Introduction

PAYONE Secured Invoice offers merchants in German-speaking countries the opportunity to integrate the "Buy Now, Pay Later" (BNPL) payment method invoice as payment method in their online store.

In doing so, our Partner Payla assumes the full fraud and default risk and supports merchants throughout the entire value chain from integration assistance to collection handover. 

General notes

In addition to the correct integration of the API request, the following points should be noted:

Countries Currency Special Limitations
  • Germany
  • Austria
  • Euro
  1. Snippet for device fingerprinting token
  2. Mandatory checkout information
  • B2B transactions not with all methods
  • deviating delivery addresses

1. Device fingerprinting token

In order to detect and prevent fraud at an early stage for the secured payment methods, a device fingerprinting snippet has to be integrated during the checkout process. This snippet will generate a token in the format <partner_id>_<merchant_id>_<session_id>, which has to be sent via consumer parameter add_paydata[device_token] in the preauthorization/authorization request.

Example Fingerprinting Code in PHP
<?php
  $environment = "t"; // "t" for TEST, "p" for PROD
  $payla_partner_id = "e7yeryF2of8X";
  $partner_merchant_id = "test-1"; // REPLACE individually per Merchant by Payone Merchant-ID
  $snippet_token = $payla_partner_id . "_" . $partner_merchant_id . "_" . guidv4(); // REPLACE guidv4() by a session_id (which should be unique per checkout experience) or an appropriate GUIDv4 function
?>

<script id="paylaDcs" type="text/javascript" src="https://d.payla.io/dcs/<?php echo $payla_partner_id; ?>/<?php echo $partner_merchant_id; ?>/dcs.js"></script>
<script>
  var paylaDcsT = paylaDcs.init("<?php echo $environment; ?>", "<?php echo $snippet_token; ?>");
</script>

<link id="paylaDcsCss" type="text/css" rel="stylesheet" href="https://d.payla.io/dcs/dcs.css?st=<?php echo $snippet_token; ?>&pi=<?php echo $payla_partner_id; ?>&psi=<?php echo $partner_merchant_id; ?>&e=<?php echo $environment; ?>">

Snipped parameter explained:

Parameter Description Comment

environment

Defines which environment the snippet is called for. During integration, t has to be used to point towards our test environment. Once the integration is finished and for every live processing merchant p has to be used to point towards our production environment.

Set "t" for Test and "p" for Production

payla_partner_id

12-digit alphanumeric Identifier provided by Payla. It is fixed. The once assigned ID will not change and is identical for test and production environment.

Fixed f.e. "e7yeryF2of8X"

partner_merchant_id

Identifier chosen and provided by PAYONE. It identifies the merchant and allows Payla to distinguish which merchant/shop the fingerprinting is done for. The ID is requested as part of Payla's onboarding. For testing without having a Merchant-ID, you can use "test-1"

Set to your PAYONE Merchant-ID

snippet_token

For Payla, the most important requirement is the snippet - token being unique per API call. If a consumer calls the snippet multiple times during the checkout process but is in the same session, this token can be used. Once an actual order or risk check has been performed with the snippet_token, Payla expect a new snippet_token for a new API call. The main reason for this is customers switching devices between orders.

e.g. xyz123abc456_test-1_randomOrSessionadh9029381923

2. Mandatory checkout implementation

In order to detect and prevent fraud at an early stage for the secured payment methods, a device fingerprinting snippet has to be integrated during the checkout process. This snippet will generate a token in the format <partner_id>_<merchant_id>_<session_id>, which has to be sent via consumer parameter add_paydata[device_token] in the preauthorization/authorization request.

Checkout note:

Language Text
German Mit Abschluss dieser Bestellung erkläre ich mich mit den ergänzenden Zahlungsbedingungen (Link) und der Durchführung einer Risikoprüfung für die ausgewählte Zahlungsart einverstanden. Den ergänzenden Datenschutzhinweis (Link) habe ich zur Kenntnis genommen.
English By placing this order, I agree to the supplementary payment terms (link) and the performance of a risk assessment for the selected payment method. I am aware of the supplementary data protection notice (link).

Links:

Document Language Description URL
Terms of payment German Framework for the use of the mentioned payment methods https://legal.paylater.payone.com/de/terms-of-payment.html
Data protection notice German Describes, among other things, the use of the personal data https://legal.paylater.payone.com/de/data-protection-payments.html
Terms of payment English Framework for the use of the mentioned payment methods https://legal.paylater.payone.com/en/terms-of-payment.html
Data protection notice English Describes, among other things, the use of the personal data https://legal.paylater.payone.com/en/data-protection-payments.html

Integrations

POST Request - Pre-/ Authorization

During the preauthorization a risk check for the customer is performed. Depending on the result the customer qualifies or disqualifies from using this payment method. When the risk of payment default is deemed too high the transaction can’t be insured and the customer is denied, yielding an error message and the status “ERROR”.

Generally, the more customer data you send, the better the risk check can decide to give an insurance or not. Nonetheless, there following table contains flags, if a parameter is optional or not.

If the preauthorization is successful the response will contain the status “APPROVED”.

Using the Preauthorization request does NOT finalize the claim. In order to start the dunning process the transactions need to be captured first.

Please bear in mind, that a preauthorization is valid for 28 days. You need to make sure, that you capture this preauthorization in this period. Otherwise, if you know that you won’t capture the amount, please send a cancel (capture with amount=0), to free the reserved guarantee.

Account Parameters
request
required
Fixed Value: preauthorization / authorization
mid
required
your merchant ID, 5-digit numeric
aid
required
your subaccount ID, 5-digit numeric
portalId
required
your Portal ID, 7-digit numeric
key
required
your key value, alpha-numeric
common Parameters
clearingtype
required
Fixed Value: fnc
financingtype
required
Fixed Value: PIV

PIV: PAYONE Secured Invoice

mode
required
Fixed Value: test/live

can be either test environment (test) or live environment (live)

reference
optional
Format CHAR(2..255)

a unique ID that will be displayed in your shop backend and for the customer

amount
required
Format NUMERIC(1..10)
Permitted values max. +/- 19 999 999 99

Specifies the total gross amount of a payment transaction.

Value is given in smallest currency unit, e.g. Cent of Euro.

The amount must be less than or equal to the amount of the corresponding booking.

currency
required
Format LIST

Permitted values ISO 4217 (currencies) 3-letter-codes

 

Samples EUR, USD, GBP

param
optional
Format CHAR(1..255)

Individual parameter (per payment process)

narrative_text
optional
Format CHAR(1..81)

Dynamic text element on account statements.

(3 lines with 27 characters each) and credit card statements.

customer_is_present
optional
Format LIST
Permitted Values yes / no

Indicates whether customer is “present” and can enter their data in the shop (=yes). Or customer is not present and can not enter any data (=no).

PERSONAL DATA Parameters
customerid
optional
Format CHAR(1..20)
Permitted Symbols [0-9, a-z, A-Z, .,-,_,/]

Merchant's customer ID, defined by you / merchant to refer to the customer record.

"customerid" can be used to identify a customer record.
If "customerid" is used then stored customer data are loaded automatically.
userid
optional
Format NUMERIC(6..12)

PAYONE User ID, defined by PAYONE

businessrelation
required
Format LIST
value Comment
b2c

Indicates business to private customer

b2b

indicates business to business customer (company)

currently not available for PDD

Value specifies business relation between merchant and customer

salutation
optional
Format CHAR(1..10)

The customer's salutation

title
optional
Format CHAR(1..20)
Samples Dr
        Prof.
        Dr.-Ing.

Title of the customer

firstname
optional
Format CHAR(1..50)

First name of customer; optional if company is used, i.e.: you may use

"company" or "lastname" or "firstname" plus "lastname"

lastname
required
Format CHAR(2..50)

Last name of customer; optional if company is used, i.e.: you may use

"company" or "lastname" or "firstname" plus "lastname"

company
optional
Format CHAR(2..50)

Comany name of customer; optional if company is used, i.e.: you may use

"company" or "lastname" or "firstname" plus "lastname"

street
optional
Format CHAR(1..50)

Street number and name (required: at least one character)

addressaddition
optional
Format CHAR(1..50)

Samples 7th floor
c/o Maier

Specifies an additional address line for the invoice address of the customer.

zip
optional
Format CHAR(2..50)
Permitted Symbols [0-9][A-Z][a-z][_.-/ ]

Postcode

city
optional
Format CHAR(2..50)

City of customer

country
required
Fixed Value DE
email
optional
Format CHAR(5..254)

Mandatory if "add_paydata[shopping_cart_type]=DIGITAL"

Permitted Symbols RFC 5322

Special Remark email validation:

Max. length for email is 254 characters. Validation is set up in the following way:

Username = Max. 63 characters

Domain Name = Max. 63 characters
Domain Suffixes = Max. 4 suffixes with max. 124 characters
Example: username[63]@domain_name[63].suffix[60].suffix[60].suffix[4]

"@" and "." is counted as a character as well; in case of a total of three suffixes, this would allow a total of 254 characters.

email-address of customer

telephonenumber
required
Format CHAR(1..30)

Phone number of customer

birthday
required
Format DATE(8), YYYYMMDD

Samples 20190101 /  19991231

Date of birth of customer

language
optional
Format LIST

Permitted values ISO 639-1 (Language)2-letter-codes

Language indicator (ISO 639) to specify the language that should be presented to the customer (e.g. for error messages, frontend display).

If the language is not transferred, the browser language will be used. For a non-supported language English will be used.

vatid
optional
Format CHAR(1..50)

VAT identification number. Used for b2b transactions to indicate VAT number of customer.

gender
optional
Format LIST

Permitted values f/ m/  d

Gender of customer (female / male / diverse* )

* currently not in use

personalid
optional
Format CHAR(1..32)

Permitted Symbols [0-9][A-Z][a-z][+-./()]

Person specific numbers or characters, e.g. number of passport / ID card

ip
optional
Format CHAR(1..39)

Customer's IP-V4-address (123.123.123.123) or IP-V6-address

Delivery data Parameters
shipping_firstname
required
Format CHAR(1..50)

First name of delivery address

shipping_lastname
required
Format CHAR(1..50)

Surname of delivery address

shipping_company
optional
Format CHAR(2..50)

Company name of delivery address

shipping_street
optional
Format CHAR(2..50)

Street number and name of delivery address

shipping_zip
required
Format CHAR(2..50)

Postcode of delivery address

shipping_addressaddition
optional
Format CHAR(1..50)

Specifies an additional address line for the delivery address of the customer, e.g. "7th floor", "c/o Maier".

shipping_country
optional
Format LIST

Permitted values ISO 3166 2-letter-codes

 

Samples DE/ GB/ US
 

Specifies country of address for the customer.

Some countries require additional information in parameter "state"

shipping_state
required (in CN)
Format LIST

Permitted values ISO 3166-2 States (regions)  2-letter-codes

Samples US Samples CA
AK AB
AL BC
Article Parameters
it[n]
optional
it[n] Comments
goods Goods
shipment Shipping Charges
handling Handling fee
voucher Voucher / discount

required for physical goods in order to ensure PayPal seller protection

id[n]
optional
Format CHAR(1..32)
Array Array elements [n] starting with [1]; serially numbered; max [400]Permitted Symbols [0-9][a-z][A-Z], .,-,_,/

required for physical goods in order to ensure PayPal seller protection

International Article Number (EAN bzw. GTIN)

Product number, SKU, etc. of this item

pr[n]
optional
Format NUMERIC(10) max. 19 999 999 99
Array Array elements [n] starting with [1]; serially numbered; max [400]Permitted

required for physical goods in order to ensure PayPal seller protection

Unit gross price of the item in smallest unit! e.g. cent

no[n]
optional
Format NUMERIC(6)
Array Array elements [n] starting with [1]; serially numbered; max [400]Permitted

required for physical goods in order to ensure PayPal seller protection

Quantity of this item

de[n]
optional
Format CHAR(1..255)
Array Array elements [n] starting with [1]; serially numbered; max [400]Permitted

required for physical goods in order to ensure PayPal seller protection

Description of this item. Will be printed on documents to customer.

va[n]
optional
Format NUMERIC(4)

VAT rate (% or bp)

Array elements [n] starting with [1]; serially numbered; max [400]

Paydata Parameters
add_paydata[device_token]
required
FORMAT: AN(255)"

Device fingerprinting token.

Response Parameters
status
required
Permitted Values
APPROVED
ERROR
ReSponse Parameter (approvedt)
txid
Format NUMERIC(9..12)

The txid specifies the payment process within the PAYONE platform

Format NUMERIC(6..12)

PAYONE User ID, defined by PAYONE

 ---

ReSponse Parameter (Error)
Format NUMERIC(1..6)

In case of error the PAYONE Platform returns an error code for your internal usage.

Format CHAR(1..1024)

In case of error the PAYONE Platform returns an error message for your internal usage.

Format CHAR(1..1024)

The customermessage is returned to your system in order to be displayed to the customer.

(Language selection is based on the end customer's language, parameter "language")

 ---

Host: api.pay1.de
Content-Type: application/x-www-form-urlencoded
Payload
request=preauthorization mid=54321 aid=12345 portalid=12345123 key=abcdefghijklmn123456789 clearingtype=fnc financingtype=PIV mode=test reference=jv-1668434776 amount=20000 currency=EUR param=individualParameter narrative_text=messageoralternativetext customer_is_present=yes businessrelation=b2c firstname=Max lastname=Mustermann street=Musterweg 1 city=Musterstadt zip=12345 country=DE telephonenumber=491731234567 email=max@mustermann.de birthday=19820324 bankaccountholder=Max Mustermann iban=DE12345678910111213141 ip=123.123.123.123 clearingtype=fnc financingtype=PDD add_paydata[device_token]=abcdefghijklmn123456789 it[1]=goods it[2]=shipment id[1]=1001001 id[2]=1001002 de[1]=Testartikel 1 de[2]=Transport no[1]=1 no[2]=1 pr[1]=1000 pr[2]=100 va[1]=19 va[2]=19
successurl=http://www.your-success.url errorurl=http://www.your-error.url backurl=http://www.your-back.url
RESPONSE

status=APPROVED
txid=753359579
userid=483104612
POST Request - Capture
Account Parameters
request
required
Fixed Value: capture
mid
required
your merchant ID, 5-digit numeric
aid
required
your subaccount ID, 5-digit numeric
portalId
required
your Portal ID, 7-digit numeric
key
required
your key value, alpha-numeric
common Parameters
txid
required
Format NUMERIC(9..12)

The txid specifies the payment process within the PAYONE platform

required
Format fixed: Test/live
Environment in which the transaction is captured
capturemode
optional
Format LIST
Value Comment
completed

Set with last capture; i.e.: Delivery completed.
No further capture is allowed.

notcompleted

Set with partial deliveries (last delivery with "completed")
Another capture is expected to complete the transaction.

Specifies whether this capture is the last one or whether there will be another one in future.

sequencenumber
optional
Format NUMERIC(1..3)

Permitted values 0..127

Sequence number for this transaction within the payment process (1..n), e.g. PreAuthorization: 0, 1. Capture: 1, 2. Capture: 2

Required for multi partial capture (starting with the 2nd capture)

amount
required
Format NUMERIC(1..10)

Permitted values max. +/- 19 999 999 99

Specifies the total gross amount of a payment transaction.

Value is given in smallest currency unit, e.g. Cent of Euro; Pence of Pound sterling; Öre of Swedish krona.

The amount must be less than or equal to the amount of the corresponding booking.

currency
required
Fixed Value EUR
optional
Format LIST
Value Comment
yes

Settlement of outstanding balances has been carried out.

no

Settlement of outstanding balances has not been carried out.

Provides information about whether a settlement of balances has been carried out.

add_paydata Parameters
add_paydata[cancellation_reason]
optional
Format: LIST

Note: Mandatory for Capture=0 and capturemode=completed if the capture amount is lower than the reservation amount.

Value Comment

consumer_request

The consumer requested a cancellation of the Order

undeliverable

The merchant cannot fulfill the Order

duplicate

The Order was created twice accidentally

fraudulent

Consumer turned out to be a fraudster

Response Parameters
Permitted Values
APPROVED
PENDING
ERROR
Response Parameter (approved)
Format NUMERIC(9..12)

The txid specifies the payment process within the PAYONE platform

Format LIST 
Value Comment
yes

Settlement of outstanding balances has been carried out.

no

Settlement of outstanding balances has not been carried out.

Provides information about whether a settlement of balances has been carried out.

 ---

Response parameters (pending)
Format NUMERIC(9..12)

The txid specifies the payment process within the PAYONE platform

Format NUMERIC(6..12)

PAYONE User ID, defined by PAYONE

 ---

Request Body schema: application/json
Format NUMERIC(1..6)

In case of error the PAYONE Platform returns an error code for your internal usage.

Format CHAR(1..1024)

In case of error the PAYONE Platform returns an error message for your internal usage.

 ---

Host: api.pay1.de
Content-Type: application/x-www-form-urlencoded
Payload
request=capture mid=54321 aid=12345 portalid=12345123 key=abcdefghijklmn123456789 txid=753359579 mode=test capturemode=completed sequencenumber=1 amount=20000 currency=EUR settleaccount=auto it[1]=goods it[2]=shipment id[1]=1001001 id[2]=1001002 de[1]=Testartikel 1 de[2]=Transport no[1]=1 no[2]=1 pr[1]=10000 pr[2]=10000 va[1]=19 va[2]=19
RESPONSE

status=APPROVED
txid=753359579
settleaccount=yes
POST Request - Debit
Account Parameters
request
required
Fixed Value: debit
mid
required
your merchant ID, 5-digit numeric
aid
required
your subaccount ID, 5-digit numeric
portalId
required
your Portal ID, 7-digit numeric
key
required
your key value, alpha-numeric
add_paydata Parameters
add_paydata[cancellation_reason]
optional
Format: LIST

Note: Mandatory for Capture=0 and capturemode=completed if the capture amount is lower than the reservation amount.

Value Comment

consumer_request

The consumer requested a cancellation of the Order

undeliverable

The merchant cannot fulfill the Order

duplicate

The Order was created twice accidentally

fraudulent

Consumer turned out to be a fraudster

Common Parameters
txid
required
Format NUMERIC(9..12)

The txid specifies the payment process within the PAYONE platform

mode
required
Format fixed: Test/live

Environment in which the transaction is refunded

sequencenumber
required
Format NUMERIC(1..3)

Permitted values 0..127

Sequence number for this transaction within the payment process (1..n), e.g. PreAuthorization: 0, 1. Capture: 1, 2. Capture: 2

Required for multi partial capture (starting with the 2nd capture)

amount
required
Format NUMERIC(1..10)

Permitted values max. +/- 19 999 999 99

Specifies the total gross amount of a payment transaction.

Value is given in smallest currency unit, e.g. Cent of Euro; Pence of Pound sterling; Öre of Swedish krona.

The amount must be less than or equal to the amount of the corresponding booking.

currency
required
Fixed Value EUR
narrative_text
optional
Format CHAR(1..81)

Dynamic text element on account statements

(3 lines with 27 characters each) and credit card statements.

clearingtype
optional
Fixed Value wlt
use_customerdata
optional
Format LIST
Value Comment
yes

Uses current account details from debtor's master data (default)

no

Uses the last known account details in the payment process

Use account details from debtor's master data

transaction_param
optional
Format CHAR(1..50)
Permitted Symbols [0-9][A-Z][a-z][.-_/]

Optional parameter for merchant information (per payment request)

Article Parameters
it[n]
optional
it[n] Comments
goods Goods
shipment Shipping Charges
handling Handling fee
voucher Voucher / discount

required for physical goods in order to ensure PayPal seller protection

id[n]
optional
Format CHAR(1..32)
Array Array elements [n] starting with [1]; serially numbered; max [400]Permitted Symbols [0-9][a-z][A-Z], .,-,_,/

required for physical goods in order to ensure PayPal seller protection

International Article Number (EAN bzw. GTIN)

Product number, SKU, etc. of this item

pr[n]
optional
Format NUMERIC(10) max. 19 999 999 99
Array Array elements [n] starting with [1]; serially numbered; max [400]Permitted

required for physical goods in order to ensure PayPal seller protection

Unit gross price of the item in smallest unit! e.g. cent

no[n]
optional
Format NUMERIC(6)
Array Array elements [n] starting with [1]; serially numbered; max [400]Permitted

required for physical goods in order to ensure PayPal seller protection

Quantity of this item

de[n]
optional
Format CHAR(1..255)
Array Array elements [n] starting with [1]; serially numbered; max [400]Permitted

required for physical goods in order to ensure PayPal seller protection

Description of this item. Will be printed on documents to customer.

va[n]
optional
Format NUMERIC(4)

VAT rate (% or bp)

Array elements [n] starting with [1]; serially numbered; max [400]

Response Parameters
status
Permitted Values
APPROVED
ERROR
Response Parameter (approved)
txid
Format NUMERIC(9..12)

The txid specifies the payment process within the PAYONE platform

settleaccount
Format LIST 
Value Comment
yes

Settlement of outstanding balances has been carried out.

no

Settlement of outstanding balances has not been carried out.

Provides information about whether a settlement of balances has been carried out.

Response Parameter (error)
errorcode
Format NUMERIC(1..6)

In case of error the PAYONE Platform returns an error code for your internal usage.

errormessage
Format CHAR(1..1024)

In case of error the PAYONE Platform returns an error message for your internal usage.

customermessage
Format CHAR(1..1024)

The customermessage is returned to your system in order to be displayed to the customer.

(Language selection is based on the end customer's language, parameter "language")

Host: api.pay1.de
Content-Type: application/x-www-form-urlencoded
Payload

mid=23456
aid=12345
amount=20000
currency=EUR
key=abcdefghijklmn123456789
mode=test
portalid=12345123
request=debit
sequencenumber=2
txid=753359579
RESPONSE

status=APPROVED
txid=753359579            

Sequence Diagrams

Important: The final status of transactions will be sent asynchronously. For details see: Sequence Diagrams

Order/Delivery