Protocole and interface
The following diagram and paragraph show the flow of exchanges that occur during a payment, between the online shopper, your Web server and the secure Monetico server.
- The online shopper goes through the product catalogue and fills their virtual shopping cart
- Your server displays a summary of the order
- Payment request preparation phase: generating the payment request formder
Your server provides the online shopper with a Pay button . This button contains all the information relating to the payment (amount, reference, EPT number, etc.). The Request interface is responsible for generating this HTML form.
- When the online shopper clicks on the Pay button, they arrive on the Monetico secure server, along with the order information of the order for which payment is required.
- The online shopper enters his payment card number, expiry date and security code in the payment page.
- The online shopper vlaidates the payement. Monetico checks the validity of the payment card.
- Payment response phaseThe Monetico servor informs you of the payment reuqest result by issuing a https request on the payment coonfirmation address (call to the Response interface).
- Your system acknowledges receipt of payment confirmation.
- The Monetico server displays the payment result to the shooper and provides on this screen a hypertext link to return to your website.
- The online shopper returns to your website.
Interfacing merchant server/payment server
Interfacing the merchant’s Web server with the Monetico payment server is done through the « Request » and « Response » interfaces (see phases (3) and (7) described earlier). These interfaces are placed on the machine on which the merchant’s Web server is hosted.
Monetico does not provides these two interfaces; however a specification and some examples of implementation of the RFC2104 in the main server script languages (ASP, PHP, C/C++, Java, ASP/C#.NET, ASP/VB.Net, Python, Ruby) are provided. Most environments contain a basic RFC2104 function (« hmac-sha1 »); no binary needs to be installed in these scenarios.
The « Request » interface generates the payment request HTML form in phase (3). To create this form and to take into account the security aspects of exchanges required by our protocol, it can:
- either be called using the Monetico examples;
- or an equivalent function be implemented that meets our specifications and RFC2104 (refer to www.ietf.org/rfc/rfc2104.txt).
The « Response » interface is involved in the payment return phase (7); it has a primary role to receive the payment confirmation message issued by the Monetico server.
The « Response » interface has a secondary role of responding to this request by a confirmation or by invalidating the message reply. For that it must:
- either call on the certification seal calculation and test function for the information returned by the Monetico server, then the acknowledgement receipt generation function to send to the Monetico server, present in the Monetico examples;
- or implement equivalent functions, meeting our specifications and the RFC2104.
The nature of work involved for creating the « Request » and « Response » interfaces imperatively requires basic programming and/or script skills in a language available on the merchant environment having an RFC2104 implementation.
The development of « Request » and « Response » interfaces and their integration in your information system shall be under your responsibility or your technical services provider.