alt

Important information

The API reference is now available here.
The deprecated API reference is available here.

Unzer
search
Ctrl+K

    Accept Unzer Invoice with server-side-only integration

    Build your own payment form to add Unzer Invoice to your checkout page

    icon

    If you are using payment types invoice or invoice-secured, note that these methods are now deprecated. They are currently supported but there are no further developments planned for them.

    If you want to access the relevant documentation, see Unzer Invoice and Unzer Invoice Secured.

    Overview

    For Unzer Invoice, you need to provide information about the customer using the customer resource and the purchased products using the basket resource. This is required by Unzer for risk assessment and transaction approval. You are responsible for gathering this data before you authorize the payment.

    Before you begin

    icon
    You must use basket v2 for Unzer Invoice payment method.

    Step 1: Create a payment type resource
    server side

    When creating the payment type paylater-invoice, you need to send a request to the Unzer API. The response contains an id, this is later referred to as typeId. You will need this typeId to perform the transaction.

    POST https://api.unzer.com/v1/types/paylater-invoice

{
}

    $unzer = new Unzer('s-priv-xxxxxxxxxx');

$paylaterInvoice = $unzer->createPaymentType(new PaylaterInvoice());

    Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");

PaylaterInvoice paylaterInvoice = unzer.createPaymentType(new PaylaterInvoice());

    The response looks similar to the following example:

    {
    "id": "s-piv-voi3gcbwinos",
    "method": "/paylater-invoice",
    "recurring": false,
    "geoLocation": {
        "clientIp": "127.0.0.1",
        "countryIsoA2": "DE"
    }
}

    For a full description of Unzer Invoice payment type creation, check the API reference.

    Step 2: Make a payment 
    server side

    Besides an always mandatory step of creating the paymentType resource, Unzer paylater-invoice also requires a customer and a basket resource.

    Create the customer resource

    This step is applicable only if you didn’t create a customer resource yet, on the client side.

    B2C customer creation

    To process transactions for B2C customers, the following customer fields are mandatory:

    ParameterTypeDescription
    firstname (required)stringThe customer’s first name
    lastname(required)stringThe customer’s last name
    salutationstringSpecify the customer’s Salutation. Available values are mr, mrs, unknown
    customerIdstringCustomer’s Unique ID. It identifies the customer and can be used within the GET request. It must be unique.
    birthDate (required)stringThe birth date of the customer in ‘YYYY-MM-DD’ format.
    email (required)stringThe customer’s email address
    billingAddress (required)objectThe customer’s billing address
    billingAddress.namestringThe customer’s name for the billing address
    billingAddress.streetstringThe customer’s street including house number
    billingAddress.statestringThe customer’s state
    billingAddress.zipstringThe customer’s postal code
    billingAddress.citystringThe customer’s city
    billingAddress.countrystringThe customer’s country in ISO country code ISO 3166 ALPHA-2 (only for billing address)
    shippingAddress (required if different from the billing address)objectThe customer’s shipping address.
    shippingAddress.namestringName of person for the shipping address
    shippingAddress.streetstringThe customer’s street including house number
    shippingAddress.statestringThe customer’s state
    shippingAddress.zipstringThe customer’s postal code
    shippingAddress.citystringThe customer’s city
    shippingAddress.countrystringThe customer’s country in ISO country code ISO 3166 ALPHA-2
    shippingAddress.shippingTypestringThe shipping type, valid values are equals-billing,
    different-address,
    branch-pickup,
    post-office-pickup,
    pack-station
    POST https://api.unzer.com/v1/customers

{
"lastname": "Paylater",
"firstname": "Peter",
"salutation": "mr",
"company": "unzer GmbH",
"customerId": "{{customer_external_id}}",
"birthDate": "1987-12-20",
"email": "John.Doe@heidelpay.com",
"phone": "+49 6221 64 71 100",
"mobile" : "+49 172 123 456",
    "language": "de",
    "billingAddress" : {
      "name" : "Peter Paylater",
      "street" : "Hugo-Junkers-Str. 5",
      "state" : "DE",
      "zip" : "60386",
      "city" : "Frankfurt am Main",
      "country" : "DE"
    },
    "shippingAddress" : {
      "name" : "Peter Paylater",
      "street" : "Hugo-Junkers-Str. 5",
      "state" : "DE",
      "zip" : "60386",
      "city" : "Frankfurt am Main",
      "country" : "DE",
      "shippingType": "equals-billing"
    }
 }

    The response looks similar to the following example:

    {
  "id":"s-cst-c552940bca23"
}

    B2B customer creation

    To process transactions for B2B customers, the following customer fields are mandatory:

    ParameterTypeDescription
    firstname
    (required)    		stringThe customer’s first name
    lastname
    (required)    		stringThe customer’s last name
    salutationstringSpecify the customer’s salutation. Available values are mr, mrs, unknown
    company
    (required)    		stringThe customer’s company name
    customerIdstringCustomer’s Unique ID. It identifies the customer and can be used within the GET request. It must be unique.
    birthDatestringThe birth date of the customer in ‘YYYY-MM-DD’ format
    email
    (required)    		stringThe customer’s email address
    billingAddress
    (required)    		objectThe customer’s billing address
    billingAddress.namestringThe customer’s name for the billing address
    billingAddress.streetstringThe customer’s street
    billingAddress.statestringThe customer’s state
    billingAddress.zipstringThe customer’s postal code
    billingAddress.citystringThe customer’s city
    billingAddress.countrystringThe customer’s country in ISO country code ISO 3166 ALPHA-2 (only for billing address)
    shippingAddress (required if different from the billing address)objectThe customer’s shipping address.
    shippingAddress.namestringName of the customer for the shipping address
    shippingAddress.streetstringThe customer’s street including house number
    shippingAddress.statestringThe customer’s state
    shippingAddress.zipstringThe customer’s postal code
    shippingAddress.citystringThe customer’s city
    shippingAddress.countrystringThe customer’s country in ISO country code ISO 3166 ALPHA-2
    shippingAddress.shippingTypestringThe shipping type, valid values are equals-billing, different-address, branch-pickup, post-office-pickup, and pack-station
    companyInfo.companyTypestringThe company type.
    Valid values are authority, association, sole, company, other
    companyInfo.registrationTypestringB2B is registered or not registered as a customer
    companyInfo.functionstringMust be OWNER for NOT_REGISTERED, restricted ‘<’ and ‘>’
    companyInfo.commercialSectorstringMandatory if companyInfoModel.registrationType is REGISTERED, restricted ‘<’ and ‘>’
    companyInfo.owner.firstname
    (conditional)    		stringThe first name of the company owner. This is only required if the companyInfo.companyType type issole.
    companyInfo.owner.lastname
    (conditional)    		stringThe last name of the company owner. This is only required if the companyInfo.companyType type issole.
    companyInfo.owner.birthDate
    (conditional)    		stringThe birth date of the company owner. This is only required if the companyInfo.companyType type issole.
    POST https://api.unzer.com/v1/customers

{
    "firstname": "John",
    "lastname": "Doe",
    "salutation": "mr",
    "company": "Unzer GmbH",
    "customerId": "12345678",
    "birthDate": "1987-12-20",
    "email": "John.Doe@unzer.com",
    "billingAddress": {
        "name": "John Doe",
        "street": "Hugo-Junkers-Str. 5",
        "state": "DE-BO",
        "zip": "60386",
        "city": "Frankfurt am Main",
        "country": "DE"
    },
    "shippingAddress": {
        "name": "John Doe",
        "street": "Hugo-Junkers-Str. 5",
        "state": "DE-BO",
        "zip": "60386",
        "city": "Frankfurt am Main",
        "country": "DE",
        "shippingType": "equals-billing"
    },
    "companyInfo": {
        "registrationType": "not_registered",
        "function": "OWNER",
        "commercialSector": "AIRPORT",
        "companyType": "sole",
        "owner": {
            "firstname": "SoleFirst",
            "lastname": "SoleLast",
            "birthdate": "1995-06-21"
        }
    }
}

    $unzer      = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');

$shippingAddress = (new Address())
    ->setName('John Doe')
    ->setStreet('Hugo-Junkers-Str. 5')
    ->setZip('60386')
    ->setCity('Frankfurt am Main')
    ->setCountry('DE')
    ->setState('DE-BO')
    ->setShippingType(ShippingTypes::EQUALS_BILLING);

$billingAddress = (new Address())
    ->setName('John Doe')
    ->setStreet('Hugo-Junkers-Str. 5')
    ->setZip('60386')
    ->setCity('Frankfurt am Main')
    ->setCountry('DE')
    ->setState('DE-BO');

$companyOwner = (new CompanyOwner())
    ->setFirstname("SoleFirst")
    ->setLastname("SoleLast")
    ->setBirthdate("1995-06-21");

$customer = CustomerFactory::createNotRegisteredB2bCustomer(
    'John',
    'Doe',
    '2001-12-12',
    $billingAddress,
    'John.Doe@unzer.com',
    'Unzer GmbH',
    CompanyCommercialSectorItems::AIR_TRANSPORT
);

$customer->setShippingAddress($shippingAddress);
$customer->getCompanyInfo()->setOwner($companyOwner);

$unzer->createCustomer($customer);

    Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");

Shipping shippingAddress = (ShippingAddress) new ShippingAddress()
        .setShippingType(Type.EQUALS_BILLING);
        .setName("John Doe")
        .setStreet("Hugo-Junkers-Str. 5")
        .setZip("60386")
        .setCity("Frankfurt am Main")
        .setCountry("DE")
        .setState("DE-BO")

Address billingAddress = new Address()
        .setName("John Doe")
        .setStreet("Hugo-Junkers-Str. 5")
        .setZip("60386")
        .setCity("Frankfurt am Main")
        .setCountry("DE")
        .setState("DE-BO")
        
CustomerCompanyData.Owner owner = (new CustomerCompanyData.Owner())
        .setFirstname("SoleFirst")
        .setLastname("SoleLast")
        .setBirthdate(new SimpleDateFormat("yyyy-MM-dd").parse("1995-06-21"));
        
CustomerCompanyData companyData = new CustomerCompanyData()
        .setOwner(owner)
        .setCommercialSector(CommercialSector.AIR_TRANSPORT)
        .setRegistrationType(RegistrationType.NOT_REGISTERED)
        
Customer customer = new Customer("John", "Doe")
        .setBirthDate(new SimpleDateFormat("yyyy-MM-dd").parse("1995-06-21"))
        .setBillingAddress(billingAddress)
        .setShippingAddress(shippingAddress)
        .setEmail("John.Doe@unzer.com")
        .setCompany("Unzer GmbH")
        .setCompanyData(companyData)

unzer.createCustomer(customer);

    The response looks similar to the following example:

    {
    "id": "s-cst-b9acaba781f3"
}

    For a full description of customer resource, refer to the relevant server-side-integration documentation page: Manage customer (direct API calls).

    Create a basket resource

    The basket resource stores information about the purchased products, used vouchers, and the shipment costs.

    icon info
    Note that you must send the basket resource with the with the payment request.
    POST https://api.unzer.com/v2/baskets

{
  "currencyCode": "EUR",
  "basketItems": [
    {
      "basketItemReferenceId": "item-1",
      "quantity": 1,
      "amountPerUnitGross": 40,
      "vat":"1",
      "title": "Phone"
    },
    {
      "basketItemReferenceId": "item-2",
      "quantity": 3,
      "amountPerUnitGross": 20,
      "vat":"1",
      "title": "Cables"
    }
  ]
}

    <?php
$unzer = new Unzer('s-priv-xxxxxxxxxx');

$basketItem = (new BasketItem())
    ->setBasketItemReferenceId('Item-d030efbd4963')
    ->setQuantity(10)
    ->setUnit('m')
    ->setAmountPerUnitGross(20.00)
    ->setAmountDiscountPerUnitGross(1.00)
    ->setVat(19.0)
    ->setTitle('SDM 6 CABLE')
    ->setSubTitle('This is brand new Mid 2019 version')
    ->setImageUrl('https://a.storyblok.com/f/91629/x/1ba8deb8cc/unzer_primarylogo__white_rgb.svg')
    ->setType(BasketItemTypes::GOODS);

$basket = (new Basket())
    ->setTotalValueGross(190.00)
    ->setCurrencyCode('EUR')
    ->setOrderId('Order-12345')
    ->setNote('Test Basket')
    ->addBasketItem($basketItem);

$unzer->createBasket($basket);

    BasketItem basketItem = new BasketItem()
        .setBasketItemReferenceId("Item-d030efbd4963")
        .setQuantity(BigDecimal.valueOf(10))
        .setUnit("m")
        .setAmountPerUnitGross(BigDecimal.valueOf(20.00))
        .setAmountDiscountPerUnitGross(BigDecimal.valueOf(1.00))
        .setVat(BigDecimal.valueOf(19.0))
        .setTitle("SDM 6 CABLE")
        .setSubTitle("This is brand new Mid 2019 version")
        .setImageUrl(new URL("https://a.storyblok.com/f/91629/x/1ba8deb8cc/unzer_primarylogo__white_rgb.svg"))
        .setType(BasketItem.Type.GOODS);

Basket basket  = new Basket()
        .setTotalValueGross(BigDecimal.valueOf(190.00))
        .setCurrencyCode(Currency.getInstance("EUR"))
        .setOrderId("Order-12345")
        .setNote("Test Basket")
        .addBasketItem(basketItem);

Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
unzer.createBasket(basket);

    The response looks similar to the following example:

    {
    "id": "s-bsk-49277b9f7ee0"
}

    For a full description of basket resource, refer to the relevant server-side-integration documentation page: Direct API integration.

    Add the ThreatMetrix script

    We use ThreatMetrix for fraud prevention to protect your business from potential fraudsters. For this, insert a code snippet with a unique(!) parameter on your payments page and later, send this parameter as threatMetrixId in the authorize request to us. The next steps are managed by us and no additional steps are required from you.

    1. Define a 128 byte long and unique variable as identifier for this transaction. Make sure it only consists of the following characters:
      • upper and lowercase English letters ([a-z], [A-Z])
      • digits (0-9)
      • underscore (_)
      • hyphen (-)
    2. Use this variable in the ThreatMetrix script (next step) in the GET parameter session_id and store it temporarily so that you can also send it in the authorize request later on.
    3. Add the ThreatMetrix script to your payment page. To get full fraud protection, use both the JavaScript part in thesection and the iFrame version in the body section of your page.
    <html>
<head>
    <script type="text/javascript" async
         src="https://h.online-metrix.net/fp/tags.js?org_id=363t8kgq&session_id=[SessionID]">
    </script>
</head>

    <body>
<noscript>
<iframe 
    style="width: 100px; height: 100px; border: 0; position: absolute; top: -5000px;" 
    src="https://h.online-metrix.net/fp/tags?org_id=363t8kgq&session_id=[SessionID]">
</iframe>
</noscript>
</body>
    icon info
    Recommendations for creation of session ID
    • Use a merchant identifier (URL without domain additions), append an existing session identifier from a cookie, append the date and time in milliseconds to the end of the identifier and then applying a hexadecimal hash to the concatenated value to produce a completely unique Session ID.
    • Use a merchant identifier (URL without domain additions), append an existing session identifier from the web application, and apply a hexadecimal hash to the value to obfuscate the identifier.
      Example: merchantshop_cd-695a7565-979b-4af9
      The session_id must be stored temporarily for later use in XML request.

    Make an authorize transaction

    Now, make an authorize transaction with the paylater-invoice resource that you created earlier. You must also add the x-CLIENTIP=<YOUR Client's IP> attribute in the header. With a successful authorize transaction, the amount is authorized and a payment resource is created. At this point no money has been transferred.

    ParameterTypeDescription
    amount (required)floatThe authorization amount
    currency (required)stringThe authorization currency, in the ISO 4217 alpha-3 format (for example, EUR)
    orderIdstringYour customer facing order number (if available at that point)
    customerId (required)stringThe ID of the customers resource to be used (for example, s-cst-e692f3892497)
    basketId (required)stringThe basket ID for the payment
    typeId (required)stringThe ID of the payment type resource to be used (such as s-piv-voi3gcbwinos)

    Provide the customer risk information

    To increase the acceptance rate of your invoice payments, we strongly recommend that you provide additional information about your customer. The following fields can be provided to allow us to apply a detailed risk check:

    ParameterTypeDescription
    threatMetrixIdstringThe ThreatMetrix session ID
    customerGroupstringCustomer classification for the customer if known valid values:
    TOP: Customers with more than 3 paid* transactions
    GOOD: Customers with more than 1 paid* transactions
    BAD: Customers with defaulted/fraudulent orders
    NEUTRAL: Customers without paid* transactions
    confirmedAmountstringThe amount/value of the successful transactions paid by the end customer
    confirmedOrdersstringThe number of successful transactions paid* by the end customer
    registrationLevelstringCustomer registration level
    0=guest, 1=registered
    registrationDatestringCustomer registration date in your shop
    (YYYYMMDD)

    *paid: A paid transaction is a transaction where you have the payment status of the customer for previous transactions (external factoring invoice, installment or direct debit transactions must be excluded because you might have no information about the actual payment status of the customer).

    POST: https://api.unzer.com/v1/payments/authorize

Body
{
    "amount": "100",
    "currency": "EUR",
    "orderId": "ORD-123456",
    "invoiceId" : "INV-123456",
    "resources": {
        "customerId": "s-cst-472f919218b5", 
        "typeId": "s-piv-zex7c9iibpek",
        "basketId": "s-bsk-49277b9f7ee0"
    },
    "additionalTransactionData": {
      "riskData": {
        "threatMetrixId": "f544if49wo4f74ef1x",
        "customerGroup":"TOP",
        "confirmedAmount":"2569",
        "confirmedOrders":"14",
        "registrationLevel":"1",
        "registrationDate":"20160412"
      }
    }
}

    $unzer     = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');

$riskData = (new RiskData())
    ->setThreatMetrixId('f544if49wo4f74ef1x')
    ->setCustomerGroup('TOP')
    ->setConfirmedAmount('2569')
    ->setConfirmedOrders('14')
    ->setRegistrationLevel('1')
    ->setRegistrationDate('20160412');
    
$authorizationInstance = (new Authorization(100.00, 'EUR', $returnUrl))
    ->setRiskData($riskData)
    ->setInvoiceId('INV-123456');
    
$paymentType = new PaylaterInvoice();

$transaction = $unzer->performAuthorization($authorizationInstance, $paymentType, $customer, null, $basket);

    Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");

RiskData riskData = (new RiskData())
    .setThreatMetrixId("f544if49wo4f74ef1x")
    .setCustomerGroup("TOP")
    .setConfirmedAmount("2569")
    .setConfirmedOrders("14")
    .setRegistrationLevel("1")
    .setRegistrationDate(new Date());
    
Authorization authorizationInstance = (new Authorization())
        .setAmount(BigDecimal.valueOf(100.))
        .setCurrency(Currency.getInstance("EUR"))
        .setRiskData(riskData)
        .setInvoiceId("INV-123456");

Authorization transaction = unzer.authorize(authorizationInstance);

    The response looks similar to the following example:

    GET: https://api.unzer.com/v1/payments/{{random_Order_Id}}/authorize/{{auth-Id}}

Body
{
    "id": "s-aut-1",
    "isSuccess": true,
    "isPending": false,
    "isError": false,
    "message": {
        "code": "COR.000.000.000",
        "merchant": "Transaction succeeded",
        "customer": "Your payments have been successfully processed."
    },
    "amount": "100.0000",
    "currency": "EUR",
    "returnUrl": "",
    "date": "2022-06-29 11:55:55",
    "resources": {
        "customerId": "s-cst-472f919218b5",
        "paymentId": "s-pay-124",
        "basketId": "s-bsk-49277b9f7ee0",
        "traceId": "fd58542dd6d6e2ad681a98dc692c5c45",
        "typeId": "s-piv-zex7c9iibpek"
    },
    "additionalTransactionData": {
        "riskData": {
            "threatMetrixId": "f544if49wo4f74ef1x",
            "customerGroup": "TOP",
            "confirmedAmount": "2569",
            "confirmedOrders": "14",
            "registrationLevel": "1",
            "registrationDate": "20160412"
        }
    },
    "orderId": "ORD-123456",
    "invoiceId": "INV-123456",
    "paymentReference": "",
    "processing": {
        "iban": "AT611904300234573201",
        "bank": "Bank Frick Name",
        "uniqueId": "Tx-bxahqq6dmxy",
        "shortId": "Tx-bxahqq6dmxy",
        "descriptor": "BKPB-QCCJ-KKQG",
        "holder": "John Doe",
        "traceId": "fd58542dd6d6e2ad681a98dc692c5c45"
    }
}

    For more details on managing Unzer Invoice payments, see Manage Unzer Invoice payments.

    Step 3: Check status of the payment
    server side

    Once the transaction is made, you can fetch the payment details from the API, by using the resources.paymentId from the charge response above to handle the payment according to its status, such as s-pay-124. Check all possible payment states here.

    GET: https://api.unzer.com/v1/payments/s-pay-xxxxxxx

    $unzer    = new UnzerSDK\Unzer('s-priv-xxxxxxxxxx');
$payment  = $unzer->fetchPayment('s-pay-xxxxxxx');

    Unzer unzer = new Unzer("s-priv-xxxxxxxxxx");
Payment payment = unzer.fetchPayment("s-pay-xxxxxxx");

    Step 4: Display the payment result
    client side

    Use the information from the Check status of the payment step to display the payment result to your customer.
    This can be the success or error page of your shop. If something went wrong, you can use the client message from the API response and show it to the customer.

    Manage payment
    server side

    For more details on managing Unzer Invoice payments, see Manage Unzer Invoice payments.

    Notifications

    We recommend subscribing to the payment event to receive notifications about any changes to the payment resource. As soon as the event is triggered you should fetch the payment and update the order status in your shop according to its status.

      {
    "event":"payment.pending",
    "publicKey":"s-pub-xxxxxxxxxx",
    "retrieveUrl":"https://api.unzer.com/v1/payments/s-pay-774",
    "paymentId":"s-pay-774"
  }

    For more details on implementing webhooks to receive notifications, see Notifications page.

    Error handling

    All requests to the API can result in an error that should be handled. Refer to the Error handling guide to learn more about Unzer API (and other) errors and handling them.

    Test & go live

    You should always test your integration before going live. First perform test transactions using test data. Next, check against Integration checklist and Go-live checklist to make sure the integration is complete and you’re ready to go live.

    See also