alt

Important information

There was an update of Unzer TLS/SSL certificates. Learn more

Unzer

Accept Card with a server-side-only integration

Use your own UI to add Card payment to your checkout page.

Overview

Card payment method does require some input from the customer on the merchant website like credit card number or expiry date. You can see an example of Card frame component on our demo page.

When integrating card payments with your own UI you need to take care of being PCI compliant. For details please see PCI compliance guide.

Before you begin

Step 1: Create a Payment Type resource
server side

Data for the card payment:

Parameter Type Description
number (required) string The card number.
expiryDate (required) string The card expiration date, in the MM/YY format.
cvc (required) string The card verification code.
cardHolder string The card holder’s name.
email string The email of the customer.
icon
Email of the card holder is required by the 3DS regulatory standard. You can either add an email field to your form or send a customer resource containing the email with the transaction in Step 2. We recommend the latter.

When creating the payment type card you need to pass the user data to your server backend, and send a request to the Unzer API. The response will contain an id , this is later referred to as typeId. You will need this typeId to perform the transaction.

POST https://api.unzer.com/v1/types/card

{
  "number" : "4444333322221111",
  "expiryDate" : "04/25",
  "cvc": "123",
  "3ds": "false",
  "cardHolder": "Max Mustermann"
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$card = new Card('4444333322221111', '04/25', 'max.mustermann@unzer.com');
$card->setCvc('123')->setCardHolder('Max Mustermann');
$unzer->createPaymentType($card);
// get the BIC from your payment form.
Unzer Unzer = new Unzer("s-priv-xxxxxxxxxx");
Card card = new Card("4444333322221111", "04/25");
card.setCvc("123");
card.set3ds(false);
card.setCardHolder("Max Mustermann");
card = unzer.createPaymentType(card);

The response looks similar to the following example:

{
    "id": "s-crd-wln5j3zcmjzi",
    "method": "card",
    "number": "444433******1111",
    "brand": "VISA",
    "cvc": "***",
    "expiryDate": "04/2025",
    "3ds": false,
    "cardHolder": "Test Card Holder",
    "cardDetails": {
        "cardType": "",
        "account": "CREDIT",
        "countryIsoA2": "US",
        "countryName": "UNITED STATES",
        "issuerName": "",
        "issuerUrl": "",
        "issuerPhoneNumber": ""
      },
   "geoLocation": {
     "clientIp": "115.77.189.143",
     "countryCode": "VN"
  }
}

For a full description of card payment type creation, check API reference.

Step 2: Make a payment
server side

Charge or Authorize

After you create a card resource, you have two options:

  • Option 1: Charge the card directly
  • Option 2: Authorize an amount and charge the card later

Option 1: Charge the card directly

To charge the card directly, make a charge transaction with the card resource that you created in the frontend. With a successful charge transaction, money is transferred from the customer to the merchant and a payment resource is created.

POST https://api.unzer.com/v1/payments/charges
   
Body:
{
  "amount" : "20",
  "currency": "EUR",
  "returnUrl": "https://www.my-shop-url.de/returnhandler",
  "resources" : {
    "typeId" : "s-crd-jldsmlmiprwe"
  }
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$card = $unzer->fetchPaymentType('s-crd-0ajzmaxcuvhc');
$charge = $card->charge(20.0, 'EUR', 'https://www.my-shop-url.de/returnhandler');
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Charge charge = unzer.charge(new BigDecimal("100.0"), Currency.getInstance("EUR"), "s-crd-0ajzmaxcuvhc", new URL("https://www.my-shop-url.de/returnhandler"));

The response looks similar to the following example:

{
    "id": "s-chg-1",
    "isSuccess": false,
    "isPending": true,
    "isError": false,
    "redirectUrl": "https://stg-payment.unzer.com/v1/redirect/crd/s-sGYdGywWpxzW",
    "message": {
        "code": "COR.000.100.112",
        "merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
        "customer": "Your payments have been successfully processed in sandbox mode."
    },
    "amount": "20.0000",
    "currency": "EUR",
    "returnUrl": "https://www.my-shop-url.de/returnhandler",
    "date": "2021-05-10 00:51:03",
    "resources": {
        "paymentId": "s-pay-131937",
        "traceId": "70ddf3152a798c554d9751a6d77812ae",
        "typeId": "s-crd-jldsmlmiprwe"
    },
    "paymentReference": "",
    "processing": {
        "uniqueId": "31HA07BC8157BD2BC04D483EFA914465",
        "shortId": "4845.3426.1987",
        "traceId": "70ddf3152a798c554d9751a6d77812ae"
    }
}

For a full description of the charge transaction, refer to the relevant server-side integration documentation page: Charge a payment (direct API calls), Charge a payment (PHP SDK), Charge a payment (Java SDK).

Option 2: Authorize and then charge the card

To authorize an amount, make an Authorize transaction with the card resource that you created in the frontend. With a successful Authorize transaction, money is reserved on the customer account and a Payment resource is created.

POST https://api.heidelpay.com/v1/payments/authorize


 Body:
{
  "amount" : "20",
  "currency": "EUR",
  "returnUrl": "https://www.my-shop-url.de/returnhandler",
  "resources" : {
    "typeId" : "s-crd-jldsmlmiprwe"
  }
}
$unzer     = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');

$chargeInstance = new Charge(100.00, 'EUR', $returnUrl);
$typeId = 's-crd-jldsmlmiprwe';
$transaction = $unzer->performCharge($chargeInstance, $typeId);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Authorization authorization = unzer.authorize(BigDecimal.valueOf(20), Currency.getInstance("EUR"), "s-crd-jldsmlmiprwe", returnUrl);

The response looks similar to the following example:

{
    "id": "s-aut-1",
    "isSuccess": true,
    "isPending": false,
    "isError": false,
    "card3ds": false,
    "redirectUrl": "",
    "message": {
        "code": "COR.000.100.112",
        "merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
        "customer": "Your payments have been successfully processed in sandbox mode."
    },
    "amount": "20.0000",
    "currency": "EUR",
    "returnUrl": "https://www.my-shop-url.de/returnhandler",
    "date": "2021-06-04 11:19:10",
    "resources": {
        "paymentId": "s-pay-8435",
        "traceId": "8ee5c53960f8b39839b70799fe224d84",
        "typeId": "s-crd-3yx6lamvu2te"
    },
    "paymentReference": "",
    "processing": {
        "uniqueId": "31HA07BC8198C2F9107E0E3536444655",
        "shortId": "4867.3194.9885",
        "traceId": "8ee5c43960f8b39839b70799fe224d84"
    }
}

For a full description of the authorize transaction please refer to relevant server-side integration documentation page: authorize a payment (direct API calls), Authorize a payment (PHP SDK), Authorize a payment (Java SDK).

To charge the authorized amount, make a Charge transaction by referring to the paymentId created with the previous Authorize. With a successful Charge transaction money is transferred from the customer to the merchant. You can charge the specified amount either partially or fully.

POST https://api.heidelpay.com/v1/payments/s-pay-8435/charges/
   
Body:
{
    "amount": "20",
}
$unzer     = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');

$charge = new Charge(20.00);
$unzer->performChargeOnPayment('s-pay-1', $charge);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Authorization authorization = unzer.authorize(BigDecimal.valueOf(20), Currency.getInstance("EUR"), "s-crd-jldsmlmiprwe", returnUrl);
authorization.charge(BigDecimal.valueOf(20));

The response looks similar to the following example:

{
    "id": "s-aut-1",
    "isSuccess": true,
    "isPending": false,
    "isError": false,
    "card3ds": false,
    "redirectUrl": "",
    "message": {
        "code": "COR.000.100.112",
        "merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
        "customer": "Your payments have been successfully processed in sandbox mode."
    },
    "amount": "20.0000",
    "currency": "EUR",
    "date": "2021-06-04 11:19:10",
    "resources": {
        "paymentId": "s-pay-8435",
        "traceId": "8ee5c53960f8b39839b70799fe224d84",
        "typeId": "s-crd-3yx6lamvu2te"
    },
    "paymentReference": "",
    "processing": {
        "uniqueId": "31HA07BC8198C2F9107E0E3536444655",
        "shortId": "4867.3194.9885",
        "traceId": "8ee5c43960f8b39839b70799fe224d84"
    }
}

3D Secure

It is possible 3ds will not be applied that means both of the following workflows need to be implemented:

  1. Redirect URL is returned → redirect to RedirectURL.
  2. Redirect URL is not present → ‘manual’ redirect to Return Url to handle the result of the Transaction.

If 3DS challenge is applied the charge or authorize call will return a redirectUrl. Use this URL to forward the customer to his bank 3DS page. The customer needs to enter his credentials on the page and confirm the transaction. After that he will be forwarded to the returnUrl which was part of the initial transaction request.

If 3DS challenge don’t has to be applied the charge or authorize call won’t return a redirectUrl.
Redirect

To learn more about 3D Secure and to see a full description of the checkout flow with 3-D Secure, please check 3D Secure page.

Step 3: Check status of the payment
server side

Once the customer is redirected to the returnUrl, you can fetch the payment details from the API, by using the resources.paymentId from the Charge response above to handle the payment according to its status. If the status of the payment is completed, the payment process has been finished successfully and can be considered as paid. Check all possible payment states here.

GET https://api.unzer.com/v1/payments/{resource_ID}>/charges/{transaction_ID}

{
    "id": "s-pay-131937",
    "state": {
        "id": 1,
        "name": "completed"
    },
    "amount": {
        "total": "20.0000",
        "charged": "20.0000",
        "canceled": "0.0000",
        "remaining": "0.0000"
    },
    "currency": "EUR",
    "orderId": "",
    "invoiceId": "",
    "resources": {
        "customerId": "",
        "paymentId": "s-pay-131937",
        "basketId": "",
        "metadataId": "",
        "payPageId": "",
        "traceId": "70ddf3152a798c554d9751a6d77812ae",
        "typeId": "s-crd-grpucjmy5zrk"
    },
    "transactions": [
        {
            "date": "2021-05-10 00:51:03",
            "type": "charge",
            "status": "success",
            "url": "https://api.unzer.com/v1/payments/s-pay-131937/charges/s-chg-1",
            "amount": "20.0000"
        }
    ]
}

Notifications

We recommend subscribing to the payment event to receive notifications about any changes to the payment resource. As soon as the event is triggered you should fetch the payment and update the order status in your shop according to its status.

  {
    "event":"payment.pending",
    "publicKey":"s-pub-xxxxxxxxxx",
    "retrieveUrl":"https://api.unzer.com/v1/payments/s-pay-774",
    "paymentId":"s-pay-774"
  }

For more details on implementing webhooks to receive notifications, see Notifications page.

Step 4: Display the payment result
client side

Use the information from the Check status of the payment step to show payment result to your customer.
This can be the success or error page of your shop. If something went wrong you can use the client message from the API response and show it to the customer.

Manage payment
server side

After the successful charge or authorize transaction, you can perform additional operations on the payment resource. Below you can see the most important cases for the Card payment type. For a full reference of managing payments please refer to the relevant Server-side integration documentation page: Manage API resources (direct API calls), Manage API resources (PHP SDK), Manage API resources (Java SDK).

Cancel after authorization (Reversal)

Release the reserved money for the customer’s payment method. It is also possible to perform multiple cancellations for an authorization with partial amounts.

POST https://api.unzer.com/v1/payments/s-pay-1/authorize/cancels

{
  "amount" : "10.00"
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$payment = $unzer->fetchPayment('s-pay-1');
$unzer->cancelAuthorizationByPayment($payment, 10.00);

The response looks similar to the following example:

Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Authorization authorization = unzer.fetchAuthorization('s-pay-1');
Cancel cancel = authorization.cancel();

Cancel after charge (Refund)

You can refund up to the amount of the received payment. To do this you have to make a Cancel transaction on the Charge transaction.

POST https://api.unzer.com/v1/payments/s-pay-1/charges/s-chg-1/cancels
{
  "amount" : "12.450",
  "paymentReference": "Test cancel transaction"
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$charge = $unzer->fetchChargeById('s-pay-1', 's-chg-1');
$cancel = $charge->cancel();
Unzer unzer = new Unzer(new HttpClientBasedRestCommunication(), "s-priv-xxxxxxxxxx");
Charge charge = unzer.fetchChargeById("s-pay-1", "s-chg-1");
Cancel cancel = charge.cancel();

Charge after Authorize

You can charge amounts up to the authorized amount with one or more Charge transactions. This is usually the amount from the Authorize transaction, but it can change for example if a reversal is done.

POST https://api.unzer.com/v1/payments/s-pay-188789/charges

{
  "amount" : "12.450",
  "paymentReference": "Test cancel transaction"
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$charge = $unzer->performChargeOnPayment('s-pay-1', new Charge(10.0));
Unzer unzer = new Unzer(new HttpClientBasedRestCommunication(), "s-priv-xxxxxxxxxx");
Charge charge = unzer.chargeAuthorization("s-pay-1", new BigDecimal("50")

Card use cases

Store credentials for future usage and process recurring transactions-

To start a recurring payment with the UI component, first you have to create the payment type resource. After this, depending on the use case you want to support, follow the steps as described in the following section.

One click

One-click use cases

  • The customer is initializing a credit card payment in a webshop and is storing their credit card credentials during the initial payment.
  • The customer is using their stored credit card credentials to initialize a subsequent payment in a webshop or similar.

To learn more, go to the one-click payment use case page.

Recurring COF, UCOF

Recurring Use cases

  • COF/scheduled
    • The customer is initializing a subscription webshop or similar and is directly triggering the initial payment by themselves (CIT/customer initiated transaction).
    • The merchant is triggering subsequent payments (MIT/merchant initiated transaction) for this subscription without having the customer in session.
    • Each time, the frequency and amount of the payments (mostly) are the same.

To learn more, go to the scheduled payment use case page.

  • UCOF/unscheduled
    • The customer is initializing a contract in a webshop or similar and is directly triggering the initial payment by himself (CIT/customer initiated transaction).
    • Merchant is triggering subsequent payments (MIT/merchant initiated transaction) for this contract without having the customer in session.
    • The frequency and/or amount of the payments can be different.
    • Examples:
      • Prepaid mobile phone contract, where the merchant is initializing a subsequent payment as soon as the wallet balance falls below a defined threshold.

To learn more, go the unscheduled payment use case page.

There are three types of recurrences:

  • oneclick
  • scheduled
  • unscheduled

Transaction types

After you create a card resource, you have two options:

  • Option 1: Charge the card directly
  • Option 2: Authorize an amount and charge the card later

Option 1: 1-Step - Direct Charge

To charge the card directly, make a charge transaction with the card resource that you created in the front end or directly via the payment API and provide the recurrenceType according to your recurring use case.

One-step

With a successful charge transaction, money is transferred from the customer to the merchant and a payment resource is created. Now you can start initializing subsequent charge transactions by referring to the initial card resource and providing the recurrenceType of the initial payment.

POST https://api.unzer.com/v1/payments/charges
   
Body:
{
  "amount" : "20",
  "currency": "EUR",
  "returnUrl": "https://www.my-shop-url.de/returnhandler",
  "resources" : {
    "typeId" : "s-crd-jldsmlmiprwe"
  },
    "additionalTransactionData": {
        "card": {
            "recurrenceType": "[oneclick, scheduled, unscheduled]"
        }
    }
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$card = $unzer->fetchPaymentType('s-crd-0ajzmaxcuvhc');
$chargeResponse = $card->charge('99.99', 'EUR', 'https://unzer.com', null, null, null, null, null, null, null, RecurrenceTypes::ONE_CLICK);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Charge charge = unzer.charge(new BigDecimal("100.0"), Currency.getInstance("EUR"), "s-crd-0ajzmaxcuvhc", new URL("https://www.my-shop-url.de/returnhandler"), RecurrenceType.ONECLICK [ONECLICK, SCHEDULED, UNSCHEDULED]);

The response looks similar to the following example:

{
    "id": "s-chg-1",
    "isSuccess": false,
    "isPending": true,
    "isError": false,
    "redirectUrl": "https://stg-payment.unzer.com/v1/redirect/crd/s-sGYdGywWpxzW",
    "message": {
        "code": "COR.000.100.112",
        "merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
        "customer": "Your payments have been successfully processed in sandbox mode."
    },
    "amount": "20.0000",
    "currency": "EUR",
    "returnUrl": "https://www.my-shop-url.de/returnhandler",
    "date": "2021-05-10 00:51:03",
    "resources": {
        "paymentId": "s-pay-131937",
        "traceId": "70ddf3152a798c554d9751a6d77812ae",
        "typeId": "s-crd-jldsmlmiprwe"
    },
    "additionalTransactionData": {
    "card": {
        "recurrenceType": "[oneclick, scheduled, unscheduled]"
      }
    },
    "paymentReference": "",
    "processing": {
        "uniqueId": "31HA07BC8157BD2BC04D483EFA914465",
        "shortId": "4845.3426.1987",
        "traceId": "70ddf3152a798c554d9751a6d77812ae"
    }
}

Option 2: 2-Step - Authorize and then charge the card

To authorize an amount, make an Authorize transaction with the card resource that you created in the front end or directly via the Payment API and provide the recurrenceType according to your recurring use case. With a successful Authorize transaction, money is reserved on the customer account and a Payment resource is created.

Two-step

Now you can start initializing subsequent Authorize transactions by referring to the initial card resource and providing the recurrenceType of the initial Payment.

1. Authorize the transaction
POST https://api.unzer.com/v1/payments/authorize


 Body:
{
  "amount" : "20",
  "currency": "EUR",
  "returnUrl": "https://www.my-shop-url.de/returnhandler",
  "resources" : {
    "typeId" : "s-crd-jldsmlmiprwe"
  },
  "additionalTransactionData": {
      "card": {
          "recurrenceType": "[oneclick, scheduled, unscheduled]"
      }
  }
}
$unzer = new Unzer('s-priv-xxxxxxxxx');
$authorize= $card->authorize('99.99', 'EUR', 'https://unzer.com', null, null, null, null, null, null, null, RecurrenceTypes::ONE_CLICK);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Authorization authorization = unzer.authorize(BigDecimal.valueOf(20), Currency.getInstance("EUR"), "s-crd-jldsmlmiprwe", returnUrl, RecurrenceType.ONECLICK [ONECLICK, SCHEDULED, UNSCHEDULED]);

The response looks similar to the following example:

{
    "id": "s-aut-1",
    "isSuccess": true,
    "isPending": false,
    "isError": false,
    "card3ds": false,
    "redirectUrl": "",
    "message": {
        "code": "COR.000.100.112",
        "merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
        "customer": "Your payments have been successfully processed in sandbox mode."
    },
    "amount": "20.0000",
    "currency": "EUR",
    "returnUrl": "https://www.my-shop-url.de/returnhandler",
    "date": "2021-06-04 11:19:10",
    "resources": {
        "paymentId": "s-pay-8435",
        "traceId": "8ee5c53960f8b39839b70799fe224d84",
        "typeId": "s-crd-3yx6lamvu2te"
    },
    "additionalTransactionData": {
      "card": {
        "recurrenceType": "[oneclick, scheduled, unscheduled]"
      }
    },
    "paymentReference": "",
    "processing": {
        "uniqueId": "31HA07BC8198C2F9107E0E3536444655",
        "shortId": "4867.3194.9885",
        "traceId": "8ee5c43960f8b39839b70799fe224d84"
    }
}
2. Charge transaction

To charge the authorized amount, make a Charge transaction by referring to the paymentId created with the previous Authorize. With a successful Charge transaction money is transferred from the customer to the merchant. You can charge the specified amount either partially or fully.

POST https://api.unzer.com/v1/payments/s-pay-8435/charges/
   
Body:
{
    "amount": "20",
}
$unzer     = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');
$charge = $unzer->performChargeOnPayment('s-pay-1', new Charge(20));
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Authorization authorization = unzer.authorize(BigDecimal.valueOf(20), Currency.getInstance("EUR"), "s-crd-jldsmlmiprwe", returnUrl);
authorization.charge(BigDecimal.valueOf(20));

The response looks similar to the following example:

{
    "id": "s-aut-1",
    "isSuccess": true,
    "isPending": false,
    "isError": false,
    "card3ds": false,
    "redirectUrl": "",
    "message": {
        "code": "COR.000.100.112",
        "merchant": "Request successfully processed in 'Merchant in Connector Test Mode'",
        "customer": "Your payments have been successfully processed in sandbox mode."
    },
    "amount": "20.0000",
    "currency": "EUR",
    "date": "2021-06-04 11:19:10",
    "resources": {
        "paymentId": "s-pay-8435",
        "traceId": "8ee5c53960f8b39839b70799fe224d84",
        "typeId": "s-crd-3yx6lamvu2te"
    },
    "paymentReference": "",
    "processing": {
        "uniqueId": "31HA07BC8198C2F9107E0E3536444655",
        "shortId": "4867.3194.9885",
        "traceId": "8ee5c43960f8b39839b70799fe224d84"
    }
}

Chargeback

A negative booking on the merchant’s account, which is generally triggered by a return of a charge transaction by the customer or customer’s bank.

Payout

You can use payout to send money to your customer without any reference to previous transactions. Possible use cases for this transaction could be paying out sellers on your marketplace, online gaming, lottery wins, and so on.

To learn more about payouts, see Create a payout

Notifications

We recommend subscribing to the payment event to receive notifications about any changes to the payment resource. As soon as the event is triggered you should fetch the payment and update the order status in your shop according to its status.

  {
    "event":"payment.pending",
    "publicKey":"s-pub-xxxxxxxxxx",
    "retrieveUrl":"https://api.unzer.com/v1/payments/s-pay-774",
    "paymentId":"s-pay-774"
  }

For more details on implementing webhooks to receive notifications, see Notifications page.

Error handling

All requests to the API can result in an error that should be handled. Refer to the Error handling guide to learn more about Unzer API (and other) errors and handling them.

Test & go live

You should always test your integration before going live. First perform test transactions using test data. Next, check against Integration checklist and Go-live checklist to make sure the integration is complete and you’re ready to go live.

See also