SDK Core process

Web View for 3DS

The diagram below shows the SDK Core payment process with 3DS redirect via Web View

sequenceDiagram participant MA as Mobile App participant MS as Mobile Server participant SDK as SDK participant PG as Payment Gateway participant 3DS as 3DSS/ACS/DS MA ->> MS: 1. client creates an order MS ->> PG: 2. register order via API PG -->> MS: 3. unique order number (mdOrder) MA ->> MA: 4. client enters data MA -->> SDK: 5. generate seToken MA ->> MS: 6. send seToken to server MS ->> PG: 7. call payment API alt Payment finished PG -->> MS: 8. response with payment status (go to 16) else 3DS2 required PG -->> MS: 9. response with 3DS redirect MS ->> MA: 10. open Web View for 3DS MA ->> ACS: 11. client enters password ACS -->> PG: 12. redirect to Payment Gateway PG ->> PG: 13. make payment PG -->> MA: 14. redirect to returnUrl MA ->> MA: 15. close Web View end opt Callback is configured PG -->> MS: 16. callback notification end MS ->> PG: 17. check payment status MS ->> MA: 18. show payment result to the client

Client creates an order
Mobile Server registers that order in Payment Gateway via register.do. Use returnUrl parameter as a marker to close Web View after redirect from ACS on step 13.
Mobile Server receives a unique order number mdOrder in response.
Client fills in payment data in Mobile App.
Mobile App calls SDK to create seToken. (Android: sdkCore.generateWithCard; iOS: CKCToken.generateWithCard).

The public key used in the corresponding method is taken from the https://uat.dskbank.bg/payment/se/keys.do online resource. If multiple keys are available there, the first key should be used (note that the keys for UAT and production environments are different).
Mobile App sends the seToken to Mobile Server.
Mobile Server uses the seToken to make a payment via paymentorder.do request.
- Use seToken instead of pan, cvc and expiry date.
- Don't forget to send Cardholder name in TEXT field. If you don't collect Cardholder name just send CARDHOLDER.
Mobile Server gets a response with no ACS redirect. It means that the payment is completed and we need to go to step 16.
Mobile Server gets a response with ACS redirect.
Mobile App opens Web View with ACS redirect data.
Client enters their one time password to ACS form.
ACS redirects the Client to Payment Gateway
Payment Gateway makes a payment.
Payment Gateway redirects the Client to returnUrl, that can be used as a marker to close Web View.
Mobile App closes Web View.
Payment Gateway sends callback notification to Merchant server if it's configured for the merchant.
Mobile Server checks the final payment status via getOrderStatusExtended.do.
Mobile App shows payment result to the Client.

3DS2 SDK for 3DS

The diagram below shows the SDK Core payment process with 3DS redirect 3DS2 SDK. Be aware that many issuers' ACS don't work properly with 3DS Mobile SDKs.

sequenceDiagram participant MA as Mobile App participant MS as Mobile Server participant SDK as SDK participant SDK2 as 3DS2 SDK participant PG as Payment Gateway participant 3DS as 3DSS/ACS/DS MA ->> MS: 1. client creates an order MS ->> PG: 2. register order via API PG -->> MS: 3. unique order number (mdOrder) MA ->> MA: 4. client enters data MA -->> SDK: 5. generate seToken MA ->> MS: 6. send seToken to server MS ->> PG: 7. call payment API with threeDSSDK alt Payment finished PG -->> MS: 8. response with payment status (go to 23) else 3DS2 required PG -->> MS: 9. response with 3DS2 SDK keys MS ->> MA: 10. send data to SDK MA ->> SDK2: 11. init 3DS2 SDK SDK2 -->> MA: 12. collect device data MA ->> MS: 13. send device data MS ->> PG: 14. second payment API call PG -->> MS: 15. acs signed content MS ->> MA: 16. send acs data MA ->> SDK2: 17. init Challenge flow SDK2 ->> ACS: 18. communicates via CReq/CRes ACS -->> PG: 19. confirms transaction with AReq SDK2 -->> MA: 20. 3DS procedure is over MS ->> PG: 21. finish 3DS2 payment PG ->> PG: 22. make payment end opt Callback is configured PG -->> MS: 23. callback notification end MS ->> PG: 24. check payment status MS ->> MA: 25. show payment result to the client

Client creates an order.
Mobile Server registers the order in Payment Gateway via register.do. Use returnUrl parameter as a marker to close Web View after redirect from ACS on step 13.
Mobile Server receives a unique order number mdOrder in response.
Client fills in payment data in Mobile App.
Mobile App calls SDK to create seToken. (Android: sdkCore.generateWithCard; iOS: CKCToken.generateWithCard).
Mobile App sends seToken to Mobile Server.
Mobile Server uses that seToken to make a payment via paymentorder.do request.
- Use seToken instead of pan, cvc and expiry date.
- Don't forget to send Cardholder name in TEXT field. If you don't collect Cardholder name just send CARDHOLDER.
- Send threeDSSDK=true to indicate that 3DS2 SDK should be used.
Mobile Server gets a response with no ACS keys. It means that payment is completed and we need to go to step 23.
Mobile Server gets a response with ACS keys.
- Response must contain threeDSServerTransId and threeDSSDKKey.
- Response should not contain threeDSMethodURL which is used in case of browser based redirect to ACS.
Mobile Server sends 3DS2 SDK data to Mobile App.
Mobile App initiates 3DS2 SDK via createTransaction method.
- directoryServerID depends on Payment System (for tests A000000003 can be used).
- messageVersion is 2.1.0 for now.
- pemPublicKeyfor Android and for iOS is a pem certificate that is got in response in threeDSSDKKey on step 10.
- dsRootfor Android and for iOS depends on Payment System. Download test key
3DS2 SDK collects device data and encrypts it.
Mobile App sends encrypted device data to Mobile Server.
Mobile Server initiates second payment API call via paymentorder.do request.
- sdkEncData encrypted device data that is returned in createTransaction method in 3DS2 SDK.
- threeDSSDKReferenceNumber 3DS2 SDK officially ids. Don't hardcode them. iOS: 3DS_LOA_SDK_BPBT_020100_00233, Android: 3DS_LOA_SDK_BPBT_020100_00231.
- threeDSServerTransactionID is returned in response to the first payment call on step 10 in threeDSServerTransId parameter.
- sdkEphemPubKey is returned in createTransaction method in 3DS2 SDK.
- sdkAppID is returned in createTransaction method in 3DS2 SDK.
- sdkTransID is returned in createTransaction method in 3DS2 SDK.
Payment Gateway returns new special parameters for 3DS2 SDK.
Mobile Server sends those parameters to Mobile App.
Mobile App initiates challenge flow via doChallenge method.
- doChallenge acsTransactionIDparameter corresponds to threeDSAcsTransactionId in Payment Gateway response.
- doChallenge acsRefNumberparameter corresponds to threeDSAcsRefNumber in Payment Gateway response.
- doChallenge acsSignedContentparameter corresponds to threeDSAcsSignedContent in Payment Gateway response.
- doChallenge 3DSServerTransactionIDparameter corresponds to threeDSServerTransId in Payment Gateway response.
3DS2 SDK communicates with issuers ACS via CReq/CRes API until Client confirms the payment.
ACS sends RReq to Payment Gateway to confirm or reject the payment.
3DS2 SDK informs Mobile App that 3DS2 flow is over via ChallengeStatusReceiver.
Mobile Server finalizes the payment with finish3dsVer2Payment.do.
Payment Gateway makes a payment.
Payment Gateway sends callback notification to Merchant server if it's configured for merchant.
Mobile Server checks the final payment status via getOrderStatusExtended.do.
Mobile App shows payment result to the Client.

IOS

iOS Integration

SDKCore.framework integration

You can integrate SDKCore.framework by adding it manually.

SDKCore.framework

Download the latest version of the framework here.
Take the SDKCore.framework file and add it to the project folder.

Image 1. Adding the SDKCore.framework file

Open Targets -> General -> Frameworks, Libraries, and Embedded Content. For SDKCore.framework, in the Embed column, change Do not Embed to Embed & Sign.

Image 2. Changing SDKCore.framework properties

Once done, import the framework in the ViewController.swift file.

//ViewController.swift
...
import SDKCore
...

How to work with API V1

External dependencies

For generation of the token, it is necessary to set the public key.

let publicKey: String =
      "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIITqh9xlGx4tWA+aucb0V0YuFC9aXzJb0epdioSkq3qzNdRSZIxe/dHqcbMN2SyhzvN6MRVl3xyjGAV+lwk8poD4BRW3VwPUkT8xG/P/YLzi5N8lY6ILlfw6WCtRPK5bKGGnERcX5dqL60LhOPRDSYT5NHbbp/J2eFWyLigdU9Sq7jvz9ixOLh6xD7pgNgHtnOJ3Cw0Gqy03r3+m3+CBZwrzcp7ZFs41bit7/t1nIqgx78BCTPugap88Gs+8ZjdfDvuDM+/3EwwK0UVTj0SQOv0E5KcEHENL9QQg3ujmEi+zAavulPqXH5907q21lwQeemzkTJH4o2RCCVeYO+YrQIDAQAB-----END PUBLIC KEY-----"

Token generation method

let sdkCore = SdkCore()

let cardParams = CardParams(
     pan: "4111111111111111",
     cvc: "123",
     expiryMMYY: "12/28",
     cardholder: "TEST CARDHOLDER", 
     mdOrder: "mdOrder",
     pubKey: publicKey
)

let cardParamsConfig = SDKCoreConfig(
    paymentMethodParams: .cardParams(params: cardParams)
)
let tokenResult = sdkCore.generateWithConfig(config: cardParamsConfig)

let bindignParams = BindingParams(
    pubKey: publicKey,
    bindingId: "das",
    cvc: "123",
    mdOrder: "mdOrder"
)
let bindingParamsConfig = SDKCoreConfig(
    paymentMethodParams: .bindingParams(params: bindignParams)
)
let tokenResult = sdkCore.generateWithConfig(config: bindingParamsConfig)

Models

CardParams

Property name	Data type	Default value	Optional	Description
mdOrder	String	-	No	order number
pan	String	-	No	card number
cvc	String	-	No	secret card code
expiryMMYY	String	-	No	expiry date for the card
cardHolder	String	-	Yes	first and last name of cardholder
pubKey	String	-	No	public key

BindingParams

Property name	Data type	Default value	Optional	Description
mdOrder	String	-	No	order number
bindingId	String	-	No	number of a stored credential for the card
cvc	String	-	Yes	secret code for the card
pubKey	String	-	No	public key

Field validation errors

ParamField	Error	Description
UNKNOWN	-	Unknown error
PAN	required	An empty field is specified
	invalid	Invalid value
	invalid-format	Invalid characters are used. Only numbers are available.
CVC	required	An empty field is specified
	invalid	Invalid value
EXPIRY	required	An empty field is specified
	invalid	Invalid value
	invalid-format	The format does not match the template MM/YY
CARDHOLDER	required	An empty field is specified
	invalid	Invalid value
	invalid-format	Invalid characters are used. Only characters and spaces are available.
BINDING_ID	required	An empty field is specified
	invalid	Invalid value
MD_ORDER	required	An empty field is specified
	invalid	Invalid value
PUB_KEY	required	An empty field is specified

Android

Android Integration

Connecting to a Gradle project by adding .aar library files

You must add the sdk_core-release.aar library file to the libs folder, then specify the dependency of the added library.

build.gradle.kts

allprojects {
    repositories {
        // ...
        flatDir {
            dirs("libs")
        }
    }
}

dependencies {
    // dependency is mandatory to add
    implementation(group = "", name = "sdk_core-release", ext = "aar")
}

build.gradle

allprojects {
    repositories {
        // ...
        flatDir {
            dirs 'libs'
        }
    }
}

dependencies {
    // dependency is mandatory to add
    implementation(group: '', name: 'sdk_core-release', ext: 'aar')
}

Android Configuration

Logging

Internal processes are logged with the SDK-Core tag. You can also log your processes.

Logging is available through the Logger object.

To add log- interfaces, you should call the Logger-method addLogInterface().

Example of logging into LogCat:

...
    Logger.addLogInterface(object : LogInterface {
        override fun log(classMethod: Class<Any>, tag: String, message: String, exception: Exception?) {
                Log.i(tag, "$classMethod: $message", exception)
            }
        })
...

The default tag is SDK-Core. You can set your own one if you like.

To log your own events, you should call Logger-method log().

Example:

...
     Logger.log(this.javaClass, "MyTag", "My process...", null)
...

Example Kotlin_core (no GUI)

Example of cryptogram formation

import net.payrdr.mobile.payment.sdk.core.SDKCore
import net.payrdr.mobile.payment.sdk.core.TokenResult
import net.payrdr.mobile.payment.sdk.core.model.BindingParams
import net.payrdr.mobile.payment.sdk.core.model.CardParams
import net.payrdr.mobile.payment.sdk.core.validation.BaseValidator
import net.payrdr.mobile.payment.sdk.core.validation.CardCodeValidator
import net.payrdr.mobile.payment.sdk.core.validation.CardExpiryValidator
import net.payrdr.mobile.payment.sdk.core.validation.CardHolderValidator
import net.payrdr.mobile.payment.sdk.core.validation.CardNumberValidator
import net.payrdr.mobile.payment.sdk.core.validation.OrderNumberValidator

class MainActivity : AppCompatActivity() {
    // initialization of validators for card information entry fields
    private val cardNumberValidator by lazy { CardNumberValidator(this) }
    private val cardExpiryValidator by lazy { CardExpiryValidator(this) }
    private val cardCodeValidator by lazy { CardCodeValidator(this) }
    private val cardHolderValidator by lazy { CardHolderValidator(this) }
    private val orderNumberValidator by lazy { OrderNumberValidator(this) }
    private val sdkCore by lazy { SDKCore(context = this) }

    override fun onCreate(savedInstanceState: Bundle?) {
        // installation of validators on the card information entry fields
        cardNumberInput.setupValidator(cardNumberValidator)
        cardExpiryInput.setupValidator(cardExpiryValidator)
        cardCodeInput.setupValidator(cardCodeValidator)
        cardHolderInput.setupValidator(cardHolderValidator)
        mdOrderInput.setupValidator(orderNumberValidator)

        // creation of an object and initialization of fields for a new card
        val params = NewPaymentMethodCardParams(
            pan = cardNumberInput.text.toString(),
            cvc = cardCodeInput.text.toString(),
            expiryMMYY = cardExpiryInput.text.toString(),
            cardHolder = cardHolderInput.text.toString(),
            pubKey = pubKeyInput.text.toString()
        )
        // method call to get the cryptogram for a new card
        sdkCore.generateWithConfig(SDKCoreConfig(params))

        // Creation of an object and initialization of fields for the linked card
        val params = NewPaymentMethodStoredCardParams(
            storedPaymentId = "storedPaymentMethodId",
            cvc = "123",
            pubKey = pubKeyInput.text.toString()
        )
        // method call to get the cryptogram for the linked card
        sdkCore.generateWithConfig(SDKCoreConfig(params))
    }
}

Models

NewPaymentMethodCardParams

Property name	Data type	Default value	Optional	Description
pan	String	-	No	card number
cvc	String	-	No	secret card code
expiryMMYY	String	-	No	expiry date for the card
cardHolder	String	-	No	first and last name of the cardholder
pubKey	String	-	No	public key

NewPaymentMethodStoredCardParams

Property name	Data type	Default value	Optional	Description
storedPaymentId	String	-	No	number of a stored credential for the card
cvc	String	-	No	secret code for the card
pubKey	String	-	No	public key

TokenResult

Property name	Data type	Default value	Optional	Description
token	String	-	No	token as string
errors	Map	-	No	error while generating token

Field validation errors

ParamField	Error	Description
PAN	required	An empty field is specified
	invalid	Invalid value
	invalid-format	Invalid characters are used. Only numbers are available.
CVC	required	An empty field is specified
	invalid	Invalid value
EXPIRY	required	An empty field is specified
	invalid	Invalid value
	invalid-format	The format does not match the template MM/YY.
CARDHOLDER	required	An empty field is specified
	invalid	Invalid value
	invalid-format	Invalid characters are used. Only characters and spaces are available.
PUB_KEY	required	An empty field is specified
STORED_PAYMENT_ID	requrired	An empty field is specified
	invalid	Invalid value

How to work with API V1

External dependencies

For generation of the token, it is necessary to set the public key.

val publicKey: String =
    "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIITqh9xlGx4tWA+aucb0V0YuFC9aXzJb0epdioSkq3qzNdRSZIxe/dHqcbMN2SyhzvN6MRVl3xyjGAV+lwk8poD4BRW3VwPUkT8xG/P/YLzi5N8lY6ILlfw6WCtRPK5bKGGnERcX5dqL60LhOPRDSYT5NHbbp/J2eFWyLigdU9Sq7jvz9ixOLh6xD7pgNgHtnOJ3Cw0Gqy03r3+m3+CBZwrzcp7ZFs41bit7/t1nIqgx78BCTPugap88Gs+8ZjdfDvuDM+/3EwwK0UVTj0SQOv0E5KcEHENL9QQg3ujmEi+zAavulPqXH5907q21lwQeemzkTJH4o2RCCVeYO+YrQIDAQAB-----END PUBLIC KEY-----"

Token generation method

// TokenResult with CardParams
val cardParams: CardParams = CardParams(
    mdOrder = "mdOrder",
    pan = "4111111111111111",
    cvc = "123",
    expiryMMYY = "12/28",
    cardHolder = "TEST CARDHOLDER",
    pubKey = "publicKey"
)
val tokenResult = sdkCore.generationWithConfig(paymentCardParams = cardParams)

// TokenResult with BindingParams
val bindingParams: BindingParams = BindingParams(
    mdOrder = "mdOrder",
    bindingID = "das",
    cvc = "123",
    pubKey = "publicKey"
)

val tokenResult = sdkCore.generationWithConfig(paymentCardParams = bindingParams)

SDK Core process

Web View for 3DS

3DS2 SDK for 3DS

IOS

iOS Integration

SDKCore.framework integration

How to work with API V1

External dependencies

Token generation method

Models

CardParams

BindingParams

Field validation errors

Android

Android Integration

Connecting to a Gradle project by adding .aar library files

build.gradle.kts

build.gradle

Android Configuration

Logging

Example Kotlin_core (no GUI)

Example of cryptogram formation

Models

NewPaymentMethodCardParams

NewPaymentMethodStoredCardParams

TokenResult

Field validation errors

How to work with API V1

External dependencies

Token generation method

Contact us

Thank you!