Gateway-hosted Payment UI – PayX API

You are here:
← All Topics

 

In the MCP PayX API gateway-hosted model, the consumer is directed to the our payment page to complete the payment transaction.

The advantage of this method is that merchant do not need to worry about handling and transmitting consumer card details. This helps to reduce risk on merchant.

Merchant also do not need to implement payment flow and confirmation which will be handled by MC Payment.

Specification Titles

Name​: This column specifies the name of JSON field in request or response.

Max Length​: This column specifies the content and maximum length of value of JSON field.
a – Alpha
n – Numeric
s – Special printable character

Type​: This column specifies the type of JSON field.

  1. String – the value is in string type;
  2. Nested JSON – the value is a JSON object.

Required​: This column specifies the requirement of JSON field
1. M – Mandatory. MCP system will validate this field in request and response
2. C – Conditional. In some conditions, this field is Mandatory. The condition will be specified in the Description column.
3. O – Optional. This field is optional, which will not affect the result of transaction.

Description​: This column describe the usage, conditions or values contained of this JSON field.
eCom – The web based payment solution, the request is sent from merchant website or web
application.

Security Standards
MCP API provides different types of security standard.
HTTPS​: First layer of security which is compulsory for all connections to MCP API. TLS 1.2.
Whitelist​: IP white list is optional.

 

Payment flow (3DS)

The image below illustrates the payment flow for transactions performed on MCP Payment UI for 3D Secure Transactions. Click on image to enlarge.

Payment flow (without 3DS)

The image below illustrates the payment flow for transactions performed on MCP Payment UI. Click on image to enlarge.

How is 3DS transaction decided?

The first step to determine if transaction will be 3D secure is that the “mcptid” parameter is being validated if it is enabled for 3DS processing. Next, our gateway will check if the card being used in the transaction is enrolled for 3DS. If the first two conditions passed, the transaction will be processed as 3D secure, in which, the user will be redirected to the card issuer’s (bank) OTP page to authenticate his transaction. The merchant is still able to process a transaction even if the card is not enrolled for 3DS, as long as there is sufficient credit. This entire process is handled by our payment gateway, therefore merchant need not implement. It is important to note that with 3DS processing, the merchant liability is greatly reduced in case of chargeback or dispute.

How to send a payment request

Send the request data as specified in the Request Data table below.

Protocol Format
MediaTypes​: JSON format
Protocol​ : https
Server Port ​: 8443
Method​ : POST
Server URL ​:  https://gw2.sandbox.mcpayment.net
EndPoint: ​api/v6/payment
This Request has no header because it is a two steps payment process, 1. Get the url and 2. Payment will be done on our UI

Request Data

Important notes:

  1. No Header in Payment Page API request
  2. During the payment process, there will not be a transaction record stored in MCP until user click “PROCEED TO SECURE PAYMENT” button.
  3. The notification will be post to StatusUrl right after payment is completed. Refer to StatusUrl Postback
  4. If no callback after 30 mins (or longer), please call ​Query Details API​ with ‘referenceNo’, ‘currency’ and ‘totalAmount’ to confirm the state of transaction. If NO TRANSACTION FOUND, it means user didn’t complete the payment.

Request sample (No header):
{
“mcptid”: “24214234”,
“currency”: “SGD”,
“amount”: “1”,
“referenceNo”: “Credicardpayment1”,
“statusUrl”: (backend),
“returnUrl”: (frontend),
“itemDetail”: “Item”,
“tokenize”: “N”
}

You should get the payment page URL in the response:
https://gw2.sandbox.mcpayment.net:8443/api/v6/paymentPage/B3AD468EE5F5D6F51690F1F57ACE89 55E04368AB

Redirect user to payment page to complete the transaction

Response sample (sent to statusurl):
{
“mcptid”: “123456789”,
“currency”: “SGD”,
“amount”: “1.00”,
” totalAmount “: “100”,
” referenceNo “: “8uiohhu8c”,
“tranId”: “186385”,
” transactionId “: “186385”,
“stan”: “046116”,
“receiptNumber”: “045476”,
“cardHolderName”: “payer one”,
“truncatedPan”: “************1112”,
“brandName”: “Visa”,
“tokenize”: “N”,
“responseCode”: “00”,
“responseMsg”: “Approved+or+completed+successfully”
}

StatusUrl Postback
Transaction Type
Transaction State

* For AMEX transaction, MCP Gateway will return ‘AUTHORIZED(3)’ for PREAUTH. And ‘PREAUTH – AUTHORIZED’ transaction will be changed to ‘SALE – SUCCESS’ after auto-settlement.
** If transaction is stated as Retrieval (17), it means this transaction has been raised to Risk Management and proceeded as Chargeback. If you need more information on this transaction, please contact MCP Risk Management Team
*** When the user did not proceed with payment (scan QR, enter password, enter OTP, etc) within required time (timeout depends on different authentication methods and acquirers), the transaction state will be updated to “Order Close” (78)
Receipt Number: The unified order interface generates a QR code. If the user did not scan or did not pay, the Alipay system does not record the order therefor the receipt number will empty. In cases where the user has not scanned the payment but Alipay system has generated an order, the transaction state will be changed to Order Close and receipt number contain a value.

Response Codes
Company
Merchant
Resources
Connect with us
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google