Yoursafe B.V. has been added as a new iDEAL Issuer in the Bank Groups (iDEAL) (bankgrouptype).

Please note that Yoursafe is formerly Bitsafe and legally changed its name in December 2022, but their Issuer.id (BIC) is BITSNL2A."

• Definition for "xid" with request "3dscheck" and "authorization" / "preauthorization" needed to be extended from 40 to 60 characters

• For request "consumerscore" only few valid combinations are allowed -> see SA - Verification of creditworthiness (consumerscore)#Verificationofcreditworthiness(consumerscore)-Validcombinations(Arvato,Boniversum,SCHUFA)
  -> invalid combinations (like "consumerscoretype=IH" with "addresscheck=PB") will be declined in future releases.
  -> for "consumerscoretype=SFS/SFM" the "addresschecktype=BS" and "businessrelation" are mandatory.

• New testdata have been added for credit card processing: TD - Credit card (no 3-D secure) and TD - Credit card (with 3-D secure 1.0) for new BIN ranges

• Addon for Amazon Payments published: Special remarks - Amazon Pay

• Error text 7 + 63 corrected -> but for both payment should be still declined

2019-05-22

• Transfer API-PDFs to docs.payone.com completed

2019-04-16

• Parameter “cardtype” can be dropped for request “creditcardcheck”. By this the creditcardcheck will detect the cardtype automatically and will return “cardtype” in its response.
• Coming Feature, May 2019: New value for “checktype” = 2 (NCA check) within the “bankaccountcheck” request, to check if IBAN is a non-consumer account
• Errortext for errorcode 2014 has been more detailed: “[Accept: application/json]”
• Error code 2010 has been added: “Request limit reached”. You have 100 requests in mode test per 24 hours. This limit has been reached.
• Typo corrected parameter “ender” -> “gender”
• Parameter “no[n]” (Quantity) may have up to 6 digits now
• Reminder: ZIP will be validated from 2019-01-01, format [a-zA-Z0-9_.-/ ]{2,10} Going to come.
  Do not use “zip” for data like phone-number or others.
  
• “amount”-/”pr”-parameters have been explained to be gross values.
• Wording / translation “actual”/”actually” -> “retail”, “current”, “currently”

2019-04-16

• New style-element “styleFocus” for Client-API hosted iFrame available
  -> This element “styleFocus” can be used to set background colour to an input field which currently has the focus.
  -> Hosted-iFrame Mode - Table of config attributes

• New trigger “rendered” after hosted IFrames are fully loaded.
  -> see “events / rendered”
  -> see Hosted-iFrame Mode - Short description

2019-01-30

• New errorcode 1023 “Parameter {transaction_param} faulty or missing” -> for future use.
• New errorcode 875 “Cardtype can not be detected automatically via BIN.” -> for future use.
• Text “birthdate” has been changed to “birthday” – as “birthday” is the official parameter.
• EPS Issuer EPS_NOEGB and ARZ_IMB removed from bankgrouptype.
• Parameters amount_trail, amount_recurring, pr_trail, pr_recurring validation changed 1999999999 -> 99999999
• Discover credit cards (“cardtype=C”) are being processed as Diners (“cardtype=D”)
• New parameter “transaction_type” can be given as an optional parameter.
• The value is for PAYONE platform internal use only to pass an informational individual value for capture, refund and debit which will be reported in report PMI->reporting->payments.
• The value will only be stored for requests having effect on the balance on the transaction (i.e. no effect with requests “settleaccount=no”).

2018-12-05

• New error code 750 “Payment rejected by internal Risk Check Engine” -> for future use; not yet in use
• Schufa B2C responses will contain score value in future release – not yet.
• Added new bankgrouptype “HANDELSBANKEN” for iDEAL payments
• Parameter quantity (no[n]) changed from N..3 to N..4

2018-10-26

• ZIP will be validated from 2019-01-01, format [a-zA-Z0-9_.-/ ]{2,10}
• Error codes removed as they did never occure: 251, 254, 255
• New error code 992 “Please use only the test data from the documentation.”

2018-09-12

• Name changed “Payolution” -> “Paysafe Pay Later”
• New Version of “Quick Start Guide” is available with a description of new settings in PMI -> Configuration -> Payment Portals -> Transactions-Status

2018-08-13

• Tipp: Value for “reference” is case insensitive !
• New errorcode “112” for “Account is locked or inactive.” (at external payment service provider, e.g. PayPal).
• Enforced validation from 2019-01-01:
  • Values for “country” and “currency” must be capital letters -> see valid values country and currency
  • Values for “language” must be lower case -> see valid values language
    
  • Key / keywords like “state” must not be used for own purpose -> see valid values state

• Support of Shadow DOM by using “config.fields.element”

2018-07-06

• Added new bankgrouptype “MONEYOU” for iDEAL payments
• E-Mail-addresses have now a maximum length of 254 characters and are validated against RFC 5322.
• New errorcodes added 55,57,58,60,63,64 for credit card processing
• New request “getuser” to retrieve customer-data (JSON-response only)
• Common support for JSON-response by setting HTTP Accept header in the API request to “Accept: application/json”.

2018-04-04

• PAYONE Platform requires update to TLS 1.2 until deadline 2018-05-30. According to PCI DSS regulations all incoming connections based on SSL and TLS 1.0 / 1.1 have to be upgraded to TLS 1.2.
• Further information will be announced in upcoming newsletters and merchant information.
• New partner SCHUFA for credit worthiness implemented (coming up soon):
  • SFM / b2b -> SCHUFA information middle B2B
  • SFS / b2b -> SCHUFA information short B2B
  • SFS / b2c -> SCHUFA information short B2C
• Transactions in mode “test” may be deleted after 3 months.
• PAYONE Platform shall not be used for integration/regression test.
• PNT, SOFORT: Combination of firstname + lastname must not exceed 27 characters.
• BSV, BillSAFE has been removed – not supported any more.

2018-01-31

• Extended values for amount-fields changed from
  • 99.999,99 to 19.999.999,99
  • 9999999 to 1999999999
• New AVS-code “M” (not used by now, used by AVS VISA International)
• Number of article data (array) limited to 400 positions, starting with 1
• New parameter “recurrence” introduced
• New api_version 3.11 for request “capture” / response “pending”
• Announcement for upcoming request “refund” / response “pending”
• Announcement for upcoming request “createaccess” / response “pending”
• New notify_version 7.6 for transaction status with “pending” and “reasoncode”

• Tipp that “placeholder” can not be set for input fields type “select”

2017-11-15

• TransactionStatus extended with “txaction=failed” for all types of payment
• TransactionStatus extended with “errorcode” in case of “txaction=failed”
• Contracts may have a duration (trail & recurring) of maximum 5 years
• Address data are required for bank transfers with IBAN-countries CH, SM, MC, PM, JE, GG due to new regulation on the transfer of funds (Geldtransferverordnung) valid from 2017-11-19
• New parameter “businessrelation” introduced with values “b2b”, “b2c”. This will be required from 2018-01-01 to indicate business to business transactions especially for “secure invoice” (POV) and “secure direct debit” (POD)
• New parameter “customer_is_present” introduced with values “yes”, “no” to indicate whether the customer is online now and can enter some data.

2017-08-29

• Ratepay Subtypes RPD, RPP, RPS, RPV added

2017-07-25

• Added errorcode 981 for Amazon Payments
• Additional test PANs to simulate credit card failures
  -> refer to separate test data document.
• Parameter “email” is mandatory for payment type P24

2017-07-25

• Tipps added to Hosted iFrames -> Table of config-attributes (3.1.5.2)

2017-05-04

• Removed depricated bankgrouptypes for EPS payments
• Parameter “firstname” also mandatory for payment type PDT
• Please use only capital letters for country-codes and state-codes
• Please use only small letters for language-codes
• Added errorcodes 350 and 351 for PAYONE secure purchase on invoice

2017-04-03

• Added new bankgrouptypes for EPS payments

2017-04-03

• New feature for “PAYONE, hosted iFrame”: automatic cardtype detection
  • By adding a new configuration-block “config.autoCardtypeDetection” a simple cardtype detection can be enabled.
• For cardtype a new value “#” can be initially set to enforce the user to select a cardtype.
• Added some PHP-samples for automatic cardtype detection

2017-02-15

• Added comments to URLs (successurl, backurl, errorurl) in section “special remark”, to email-encoding and whitespaces in values.
• New risk check available from Arvato Infoscore:
  • consumerscoretype IF: Informa-Consumer-Score
• New risk checks available from Boniversum:
  • addresschecktype BB -> postal address check
  • addresschecktype PB -> person address check
  • consumerscoretype CE -> postal address check, person address check, check for special addresses, VERITA Score Premium Ident S; this check will return new “score=U” (for unknown)
• New response-parameter “addressstatus” added

2016-12-02

• New error codes for Blacklist (731 to 734)

2016-11-10

• Parameter “id_trail” and “id_recurring” have been shortened from AN..100 to AN..32.
  This is necessary as these values will be used for later usage with parameter “id” in authorization-requests. And there the “id” is limited to AN..32.
• For request “addresscheck” and “consumerscore” new values “UKN” and “PUG”, “PNZ”, “PNP” have been added for “personstatus” in response data.
• Codes for “personstatus” have been moved to chapter “Codes”
• For request “consumerscore” key/value for “divergence” will not be returned in response data – required by german data protection law.
• Format for request-parameter “bankcode” changed from “AN..11” to “N8” (fixed 8) for direct debit requests as only DE is supported with bankcode/bankaccount (BBAN).
  For international direct debit IBAN is required.
• Format for request-parameter “bankaccount” changed from “AN..26” to “N” (fixed 8) for direct debit requests as only DE is supported with bankcode/bankaccount (BBAN).
  For international direct debit IBAN is required.
• Request-parameters “bankbranchcode” and “bankcheckdigit” removed. They were only valid for SEPA-countries and they have moved to IBAN.
• Mistake in documentation in chapter “Responses -> TransactionStatus”:
• “clearing_amount” was described as N..7,2 in largest unit (e.g. Euro) but is returned as N..10 in smallest unit (e.g. Cent).
• Request 3dscheck: Clarification of usage for response-parameter “termurl”, “pareq”, “md” -> they have to be added to the redirect to acsurl.

2016-11-10

• Sample Code for AJAX mode had a mistake:
  • wrong: callback_function_name
  • correct: callbackFunctionName

2016-07-28

• Additional response data “cardtype” and “cardexpiredate” for creditcardcheck have been added at the JSON-sample, but were missing in the creditcardcheck-responsedata.

2016-07-26

• Responses for “customermessage” and “errormessage” can now have a maximum length of 1024 characters (previous length was limited to 255 characters). This is required due to special payment methods.
• China Union Pay / CUP (as credit card) is planned for 2016-10-01
• American Express Safekey (3-D Secure) is planned for 2016-10-01
• IBAN / BIC / bankcode / bankaccount can be omitted for SOFORTBanking (OBT/PNT) on API-level as they are returned from SOFORT and saved by PAYONE (for later upcoming SEPA-credits in case of refund).
• only available with api_version >= 3.10:
  • Response for “customermessage” can be more specific in case of error by containing detailed error messages from external payment gateways (e.g. Ratepay, …)

2016-07-26

• Additional features for “PAYONE hosted iFrame mode”
  • Config-block for element “cardcvc2” has been extended by array “length” to specify the exact required CVC-length per cardtype
  • response data have been extended by selected “cardtype” and used “cardexpiredate”
  • Attribute “placeholder” can now be set for input fields.

2016-05-09

• iDEAL: Bunq-Bank added (Parameter “bankgrouptype”)
• Contract/createaccess: Limit (w) for trail and recurring period documentated.
• Special remarks for usage of not-used parameters.

2016-03-18

• Check of correct encoding will be enforced.
  I.e.: If request-encoding is specified with “UTF-8” (Parameter “encoding”) and non-matching characters are detected (e.g. “ß” instead of “U+00DF” or “Ö” instead of “U+00D6”) the request will be rejected with errorcode=2013.

2016-02-23

• Naming changed from “truncated cardpan” to “masked cardpan”. Parameter name “truncated cardpan” does remain unchanged.
• In fact “masked cardpan” means display of first six and last four digits while “truncated cardpan” means showing only last four digits.
• Currently the pseudo card pan is 13 to 16 digits long. In future the pseudo card pan will be 19 digits long. This is already specified by format “N..19” and in future the full range of 19 digits will be used.

2016-02-15

• New SSL-certificates for PAYONE
  -> https://www.payone.de/en/platform-integration/platform/important-technical-information/ssl-certificates/

2016-01-28

• Itemtype (Parameter  „it“) now does support „voucher“ for PPE (PayPal Express)
• Additional test data for “consumerscore” and “address check person”. Please refer to separate document “PAYONE_Platform_Testdata_EN.pdf”

2015-12-07

• Online-Payment P24 added
• Parameter “state” was missing for request “updateuser”
• Old IP-addresses for Session-Status and Transaction-Status removed.
• CreateAccess: Added that “access_expiretime” and “period_unit_trail”, “period_length_trail” can not be used. “access_expiretime” should not be used any more.
• AddressCheck Person: added that firstname/lastname are mandatory
• BankAccountCheck:
  • 
    
    • old: Errorcode 888 (IBAN invalid) was returned with response “ERROR”
    • new: Errorcode 888 (IBAN invalid) is returned with response “INVALID”

• New error codes 972 and 973 have been added
• Parameter “bankcode” and “clearing_bankcode” have changed from N..8 to AN..11
• Parameter “bankaccount” and “clearing_bankaccount” have changed from AN..14 to AN..26
• Added support IP V4/V6 for customers IP-address
• ManageMandate:
  • currently ManageMandate always reponds with “APPROVED” or “ERROR”.
  • in future (Q3 2016) ManageMandate will respond with “ERROR” for erroneous requests and may respond with “INVALID” for requests with invalid data
    -> responses “APPROVED”, “ERROR” and “INVALID” may be used.

2015-09-02

• Parameter “reference” for GPY must be min. 4, max. 20 characters

• Chapter 3.1.5.6, additional tips added
• Chapter 3.1.5, known issue added with old version of framework “prototype”

• Chapter 3.1.5.3 calculation of hash corrected / explained.

2015-06-17

• Description of “PAYONE hosted-iFrame mode” in chapter 3.1.5.
  -> PCI DSS V 3.0 SAQ A compliant implementation.

2015-06-03

• Request “updateaccess”, parameter “productid” has been corrected from N6 to N7.
• Character set for parameter “id” (product number) has been clearly defined
• The hash values (key -> Standard Parameter, key -> SessionStatus, TransactionStatus) are currently given as MD5.
  This currently still remains with MD5 and is subject to change in future to SHA2-384.

2015-06-03

• Additional support of hash algorithm “sha2-384” (HMAC-SHA-2, 384)
• PMI-setting to enforce usage of “sha2-384”
• Hash-value of SessionStatus and TransactionStatus still remains with MD5 by now and is subject to change

2015-04-08

• PCS (PAYONE Collection Service) has been migrated to PPS (PAYONE Payment Service)
• Transaction Status PAYONE -> merchant, txaction “failed” is used with “Barzahlen” and expired refund.

2015-02-25

• Transaction Status PAYONE -> merchant:
  • description added for parameter “notify_version” (in use since January 2015)
  • txaction “failed”: description corrected (mistake by copy&paste).
    -> this txaction is not in use yet.

2015-02-25

• Parameter “api_version” added to hash calculation

2015-01-12

• New error code 1012 added
• Parameter “clearingtype” has been added to request “updateaccess”. This parameter already existed, but was not documented officially.
• Parameter for Klarna installment (KLS) have been added
• Parameter “shipping_state” is mandatory for PayPal (PPE) for certain countries.
• Parameters it, id, pr, no, de, va added to preauthorization for PayPal (PPE)
• Transaction Status PAYONE -> merchant:
  • new parameter “transaction_status” has been introduced
    (if your systems are not prepared to process new parameters, please contact our PAYONE Technical Support)
  • Parameter “api_version” added -> see standard parameter
    • only available with api_version >= 3.9:
  • New response “pending” added for “preauthorization” / “authorization”

2014-09-05

• New error codes 940, 941, 952, 1337, 1338, 1374, 1375
• Parameter “telephonenumber” shortened from 50 to 30 characters
• Parameter for Klarna (KLV) added
• Parameter “shipping_addressaddition” has been removed as it is not used for any payment type
• Parameter “state” (regions) extended to these countries: US, CA, CN, JP, MX, BR, AR, ID, TH, IN
• Missing parameter “pseudocardpan” added to request “3dscheck”
• Missing parameter “ti_trail” and “ti_recurring” added to request “createaccess”
• Documentation for TxStatus has been corrected: “cancellation” -> “cancelation”

• IMPORTANT NOTE:
  • Starting with 2014-12-29 the range of IP-addresses of the PAYONE Platform will be extended!
  • old: 213.178.72.196, 213.178.72.197, 217.70.200.0/24
  • new: 213.178.72.196, 213.178.72.197, 217.70.200.0/24, 185.60.20.0/24
  • Please ensure that your systems will be able to accept outgoing and incoming connections to and from all these IP-addresses.

2014-09-05

• Parameter “ecommercemode” was already used in hash-calculation, but this was missing in the documentation

2014-03-19

• New error codes 878, 905, 909, 1007, 1367, 1372, 1373
• updateuser does not support “manadate_identification”

2014-03-10

• Request “managemandate” is now available with BBAN (Germany only) and with userid/customerid if BBAN is attached to user
• Response data have been extended by “mandate_dateofsignature”
• Mode “live” / “test” consistently written in lower case.
• Typo corrected “GT Credit (default for amount < 0)”
• BankAccountCheck will return either “INVALID” or “ERROR” in case of invalid data.
• Error messages added and text corrected

2014-03-06

• Parameter “mandate_identification” was already included into hash calculation, but was missing in documentation

2013-12-27

• Comments to successurl, … changed:
• Old: only if not provided in the PMI
• additional response parameter added for direct debit requests

2013-11-21

• Character set for mandate_identification defined

2013-11-19

• New error code 2012
• Response “bankaccountcheck”: parameter “bankcountry” was missing
• Request “managemandate”: parameter “currency” has been added

2013-11-12

• Request “getfile”, response-details changed in case of errors
• Error messages added for “getfile”
• Note added for PMI configuration to enable additional response parameters
• Usage of IBAN / BIC: IBAN/BIC can be used together with bankcountry. If bankcountry is given it must match with IBAN.
• bankcountry is mandatory with bankcode, bankaccount
• PCS-merchants: mandate-identifications must be generated automatically

2013-11-07

• SEPA-specific extensions
• New request “managemandate”
• New request “getfile”
• Parameters “iban” / “bic” can be used – even without bankcode / bankaccount
• Please note that API-responses may be extended by new response key/values at any time to provide additional features

2013-07-29

• TransactionStatus: No receivable / balance for encashment status messages without paid amount
• Updated error text for error code 3200
• Parameter “capturemode” added
• Special use case “capture amount = 0” (for creditcard only) added

2013-06-27

• Getinvoice: Comment to parameter „ invoice_title“ corrected

2013-05-15

• New errorcode 951

2013-04-15

• New banks added to EPS bankgrouptype
• New banks added to iDEAL bankgrouptype
• Response to addresscheck: firstname and lastname may be returned
• New errorcode 938
• Parameter "email" is mandatory for payment type BSV
• Table 5.4 added with possible combinations for BankAccountCheck.

2013-02-27

• Sessionstatus, errata "reverse_cancel" -> "cancel_reversal"
• New countries added to request bankaccountcheck
• Note to currency handling
• Note to IP V4 / IP V6
• New payment types BillSAFE
• New parameters for TransactionStatus "vsettlement"
• Note to request "capture" with BSV and item quantity "0"

2013-01-03

• List of iDEAL banks updated

2012-11-16

• Transaktions-/Sessionstatus-Encoding (ISO-8859-1) documented.

2012-11-16

• userid, accessid extended from 8 to 12 digits