Accept Unzer Invoice with server-side-only integration
Build your own payment form to add Unzer Invoice to your checkout page
If you are using payment types invoice or invoice-secured, note that these methods are now deprecated. They are currently supported but there are no further developments planned for them.
If you want to access the relevant documentation, see Unzer Invoice and Unzer Invoice Secured.
Overview
For Unzer Invoice, you need to provide information about the customer using the customer resource and the purchased products using the basket resource. This is required by Unzer for risk assessment and transaction approval. You are responsible for gathering this data before you authorize the payment.
Before you begin
Before you begin- Check the basic integration requirements.
- Familiarize yourself with the general Server-side-only integration guide.
Step 1: Create a payment type resourceserver side
When creating the payment type paylater-invoice, you need to send a request to the Unzer API. The response contains an id, this is later referred to as typeId. You will need this typeId to perform the transaction.
POST https://api.unzer.com/v1/types/paylater-invoice
{
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$paylaterInvoice = $unzer->createPaymentType(new PaylaterInvoice());
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
PaylaterInvoice paylaterInvoice = unzer.createPaymentType(new PaylaterInvoice());
The response looks similar to the following example:
{
"id": "s-piv-voi3gcbwinos",
"method": "/paylater-invoice",
"recurring": false,
"geoLocation": {
"clientIp": "127.0.0.1",
"countryIsoA2": "DE"
}
}
For a full description of Unzer Invoice payment type creation, check the API reference.
Step 2: Make a payment [server side]Step 2: Make a paymentserver side
In addition to the mandatory paymentType resource, Unzer paylater-invoice also requires you to create a customer and a basket resource.
Create the customer resource
Perform this step only if you have not already created a customer resource on the client side.
B2C customer creation
To process transactions for B2C customers, provide the following customer fields:
| Parameter | Type | Description |
|---|---|---|
firstname (required) | string | The customer’s first name |
lastname(required) | string | The customer’s last name |
salutation | string | Specify the customer’s Salutation. Available values are mr, mrs, unknown |
customerId | string | Customer’s Unique ID. It identifies the customer and can be used within the GET request. It must be unique. |
birthDate (required) | string | The birth date of the customer in ‘YYYY-MM-DD’ format. |
email (required) | string | The customer’s email address |
language | string | The language for customer correspondence. Must be in ISO 639 alpha-2 code format. |
billingAddress (required) | object | The customer’s billing address |
billingAddress.name(required) | string | The customer’s first and last name for the billing address. The billingAddress.name has to equal firstname + lastname if the customer selects the paylater payment methods. |
billingAddress.street | string | The customer’s street including house number |
billingAddress.state | string | The customer’s state |
billingAddress.zip | string | The customer’s postal code |
billingAddress.city | string | The customer’s city |
billingAddress.country | string | The customer’s country in ISO country code ISO 3166 ALPHA-2 (only for billing address) |
shippingAddress (required if different from the billing address) | object | The customer’s shipping address. |
shippingAddress.name | string | Name of person for the shipping address |
shippingAddress.street | string | The customer’s street including house number |
shippingAddress.state | string | The customer’s state |
shippingAddress.zip | string | The customer’s postal code |
shippingAddress.city | string | The customer’s city |
shippingAddress.country | string | The customer’s country in ISO country code ISO 3166 ALPHA-2 |
shippingAddress.shippingType | string | The shipping type, valid values are equals-billing,different-address,branch-pickup,post-office-pickup,pack-station |
POST https://api.unzer.com/v1/customers
{
"lastname": "Paylater",
"firstname": "Peter",
"salutation": "mr",
"company": "unzer GmbH",
"customerId": "{{customer_external_id}}",
"birthDate": "1987-12-20",
"email": "John.Doe@unzer.com",
"phone": "+49 6221 64 71 100",
"mobile" : "+49 172 123 456",
"language": "de",
"billingAddress" : {
"name" : "Peter Paylater",
"street" : "Hugo-Junkers-Str. 5",
"state" : "DE",
"zip" : "60386",
"city" : "Frankfurt am Main",
"country" : "DE"
},
"shippingAddress" : {
"name" : "Peter Paylater",
"street" : "Hugo-Junkers-Str. 5",
"state" : "DE",
"zip" : "60386",
"city" : "Frankfurt am Main",
"country" : "DE",
"shippingType": "equals-billing"
}
}
A typical response looks like this:
{
"id":"s-cst-c552940bca23"
}
B2B customer creation
To process transactions for B2B customers, provide the following customer fields:
| Parameter | Type | Description |
|---|---|---|
firstname(required) | string | The customer’s first name |
lastname(required) | string | The customer’s last name |
salutation | string | Specify the customer’s salutation. Available values are mr, mrs, unknown |
company(required) | string | The customer’s company name |
customerId | string | Customer’s Unique ID. It identifies the customer and can be used within the GET request. It must be unique. |
birthDate | string | The birth date of the customer in ‘YYYY-MM-DD’ format |
email(required) | string | The customer’s email address |
billingAddress(required) | object | The customer’s billing address |
billingAddress.name | string | The customer’s name for the billing address |
billingAddress.street | string | The customer’s street |
billingAddress.state | string | The customer’s state |
billingAddress.zip | string | The customer’s postal code |
billingAddress.city | string | The customer’s city |
billingAddress.country | string | The customer’s country in ISO country code ISO 3166 ALPHA-2 (only for billing address) |
shippingAddress (required if different from the billing address) | object | The customer’s shipping address. |
shippingAddress.name | string | Name of the customer for the shipping address |
shippingAddress.street | string | The customer’s street including house number |
shippingAddress.state | string | The customer’s state |
shippingAddress.zip | string | The customer’s postal code |
shippingAddress.city | string | The customer’s city |
shippingAddress.country | string | The customer’s country in ISO country code ISO 3166 ALPHA-2 |
shippingAddress.shippingType | string | The shipping type, valid values are equals-billing, different-address, branch-pickup, post-office-pickup, and pack-station |
companyInfo.companyType | string | The company type. Valid values are authority, association, sole, company, otherRequired for our UPL payment methods. |
companyInfo.commercialRegisterNumber | string | The number under which the company is registered. |
companyInfo.registrationType | string | Registered company with commercial register number or not. * Valid values are registered and not_registered* Should be set to not_registered for UPL payment methods.* This also contains the VAT ID if you have one. |
companyInfo.function | string | Must be OWNER for not_registered for companyInfo.registrationTypeShould be set to Owner for UPL payment methods. |
companyInfo.commercialSector | string | This field is required if companyInfo.registrationType is set to not_registered. For UPL payment methods, set this to OTHER. Enter a value for commercialSector only if your business is not officially registered. This field is informational and does not affect payment processing. If your business is registered, leave commercialSector blank and provide your official trade registry number in commercialRegisterNumber. |
companyInfo.owner.firstname(conditional) | string | The first name of the company owner. This is only required if the companyInfo.companyType type issole. |
companyInfo.owner.lastname(conditional) | string | The last name of the company owner. This is only required if the companyInfo.companyType type issole. |
companyInfo.owner.birthDate(conditional) | string | The birth date of the company owner. This is only required if the companyInfo.companyType type issole. |
POST https://api.unzer.com/v1/customers
{
"firstname": "John",
"lastname": "Doe",
"salutation": "mr",
"company": "Unzer GmbH",
"customerId": "12345678",
"birthDate": "1987-12-20",
"email": "John.Doe@unzer.com",
"billingAddress": {
"name": "John Doe",
"street": "Hugo-Junkers-Str. 5",
"state": "DE-BO",
"zip": "60386",
"city": "Frankfurt am Main",
"country": "DE"
},
"shippingAddress": {
"name": "John Doe",
"street": "Hugo-Junkers-Str. 5",
"state": "DE-BO",
"zip": "60386",
"city": "Frankfurt am Main",
"country": "DE",
"shippingType": "equals-billing"
},
"companyInfo": {
"registrationType": "not_registered",
"function": "OWNER",
"commercialSector": "OTHER",
"companyType": "sole",
"owner": {
"firstname": "SoleFirst",
"lastname": "SoleLast",
"birthdate": "1995-06-21"
}
}
}
$unzer = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');
// Create a basic customer (B2C)
$customer = new Customer();
$customer->setFirstname('Marc')
->setLastname('Dononvan')
->setBirthDate('2001-12-12')
->setEmail('marc.donovan@unzer.com')
->setCompany('Unzer GmbH');
$customer->getBillingAddress()
->setName('Marc Dononvan')
->setStreet('Hugo-Junkers-Str. 5')
->setZip('60386')
->setCity('Frankfurt am Main')
->setCountry('DE')
->setState('DE-BO');
// Add company info to make it a B2B customer.
$companyInfo = new CompanyInfo();
$companyInfo->setCommercialSector(CompanyCommercialSectorItems::OTHER) // required for B2B
->setCompanyType(CompanyTypes::SOLE)
->setOwner((new CompanyOwner())->setFirstname("Marc")->setLastname("Dononvan")->setBirthdate("1995-06-21")) // not required for B2B and UPL invoice
->setFunction('Owner') // required and should be set to Owner
->setRegistrationType(CompanyRegistrationTypes::REGISTRATION_TYPE_NOT_REGISTERED); // required for B2B
$customer->setCompanyInfo($companyInfo);
// Create the customer resource.
$unzer->createCustomer($customer);
// Create a payment type resource.
$pm = new PaylaterInvoice();
$unzer->createPaymentType($pm);
// Perform the payment transaction.
$auth = new Authorization(10.00, 'EUR');
$unzer->performAuthorization($auth, $pm, $customer);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Shipping shippingAddress = (ShippingAddress) new ShippingAddress()
.setShippingType(Type.EQUALS_BILLING)
.setName("John Doe")
.setStreet("Hugo-Junkers-Str. 5")
.setZip("60386")
.setCity("Frankfurt am Main")
.setCountry("DE")
.setState("DE-BO");
Address billingAddress = new Address()
.setName("John Doe")
.setStreet("Hugo-Junkers-Str. 5")
.setZip("60386")
.setCity("Frankfurt am Main")
.setCountry("DE")
.setState("DE-BO");
CustomerCompanyData.Owner owner = (new CustomerCompanyData.Owner())
.setFirstname("SoleFirst")
.setLastname("SoleLast")
.setBirthdate(new SimpleDateFormat("yyyy-MM-dd").parse("1995-06-21"));
CustomerCompanyData companyData = new CustomerCompanyData()
.setOwner(owner)
.setCommercialSector(CommercialSector.AIR_TRANSPORT)
.setRegistrationType(RegistrationType.NOT_REGISTERED);
Customer customer = new Customer("John", "Doe")
.setBirthDate(new SimpleDateFormat("yyyy-MM-dd").parse("1995-06-21"))
.setBillingAddress(billingAddress)
.setShippingAddress(shippingAddress)
.setEmail("John.Doe@unzer.com")
.setCompany("Unzer GmbH")
.setCompanyData(companyData);
unzer.createCustomer(customer);
A typical response looks like this:
{
"id": "s-cst-b9acaba781f3"
}
For a complete description of the customer resource, see Manage customer (direct API calls).
Create a basket resource
The basket resource contains information about purchased products, applied vouchers, and shipping costs.
POST https://api.unzer.com/v2/baskets
{
"currencyCode": "EUR",
"basketItems": [
{
"basketItemReferenceId": "item-1",
"quantity": 1,
"amountPerUnitGross": 40,
"vat":"1",
"title": "Phone"
},
{
"basketItemReferenceId": "item-2",
"quantity": 3,
"amountPerUnitGross": 20,
"vat":"1",
"title": "Cables"
}
]
}
$unzer = new Unzer('s-priv-xxxxxxxxxx');
$basketItem = (new BasketItem())
->setBasketItemReferenceId('Item-d030efbd4963')
->setQuantity(10)
->setUnit('m')
->setAmountPerUnitGross(20.00)
->setAmountDiscountPerUnitGross(1.00)
->setVat(19.0)
->setTitle('SDM 6 CABLE')
->setSubTitle('This is brand new Mid 2019 version')
->setImageUrl('https://a.storyblok.com/f/91629/x/1ba8deb8cc/unzer_primarylogo__white_rgb.svg')
->setType(BasketItemTypes::GOODS);
$basket = (new Basket())
->setTotalValueGross(190.00)
->setCurrencyCode('EUR')
->setOrderId('Order-12345')
->setNote('Test Basket')
->addBasketItem($basketItem);
$unzer->createBasket($basket);
BasketItem basketItem = new BasketItem()
.setBasketItemReferenceId("Item-xxxxxxxxxx")
.setQuantity(10)
.setUnit("m")
.setAmountPerUnitGross(BigDecimal.valueOf(20.00))
.setAmountDiscountPerUnitGross(BigDecimal.valueOf(1.00))
.setVat(BigDecimal.valueOf(19.0))
.setTitle("SDM 6 CABLE")
.setSubTitle("This is brand new Mid 2019 version")
.setImageUrl(new URL("https://a.storyblok.com/f/91629/x/1ba8deb8cc/unzer_primarylogo__white_rgb.svg"))
.setType(BasketItem.Type.GOODS);
Basket basket = new Basket()
.setTotalValueGross(BigDecimal.valueOf(190.00))
.setCurrencyCode(Currency.getInstance("EUR"))
.setOrderId("Order-12345")
.setNote("Test Basket")
.addBasketItem(basketItem);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
unzer.createBasket(basket);
A typical response looks like this:
{
"id": "s-bsk-49277b9f7ee0"
}
For a complete description of the basket resource, see Manage basket (direct API calls).
Add the ThreatMetrix script®
Add the ThreatMetrix script<sup>®</sup>We use ThreatMetrix for fraud prevention to protect your business from potential fraudsters. For this, insert a code snippet with a unique(!) parameter on your payments page and later, send this parameter as threatMetrixId in the authorize request to us. The next steps are managed by us and no additional steps are required from you.
- Define a 128 byte long and unique variable as identifier for this transaction. Make sure it only consists of the following characters:
- upper and lowercase English letters ([a-z], [A-Z])
- digits (0-9)
- underscore (_)
- hyphen (-)
- Use this variable in the ThreatMetrix script (next step) in the GET parameter
session_idand store it temporarily so that you can also send it in the authorize request later on. - Add the ThreatMetrix script to your payment page. To get full fraud protection, use both the JavaScript part in thesection and the iFrame version in the body section of your page.
<html>
<head>
<script type="text/javascript" async
src="https://h.online-metrix.net/fp/tags.js?org_id=363t8kgq&session_id=[SessionID]">
</script>
</head>
<body>
<noscript>
<iframe
style="width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;"
src="https://h.online-metrix.net/fp/tags?org_id=363t8kgq&session_id=[SessionID]">
</iframe>
</noscript>
</body>
- Use a merchant identifier (URL without domain additions), append an existing session identifier from a cookie, append the date and time in milliseconds to the end of the identifier, and then applying a hexadecimal hash to the concatenated value to produce a completely unique Session ID.
- Use the
org_id=363t8kgqas a static value that does not change for each ThreatMetrix script or for an individual merchant. - Use a merchant identifier (URL without domain additions), append an existing session identifier from the web application, and apply a hexadecimal hash to the value to obfuscate the identifier.
Example:merchantshop_cd-695a7565-979b-4af9 - The
session_idmust be stored temporarily for later/subsequent request.
Do a risk check for the customerserver side
Customer risk check is an optional step after the payment method is selected. It is used for the risk evaluation of the end customer data.
When sending the request, you must also add the x-CLIENTIP=<YOUR Client's IP> attribute in the header.
This operation is not part of the payment process. Like credit card check, it is used to pre-check customer data immediately after the payment method selection step in the checkout. This way customer receives direct feedback before finishing the order, avoiding irritation. The riskCheck request contains customer resource’s reference and transactional details.
POST: https://api.unzer.com/v1/types/paylater-invoice/risk-check
{
"amount": "100",
"currency": "EUR",
"orderId": "ORD-123456",
"invoiceId" : "INV-123456",
"resources": {
"customerId": "s-cst-b9acaba781f3",
"typeId": "s-piv-zex7c9iibpek",
"basketId": "s-bsk-49277b9f7ee0"
},
"additionalTransactionData": {
"riskData": {
"threatMetrixId": "merchantshop_cd-695a7565-979b-4af9",
"customerGroup":"TOP",
"confirmedAmount":"2569",
"confirmedOrders":"14",
"registrationLevel":"1",
"registrationDate":"20160412"
}
}
}
{
"id": "GHZC-PQVK-RLGP",
"timestamp": "2024-04-09 12:46:00",
"isSuccess": true,
"isPending": false,
"isResume": false,
"isError": false
}
{
"id": "s-err-70a411aa69854880a727eb27e6f",
"isSuccess": false,
"isPending": false,
"isResumed": false,
"isError": true,
"url": "https://sbx-api.unzer.com/v1/types/paylater-invoice/risk-check",
"timestamp": "2024-04-09 12:47:09",
"traceId": "fd58542dd6d6e2ad681a98dc692c5c45",
"errors": [
{
"code": "API.901.100.300",
"merchantMessage": "Invalid amount.invalid amount (probably too large) [details: Amount 1000000.00 outside transaction limits: [1.00, 5000.00]]",
"customerMessage": "An error occurred. Please contact us for more information."
}
]
}
Make an authorize transaction
Now, make an authorize transaction using the paylater-invoice resource you created earlier. You must also include the x-CLIENTIP=<YOUR Client's IP> header. If the authorization is successful, the amount is reserved and a payment resource is created. No money is transferred at this stage.
| Parameter | Type | Description |
|---|---|---|
amount (required) | float | The authorization amount. |
currency (required) | string | The authorization currency, in the ISO 4217 alpha-3 format (for example, EUR). |
orderId | string | Your customer facing order number (if available at that point). |
customerId (required) | string | The ID of the customers resource to be used (for example, s-cst-e692f3892497). |
basketId (required) | string | The basket ID for the payment. |
typeId (required) | string | The ID of the payment type resource to be used (such as s-piv-voi3gcbwinos). |
To increase the acceptance rate of your invoice payments, we strongly recommend providing additional customer information. The following fields enable us to perform a more detailed risk check:
| Parameter | Type | Description |
|---|---|---|
threatMetrixId | string | The ThreatMetrix session ID |
customerGroup | string | Customer classification for the customer if known valid values: TOP: Customers with more than 3 paid* transactions GOOD: Customers with more than 1 paid* transactions NEUTRAL: Customers without paid* transactions |
confirmedAmount | string | The amount/value of the successful transactions paid by the end customer |
confirmedOrders | string | The number of successful transactions paid* by the end customer |
registrationLevel | string | Customer registration level 0=guest, 1=registered |
registrationDate | string | Customer registration date in your shop (YYYYMMDD) |
*paid: A paid transaction is a transaction where you have the payment status of the customer for previous transactions (external factoring invoice, installment or direct debit transactions must be excluded because you might have no information about the actual payment status of the customer).
POST: https://api.unzer.com/v1/payments/authorize
Body
{
"amount": "100",
"currency": "EUR",
"orderId": "ORD-123456",
"invoiceId" : "INV-123456",
"resources": {
"customerId": "s-cst-472f919218b5",
"typeId": "s-piv-zex7c9iibpek",
"basketId": "s-bsk-49277b9f7ee0"
},
"additionalTransactionData": {
"riskData": {
"threatMetrixId": "f544if49wo4f74ef1x",
"customerGroup":"TOP",
"confirmedAmount":"2569",
"confirmedOrders":"14",
"registrationLevel":"1",
"registrationDate":"20160412"
}
}
}
$unzer = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');
$riskData = (new RiskData())
->setThreatMetrixId('f544if49wo4f74ef1x')
->setCustomerGroup('TOP')
->setConfirmedAmount('2569')
->setConfirmedOrders('14')
->setRegistrationLevel('1')
->setRegistrationDate('20160412');
$authorizationInstance = (new Authorization(100.00, 'EUR', $returnUrl))
->setRiskData($riskData)
->setInvoiceId('INV-123456');
$paymentType = new PaylaterInvoice();
$transaction = $unzer->performAuthorization($authorizationInstance, $paymentType, $customer, null, $basket);
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
RiskData riskData = (new RiskData())
.setThreatMetrixId("f544if49wo4f74ef1x")
.setCustomerGroup("TOP")
.setConfirmedAmount("2569")
.setConfirmedOrders("14")
.setRegistrationLevel("1")
.setRegistrationDate(new Date());
Authorization authorizationInstance = (new Authorization())
.setAmount(BigDecimal.valueOf(100.))
.setCurrency(Currency.getInstance("EUR"))
.setRiskData(riskData)
.setInvoiceId("INV-123456");
Authorization transaction = unzer.authorize(authorizationInstance);
A typical response looks like this:
GET: https://api.unzer.com/v1/payments/{{random_Order_Id}}/authorize/{{auth-Id}}
Body
{
"id": "s-aut-1",
"isSuccess": true,
"isPending": false,
"isError": false,
"message": {
"code": "COR.000.000.000",
"merchant": "Transaction succeeded",
"customer": "Your payments have been successfully processed."
},
"amount": "100.0000",
"currency": "EUR",
"returnUrl": "",
"date": "2022-06-29 11:55:55",
"resources": {
"customerId": "s-cst-472f919218b5",
"paymentId": "s-pay-124",
"basketId": "s-bsk-49277b9f7ee0",
"traceId": "fd58542dd6d6e2ad681a98dc692c5c45",
"typeId": "s-piv-zex7c9iibpek"
},
"additionalTransactionData": {
"riskData": {
"threatMetrixId": "f544if49wo4f74ef1x",
"customerGroup": "TOP",
"confirmedAmount": "2569",
"confirmedOrders": "14",
"registrationLevel": "1",
"registrationDate": "20160412"
}
},
"orderId": "ORD-123456",
"invoiceId": "INV-123456",
"paymentReference": "",
"processing": {
"iban": "AT611904300234573201",
"bank": "Bank Frick Name",
"uniqueId": "Tx-bxahqq6dmxy",
"shortId": "Tx-bxahqq6dmxy",
"descriptor": "BKPB-QCCJ-KKQG",
"holder": "John Doe",
"traceId": "fd58542dd6d6e2ad681a98dc692c5c45"
}
}
The descriptor parameter is the primary identifier for your Unzer Paylater transactions. We recommend storing this value in your backend. You can use this reference for:
- Communication with our Merchant Support team.
- Printing it on the invoice along with payment details.
For more details on managing Unzer Invoice payments, see Manage Unzer Invoice payments.
Step 3: Check status of the paymentStep 3: Check status of the paymentserver side
Once the transaction is made, you can fetch the payment details from the API, by using the resources.paymentId from the charge response above to handle the payment according to its status, such as s-pay-124. Check all possible payment states here.
GET: https://api.unzer.com/v1/payments/s-pay-xxxxxxx
$unzer = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');
$payment = $unzer->fetchPayment('s-pay-xxxxxxx');
Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Payment payment = unzer.fetchPayment("s-pay-xxxxxxx");
Step 4: Display the payment resultclient side
Step 4: Display the payment result [client side]Use the information from the Check status of the payment step to display the payment result to your customer.
This can be the success or error page of your shop. If something went wrong, you can use the client message from the API response and show it to the customer.
Manage paymentserver side
For more details on managing Unzer Invoice payments, see Manage Unzer Invoice payments.
Notifications
NotificationsWe recommend subscribing to the payment event to receive notifications about any changes to the payment resource. As soon as the event is triggered you should fetch the payment and update the order status in your shop according to its status.
{
"event":"payment.pending",
"publicKey":"s-pub-xxxxxxxxxx",
"retrieveUrl":"https://api.unzer.com/v1/payments/s-pay-774",
"paymentId":"s-pay-774"
}
For more details on implementing webhooks to receive notifications, see Notifications page.
Error handling
Error handlingAll requests to the API can result in an error that should be handled. Refer to the Error handling guide to learn more about Unzer API (and other) errors and handling them.
Test & go live
Test & go liveYou should always test your integration before going live. First perform test transactions using test data. Next, check against Integration checklist and Go-live checklist to make sure the integration is complete and you’re ready to go live.