skip to Main Content

After reading 3DSecure GlobalPay documentation, my team opted for an integration via JSON, with our own client-side implementation, as we already have on production another integration with another 3DS verification service . For what’s worth, we are implementing it using Vue.JS and Laravel.

As it can be seen in their documentation, GlobalPay sample request is:

curl https://api.sandbox.globalpay-ecommerce.com/3ds2/protocol-versions
-H "Content-type: application/json"
-H "X-GP-VERSION: 2.2.0"
-H "Authorization: securehash 0204a841510d67a46fbd305a60253d7bade32c6e"
-X POST
-d '{
   "request_timestamp": "2019-07-30T08:41:07.590604",
   "merchant_id": "MerchantId",
   "account_id": "internet",
   "number": "4263970000005262",
   "scheme": "VISA",
   "method_notification_url": "https://www.example.com/dsNotificationUrl"
}'

We created a method in a Vue.JS component to make a POST request to this version checking endpoint as you can see here:

methods: {
    verifyTds(price) {
        this.setTdsAuth(price);
    },
    setTdsAuth() {
        let uri = window.tds.globalPay.checkVersion; // https://api.sandbox.globalpay-ecommerce.com/3ds2/protocol-versions

        let tdsHeaders = {
            'X-GP-Version': '2.2.0',
            'Content-Type': 'application/json',
            'Authorization': `securehash ${this.billing.threeDs.hash}` // from backend, see below
        };

        let tdsParams = {
            request_timestamp: this.billing.threeDs.timestamp, // from backend, see below
            merchant_id: "mymerchantid", 
            account_id: "myaccountid",
            number: parseInt(this.billing.threeDs.pan), // integer, a VISA card from their test cards list: 4263970000005262
            scheme: "VISA", // at this moment, hardcoded, I just want to make it work
            method_notification_url: window.tds.globalPay.methodNotification // in my case http://website.test/tds/global-pay/method-notification, we created according their sample in the docs too
        };

        axios.post(uri, { body: tdsParams }, { headers: tdsHeaders }).then(response => {
            console.log(response);
            // then finish purchase process
        }).catch(error => {
            console.log(error); // then handle error
        });
    },
    // ...
}

If this request is right, the securehash we generated for the Authorization header is calculated in our backend (PHP) according this:

<?php
// ...    
$globalPayMerchantId = 'mymerchantid';
$globalPaySecret = 'mysecret';

$timestamp = Carbon::now()->toDateTimeLocalString();
$requestTimestamp = Carbon::now()->format('YmdHisu');
$requestHashNoSecretStr = "{$requestTimestamp}.{$globalPayMerchantId}.{$billing->threeDs->pan}";
$requestHashNoSecret = sha1($requestHashNoSecretStr);
$requestHashStr = "{$requestHashNoSecret}.{$globalPaySecret}";
$requestHash = sha1($requestHashStr);

$billing->threeDs->hash = $requestHash; // sth like 6200480999455e596ad3dfdb89b0a1db601e9216
$billing->threeDs->requestTimestamp = $requestTimestamp; // 20210127155812886962
$billing->threeDs->timestamp = $timestamp; // 2021-01-27T15:58:12

We basically tried to follow the instructions from the section "How to build the Request Hash" of this part of GlobalPay documentation.

After all, we just have a failure ERR_CONNECTION_RESET. I’ve already tried from different browsers (Firefox, Chrome, Brave) but it keeps crashing. When emulated in Postman it results in a 415 HTTP response (Unsupported Media Type).

Apart from double checking our credentials (merchantid and so on, which I’m still trying to do by phone), is there any other point that should be verified?

2

Answers


  1. Chosen as BEST ANSWER

    After calling GlobalPay their insisted I should try with their PHP SDK (the most suitable option for my stack). In fact, we are using it now and this checking version process is working now.


  2. If there is a problem with the JSON then it is probably to do with the authorization. Within the authorization there is a scheme: "securehash" and a parameter: the sha1hashed value. Authorization can be set separately from the others headers.

    This example code works in C# using System.Net.Http:

        public static string SendJsonHttpClientRequest(string jsonobject, string url, string authorization)
        {
            var client = new HttpClient();
            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("securehash", authorization);
    
            var request = new HttpRequestMessage
            {
                Method = HttpMethod.Post,
                RequestUri = new Uri(url),
                
                Headers =
                {
                    {"X-GP-VERSION", "2.2.0" },
    
    
                },
                Content = new StringContent(jsonobject, Encoding.UTF8, "application/json")
    
            };
            
    
            var result = client.SendAsync(request).Result;
            var content = result.Content.ReadAsStringAsync().Result;
    
            return content;
        }
    

    It is also worth checking that the account(sub-account) that you are using is set up with 3dSecure 2 and there are different test cards for Message Version 2.1 and 2.2

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search