentication "retour3DS.php":
    <?php
    include_once 'v5.php'; 	// File containing the definition of different objects 
    include_once 'function.php';// File containing all the useful functions (generation of the uuid, etc.)
    
    //Intializing variables
    $shopId = "12345678";
    $key = "123456789123456";	
    $mode = "TEST";
    $wsdl = "https://paiement.systempay.fr/vads-ws/v5?wsdl";
    
    //Retrieving the response from the ACS
    	//The session id is in the MD field for maintaining the HTTP session
    	if (isset ($_POST['MD']) AND (isset ($_POST['PaRes']))){
    		list($JSESSIONID, $threeDSRequestId) = explode("+",$_POST['MD']);
    		
    		//we delete the spaces and line breaks retours à la ligne du message PaRes
    		$pares = str_replace("\r\n","",$_POST['PaRes'],$count);;
    
    //Example of initialization of a SOAP client with SNI management
    		/*
    		$client = new soapClient($wsdl,	$options = array('trace'=>1, 'exceptions'=> 0, 			
    					'encoding' => 'UTF-8','soapaction' => '',
    					'uri' => 'http://v5.ws.vads.lyra.com/',	            
    					'cache_wsdl' => WSDL_CACHE_NONE, 
    					//Proxy parameters
    					'proxy_host' => 'my.proxy.host',
    					'proxy_port' => 3128,
    					'stream_context' => stream_context_create (array('ssl' => array(                               
    								'SNI_enabled' => true,
    								'SNI_server_name' => 'paiement.systempay.fr')))
    					));
    		*/			
    
    //Example of initialization of a SOAP client without proxy		
    		$client = new soapClient($wsdl, $options = array(
    					'trace'=>1, 
    					'exceptions'=> 0, 			
    					'encoding' => 'UTF-8',
    					'soapaction' => '')
    				);
    			
    //Generation of a header								
    			$requestId = gen_uuid ();
    			$timestamp = gmdate ( "Y-m-d\TH:i:s\Z" );			
    			$authToken = base64_encode(hash_hmac('sha256',$requestId.$timestamp, $key, true));		
    			setHeaders ($shopId, $requestId, $timestamp, $mode, $authToken, $key, $client);
    			
    //Generation of a body			
    		$commonRequest = new commonRequest;		
    			$commonRequest->submissionDate = new DateTime('now',new DateTimeZone('UTC'));				
    			
    		$threeDSRequest = new threeDSRequest;		
    			$threeDSRequest->mode = "ENABLED_FINALIZE";
    			$threeDSRequest->requestId = $threeDSRequestId;
    			$threeDSRequest->pares = $pares;		
    		
    		$createPaymentRequest = new createPayment;
    			$createPaymentRequest->commonRequest = $commonRequest; 
    			$createPaymentRequest->threeDSRequest =  $threeDSRequest;
    			
    			$createPaymentRequest->commonRequest->submissionDate = $createPaymentRequest->commonRequest->submissionDate->format(dateTime::W3C);	
    					
    		try {
    			//Mainaining the HTTP session
    			$client->__setCookie('JSESSIONID', $JSESSIONID);
    							
    			//Calling the createPayment operation
    			$createPaymentResponse= new createPaymentResponse();
    			$createPaymentResponse = $client->createPayment($createPaymentRequest);
    		
    		} catch (SoapFault $fault) {
    			//managing exceptions	
    			trigger_error("SOAP Fault: (faultcode: {$fault->faultcode}, faultstring: {$fault->faultstring})", E_USER_ERROR);
    				 }
    	
    		/* Displaying XML logs that must be replaced in a log file.		 
    		 */
    			echo "<hr> [Request Header] <br/>", htmlspecialchars($client->__getLastRequestHeaders()), "<br/>";
    			echo "<hr> [Request] <br/>", htmlspecialchars($client->__getLastRequest()), "<br/>";	
    			echo "<hr> [Response Header]<br/>", htmlspecialchars($client->__getLastResponseHeaders()), "<br/>";
    			echo "<hr> [Response]<br/>", htmlspecialchars($client->__getLastResponse()), "<br/>";
    			echo '<hr>';		
    					
    //Analyzing the response
    	//Retrieving the SOAP Header of the response to store the headers in a table (here $responseHeader)	
    		$dom = new DOMDocument;
            $dom->loadXML($client->__getLastResponse(), LIBXML_NOWARNING);
            $path = new DOMXPath($dom);
            $headers = $path->query('//*[local-name()="Header"]/*');		
    		$responseHeader = array();				
    		foreach($headers as $headerItem) {		
    			$responseHeader[$headerItem->nodeName] = $headerItem->nodeValue;				
    		}	
    	
    	//Computing the authentication token of the response.
    				
    		$authTokenResponse = base64_encode(hash_hmac('sha256',$responseHeader['timestamp'].$responseHeader['requestId'], $key, true));		
    			
    		if ($authTokenResponse !== $responseHeader['authToken']){
    			
    			//Computation error or attempted fraud			
    				echo 'Internal error';
    		}
    		else{		
    			//Analyzing the response
    				//Verification of responseCode
    				if ($createPaymentResponse->createPaymentResult->commonResponse->responseCode != "0"){
    				
    				//process error
    					echo 'internal error';		
    				}
    				else{
    				//Process successfully completed					
    					//cheking the presence of transactionStatusLabel:
    					if (isset ($createPaymentResponse->createPaymentResult->commonResponse->transactionStatusLabel)){
    																	
    					// The payment is accepted	
    							// The code below must be modified to integrate database updates etc.						
    							switch ($createPaymentResponse->createPaymentResult->commonResponse->transactionStatusLabel) {							
    								case "AUTHORISED":
    										echo "payment accepted";
    								break;
    								case "WAITING_AUTHORISATION":
    										echo "payment accepted";
    									break;
    									case "AUTHORISED_TO_VALIDATE":
    										echo "payment accepted";
    									break;
    									case "WAITING_AUTHORISATION_TO_VALIDATE":
    										echo "payment accepted";
    									break;							
    								// The payment is refused							
    									default:
    									echo "payment declined";
    								break;									
    							}						
    					}
    					else{			
    						echo 'internal error';						
    				
    					}
    				}
    			}		
    	}
    	else{
    		//return of 3DS without parameter or direct access to the 3DS return page
    		echo 'error';
    	}
    ?>