Accept Card with a server-side-only integration
Use your own UI to add Card payment to your checkout page.
Overview
Card payment method does require some input from the customer on the merchant website like credit card number or expiry date. You can see an example of Card frame component on our demo page.
When integrating card payments with your own UI you need to take care of being PCI compliant. For details please see PCI compliance guide.
Before you begin
- Check the basic integration requirements.
- Familiarize yourself with the general Server-side-only integration guide.
Step 1: Create a Payment Type resource server side
Data for the card payment:
| Parameter | Type | Description |
|---|---|---|
number (required) |
string | The card number. |
expiryDate (required) |
string | The card expiration date, in the MM/YY format. |
cvc (required) |
string | The card verification code. |
cardHolder |
string | The card holder’s name. |
email |
string | The email of the customer. |
When creating the payment type card you need to pass the user data to your server backend, and send a request to the Unzer API. The response will contain an id , this is later referred to as typeId. You will need this typeId to perform the transaction.
POST https://api.unzer.com/v1/types/card
{
"number" : "4444333322221111",
"expiryDate" : "04/25",
"cvc": "123",
"3ds": "false",
"cardHolder": "Max Mustermann"
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$card = new Card('4444333322221111', '04/25', 'max.mustermann@unzer.com');
$card->setCvc('123')->setCardHolder('Max Mustermann');
$unzer->createPaymentType($card);
// get the BIC from your payment form.
Unzer Unzer = new Unzer("s-priv-xxxxxxxxxx");
Card card = new Card("4444333322221111", "04/25");
card.setCvc("123");
card.set3ds(false);
card.setCardHolder("Max Mustermann");
card = unzer.createPaymentType(card);
The response looks similar to the following example:
{
"id": "s-crd-wln5j3zcmjzi",
"method": "card",
"number": "444433******1111",
"brand": "VISA",
"cvc": "***",
"expiryDate": "04/2025",
"3ds": false,
"cardHolder": "Test Card Holder",
"cardDetails": {
"cardType": "",
"account": "CREDIT",
"countryIsoA2": "US",
"countryName": "UNITED STATES",
"issuerName": "",
"issuerUrl": "",
"issuerPhoneNumber": ""
},
"geoLocation": {
"clientIp": "115.77.189.143",
"countryCode": "VN"
}
}
For a full description of card payment type creation, check API reference.
Step 2: Make a payment server side
Charge or Authorize
After you create a card resource, you have two options:
- Option 1: Charge the card directly
- Option 2: Authorize an amount and charge the card later
Option 1: Charge the card directly
To charge the card directly, make a charge transaction with the card resource that you created in the front end. With a successful charge transaction, money is transferred from the customer to the merchant and a payment resource is created.
POST https://api.unzer.com/v1/payments/charges
Body:
{
"amount" : "20",
"currency": "EUR",
"returnUrl": "https://www.my-shop-url.de/returnhandler",
"resources" : {
"typeId" : "s-crd-jldsmlmiprwe"
}
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$card = $unzer->fetchPaymentType('s-crd-0ajzmaxcuvhc');
$charge = $card->charge(20.0, 'EUR', 'https://www.my-shop-url.de/returnhandler');
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Charge charge = unzer.charge(new BigDecimal("100.0"), Currency.getInstance("EUR"), "s-crd-0ajzmaxcuvhc", new URL("https://www.my-shop-url.de/returnhandler"));
The response looks similar to the following example:
{
"id": "s-chg-1",
"isSuccess": false,
"isPending": true,
"isError": false,
"redirectUrl": "https://stg-payment.unzer.com/v1/redirect/crd/s-sGYdGywWpxzW",
"message": {
"code": "COR.000.100.112",
"merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
"customer": "Your payments have been successfully processed in sandbox mode."
},
"amount": "20.0000",
"currency": "EUR",
"returnUrl": "https://www.my-shop-url.de/returnhandler",
"date": "2021-05-10 00:51:03",
"resources": {
"paymentId": "s-pay-131937",
"traceId": "70ddf3152a798c554d9751a6d77812ae",
"typeId": "s-crd-jldsmlmiprwe"
},
"paymentReference": "",
"processing": {
"uniqueId": "31HA07BC8157BD2BC04D483EFA914465",
"shortId": "4845.3426.1987",
"traceId": "70ddf3152a798c554d9751a6d77812ae"
}
}
For a full description of the charge transaction, refer to the relevant server-side integration documentation page: Charge a payment (direct API calls), Charge a payment (PHP SDK), Charge a payment (Java SDK).
Option 2: Authorize and then charge the card
To authorize an amount, make an authorize transaction with the card resource that you created in the frontend. With a successful authorize transaction, money is reserved on the customer account and a Payment resource is created.
POST https://api.heidelpay.com/v1/payments/authorize
Body:
{
"amount" : "20",
"currency": "EUR",
"returnUrl": "https://www.my-shop-url.de/returnhandler",
"resources" : {
"typeId" : "s-crd-jldsmlmiprwe"
}
}
$unzer = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');
$chargeInstance = new Charge(100.00, 'EUR', $returnUrl);
$typeId = 's-crd-jldsmlmiprwe';
$transaction = $unzer->performCharge($chargeInstance, $typeId);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Authorization authorization = unzer.authorize(BigDecimal.valueOf(20), Currency.getInstance("EUR"), "s-crd-jldsmlmiprwe", returnUrl);
The response looks similar to the following example:
{
"id": "s-aut-1",
"isSuccess": true,
"isPending": false,
"isError": false,
"card3ds": false,
"redirectUrl": "",
"message": {
"code": "COR.000.100.112",
"merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
"customer": "Your payments have been successfully processed in sandbox mode."
},
"amount": "20.0000",
"currency": "EUR",
"returnUrl": "https://www.my-shop-url.de/returnhandler",
"date": "2021-06-04 11:19:10",
"resources": {
"paymentId": "s-pay-8435",
"traceId": "8ee5c53960f8b39839b70799fe224d84",
"typeId": "s-crd-3yx6lamvu2te"
},
"paymentReference": "",
"processing": {
"uniqueId": "31HA07BC8198C2F9107E0E3536444655",
"shortId": "4867.3194.9885",
"traceId": "8ee5c43960f8b39839b70799fe224d84"
}
}
For a full description of the authorize transaction please refer to relevant server-side integration documentation page: authorize a payment (direct API calls), Authorize a payment (PHP SDK), Authorize a payment (Java SDK).
To charge the authorized amount, make a charge transaction by referring to the paymentId created with the previous authorize. With a successful charge transaction money is transferred from the customer to the merchant. You can charge the specified amount either partially or fully.
POST https://api.heidelpay.com/v1/payments/s-pay-8435/charges/
Body:
{
"amount": "20",
}
$unzer = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');
$charge = new Charge(20.00);
$unzer->performChargeOnPayment('s-pay-1', $charge);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Authorization authorization = unzer.authorize(BigDecimal.valueOf(20), Currency.getInstance("EUR"), "s-crd-jldsmlmiprwe", returnUrl);
authorization.charge(BigDecimal.valueOf(20));
The response looks similar to the following example:
{
"id": "s-aut-1",
"isSuccess": true,
"isPending": false,
"isError": false,
"card3ds": false,
"redirectUrl": "",
"message": {
"code": "COR.000.100.112",
"merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
"customer": "Your payments have been successfully processed in sandbox mode."
},
"amount": "20.0000",
"currency": "EUR",
"date": "2021-06-04 11:19:10",
"resources": {
"paymentId": "s-pay-8435",
"traceId": "8ee5c53960f8b39839b70799fe224d84",
"typeId": "s-crd-3yx6lamvu2te"
},
"paymentReference": "",
"processing": {
"uniqueId": "31HA07BC8198C2F9107E0E3536444655",
"shortId": "4867.3194.9885",
"traceId": "8ee5c43960f8b39839b70799fe224d84"
}
}
3D Secure
It is possible that 3DS is not applied that means both of the following workflows need to be implemented:
- Redirect URL is returned → redirect to RedirectURL.
- Redirect URL is not present → ‘manual’ redirect to Return URL to handle the result of the Transaction.
If 3DS challenge is applied, the charge or authorize call returns a redirectUrl. Use this URL to forward the customer to their bank’s 3DS page. The customer enters their credentials on the page and confirms the transaction. After this, they are forwarded to the returnUrl, which is part of the initial transaction request.
If 3DS challenge is not applied, the charge or authorize call won’t return a redirectUrl.
Redirect
To learn more about 3D Secure and to see a full description of the checkout flow with 3-D Secure, please check 3D Secure page.
Step 3: Check status of the payment server side
Once the customer is redirected to the returnUrl, you can fetch the payment details from the API, by using the resources.paymentId from the Charge response above to handle the payment according to its status. If the status of the payment is completed, the payment process has been finished successfully and can be considered as paid. Check all possible payment states here.
GET https://api.unzer.com/v1/payments/{resource_ID}>/charges/{transaction_ID}
{
"id": "s-pay-131937",
"state": {
"id": 1,
"name": "completed"
},
"amount": {
"total": "20.0000",
"charged": "20.0000",
"canceled": "0.0000",
"remaining": "0.0000"
},
"currency": "EUR",
"orderId": "",
"invoiceId": "",
"resources": {
"customerId": "",
"paymentId": "s-pay-131937",
"basketId": "",
"metadataId": "",
"payPageId": "",
"traceId": "70ddf3152a798c554d9751a6d77812ae",
"typeId": "s-crd-grpucjmy5zrk"
},
"transactions": [
{
"date": "2021-05-10 00:51:03",
"type": "charge",
"status": "success",
"url": "https://api.unzer.com/v1/payments/s-pay-131937/charges/s-chg-1",
"amount": "20.0000"
}
]
}
Notifications
We recommend subscribing to the payment event to receive notifications about any changes to the payment resource. As soon as the event is triggered you should fetch the payment and update the order status in your shop according to its status.
{
"event":"payment.pending",
"publicKey":"s-pub-xxxxxxxxxx",
"retrieveUrl":"https://api.unzer.com/v1/payments/s-pay-774",
"paymentId":"s-pay-774"
}
For more details on implementing webhooks to receive notifications, see Notifications page.
Step 4: Display the payment result client side
Use the information from the Check status of the payment step to show payment result to your customer.
This can be the success or error page of your shop. If something went wrong you can use the client message from the API response and show it to the customer.
Manage payment server side
After the successful charge or authorize transaction, you can perform additional operations on the payment resource. Below you can see the most important cases for the Card payment type. For a full reference of managing payments please refer to the relevant Server-side integration documentation page: Manage API resources (direct API calls), Manage API resources (PHP SDK), Manage API resources (Java SDK).
Cancel after authorization (Reversal)
Release the reserved money for the customer’s payment method. It is also possible to perform multiple cancellations for an authorization with partial amounts.
POST https://api.unzer.com/v1/payments/s-pay-1/authorize/cancels
{
"amount" : "10.00"
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$payment = $unzer->fetchPayment('s-pay-1');
$unzer->cancelAuthorizationByPayment($payment, 10.00);
The response looks similar to the following example:
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Authorization authorization = unzer.fetchAuthorization('s-pay-1');
Cancel cancel = authorization.cancel();
Cancel after charge (Refund)
You can refund up to the amount of the received payment. To do this you have to make a Cancel transaction on the Charge transaction.
POST https://api.unzer.com/v1/payments/s-pay-1/charges/s-chg-1/cancels
{
"amount" : "12.450",
"paymentReference": "Test cancel transaction"
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$charge = $unzer->fetchChargeById('s-pay-1', 's-chg-1');
$cancel = $charge->cancel();
Unzer unzer = new Unzer(new HttpClientBasedRestCommunication(), "s-priv-xxxxxxxxxx");
Charge charge = unzer.fetchChargeById("s-pay-1", "s-chg-1");
Cancel cancel = charge.cancel();
Charge after Authorize
You can charge amounts up to the authorized amount with one or more Charge transactions. This is usually the amount from the Authorize transaction, but it can change for example if a reversal is done.
POST https://api.unzer.com/v1/payments/s-pay-188789/charges
{
"amount" : "12.450",
"paymentReference": "Test cancel transaction"
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$charge = $unzer->performChargeOnPayment('s-pay-1', new Charge(10.0));
Unzer unzer = new Unzer(new HttpClientBasedRestCommunication(), "s-priv-xxxxxxxxxx");
Charge charge = unzer.chargeAuthorization("s-pay-1", new BigDecimal("50")
Card use cases
Store credentials for future usage and process recurring transactions-
To start a recurring payment with the UI component, first you have to create the payment type resource. After this, depending on the use case you want to support, follow the steps as described in the following section.
One click
One-click use cases
- The customer is initializing a credit card payment in a web-shop and is storing their credit card credentials during the initial payment.
- The customer is using their stored credit card credentials to initialize a subsequent payment in a web-shop or similar.
To learn more, go to the one-click payment use case page.
Recurring COF, UCOF
Recurring Use cases
- COF/scheduled
- The customer is initializing a subscription web-shop or similar and is directly triggering the initial payment by themselves (CIT/customer initiated transaction).
- The merchant is triggering subsequent payments (MIT/merchant initiated transaction) for this subscription without having the customer in session.
- Each time, the frequency and amount of the payments (mostly) are the same.
To learn more, go to the scheduled payment use case page.
- UCOF/unscheduled
- The customer is initializing a contract in a web-shop or similar and is directly triggering the initial payment by himself (CIT/customer initiated transaction).
- Merchant is triggering subsequent payments (MIT/merchant initiated transaction) for this contract without having the customer in session.
- The frequency or the amount of the payments can be different.
- Examples:
- Prepaid mobile phone contract, where the merchant is initializing a subsequent payment as soon as the wallet balance falls below a defined threshold.
To learn more, go the unscheduled payment use case page.
There are three types of recurrences:
oneclickscheduledunscheduled
Transaction types
After you create a card resource, you have two options:
- Option 1: Charge the card directly
- Option 2: Authorize an amount and charge the card later
Option 1: 1-Step - Direct Charge
To charge the card directly, make a charge transaction with the card resource that you created in the front end or directly via the payment API and provide the recurrenceType according to your recurring use case.
With a successful charge transaction, money is transferred from the customer to the merchant and a payment resource is created. Now you can start initializing subsequent charge transactions by referring to the initial card resource and providing the recurrenceType of the initial payment.
POST https://api.unzer.com/v1/payments/charges
Body:
{
"amount" : "20",
"currency": "EUR",
"returnUrl": "https://www.my-shop-url.de/returnhandler",
"resources" : {
"typeId" : "s-crd-jldsmlmiprwe"
},
"additionalTransactionData": {
"card": {
"recurrenceType": "[oneclick, scheduled, unscheduled]"
}
}
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$card = $unzer->fetchPaymentType('s-crd-0ajzmaxcuvhc');
$chargeResponse = $card->charge('99.99', 'EUR', 'https://unzer.com', null, null, null, null, null, null, null, RecurrenceTypes::ONE_CLICK);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Charge charge = unzer.charge(new BigDecimal("100.0"), Currency.getInstance("EUR"), "s-crd-0ajzmaxcuvhc", new URL("https://www.my-shop-url.de/returnhandler"), RecurrenceType.ONECLICK [ONECLICK, SCHEDULED, UNSCHEDULED]);
The response looks similar to the following example:
{
"id": "s-chg-1",
"isSuccess": false,
"isPending": true,
"isError": false,
"redirectUrl": "https://stg-payment.unzer.com/v1/redirect/crd/s-sGYdGywWpxzW",
"message": {
"code": "COR.000.100.112",
"merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
"customer": "Your payments have been successfully processed in sandbox mode."
},
"amount": "20.0000",
"currency": "EUR",
"returnUrl": "https://www.my-shop-url.de/returnhandler",
"date": "2021-05-10 00:51:03",
"resources": {
"paymentId": "s-pay-131937",
"traceId": "70ddf3152a798c554d9751a6d77812ae",
"typeId": "s-crd-jldsmlmiprwe"
},
"additionalTransactionData": {
"card": {
"recurrenceType": "[oneclick, scheduled, unscheduled]"
}
},
"paymentReference": "",
"processing": {
"uniqueId": "31HA07BC8157BD2BC04D483EFA914465",
"shortId": "4845.3426.1987",
"traceId": "70ddf3152a798c554d9751a6d77812ae"
}
}
Option 2: 2-Step - Authorize and then charge the card
To authorize an amount, make an Authorize transaction with the card resource that you created in the front end or directly via the Payment API and provide the recurrenceType according to your recurring use case. With a successful Authorize transaction, money is reserved on the customer account and a Payment resource is created.
Now you can start initializing subsequent Authorize transactions by referring to the initial card resource and providing the recurrenceType of the initial Payment.
1. Authorize the transaction
POST https://api.unzer.com/v1/payments/authorize
Body:
{
"amount" : "20",
"currency": "EUR",
"returnUrl": "https://www.my-shop-url.de/returnhandler",
"resources" : {
"typeId" : "s-crd-jldsmlmiprwe"
},
"additionalTransactionData": {
"card": {
"recurrenceType": "[oneclick, scheduled, unscheduled]"
}
}
}
$unzer = new Unzer('s-priv-xxxxxxxxx');
$authorize= $card->authorize('99.99', 'EUR', 'https://unzer.com', null, null, null, null, null, null, null, RecurrenceTypes::ONE_CLICK);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Authorization authorization = unzer.authorize(BigDecimal.valueOf(20), Currency.getInstance("EUR"), "s-crd-jldsmlmiprwe", returnUrl, RecurrenceType.ONECLICK [ONECLICK, SCHEDULED, UNSCHEDULED]);
The response looks similar to the following example:
{
"id": "s-aut-1",
"isSuccess": true,
"isPending": false,
"isError": false,
"card3ds": false,
"redirectUrl": "",
"message": {
"code": "COR.000.100.112",
"merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
"customer": "Your payments have been successfully processed in sandbox mode."
},
"amount": "20.0000",
"currency": "EUR",
"returnUrl": "https://www.my-shop-url.de/returnhandler",
"date": "2021-06-04 11:19:10",
"resources": {
"paymentId": "s-pay-8435",
"traceId": "8ee5c53960f8b39839b70799fe224d84",
"typeId": "s-crd-3yx6lamvu2te"
},
"additionalTransactionData": {
"card": {
"recurrenceType": "[oneclick, scheduled, unscheduled]"
}
},
"paymentReference": "",
"processing": {
"uniqueId": "31HA07BC8198C2F9107E0E3536444655",
"shortId": "4867.3194.9885",
"traceId": "8ee5c43960f8b39839b70799fe224d84"
}
}
2. Charge transaction
To charge the authorized amount, make a Charge transaction by referring to the paymentId created with the previous Authorize. With a successful Charge transaction money is transferred from the customer to the merchant. You can charge the specified amount either partially or fully.
POST https://api.unzer.com/v1/payments/s-pay-8435/charges/
Body:
{
"amount": "20",
}
$unzer = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');
$charge = $unzer->performChargeOnPayment('s-pay-1', new Charge(20));
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Authorization authorization = unzer.authorize(BigDecimal.valueOf(20), Currency.getInstance("EUR"), "s-crd-jldsmlmiprwe", returnUrl);
authorization.charge(BigDecimal.valueOf(20));
The response looks similar to the following example:
{
"id": "s-aut-1",
"isSuccess": true,
"isPending": false,
"isError": false,
"card3ds": false,
"redirectUrl": "",
"message": {
"code": "COR.000.100.112",
"merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
"customer": "Your payments have been successfully processed in sandbox mode."
},
"amount": "20.0000",
"currency": "EUR",
"date": "2021-06-04 11:19:10",
"resources": {
"paymentId": "s-pay-8435",
"traceId": "8ee5c53960f8b39839b70799fe224d84",
"typeId": "s-crd-3yx6lamvu2te"
},
"paymentReference": "",
"processing": {
"uniqueId": "31HA07BC8198C2F9107E0E3536444655",
"shortId": "4867.3194.9885",
"traceId": "8ee5c43960f8b39839b70799fe224d84"
}
}
Chargeback
A negative booking on the merchant’s account, which is generally triggered by a return of a charge transaction by the customer or customer’s bank.
Payout
You can use payout to send money to your customer without any reference to previous transactions. Possible use cases for this transaction could be paying out sellers on your marketplace, online gaming, lottery wins, and so on.
To learn more about payouts, see Create a payout
Notifications
We recommend subscribing to the payment event to receive notifications about any changes to the payment resource. As soon as the event is triggered you should fetch the payment and update the order status in your shop according to its status.
{
"event":"payment.pending",
"publicKey":"s-pub-xxxxxxxxxx",
"retrieveUrl":"https://api.unzer.com/v1/payments/s-pay-774",
"paymentId":"s-pay-774"
}
For more details on implementing webhooks to receive notifications, see Notifications page.
Error handling
All requests to the API can result in an error that should be handled. Refer to the Error handling guide to learn more about Unzer API (and other) errors and handling them.
Test & go live
You should always test your integration before going live. First perform test transactions using test data. Next, check against Integration checklist and Go-live checklist to make sure the integration is complete and you’re ready to go live.