open menu
axerve docs
Intro/Technical configurations/Set up the merchant profile

Set up the merchant profile

SOAP
REST

Fabrick Payment Orchestra is the online gateway that allows you to accept payments on any Ecommerce platform.

Fabrick Payment Orchestra can be integrated in three ways:

  • via a standard payment page

  • with a customized payment page according to your preferences

  • through the use of Server to Server requests.

Each merchant can configure their profile by accessing the Fabrick Back Office environment at:

Authentication

Fabrick Payment Orchestra supports two ways to authenticate incoming calls: via IP and via ApiKey.

Authenticating via IP means that you register the server's IP address on Fabrick Payment Orchestra and that it will reject any calls that come from unknown IP addresses.

This approach can work most of the time, but as cloud hosting grows, it can be difficult to always have the same public IP: server traffic can come from a variety of IPs.

If this is the case, Fabrick has introduced ApiKey authentication: you only need to generate an Apikey token via the Fabrick Back Office (Fabrick dashboard) and use it for each call.

The first step is to choose which authentication you need:

The two authentication systems can be used together or independently, the important thing is that at least one is chosen. Let's look at them together in detail.

Authenticate via IP

Fabrick Payment Orchestra identifies the merchant requesting the encryption service by comparing the IP address of the server making the call with the IP addresses configured in the profile associated with the Shop Login used for the call. If the calling server is not recognized, the transaction process ends and a specific error is returned.

In the Configuration > Security > IP Address of the Back Office, the merchant can enter the IP addresses of his servers. There is no limit to the number of IPs that can be entered.

IP addresses

Authenticate via ApiKey

If you can't use the server's public IP, you can authenticate with an ApiKey generated by Fabrick. It is a single random sequence that must be kept secret.

warning

Anyone who knows the APIKey can pretend to be the merchant in the eyes of Fabrick Payment Orchestra. This is why it is important to keep the APIKey safe and not share it with anyone.

APIKEY introduction

The token must be attached to on every call to Fabrick. For example, in the case of:

copy
1<Encrypt>
2  <shopLogin>GESPAY12345</shopLogin>
3
4  <!-- Use the apiKey as a field of your call -->
5  <apikey>YZejApM8AfnBzmvmMsMIp0y1V91aakQY....</apikey>
6
7  <!-- all other fields, as usual -->
8  <uicCode>242</uicCode>
9  <amount>1245.6</amount>
10  <shopTransactionId>34az85ord19</shopTransactionId>
11  ...
12</Encrypt>

For more information on how to generate and manage the apikey, refer to the online support available on each page.

Configuring URLs and response e-mails

Fabrick Payment Orchestra communicates the result of the transaction with a server-to-server call prepared specifically by the merchant that directs the buyer's browser to the configured pages (different pages for positive or negative results).

In the Configuration > Environment > Response Address section of the Back Office it is possible to specify the URLs used by the system to communicate the result of the transaction.

In this section you can also specify the addresses that will be used for e-mail notifications.

Below some more details about the URLs.

  • URL for positive response: when the payment is complete and successful, Fabrick Payment Orchestra redirects the user to this URL with two parameters: a containing the Shop Login, and b with an encrypted sequence containing the payment data. The merchant must set up a page that decodes the encrypted sequence and shows the result of the payment to the user.

  • URL for negative response: This setting behaves exactly like the previous one, but is used when the payment is declined.

  • Server to Server URL: Fabrick Payment Orchestra calls this URL to notify the payment result. This happens asynchronously and independently of the two previous settings. The parameters will again be a containing the Shop Login and b containing the encrypted sequence. The merchant's server must decode the strip to retrieve useful information on the transaction. The decrypted information can be saved and used by the merchant. In this way, the merchant has an independent way to update the status of the transaction, even if the user diversion fails.

If the Server to Server URL is not defined, Fabrick Payment Orchestra sends its notifications to the URL specified for the buyer redirect (URL for positive response or URL for negative response) based on the result of the transaction. Fabrick Payment Orchestra uses server-to-server communication mainly to confirm the status of the transaction to the merchant's server, even if the user diversion is unsuccessful. Fabrick Payment Orchestra will try to contact the merchant's server twice a day for 48 hours, until the merchant's server responds with a status code of 200. After 48 hours, the merchant will receive an email with notification of failure.

The status of the transaction can be OK, KO, XX.

XX means that the transaction status is pending, and a subsequent server-to-server call will return the final response, OK or KO

MOTO: what happens after a transaction

MOTO - stands for Mail Order - Telephone Order. Long before the internet, the only way to pay without showing a credit card was by phone or by post.

In Fabrick Payment Orchestra, MOTO means that a transaction is performed without physically handling the credit card.

MOTO indicates how the system should behave when receiving transactions. There are two options:

  • Unifying authorization and transaction. When the buyer completes the payment, the money is automatically transferred to the merchant's account.

  • Separation of authorization and transaction process. In this case, when the buyer completes the payment, Fabrick Payment Orchestra asks the issuer of the credit card only to authorize the payment (ie, they verify that the money is available and block it); later the merchant will have to complete the transaction.

If the transaction is not completed in 25 days (configurable), Fabrick Payment Orchestra automatically cancels the transaction and the money is returned to the buyer. 25 days is the maximum number of days the transaction can be authorized before being canceled.

The MOTO are valid for all credit card transactions, including ApplePay, Hype, or token transactions.

The MOTO transactions are valid with every Fabrick Payment Orchestra plan. The settings will be used to determine the next transaction status, whether using Fabrick's payment page, iFrame solution or server-to-server calls.

Configuring fields and parameters

The merchant may want to choose whether to show some fields on the payment page or in the response emails, based on their needs, for example the email or the name of the buyer. In Payment Page > Fields&Parameters you can decide which parameters to show and when.

Sending custom parameters to Fabrick Payment Orchestra

User-defined parameters can also be passed during the Encrypt call. It is completely optional and it can be useful to attach some additional information (sessionId, a variable, etc.) that you want to receive when the payment is completed (or rejected).

From the Payment Page > Fields&Parameters page, create the custom parameter by clicking on Add parameter in the merchant's Back Office:

Then fill in the box with the name of the parameter:

A description of the fields:

  • Field Name: the parameter name that will show up in the Mechant Back-Office, under Payment Page > Fields&Parameters.

  • Parameter: the parameter name that will be used via the WsCryptEncrypt code in payment/details and other methods.

  • Response: the name that the parameter should have in response.

  • Visible: if the parameter should be shown to the buyer on the payment page, click this button. You can choose a name for the parameter in all Fabrick Payment Orchestra supported languages.

  • Email Response: if the parameter should be sent to the buyer via mail, here you can specify the name of the parameter in all Fabrick Payment Orchestra supported languages.

Once you have set up a new parameter (in the examples the parameter is called MYPARAM) you can send it via the web service Encryptapi link method.

Custom parameters can be encoded in the customInfo field, paying attention to the syntax:

  • customInfo contains a maximum of 100 characters

  • each single parameter can have a maximum of 300 characters

  • the following special characters cannot be used in parameters: & (space) § () \ * <>,; : \ * P1 \ * / []? = - / \ *% // ~

  • The parameters must be coded like this:

<customInfo> datum1 = value1 \ * P1 \ * datum2 = value2 \ * P1 \ * ... \ * P1 \ * datumN = valueN </customInfo>

Formally, it is a sequence containing key = value pairs separated by the special sequence * P1 *.

Here is an example of customInfo:

<customInfo> BV_CODCLIENTE = 12 * P1 * BV_SESSIONID = 398 </customInfo>

Once the Encrypt request has been received and the payment processed, the Decryptapi link resultapi link will contain the same parameters in another customInfo field.

For more information on customInfoapi link , consult the API.api link

Previous
prevBackend integration
Next
Setup FTP/SFTP reportingnext