alt

Important information

The API reference is now available here.
The deprecated API reference is available here.

Unzer

Accept Direct Debit Secured with UI components

Use Unzer UI component to add Direct Debit Secured payment to your checkout page.

icon

If you are using payment type sepa-direct-debit-secured, note that this method is now deprecated. It is currently supported but there are no further developments planned for them.

If you want to access the relevant documentation, see (Deprecated) Unzer Direct Debit Secured.

Overview

Using UI components for Direct Debit Secured, you create a paylater-direct-debit payment type resource that is used to make the payment. You can check a demo version of the component here. Basic steps for integrating using UI components are the same for all payment methods and you can read about them here.

With Direct Debit Secured you need to provide information about the customer via a customer resource and the purchased products via a basket resource when you make the transaction. This is required for customer assessment and transaction approval. You will also need the customer information to create the invoice document. You are responsible for gathering this data during the checkout.

Before you begin

icon
You must use basket v2 for Direct Debit Secured payment method.

Step 1: Add UI components to your payment page
client side

First, you need to initiate our UI components library and add the payment form to your payment page.

Initiate UI component

Load our JS script and CSS stylesheet

Include Unzer’s script and stylesheet on your website.

Always load the script and stylesheet directly from Unzer:

<link rel="stylesheet" href="https://static.unzer.com/v1/unzer.css" />
<script type="text/javascript" src="https://static.unzer.com/v1/unzer.js"></script>
icon
Faster load time
To make your website load faster, insert JavaScript scripts at the bottom of your HTML document.
icon
Importing Unzer styles
To minimize the risk of Unzer styles affecting the styles of your webpage, we suggest putting unzer.css on top of other imported CSS files.

Create an Unzer instance

Create an unzer instance with your public key:

// Creating an unzer instance with your public key
var unzerInstance = new unzer('s-pub-xxxxxxxxxx');
icon
Placeholder keys
In the previous example, we used a placeholder API key for example purposes. You should replace it with your public key.

Localization and languages

We support localization with locale option parameters. Check the Localization page for a list of all the supported locales.

The auto option (applied by default) uses the client’s browser language.

Here you can see how to set the language, in our case ‘de-DE’ - to do so, add a comma separated parameter to your unzer instance:

// Creating an unzer instance with your public key
var unzerInstance = new unzer('s-pub-xxxxxxxxxx', {locale: 'de-DE'});

Implement the payment form

Option 1: Implement with customer form

If you don’t have information about the customer (and the corresponding customerID) or want to update information of an already existing customer, you can do so using customer form. Check Customer UI component page for more information.

Insert the customer form

To use the customer form effectively, you must insert it into your payment form. We recommend placing it above the payment elements.

Here is an example:

<form id="example-payment-form" class="unzerUI form" novalidate>
    <div id="example-customer" class="field">
      <!-- The customer form UI elements will be inserted here -->
    </div>
    <div id="example-paylater-direct-debit">
      <!-- The payment form UI elements will be inserted here -->
    </div>
    <div id="error-holder" class="field" style="color: #d0021b">
      <!-- Errors will be inserted here -->    
    </div>
    <!-- Submit button (hidden and disabled) -->
    <button class="unzerUI primary button fluid" disabled type="submit">Pay</button>
</form>

Create the customer resource

A customer resource is created like a payment type with the UI components. Please make sure to set the option paymentTypeName to allow rendering a specialized form for this payment type.

const customer = unzerInstance.Customer();
customer.create({containerId: 'customer', paymentTypeName: 'paylater-direct-debit'});

Update the customer resource

To render the customer form, you will need to call the Customer.update() function instead of Customer.create(). In case you want to initialize the form with the data of an already created customer, you will need to call the Customer.initFormFields() function before calling Customer.update().

const customer = unzerInstance.Customer();

// Initialize customer form with existing B2C customer data
customer.initFormFields({
  "salutation": "mr",
  "firstname": "Rainer",
  "lastname": "Zufall",  
  "birthDate": "1980-06-22",
  "email": "rainer.zufall@domain.de",
  "language": "de",
  "phone": "+49 152 987654321",
  "billingAddress": {
    "name": "Rainer Zufall",
    "street": "Unzerstraße 18",
    "zip": "22767",
    "city": "Hamburg",
    "country": "DE"
  },
  "shippingAddress": {
    "name": "Rainer Zufall",
    "street": "Unzerstraße 18",
    "zip": "22767",
    "city": "Hamburg",
    "country": "DE"
  }
})

// Call the update function that will initialize the form with existing customer data
// You need to pass the customerId, and the containerId
customer.update('s-cst-b7e502fcbb10', {
  containerId: 'customer',
  paymentTypeName: 'paylater-direct-debit'
})

Optionally, you can add a custom event listener that sends the validation result of all input fields

// Note: the event listener has to be called before the `update()` call
customer.addEventListener('validate', function(e) {
  if (e.success) {
    // run some code (for example, enable the `pay` button)
  } else {
    // run some code (for example, disable the `pay` button)
  }
})

Option 2: Create the customer on the server side

You can also use the customer data provided by your shop system to create the customer resource on the server side. This way you can omit rendering the customer form in the front end and create the resource and use the ID in your transaction request. Go to the Create Customer Resource section for details on this approach. for more details.

In that case you just need to render the payment type form and create a simple HTML button on the client side:

<form id="payment-form">
    <div id="example-paylater-direct-debit">
      <!-- The payment form UI elements will be inserted here -->
    </div>
    <div id="error-holder" class="field" style="color: #9f3a38">
        <!-- Errors will be inserted here -->
    </div>
    <button class="unzerUI primary button fluid" disabled type="submit">Pay</button>
</form>

Create the payment type resource

To create a payment type resource – a Direct Debit Secured instance, call the unzerInstance.PaylaterDirectDebit() method:

const paylaterDirectDebit = unzerInstance.PaylaterDirectDebit()

paylaterDirectDebit.create('paylater-direct-debit', {
    containerId: 'example-paylater-direct-debit'
})

Please make sure to pass valid parameters to the create function.

ParameterTypeDescriptionDefault value
containerId (required)StringThe HTML ID of the DOM element, where the UI component will be inserted.-
threatMetrixIdStringA unique identifier for the transaction. For more details, see Add the ThreatMetrix script.
If set, the ThreatMetrix script shall be called automatically after successful payment type form rendering.
-
icon
ThreatMetrix

If you are using our UI components, you can just pass along the unique session ID (threatMetrixId), as described above. The UI components will automatically load and invoke the threatMetrix scripts for you.

If you decide to not use our ThreatMetrix integration (e.g. if you are using custom ui components), then you need to proceed as described here Add the ThreatMetrix script.

Add an event listener and submit the form

Option 1: Without the customer form

Get the HTML form by its unique ID and add an event listener.

Inside, create a Promise on the paylaterDirectDebit object. The Promise gets either resolved or rejected:

const form = document.getElementById('payment-form');
form.addEventListener('submit', function(event) {
    event.preventDefault();

    paylaterDirectDebit.createResource()
        .then(function(result) {
            let typeId = result.id;
            // submit the payment type ID to your server-side integration
        })
        .catch(function(error) {
          document.getElementById('error-holder').innerText = error.customerMessage || error.message || 'Error'
        })
});

Option 2: With the customer create/update form

Get the HTML form by its unique ID and add an event listener.

Create a Promise for the customer and the paylaterDirectDebit object and handle them with Promise.all().

Please Check Customer form with payment for more information for more information.

const form = document.getElementById('payment-form');
    form.addEventListener('submit', function(event) {
        event.preventDefault();

        let customerPromise = customer.createCustomer();
        let paylaterDirectDebitPromise = paylaterDirectDebit.createResource();
        Promise.all([paylaterDirectDebitPromise, customerPromise])
            .then(function(values) {
                let typeId = values[0].id;
                let customerId = values[1].id;
                // Submit the IDs to your server-side integration.
            })
            .catch(function(error) {
              document.getElementById('error-holder').innerText = error.customerMessage || error.message || 'Error'
            })
    });
const form = document.getElementById('payment-form');
    form.addEventListener('submit', function(event) {
        event.preventDefault();

        let customerPromise = customer.updateCustomer();
        let paylaterDirectDebitPromise = paylaterDirectDebit.createResource();
        Promise.all([paylaterDirectDebitPromise, customerPromise])
            .then(function(values) {
                let typeId = values[0].id;
                let customerId = values[1].id;
                // Submit the IDs to your server-side integration.
            })
            .catch(function(error) {
              document.getElementById('error-holder').innerText = error.customerMessage || error.message || 'Error'
            })
    });

Step 2: Make a payment
server side

Besides an always mandatory step of creating the paymentType resource, Direct Debit Secured also requires a customer and a basket resource.

Create a customer resource (only B2C)

This step is applicable only if you didn’t create a customer resource yet, on the client side.

To process transactions for b2c customers, the following customer fields are required:

ParameterTypeDescription
language (required)stringThe selected language of your customer on your website.
salutationstringSpecify the customer’s Salutation. Available values are mr, mrs, unknown.
firstname (required)stringThe customer’s first name.
lastname (required)stringThe customer’s last name.
email(required)stringThe customer’s email address.
birthDate(required)stringThe birth date of the customer in ‘YYYY-MM-DD’ format.
billingAddress(required)objectThe customer’s billing address.
billingAddress.name(required)stringThe customer’s first- & last name for the billing address.
billingAddress.street(required)stringThe customer’s street including house number.
billingAddress.zip (required)stringThe customer’s postal code.
billingAddress.city (required)stringThe customer’s city.
billingAddress.country (required)stringThe customer’s country in ISO country code ISO 3166 ALPHA-2 (only for billing address).
POST https://api.unzer.com/v1/customers

{
"language": "de",
"salutation": "mr",
"firstname": "Max",
"lastname": "Mustermann",
"birthDate": "1972-12-24",
"email": "Max.Mustermann@unzer.com",
"billingAddress" : {
      "name" : "Max Mustermann",
      "street" : "Vangerowstr. 18",
      "zip" : "69115",
      "city" : "Heidelberg",
      "country" : "DE"
    }
}
<?php
$unzer = new Unzer('s-priv-xxxxxxxxxx');

$address = (new Address())
            ->setName('Max Mustermann')
            ->setStreet('Vangerowstr. 18')
            ->setZip('69115')
            ->setCity('Heidelberg')
            ->setCountry('DE');

$customer = (new Customer())
            ->setFirstname('Max')
            ->setLastname('Mustermann')
            ->setSalutation(Salutations::MR)
            ->setCompany('Unzer GmbH')
            ->setBirthDate('1972-12-24')
            ->setEmail('Max.Mustermann@unzer.com')
            ->setMobile('+49 123456789')
            ->setPhone('+49 123456789')
            ->setBillingAddress($address)
            ->setShippingAddress($address);

$unzer->createCustomer($customer);
Address address = new Address();
address
  .setName("Max Mustermann")
  .setStreet("Vangerowstr. 18")
  .setCity("Heidelberg")
  .setZip("69115")
  .setCountry("DE");
      
Customer customer = new Customer("Max", "Mustermann");
customer
  .setCustomerId(customerId)
  .setSalutation(Salutation.mr)
  .setEmail("max.mustermann@unzer.com")
  .setMobile("+49123456789")
  .setBirthDate(getDate("12.12.2000"))
  .setBillingAddress(address)
  .setShippingAddress(address);

Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
customer = unzer.createCustomer(customer);

The response looks similar to the following example:

{
  "id":"s-cst-c552940bca23"
}

For a full description of customer resource, refer to the relevant server-side integration documentation page: Manage customer (direct API calls).

Create a basket resource

The basket resource stores information about the purchased products, used vouchers, and the shipment costs.

icon info
Note that you must send the basket resource with the with the payment request.
POST https://api.unzer.com/v2/baskets

{
    "currencyCode": "EUR",
    "totalValueGross": 899.50,
    "basketItems": [
        {
            "title": "Phone Pro",
            "basketItemReferenceId": "item-1",
            "quantity": 1,
            "amountPerUnitGross": 890.00,
            "vat": 19,
            "type": "goods"
 },
 {
            "title": "Shipment",
            "basketItemReferenceId": "ship-1",
            "quantity": 1,
            "amountPerUnitGross":9.50,
            "vat": 19,
            "type": "shipment"
        }
    ]
}
<?php
$unzer = new Unzer('s-priv-xxxxxxxxxx');

$basketItem = (new BasketItem())
    ->setBasketItemReferenceId('Item-d030efbd4963')
    ->setQuantity(10)
    ->setUnit('m')
    ->setAmountPerUnitGross(20.00)
    ->setAmountDiscountPerUnitGross(1.00)
    ->setVat(19.0)
    ->setTitle('SDM 6 CABLE')
    ->setSubTitle('This is brand new Mid 2019 version')
    ->setImageUrl('https://a.storyblok.com/f/91629/x/1ba8deb8cc/unzer_primarylogo__white_rgb.svg')
    ->setType(BasketItemTypes::GOODS);

$basket = (new Basket())
    ->setTotalValueGross(190.00)
    ->setCurrencyCode('EUR')
    ->setOrderId('Order-12345')
    ->setNote('Test Basket')
    ->addBasketItem($basketItem);

$unzer->createBasket($basket);
BasketItem basketItem = new BasketItem()
        .setBasketItemReferenceId("Item-d030efbd4963")
        .setQuantity(BigDecimal.valueOf(10))
        .setUnit("m")
        .setAmountPerUnitGross(BigDecimal.valueOf(20.00))
        .setAmountDiscountPerUnitGross(BigDecimal.valueOf(1.00))
        .setVat(BigDecimal.valueOf(19.0))
        .setTitle("SDM 6 CABLE")
        .setSubTitle("This is brand new Mid 2019 version")
        .setImageUrl(new URL("https://a.storyblok.com/f/91629/x/1ba8deb8cc/unzer_primarylogo__white_rgb.svg"))
        .setType(BasketItem.Type.GOODS);

Basket basket  = new Basket()
        .setTotalValueGross(BigDecimal.valueOf(190.00))
        .setCurrencyCode(Currency.getInstance("EUR"))
        .setOrderId("Order-12345")
        .setNote("Test Basket")
        .addBasketItem(basketItem);

Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
unzer.createBasket(basket);

The response looks similar to the following example:

{
    "id": "s-bsk-17387257b8fa"
}

For a full description of basket resource, refer to the relevant server-side-integration documentation page: Manage basket (direct API calls).

Add the ThreatMetrix script

We use ThreatMetrix for fraud prevention to protect your business from potential fraudsters. For this, insert a code snippet with a unique(!) parameter on your payments page and later, send this parameter as threatMetrixId in the authorize request to us. The next steps are managed by us and no additional steps are required from you.

  1. Define a 128 byte long and unique variable as identifier for this transaction. Make sure it only consists of the following characters:
    • upper and lowercase English letters ([a-z], [A-Z])
    • digits (0-9)
    • underscore (_)
    • hyphen (-)
  2. Use this variable in the ThreatMetrix script (next step) in the GET parameter session_id and store it temporarily so that you can also send it in the authorize request later on.
  3. Add the ThreatMetrix script to your payment page. To get full fraud protection, use both the JavaScript part in thesection and the iFrame version in the body section of your page.
<html>
<head>
    <script type="text/javascript" async
         src="https://h.online-metrix.net/fp/tags.js?org_id=363t8kgq&session_id=[SessionID]">
    </script>
</head>
<body>
<noscript>
<iframe 
    style="width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;" 
    src="https://h.online-metrix.net/fp/tags?org_id=363t8kgq&session_id=[SessionID]">
</iframe>
</noscript>
</body>
icon info
Recommendations for creation of session ID
  • Use a merchant identifier (URL without domain additions), append an existing session identifier from a cookie, append the date and time in milliseconds to the end of the identifier and then applying a hexadecimal hash to the concatenated value to produce a completely unique Session ID.
  • Use a merchant identifier (URL without domain additions), append an existing session identifier from the web application, and apply a hexadecimal hash to the value to obfuscate the identifier.
    Example: merchantshop_cd-695a7565-979b-4af9
    The session_id must be stored temporarily for later use in XML request.

Make an authorize transaction

Now, make an authorize transaction with the paylater-direct-debit resource that you created earlier. You must also add the x-CLIENTIP=<YOUR Client's IP> attribute in the header.
With a successful authorize transaction, the amount is authorized and a payment resource is created. At this point no money has been transferred but the amount is reserved.

ParameterTypeDescription
amount
(required)
floatThe authorization amount.
currency
(required)
stringThe authorization currency, in the ISO 4217 alpha-3 format (for example, EUR)
orderIdstringYour customer facing order number (if available at that point)
customerId (required)stringThe ID of the customers resource to be used (for example, s-cst-e692f3892497)
basketId (required)stringThe basket ID for the payment (such as s-bsk-17387257b8fa)
typeId (required)stringThe ID of the payment type resource to be used (such as s-pdd-uzqvosum7m2c)

Provide the customer risk information

To increase the acceptance rate and reduce fraud of your Unzer Direct Debit payments, we strongly recommend that you provide additional information about your customer. The following fields can be provided to allow us to apply a detailed risk check:

ParameterTypeDescription
threatMetrixIdstringThe ThreatMetrix session ID
customerGroupstringCustomer classification for the customer if known valid values:
TOP: Customers with more than 3 paid* transactions
GOOD: Customers with more than 1 paid* transactions
BAD: Customers with defaulted/fraudulent orders
NEUTRAL: Customers without paid* transactions
confirmedAmountstringThe amount/value of the successful transactions paid by the end customer
confirmedOrdersstringThe number of successful transactions paid* by the end customer
registrationLevelstringCustomer registration level
0=guest, 1=registered
registrationDatestringCustomer registration date in your shop
(YYYYMMDD)

*paid: A paid transaction is a transaction where you have the payment status of the customer for previous transactions (external factoring invoice, installment or direct debit transactions must be excluded because you might have no information about the actual payment status of the customer).

Authorize request

POST https://api.unzer.com/v1/payments/authorize

Body
{
    "amount": "899.50",
    "currency": "EUR",
    "orderId": "BE-123456",
    "resources": {
        "customerId": "s-cst-e692f3892497", 
        "typeId": "s-pdd-40icjufs0qca",
        "basketId": "s-bsk-17387257b8fa"
    },
    "additionalTransactionData": {
      "riskData": {
        "threatMetrixId": "merchantshop_cd-695a7565-979b-4af9",
        "customerGroup":"TOP",
        "customerId":"C-122345",
        "confirmedAmount":"2569",
        "confirmedOrders":"4",
        "registrationLevel":"1",
        "registrationDate":"20160412"
      }
    }
}
$unzer     = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');

$riskData = (new RiskData())
    ->setThreatMetrixId('merchantshop_cd-695a7565-979b-4af9')
    ->setCustomerGroup('TOP')
    ->setConfirmedAmount('2569')
    ->setConfirmedOrders('14')
    ->setRegistrationLevel('1')
    ->setRegistrationDate('20160412');
    
$authorizationInstance = (new Authorization(899.50, 'EUR', $returnUrl))
    ->setRiskData($riskData)
    
$paymentType = new PaylaterDirectDebit();

$transaction = $unzer->performAuthorization($authorizationInstance, $paymentType, $customer, null, $basket);
Authorization authorize = unzer.authorize((Authorization) new Authorization()
    .setAmount(BigDecimal.valueOf(899.50))
    .setCurrency(Currency.getInstance("EUR"))
    .setTypeId(type.getId())
    .setCustomerId(customer.getId())
    .setReturnUrl(unsafeUrl("https://shop.de")));

The response looks similar to the following example:

{
    "id": "s-aut-1",
    "isSuccess": true,
    "isPending": false,
    "isResumed": false,
    "isError": false,
    "message": {
        "code": "COR.000.000.000",
        "merchant": "Transaction succeeded",
        "customer": "Your payments have been successfully processed."
    },
    "amount": "899.50",
    "currency": "EUR",
    "returnUrl": "",
    "date": "2023-04-13 14:20:07",
    "resources": {
        "customerId": "s-cst-e692f3892497",
        "paymentId": "s-pay-8",
        "basketId": "s-bsk-17387257b8fa",
        "traceId": "",
        "typeId": "s-pdd-40icjufs0qca"
    },
    "additionalTransactionData": {
        "riskData": {
            "threatMetrixId": "merchantshop_cd-695a7565-979b-4af9",
            "customerGroup": "TOP",
            "customerId": "C-122345",
            "confirmedAmount": "2569",
            "confirmedOrders": "4",
            "registrationLevel": "1",
            "registrationDate": "20160412"
        }
    },
    "orderId": "BE-123456",
    "paymentReference": "",
    "processing": {
        "uniqueId": "Tx-e5wkw4kt7mj",
        "shortId": "Tx-e5wkw4kt7mj",
        "descriptor": "TBGW-LGKS-WKZV",
        "traceId": ""
    }
}

For more details on managing Direct Debit Secured payments, see Manage Direct Debit Secured payments.

Step 3: Check status of the payment
server side

Once the transaction is made, you can fetch the payment details from the API, by using the resources.paymentId from the authorize response above to handle the payment according to its status, such as s-pay-124. Check all possible payment states here.

GET: https://api.unzer.com/v1/payments/s-pay-xxxxxxx
<?php
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$payment = $unzer->fetchPayment('s-pay-1');
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Payment payment = unzer.fetchPayment("s-pay-1");

Step 4: Display the payment result
client side

Use the information from the Check status of the payment step to display the payment result to your customer.
This can be the success or error page of your shop. If something went wrong, you can use the client message from the API response and show it to the customer.

Manage payment
server side

For more details on managing Direct Debit Secured payments, such as refunding them, see Manage Direct Debit Secured payments.

Notifications

We recommend subscribing to the payment event to receive notifications about any changes to the payment resource. As soon as the event is triggered you should fetch the payment and update the order status in your shop according to its status.

  {
    "event":"payment.pending",
    "publicKey":"s-pub-xxxxxxxxxx",
    "retrieveUrl":"https://api.unzer.com/v1/payments/s-pay-774",
    "paymentId":"s-pay-774"
  }

For more details on implementing webhooks to receive notifications, see Notifications page.

Error handling

All requests to the API can result in an error that should be handled. Refer to the Error handling guide to learn more about Unzer API (and other) errors and handling them.

Test & go live

You should always test your integration before going live. First perform test transactions using test data. Next, check against Integration checklist and Go-live checklist to make sure the integration is complete and you’re ready to go live.

See also