Accept Direct Debit Secured with server-side-only integration
Build your own payment form to add Direct Debit Secured to your checkout page
If you are using payment type sepa-direct-debit-secured, note that this method is now deprecated. It is currently supported but there are no further developments planned for them.
If you want to access the relevant documentation, see (Deprecated) Unzer Direct Debit Secured.
Overview
For Direct Debit Secured, you need to provide information about the customer using the customer resource and the purchased products using the basket resource. This is required by Unzer for risk assessment and transaction approval. You are responsible for gathering this data before you authorize the payment. Furthermore, you’re responsible to show the available documents and conditions to the customers.
Before you begin
Before you begin
- Check the basic integration requirements.
- Familiarize yourself with the general Server-side-only integration guide.
Step 1: Create a payment type resource server side
When a customer places an order and selects the Direct Debit Secured payment method, you must create the payment type paylater-direct-debit by sending a request to the Unzer API.
| Parameter | Type | Description |
|---|---|---|
holder (required) |
string |
Specifies the bank account holder’s first and last name |
iban (required) |
string |
Specifies the customer’s IBAN |
While calling create payment method resource at payment API, add CLIENTIP=<Customers IP Address> attribute in the header. The response contains an id, this is later referred to as typeId. You will need this typeId to perform the transaction.
POST https://api.unzer.com/v1/types/paylater-direct-debit
{
"iban" : "DE09500105173983961141",
"holder" : "Max Mustermann"
}
<?php
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$paylaterDirectDebit = new PaylaterDirectDebit(
'DE89370400440532013000',
'Max Mustermann'
);
$unzer->createPaymentType($paylaterDirectDebit);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
PaylaterDirectDebit type = new PaylaterDirectDebit(
"DE09500105173983961141",
"Max Mustermann"
);
PaylaterDirectDebit response = unzer.createPaymentType(type);
The response looks similar to the following example:
{
"id": "s-pdd-xgv3wzpn8n2c",
"method": "paylater-direct-debit",
"recurring": false,
"geoLocation": {
"clientIp": "127.0.0.1",
"countryIsoA2": ""
}
}
For a full description of Direct Debit Secured payment type creation, go to the API reference.
Step 2: Make a payment server side
Step 2: Make a payment [server side] Besides an always mandatory step of creating the paymentType resource, Direct Debit Secured also requires a customer and a basket resource.
Create a customer resource (only B2C)
This step is applicable only if you didn’t create a customer resource yet, on the client side.
To process transactions for b2c customers, the following customer fields are required:
| Parameter | Type | Description |
|---|---|---|
language (required) |
string | The selected language of your customer on your website. |
salutation |
string | Specify the customer’s Salutation. Available values are mr, mrs, unknown. |
firstname (required) |
string | The customer’s first name. |
lastname (required) |
string | The customer’s last name. |
email(required) |
string | The customer’s email address. |
birthDate(required) |
string | The birth date of the customer in ‘YYYY-MM-DD’ format. |
billingAddress(required) |
object | The customer’s billing address. |
billingAddress.name(required) |
string | The customer’s first- & last name for the billing address. |
billingAddress.street(required) |
string | The customer’s street including house number. |
billingAddress.zip (required) |
string | The customer’s postal code. |
billingAddress.city (required) |
string | The customer’s city. |
billingAddress.country (required) |
string | The customer’s country in ISO country code ISO 3166 ALPHA-2 (only for billing address). |
POST https://api.unzer.com/v1/customers
{
"language": "de",
"salutation": "mr",
"firstname": "Max",
"lastname": "Mustermann",
"birthDate": "1972-12-24",
"email": "Max.Mustermann@unzer.com",
"billingAddress" : {
"name" : "Max Mustermann",
"street" : "Vangerowstr. 18",
"zip" : "69115",
"city" : "Heidelberg",
"country" : "DE"
}
}
<?php
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$address = (new Address())
->setName('Max Mustermann')
->setStreet('Vangerowstr. 18')
->setZip('69115')
->setCity('Heidelberg')
->setCountry('DE');
$customer = (new Customer())
->setFirstname('Max')
->setLastname('Mustermann')
->setSalutation(Salutations::MR)
->setCompany('Unzer GmbH')
->setBirthDate('1972-12-24')
->setEmail('Max.Mustermann@unzer.com')
->setMobile('+49 123456789')
->setPhone('+49 123456789')
->setBillingAddress($address)
->setShippingAddress($address);
$unzer->createCustomer($customer);
Address address = new Address();
address
.setName("Max Mustermann")
.setStreet("Vangerowstr. 18")
.setCity("Heidelberg")
.setZip("69115")
.setCountry("DE");
Customer customer = new Customer("Max", "Mustermann");
customer
.setCustomerId(customerId)
.setSalutation(Salutation.mr)
.setEmail("max.mustermann@unzer.com")
.setMobile("+49123456789")
.setBirthDate(getDate("12.12.2000"))
.setBillingAddress(address)
.setShippingAddress(address);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
customer = unzer.createCustomer(customer);
The response looks similar to the following example:
{
"id":"s-cst-c552940bca23"
}
For a full description of customer resource, refer to the relevant server-side integration documentation page: Manage customer (direct API calls).
Create a basket resource
The basket resource stores information about the purchased products, used vouchers, and the shipment costs.
POST https://api.unzer.com/v2/baskets
{
"currencyCode": "EUR",
"totalValueGross": 899.50,
"basketItems": [
{
"title": "Phone Pro",
"basketItemReferenceId": "item-1",
"quantity": 1,
"amountPerUnitGross": 890.00,
"vat": 19,
"type": "goods"
},
{
"title": "Shipment",
"basketItemReferenceId": "ship-1",
"quantity": 1,
"amountPerUnitGross":9.50,
"vat": 19,
"type": "shipment"
}
]
}
$basketItem = (new BasketItem())
->setBasketItemReferenceId('Item-d030efbd4963')
->setQuantity(1)
->setUnit('m')
->setAmountPerUnitGross(890.00)
->setAmountDiscountPerUnitGross(0.00)
->setVat(19.0)
->setTitle('SDM 6 CABLE')
->setSubTitle('This is brand new Mid 2019 version')
->setImageUrl('https://a.storyblok.com/f/91629/x/1ba8deb8cc/unzer_primarylogo__white_rgb.svg')
->setType(BasketItemTypes::GOODS);
$basket = (new Basket())
->setTotalValueGross(899.50)
->setCurrencyCode('EUR')
->setOrderId('Order-12345')
->setNote('Test Basket')
->addBasketItem($basketItem);
$unzer->createBasket($basket);
Unzer unzer=new Unzer("s-priv-xxxxxxxxxx");
BasketItem basketItem=(new BasketItem())
.setBasketItemReferenceId("Item-d030efbd4963")
.setQuantity(1)
.setUnit("m")
.setAmountPerUnitGross(BigDecimal.valueOf(899.50))
.setAmountDiscountPerUnitGross(BigDecimal.valueOf(0.00))
.setVat(BigDecimal.valueOf(19.0))
.setTitle("SDM 6 CABLE")
.setSubTitle("This is brand new Mid 2019 version")
.setImageUrl(new URL("https://a.storyblok.com/f/91629/x/1ba8deb8cc/unzer_primarylogo__white_rgb.svg"))
.setType(BasketItem.Type.GOODS);
Basket basket=new Basket()
.setTotalValueGross(BigDecimal.valueOf(899.50))
.setCurrencyCode(Currency.getInstance("EUR"))
.setOrderId("Order-12345")
.setNote("Test Basket")
.addBasketItem(basketItem);
unzer.createBasket(basket);
The response looks similar to the following example:
{
"id": "s-bsk-17387257b8fa"
}
For a full description of basket resource, refer to the relevant server-side-integration documentation page: Manage basket (direct API calls).
Add the ThreatMetrix script
Add the ThreatMetrix scriptWe use ThreatMetrix for fraud prevention to protect your business from potential fraudsters. For this, insert a code snippet with a unique(!) parameter on your payments page and later, send this parameter as threatMetrixId in the authorize request to us. The next steps are managed by us and no additional steps are required from you.
- Define a 128 byte long and unique variable as identifier for this transaction. Make sure it only consists of the following characters:
- upper and lowercase English letters ([a-z], [A-Z])
- digits (0-9)
- underscore (_)
- hyphen (-)
- Use this variable in the ThreatMetrix script (next step) in the GET parameter
session_idand store it temporarily so that you can also send it in the authorize request later on. - Add the ThreatMetrix script to your payment page. To get full fraud protection, use both the JavaScript part in the section and the iFrame version in the body section of your page.
<html>
<head>
<script type="text/javascript" async
src="https://h.online-metrix.net/fp/tags.js?org_id=363t8kgq&session_id=[SessionID]">
</script>
</head>
<body>
<noscript>
<iframe
style="width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"
src="https://h.online-metrix.net/fp/tags?org_id=363t8kgq&session_id=[SessionID]">
</iframe>
</noscript>
</body>
- Use a merchant identifier (URL without domain additions), append an existing session identifier from a cookie, append the date and time in milliseconds to the end of the identifier and then applying a hexadecimal hash to the concatenated value to produce a completely unique Session ID.
- Use a merchant identifier (URL without domain additions), append an existing session identifier from the web application, and apply a hexadecimal hash to the value to obfuscate the identifier.
Example:merchantshop_cd-695a7565-979b-4af9
Thesession_idmust be stored temporarily for later use in XML request.
Make an authorize transaction
Now, make an authorize transaction with the paylater-direct-debit resource that you created earlier. With a successful authorize transaction, the amount is authorized and a payment resource is created. At this point no money has been transferred but the amount is reserved.
| Parameter | Type | Description |
|---|---|---|
amount(required) |
float | The authorization amount. |
currency(required) |
string | The authorization currency, in the ISO 4217 alpha-3 format (for example, EUR) |
orderId |
string | Your customer facing order number (if available at that point) |
customerId (required) |
string | The ID of the customers resource to be used (for example, s-cst-e692f3892497) |
basketId (required) |
string | The basket ID for the payment (such as s-bsk-17387257b8fa) |
typeId (required) |
string | The ID of the payment type resource to be used (such as s-pdd-uzqvosum7m2c) |
Provide the customer risk information
To increase the acceptance rate and reduce fraud of your Unzer Direct Debit payments, we strongly recommend that you provide additional information about your customer. The following fields can be provided to allow us to apply a detailed risk check:
| Parameter | Type | Description |
|---|---|---|
threatMetrixId |
string | The ThreatMetrix session ID |
customerGroup |
string | Customer classification for the customer if known valid values: TOP: Customers with more than 3 paid* transactions GOOD: Customers with more than 1 paid* transactions BAD: Customers with defaulted/fraudulent orders NEUTRAL: Customers without paid* transactions |
confirmedAmount |
string | The amount/value of the successful transactions paid by the end customer |
confirmedOrders |
string | The number of successful transactions paid* by the end customer |
registrationLevel |
string | Customer registration level 0=guest, 1=registered |
registrationDate |
string | Customer registration date in your shop (YYYYMMDD) |
*paid: A paid transaction is a transaction where you have the payment status of the customer for previous transactions (external factoring invoice, installment or direct debit transactions must be excluded because you might have no information about the actual payment status of the customer).
Authorize request
POST https://api.unzer.com/v1/payments/authorize
Body
{
"amount": "899.50",
"currency": "EUR",
"orderId": "BE-123456",
"resources": {
"customerId": "s-cst-e692f3892497",
"typeId": "s-pdd-40icjufs0qca",
"basketId": "s-bsk-17387257b8fa"
},
"additionalTransactionData": {
"riskData": {
"threatMetrixId": "merchantshop_cd-695a7565-979b-4af9",
"customerGroup":"TOP",
"customerId":"C-122345",
"confirmedAmount":"2569",
"confirmedOrders":"4",
"registrationLevel":"1",
"registrationDate":"20160412"
}
}
}
$unzer = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');
$riskData = (new RiskData())
->setThreatMetrixId('merchantshop_cd-695a7565-979b-4af9')
->setCustomerGroup('TOP')
->setConfirmedAmount('2569')
->setConfirmedOrders('14')
->setRegistrationLevel('1')
->setRegistrationDate('20160412');
$authorizationInstance = (new Authorization(899.50, 'EUR', $returnUrl))
->setRiskData($riskData)
$paymentType = new PaylaterDirectDebit();
$transaction = $unzer->performAuthorization($authorizationInstance, $paymentType, $customer, null, $basket);
Authorization authorize = unzer.authorize((Authorization) new Authorization()
.setAmount(BigDecimal.valueOf(899.50))
.setCurrency(Currency.getInstance("EUR"))
.setTypeId(type.getId())
.setCustomerId(customer.getId())
.setReturnUrl(unsafeUrl("https://shop.de")));
The response looks similar to the following example:
{
"id": "s-aut-1",
"isSuccess": true,
"isPending": false,
"isResumed": false,
"isError": false,
"message": {
"code": "COR.000.000.000",
"merchant": "Transaction succeeded",
"customer": "Your payments have been successfully processed."
},
"amount": "899.50",
"currency": "EUR",
"returnUrl": "",
"date": "2023-04-13 14:20:07",
"resources": {
"customerId": "s-cst-e692f3892497",
"paymentId": "s-pay-8",
"basketId": "s-bsk-17387257b8fa",
"traceId": "",
"typeId": "s-pdd-40icjufs0qca"
},
"additionalTransactionData": {
"riskData": {
"threatMetrixId": "merchantshop_cd-695a7565-979b-4af9",
"customerGroup": "TOP",
"customerId": "C-122345",
"confirmedAmount": "2569",
"confirmedOrders": "4",
"registrationLevel": "1",
"registrationDate": "20160412"
}
},
"orderId": "BE-123456",
"paymentReference": "",
"processing": {
"uniqueId": "Tx-e5wkw4kt7mj",
"shortId": "Tx-e5wkw4kt7mj",
"descriptor": "TBGW-LGKS-WKZV",
"traceId": ""
}
}
For more details on managing Direct Debit Secured payments, see Manage Direct Debit Secured payments.
Step 3: Check status of the payment server side
Step 3: Check status of the payment [server side] Once the transaction is made, you can fetch the payment details from the API, by using the resources.paymentId from the authorize response above to handle the payment according to its status, such as s-pay-124. Check all possible payment states here.
GET: https://api.unzer.com/v1/payments/s-pay-xxxxxxx
<?php
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$payment = $unzer->fetchPayment('s-pay-1');
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Payment payment = unzer.fetchPayment("s-pay-1");
Step 4: Display the payment result client side
Step 4: Display the payment result [client side] Use the information from the Check status of the payment step to display the payment result to your customer.
This can be the success or error page of your shop. If something went wrong, you can use the client message from the API response and show it to the customer.
Manage payment server side
For more details on managing Direct Debit Secured payments, such as refunding them, see Manage Direct Debit Secured payments.
Notifications
NotificationsWe recommend subscribing to the payment event to receive notifications about any changes to the payment resource. As soon as the event is triggered you should fetch the payment and update the order status in your shop according to its status.
{
"event":"payment.pending",
"publicKey":"s-pub-xxxxxxxxxx",
"retrieveUrl":"https://api.unzer.com/v1/payments/s-pay-774",
"paymentId":"s-pay-774"
}
For more details on implementing webhooks to receive notifications, see Notifications page.
Error handling
Error handlingAll requests to the API can result in an error that should be handled. Refer to the Error handling guide to learn more about Unzer API (and other) errors and handling them.
Test & go live
Test & go liveYou should always test your integration before going live. First perform test transactions using test data. Next, check against Integration checklist and Go-live checklist to make sure the integration is complete and you’re ready to go live.