Accept Direct Debit Secured with UI components
Use Unzer UI component to add Direct Debit Secured payment to your checkout page.
If you are using payment type sepa-direct-debit-secured
, note that this method is now deprecated. It is currently supported but there are no further developments planned for them.
If you want to access the relevant documentation, see (Deprecated) Unzer Direct Debit Secured.
Overview
Using UI components for Direct Debit Secured, you create a paylater-direct-debit
payment type resource that is used to make the payment. You can check a demo version of the component here. Basic steps for integrating using UI components are the same for all payment methods and you can read about them here.
With Direct Debit Secured you need to provide information about the customer via a customer
resource and the purchased products via a basket
resource when you make the transaction. This is required for customer assessment and transaction approval. You will also need the customer information to create the invoice document. You are responsible for gathering this data during the checkout.
Before you begin
Before you begin- Check the basic integration requirements.
- Familiarize yourself with general guide on integrating using UI components.
Step 1: Add UI components to your payment pageclient side
Step 1: Add UI components to your payment page [client side]First, you need to initiate our UI components library and add the payment form to your payment page.
Initiate UI component
Initiate UI componentLoad our JS script and CSS stylesheet
Load our JS script and CSS stylesheetInclude Unzer’s script and stylesheet on your website.
Always load the script and stylesheet directly from Unzer:
<link rel="stylesheet" href="https://static.unzer.com/v1/unzer.css" />
<script type="text/javascript" src="https://static.unzer.com/v1/unzer.js"></script>
To make your website load faster, insert JavaScript scripts at the bottom of your HTML document.
To minimize the risk of Unzer styles affecting the styles of your webpage, we suggest putting unzer.css on top of other imported CSS files.
Create an Unzer instance
Create an Unzer instanceCreate an unzer
instance with your public key:
// Creating an unzer instance with your public key
var unzerInstance = new unzer('s-pub-xxxxxxxxxx');
In the previous example, we used a placeholder API key for example purposes. You should replace it with your public key.
Localization and languages
Localization and languagesWe support localization with locale option parameters. Check the Localization page for a list of all the supported locales.
The auto option (applied by default) uses the client’s browser language.
Here you can see how to set the language, in our case ‘de-DE’ - to do so, add a comma separated parameter to your unzer
instance:
// Creating an unzer instance with your public key
var unzerInstance = new unzer('s-pub-xxxxxxxxxx', {locale: 'de-DE'});
Implement the payment form
Option 1: Implement with customer form
If you don’t have information about the customer (and the corresponding customerID) or want to update information of an already existing customer, you can do so using customer form. Check Customer UI component page for more information.
Insert the customer form
To use the customer form effectively, you must insert it into your payment form. We recommend placing it above the payment elements.
Here is an example:
<form id="example-payment-form" class="unzerUI form" novalidate>
<div id="example-customer" class="field">
<!-- The customer form UI elements will be inserted here -->
</div>
<div id="example-paylater-direct-debit">
<!-- The payment form UI elements will be inserted here -->
</div>
<div id="error-holder" class="field" style="color: #d0021b">
<!-- Errors will be inserted here -->
</div>
<!-- Submit button (hidden and disabled) -->
<button class="unzerUI primary button fluid" disabled type="submit">Pay</button>
</form>
Create the customer resource
A customer
resource is created like a payment type with the UI components. Please make sure to set the option paymentTypeName
to allow rendering a specialized form for this payment type.
const customer = unzerInstance.Customer();
customer.create({containerId: 'customer', paymentTypeName: 'paylater-direct-debit'});
Update the customer resource
To render the customer form, you will need to call the Customer.update()
function instead of Customer.create()
. In case you want to initialize the form with the data of an already created customer, you will need to call the Customer.initFormFields()
function before calling Customer.update()
.
const customer = unzerInstance.Customer();
// Initialize customer form with existing B2C customer data
customer.initFormFields({
"salutation": "mr",
"firstname": "Rainer",
"lastname": "Zufall",
"birthDate": "1980-06-22",
"email": "rainer.zufall@domain.de",
"language": "de",
"phone": "+49 152 987654321",
"billingAddress": {
"name": "Rainer Zufall",
"street": "Unzerstraße 18",
"zip": "22767",
"city": "Hamburg",
"country": "DE"
},
"shippingAddress": {
"name": "Rainer Zufall",
"street": "Unzerstraße 18",
"zip": "22767",
"city": "Hamburg",
"country": "DE",
"shippingType": "equals-billing"
}
})
// Call the update function that will initialize the form with existing customer data
// You need to pass the customerId, and the containerId
customer.update('s-cst-b7e502fcbb10', {
containerId: 'customer',
paymentTypeName: 'paylater-direct-debit'
})
Optionally, you can add a custom event listener that sends the validation result of all input fields
// Note: the event listener has to be called before the `update()` call
customer.addEventListener('validate', function(e) {
if (e.success) {
// run some code (for example, enable the `pay` button)
} else {
// run some code (for example, disable the `pay` button)
}
})
Option 2: Create the customer on the server side
You can also use the customer data provided by your shop system to create the customer
resource on the server side. This way you can omit rendering the customer form in the front end and create the resource and use the ID in your transaction request. Go to the Create Customer Resource section for details on this approach. for more details.
In that case you just need to render the payment type form and create a simple HTML button on the client side:
<form id="payment-form">
<div id="example-paylater-direct-debit">
<!-- The payment form UI elements will be inserted here -->
</div>
<div id="error-holder" class="field" style="color: #9f3a38">
<!-- Errors will be inserted here -->
</div>
<button class="unzerUI primary button fluid" disabled type="submit">Pay</button>
</form>
Create the payment type resource
To create a payment type resource – a Direct Debit Secured instance, call the unzerInstance.PaylaterDirectDebit()
method:
const paylaterDirectDebit = unzerInstance.PaylaterDirectDebit()
paylaterDirectDebit.create('paylater-direct-debit', {
containerId: 'example-paylater-direct-debit'
})
Please make sure to pass valid parameters to the create
function.
Parameter | Type | Description | Default value |
---|---|---|---|
containerId (required) | String | The HTML ID of the DOM element, where the UI component will be inserted. | - |
threatMetrixId | String | A unique identifier for the transaction. For more details, see Add the ThreatMetrix script. If set, the ThreatMetrix script shall be called automatically after successful payment type form rendering. | - |
If you are using our UI components, you can just pass along the unique session ID (threatMetrixId), as described above. The UI components will automatically load and invoke the threatMetrix scripts for you.
If you decide to not use our ThreatMetrix integration (for example, if you are using custom ui components), then you need to proceed as described here Add the ThreatMetrix script.
Add an event listener and submit the form
Option 1: Without the customer form
Get the HTML form by its unique ID and add an event listener.
Inside, create a Promise
on the paylaterDirectDebit
object. The Promise
gets either resolved or rejected:
const form = document.getElementById('payment-form');
form.addEventListener('submit', function(event) {
event.preventDefault();
paylaterDirectDebit.createResource()
.then(function(result) {
let typeId = result.id;
// submit the payment type ID to your server-side integration
})
.catch(function(error) {
document.getElementById('error-holder').innerText = error.customerMessage || error.message || 'Error'
})
});
Option 2: With the customer create/update form
Get the HTML form by its unique ID and add an event listener.
Create a Promise
for the customer and the paylaterDirectDebit
object and handle them with Promise.all()
.
Please Check Customer form with payment for more information for more information.
const form = document.getElementById('payment-form');
form.addEventListener('submit', function(event) {
event.preventDefault();
let customerPromise = customer.createCustomer();
let paylaterDirectDebitPromise = paylaterDirectDebit.createResource();
Promise.all([paylaterDirectDebitPromise, customerPromise])
.then(function(values) {
let typeId = values[0].id;
let customerId = values[1].id;
// Submit the IDs to your server-side integration.
})
.catch(function(error) {
document.getElementById('error-holder').innerText = error.customerMessage || error.message || 'Error'
})
});
const form = document.getElementById('payment-form');
form.addEventListener('submit', function(event) {
event.preventDefault();
let customerPromise = customer.updateCustomer();
let paylaterDirectDebitPromise = paylaterDirectDebit.createResource();
Promise.all([paylaterDirectDebitPromise, customerPromise])
.then(function(values) {
let typeId = values[0].id;
let customerId = values[1].id;
// Submit the IDs to your server-side integration.
})
.catch(function(error) {
document.getElementById('error-holder').innerText = error.customerMessage || error.message || 'Error'
})
});
Step 2: Make a paymentserver side
Step 2: Make a payment [server side]Besides an always mandatory step of creating the paymentType
resource, Direct Debit Secured also requires a customer
and a basket
resource.
Create a customer resource (only B2C)
This step is applicable only if you didn’t create a customer
resource yet, on the client side.
To process transactions for b2c customers, the following customer fields are available:
Parameter | Type | Description |
---|---|---|
language | string | The language for customer correspondence. Must be in ISO 639 alpha-2 code format. |
salutation | string | Specify the customer’s Salutation. Available values are mr , mrs , unknown . |
firstname (required) | string | The customer’s first name. |
lastname (required) | string | The customer’s last name. |
email (required) | string | The customer’s email address. |
birthDate (required) | string | The birth date of the customer in ‘YYYY-MM-DD’ format. |
billingAddress (required) | object | The customer’s billing address. |
billingAddress.name (required) | string | The customer’s first- & last name for the billing address. |
billingAddress.street (required) | string | The customer’s street including house number. |
billingAddress.zip (required) | string | The customer’s postal code. |
billingAddress.city (required) | string | The customer’s city. |
billingAddress.country (required) | string | The customer’s country in ISO country code ISO 3166 ALPHA-2 (only for billing address). |
POST https://api.unzer.com/v1/customers
{
"language": "de",
"salutation": "mr",
"firstname": "Max",
"lastname": "Mustermann",
"birthDate": "1972-12-24",
"email": "Max.Mustermann@unzer.com",
"billingAddress" : {
"name" : "Max Mustermann",
"street" : "Schöneberger Str. 21a",
"zip" : "10963",
"city" : "Berlin",
"country" : "DE"
}
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$address = (new Address())
->setName('Max Mustermann')
->setStreet('Schöneberger Str. 21a')
->setZip('10963')
->setCity('Berlin')
->setCountry('DE');
$customer = (new Customer())
->setFirstname('Max')
->setLastname('Mustermann')
->setSalutation(Salutations::MR)
->setCompany('Unzer GmbH')
->setBirthDate('1972-12-24')
->setEmail('Max.Mustermann@unzer.com')
->setMobile('+49 123456789')
->setPhone('+49 123456789')
->setBillingAddress($address)
->setShippingAddress($address);
$unzer->createCustomer($customer);
Address address = new Address();
address
.setName("Max Mustermann")
.setStreet("Schöneberger Str. 21a")
.setCity("Berlin")
.setZip("10963")
.setCountry("DE");
Customer customer = new Customer("Max", "Mustermann");
customer
.setCustomerId(customerId)
.setSalutation(Salutation.mr)
.setEmail("max.mustermann@unzer.com")
.setMobile("+49123456789")
.setBirthDate(getDate("12.12.2000"))
.setBillingAddress(address)
.setShippingAddress(address);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
customer = unzer.createCustomer(customer);
The response looks similar to the following example:
{
"id":"s-cst-c552940bca23"
}
For a full description of customer
resource, refer to the relevant server-side integration documentation page: Manage customer (direct API calls).
Create a basket resource
The basket
resource stores information about the purchased products, used vouchers, and the shipment costs.
POST https://api.unzer.com/v2/baskets
{
"currencyCode": "EUR",
"totalValueGross": 899.50,
"basketItems": [
{
"title": "Phone Pro",
"basketItemReferenceId": "item-1",
"quantity": 1,
"amountPerUnitGross": 890.00,
"vat": 19,
"type": "goods"
},
{
"title": "Shipment",
"basketItemReferenceId": "ship-1",
"quantity": 1,
"amountPerUnitGross":9.50,
"vat": 19,
"type": "shipment"
}
]
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$basketItem = (new BasketItem())
->setBasketItemReferenceId('Item-d030efbd4963')
->setQuantity(10)
->setUnit('m')
->setAmountPerUnitGross(20.00)
->setAmountDiscountPerUnitGross(1.00)
->setVat(19.0)
->setTitle('SDM 6 CABLE')
->setSubTitle('This is brand new Mid 2019 version')
->setImageUrl('https://a.storyblok.com/f/91629/x/1ba8deb8cc/unzer_primarylogo__white_rgb.svg')
->setType(BasketItemTypes::GOODS);
$basket = (new Basket())
->setTotalValueGross(190.00)
->setCurrencyCode('EUR')
->setOrderId('Order-12345')
->setNote('Test Basket')
->addBasketItem($basketItem);
$unzer->createBasket($basket);
BasketItem basketItem = new BasketItem()
.setBasketItemReferenceId("Item-d030efbd4963")
.setQuantity(BigDecimal.valueOf(10))
.setUnit("m")
.setAmountPerUnitGross(BigDecimal.valueOf(20.00))
.setAmountDiscountPerUnitGross(BigDecimal.valueOf(1.00))
.setVat(BigDecimal.valueOf(19.0))
.setTitle("SDM 6 CABLE")
.setSubTitle("This is brand new Mid 2019 version")
.setImageUrl(new URL("https://a.storyblok.com/f/91629/x/1ba8deb8cc/unzer_primarylogo__white_rgb.svg"))
.setType(BasketItem.Type.GOODS);
Basket basket = new Basket()
.setTotalValueGross(BigDecimal.valueOf(190.00))
.setCurrencyCode(Currency.getInstance("EUR"))
.setOrderId("Order-12345")
.setNote("Test Basket")
.addBasketItem(basketItem);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
unzer.createBasket(basket);
The response looks similar to the following example:
{
"id": "s-bsk-17387257b8fa"
}
For a full description of basket
resource, refer to the relevant server-side-integration documentation page: Manage basket (direct API calls).
Add the ThreatMetrix script
Add the ThreatMetrix scriptWe use ThreatMetrix for fraud prevention to protect your business from potential fraudsters. For this, insert a code snippet with a unique(!) parameter on your payments page and later, send this parameter as threatMetrixId
in the authorize request to us. The next steps are managed by us and no additional steps are required from you.
- Define a 128 byte long and unique variable as identifier for this transaction. Make sure it only consists of the following characters:
- upper and lowercase English letters ([a-z], [A-Z])
- digits (0-9)
- underscore (_)
- hyphen (-)
- Use this variable in the ThreatMetrix script (next step) in the GET parameter
session_id
and store it temporarily so that you can also send it in the authorize request later on. - Add the ThreatMetrix script to your payment page. To get full fraud protection, use both the JavaScript part in thesection and the iFrame version in the body section of your page.
<html>
<head>
<script type="text/javascript" async
src="https://h.online-metrix.net/fp/tags.js?org_id=363t8kgq&session_id=[SessionID]">
</script>
</head>
<body>
<noscript>
<iframe
style="width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"
src="https://h.online-metrix.net/fp/tags?org_id=363t8kgq&session_id=[SessionID]">
</iframe>
</noscript>
</body>
- Use a merchant identifier (URL without domain additions), append an existing session identifier from a cookie, append the date and time in milliseconds to the end of the identifier, and then applying a hexadecimal hash to the concatenated value to produce a completely unique Session ID.
- Use the
org_id=363t8kgq
as a static value that does not change for each ThreatMetrix script or for an individual merchant. - Use a merchant identifier (URL without domain additions), append an existing session identifier from the web application, and apply a hexadecimal hash to the value to obfuscate the identifier.
Example:merchantshop_cd-695a7565-979b-4af9
- The
session_id
must be stored temporarily for later/subsequent request.
Do a risk check for the customerserver side
Step 1: Do a risk check for the customerCustomer risk check is an optional step after the payment method is selected. It is used for the risk evaluation of the end customer data.
When sending the request, you must also add the x-CLIENTIP=<YOUR Client's IP>
attribute in the header.
This operation is not part of the payment process. Like credit card check, it is used to pre-check customer data immediately after the payment method selection step in the checkout. This way customer receives direct feedback before finishing the order, avoiding irritation. The riskCheck
request contains customer resource’s reference and transactional details.
POST: https://api.unzer.com/v1/types/paylater-direct-debit/risk-check
{
"amount": "100",
"currency": "EUR",
"orderId": "ORD-123456",
"invoiceId" : "INV-123456",
"resources": {
"customerId": "s-cst-c552940bca23",
"typeId": "s-pdd-40icjufs0qca",
"basketId": "s-bsk-17387257b8fa"
},
"additionalTransactionData": {
"riskData": {
"threatMetrixId": "merchantshop_cd-695a7565-979b-4af9",
"customerGroup":"TOP",
"confirmedAmount":"2569",
"confirmedOrders":"14",
"registrationLevel":"1",
"registrationDate":"20160412"
}
}
}
{
"id": "GHZC-PQVK-RLGP",
"timestamp": "2024-04-09 12:46:00",
"isSuccess": true,
"isPending": false,
"isResume": false,
"isError": false
}
{
"id": "s-err-70a411aa69854880a727eb27e6f",
"isSuccess": false,
"isPending": false,
"isResumed": false,
"isError": true,
"url": "https://api.unzer.com/v1/types/paylater-direct-debit/risk-check",
"timestamp": "2024-04-09 12:47:09",
"traceId": "dd34bcd31b347817559ac4d780a7db30",
"errors": [
{
"code": "API.901.100.300",
"merchantMessage": "Invalid amount.invalid amount (probably too large) [details: Amount 1000000.00 outside transaction limits: [1.00, 5000.00]]",
"customerMessage": "An error occurred. Please contact us for more information."
}
]
}
Make an authorize transaction
Now, make an authorize
transaction with the paylater-direct-debit
resource that you created earlier. You must also add the x-CLIENTIP=<YOUR Client's IP>
attribute in the header.
With a successful authorize transaction, the amount is authorized and a payment resource is created. At this point no money has been transferred but the amount is reserved.
Parameter | Type | Description |
---|---|---|
amount (required) | float | The authorization amount. |
currency (required) | string | The authorization currency, in the ISO 4217 alpha-3 format (for example, EUR ) |
orderId | string | Your customer facing order number (if available at that point) |
customerId (required) | string | The ID of the customers resource to be used (for example, s-cst-e692f3892497 ) |
basketId (required) | string | The basket ID for the payment (such as s-bsk-17387257b8fa ) |
typeId (required) | string | The ID of the payment type resource to be used (such as s-pdd-uzqvosum7m2c ) |
Provide the customer risk information
To increase the acceptance rate and reduce fraud of your Direct Debit Secured payments, we strongly recommend that you provide additional information about your customer. The following fields can be provided to allow us to apply a detailed risk check:
Parameter | Type | Description |
---|---|---|
threatMetrixId | string | The ThreatMetrix session ID |
customerGroup | string | Customer classification for the customer if known valid values: TOP: Customers with more than 3 paid* transactions GOOD: Customers with more than 1 paid* transactions BAD: Customers with defaulted/fraudulent orders NEUTRAL: Customers without paid* transactions |
confirmedAmount | string | The amount/value of the successful transactions paid by the end customer |
confirmedOrders | string | The number of successful transactions paid* by the end customer |
registrationLevel | string | Customer registration level 0=guest, 1=registered |
registrationDate | string | Customer registration date in your shop (YYYYMMDD) |
*paid: A paid transaction is a transaction where you have the payment status of the customer for previous transactions (external factoring invoice, installment or direct debit transactions must be excluded because you might have no information about the actual payment status of the customer).
Authorize request
POST https://api.unzer.com/v1/payments/authorize
Body
{
"amount": "899.50",
"currency": "EUR",
"orderId": "BE-123456",
"resources": {
"customerId": "s-cst-e692f3892497",
"typeId": "s-pdd-40icjufs0qca",
"basketId": "s-bsk-17387257b8fa"
},
"additionalTransactionData": {
"riskData": {
"threatMetrixId": "merchantshop_cd-695a7565-979b-4af9",
"customerGroup":"TOP",
"customerId":"C-122345",
"confirmedAmount":"2569",
"confirmedOrders":"4",
"registrationLevel":"1",
"registrationDate":"20160412"
}
}
}
$unzer = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');
$riskData = (new RiskData())
->setThreatMetrixId('merchantshop_cd-695a7565-979b-4af9')
->setCustomerGroup('TOP')
->setConfirmedAmount('2569')
->setConfirmedOrders('14')
->setRegistrationLevel('1')
->setRegistrationDate('20160412');
$authorizationInstance = (new Authorization(899.50, 'EUR', $returnUrl))
->setRiskData($riskData)
$paymentType = new PaylaterDirectDebit();
$transaction = $unzer->performAuthorization($authorizationInstance, $paymentType, $customer, null, $basket);
Authorization authorize = unzer.authorize((Authorization) new Authorization()
.setAmount(BigDecimal.valueOf(899.50))
.setCurrency(Currency.getInstance("EUR"))
.setTypeId(type.getId())
.setCustomerId(customer.getId())
.setReturnUrl(unsafeUrl("https://shop.de")));
The response looks similar to the following example:
{
"id": "s-aut-1",
"isSuccess": true,
"isPending": false,
"isResumed": false,
"isError": false,
"message": {
"code": "COR.000.000.000",
"merchant": "Transaction succeeded",
"customer": "Your payments have been successfully processed."
},
"amount": "899.50",
"currency": "EUR",
"returnUrl": "",
"date": "2023-04-13 14:20:07",
"resources": {
"customerId": "s-cst-e692f3892497",
"paymentId": "s-pay-8",
"basketId": "s-bsk-17387257b8fa",
"traceId": "",
"typeId": "s-pdd-40icjufs0qca"
},
"additionalTransactionData": {
"riskData": {
"threatMetrixId": "merchantshop_cd-695a7565-979b-4af9",
"customerGroup": "TOP",
"customerId": "C-122345",
"confirmedAmount": "2569",
"confirmedOrders": "4",
"registrationLevel": "1",
"registrationDate": "20160412"
}
},
"orderId": "BE-123456",
"paymentReference": "",
"processing": {
"uniqueId": "Tx-e5wkw4kt7mj",
"shortId": "Tx-e5wkw4kt7mj",
"descriptor": "TBGW-LGKS-WKZV",
"traceId": ""
}
}
For more details on managing Direct Debit Secured payments, see Manage Direct Debit Secured payments.
Step 3: Check status of the paymentserver side
Step 3: Check status of the payment [server side]Once the transaction is made, you can fetch the payment details from the API, by using the resources.paymentId from the authorize response above to handle the payment according to its status, such as s-pay-124
. Check all possible payment states here.
GET: https://api.unzer.com/v1/payments/s-pay-xxxxxxx
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$payment = $unzer->fetchPayment('s-pay-1');
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Payment payment = unzer.fetchPayment("s-pay-1");
Step 4: Display the payment resultclient side
Step 4: Display the payment result [client side]Use the information from the Check status of the payment step to display the payment result to your customer.
This can be the success or error page of your shop. If something went wrong, you can use the client message from the API response and show it to the customer.
Manage paymentserver side
For more details on managing Direct Debit Secured payments, such as refunding them, see Manage Direct Debit Secured payments.
Notifications
NotificationsWe recommend subscribing to the payment
event to receive notifications about any changes to the payment
resource. As soon as the event is triggered you should fetch the payment
and update the order status in your shop according to its status.
{
"event":"payment.pending",
"publicKey":"s-pub-xxxxxxxxxx",
"retrieveUrl":"https://api.unzer.com/v1/payments/s-pay-774",
"paymentId":"s-pay-774"
}
For more details on implementing webhooks
to receive notifications, see Notifications page.
Error handling
Error handlingAll requests to the API can result in an error that should be handled. Refer to the Error handling guide to learn more about Unzer API (and other) errors and handling them.
Test & go live
Test & go liveYou should always test your integration before going live. First perform test transactions using test data. Next, check against Integration checklist and Go-live checklist to make sure the integration is complete and you’re ready to go live.