PayEngine Notifications

Introduction

The main purpose of notifications is to inform integrated backend systems properly when specific events or updates occur within a payment process.

Notifications are highly recommended for all asynchronous payment methods where further actions from end customer are required. For synchronous payment methods notifications are possible but not critical from a security perspective.

Notification Types

There are two types of notifications, depending on the way in which a integrator is notified for a particular event or a set of events - webhook (URL) notifications and email notifications.

Webhook (URL) Notifications

Webhooks are notifications that deliver event information directly to an integrator's system by calling a script hosted on the integrator's server.

Webhooks are sent as HTTP POST requests on a given URI.

The accepted ports for HTTPS are 80, 8080 and 443. Receiving notifications via HTTPS is highly recommended from a security perspective.

To receive webhooks via HTTPS a valid SSL certificate must be in place.

The format of the webhook notifications depends on the version that will be used. For more information, see the specific notification version sections below.

important

Integrators have to validate the notifications they have received.

Validation of Notifications

Integrators can validate a webhook notification by sending the received notification content without modifying the Payengine notification validation URL.

Payengine notification validation URLs in Sandbox and live environment:

Environment	URL
Sandbox	https://apitest.payengine.de/notifications/validate?address=yourUrlencodedNotificationUrn
Live	https://api.payengine.de/notifications/validate?address=yourUrlencodedNotificationUrn

Integrators must use the POST method for validation requests where the POST body should contain the notification content as received.

Integrators will receive one of the following responses of the validation request they sent:

VALIDATED - when the notification content can be verified for the notification URNs.
INVALID - when notification content cannot be verified for the notification URNs.

important

When the formatting is incorrect, Payengine might not be able to validate notifications.

The reason for such validation errors can be:

Whitespace changes, reformatting or similar actions, in cases of deserialization and serialization before validation;
Changes of the line endings;
Validating notifications prior to responding to Concardis with HTTP 200;
Sending address parameter in POST URL not URL-encoded.

Email Notifications

Email notifications enable an integrator to be notified for a specific event or multiple events by receiving an email to a specified email address.

Email notifications are sent from no-reply@payengine.de and the content depends on the version that will be used.

For more details, see the Notification Version section below.

Subscription

To activate webhook or email notifications, the integrator must subscribe for notifications on an event level.

You can subscribe for notifications directly via API within an order - related request, or via configuration in the Merchant Center.

Subscription via Merchant Center

For more specific instructions on how to subscribe for notifications via Merchant Center, see Merchant Center Notifications.

Subscription via API

You can subscribe for notifications via API for all payment methods, regardless of the technical flow type (synchronous or asynchronous).

You can subscribe for notifications via API, using the async.notifications object within the preauth or debit request.

The required parameters depend on the notification version, referenced in the Notification Version 1.0 or Notification Version 2.0 subsections.

Retry Mechanism

To sucessfully receive notifications for subscribed events is underpinned by Payengine retry mechanism.

The retry mechanism is applicable for webhook and email notifications, and covers three tiers of attempts to send a notification:

Number of Tier	Number of Attempts	Delay Between Sent Attempts in Milliseconds
Tier 1	5	10000
Tier 2	5	60000
Tier 3	5	600000

When the server responsible for receiving a notification is down, a retry attempt will be executed. Depending on its number, the retry attempt will be executed with a predefined delay, specific for each tier of retries.

The total number of retry attempts for a notification is 16 which is the total of all attempts from all tiers and one additional attempt.

Notification Version 1.0

Notification Version 1.0 is the initial version of notifications implemented within Payengine. While this version is still supported and used, it can be regarded as depricated.

We highly recommend the implementation of Notification Version 2.0 which offers a simplified message format for webhooks and especially for email notifications.

Events

The following events are supported with Notification version 1.0:

Transaction Events

Event	Description
transaction create success	A transaction has been created successfully
transaction create failure	Creating a transaction has failed
transaction update success	A transaction has been updated successfully
transaction update failure	Updating a transaction has failed

Customer Events

Event	Description
customer update success	A customer object has been updated successfully
customer update failure	Updating a customer object has failed
customer persona create success	An object persona for a customer has been created successfully
customer persona create failure	Creating an object persona for a customer has failed
customer persona duplicate success	All parameters of an object persona for a customer have been duplicated successfully
customer paymentInstrument add success	An object payment instrument has been added successfully for a customer
customer paymentInstrument add failure	Adding an object payment instrument for a customer has failed
customer paymentInstrument delete success	An object payment instrument for a customer has been deleted successfully
customer paymentInstrument delete failure	Deleting an object payment instrument for a customer has failed
customer address create success	An object address of a customer has been created successfully
customer address create failure	Creating an object address of a customer has failed
customer address duplicate success	All parameters of an object address for a customer have been duplicated successfully
customer create success	A customer object has been created successfully
customer create failure	Creating a customer object has failed

Payment Intstrument Events

Event	Description
paymentInstrument create success	A payment instrument (not bounded to a customer) has been created successfully
paymentInstrument create failure	Creating a payment instrument has failed
paymentInstrument expires	A payment instrument has expired

Order Events

order create success	An order has been created successfully
order create failure	Creating an order has failed
order update success	An order has been updated successfully
order update failure	Updating an order has failed

Format

The content will be presented are JSON objects, inline with the formatting and requirements, known to the Payengine REST API.

There is no difference between webhook or email notifications, both use the JSON format.

Sample Webhook Notification

{
      "notificationApiVersion": "1.0",
      "createdAt": 1534959158570,
      "payload": {

Subscription via API

The following parameters are required in the async.notification object to subscribe to a Notification version 1.0 via API requests.

notificationUrn

The URN to which the notification should be sent to. Number of notification URNs, which can be specified when setting up notifications via API, is limited to 8.

There are three options for the type of specified notification URNs:

- Notification URNs to be specified only as URLs with an upper limit of eight URLs.
- Notification URNs to be specified only as email addresses with an upper limit of eight emails.
- Notification URNs to be specified as a combination of URLs and email addresses with a combined upper limit of eight URLs and emails.

notificationState

The status update events the notifications for the corresponding order should be subscribed for.

Supported values: CREATED, UPDATED

You can subscribe for transaction events on order level only. Therefore, once subscribed you will continue to receive notifications for selected transaction events until the order reaches its end state.

SAMPLE V1.0 ASYNC.NOTIFICATIONS OBJECT

"async": {
  "successUrl": "https://a.success.url",
  "failureUrl": "https://a.callback.url",
  "cancelUrl": "https://a.cancel.url",

The URN (URL and/or email) transmitted via API overwrites the URNs set up in the MC.

Notification Version 2.0

Events

The following table lists all supported events, grouped by category, and specifies which events are available through which channel.

Category	Event	Transaction Type	Status	Webhook	Email
Transaction	trx.preauth.pending	PREAUTH	PENDING	yes	no
Transaction	trx.preauth.success	PREAUTH	OK	yes	yes
Transaction	trx.preauth.failure	PREAUTH	FAILURE, ABORTED, DECLINED, EXPIRED	yes	yes
Transaction	trx.cancel.initiated	CANCEL	OK	yes	yes
Transaction	trx.cancel.success	CANCEL	SUCCESS	yes	yes
Transaction	trx.cancel.failure	CANCEL	FAILURE, DECLINED	yes	yes
Transaction	trx.debit.pending	DEBIT	PENDING	yes	no
Transaction	trx.debit.initiated	DEBIT	OK	yes	yes
Transaction	trx.debit.success	DEBIT	SUCCESS	yes	yes
Transaction	trx.debit.failure	DEBIT	FAILURE, ABORTED, DECLINED, EXPIRED	yes	yes
Transaction	trx.capture.initiated	CAPTURE	OK	yes	yes
Transaction	trx.capture.success	CAPTURE	SUCCESS, FAILURE, DECLINED,	yes	yes
Transaction	trx.capture.failure	CAPTURE	EXPIRED	yes	yes
Transaction	trx.refund.initiated	REFUND	OK	yes	yes
Transaction	trx.refund.success	REFUND	SUCCESS	yes	yes
Transaction	trx.refund.failure	REFUND	FAILURE, DECLINED	yes	yes
Transaction	trx.credit.initiated	CREDIT	OK	yes	yes
Transaction	trx.credit.success	REFUND	CREDIT	yes	yes
Transaction	trx.credit.failure	CREDIT	FAILURE, ABORTED, DECLINED	yes	yes
3DS	3ds.result	-	-	yes	no

Format

Webhook

All notifications will be in a JSON format. The parameter depends on the notification category.

Sample async.notifications object

{
  "notificationApiVersion": "2.0",
  "notificationId": "notification_ewnozkeo6z",
  "globalTrackId": "XLg5rFkDCps-XAAa-qpMuwAAAAQ",

Transaction Parameter

Parameter	Description
notificationApiVersion	Version of the notification service, always set to "2.0"
notificationId	Payengine notification identifier
globalTrackId	Payengine global tracking ID (for debugging)
eventType	Type of the event, for example trx.debit.success
createdAt	Timestamp of the event
merchantId	Payengine merchantId
transactionId	Payengine transactionId
transactionAmount	Amount of the transaction event
currency	Currency code
order	Object containing details of the corresponding order
order.orderId	Payengine orderId
order.merchantOrderId	Merchant order reference
order.orderAmount	Total amount of the order
order.canceledAmount	Amount already canceled
order.capturedAmount	Amount already captured
order.refundedAmount	Amount already refunded
order.product	Payment product, for example, cardscreditcard, SEPA, Paypal
order.statementDescription	statement descriptor
paymentInstrumentId	Payengine paymentInstrumentId referencing the tokenized payment credentials
customerId	Payengine customerId referencing the corresponding customer data
personaId	Payengine personaId referencing the corresponding persona data
billingAddressId	Payengine billingAddressId referencing the corresponding billing address data
shippingAddressId	Payengine shippingAddressId referencing the corresponding shipping address data
redirectUrl	Redirect URL in case of asynchronous payment transactions
providerCode	Response code from external provider
merchantMessage	Message for merchant from external provider
customerMessage	Message for customer from external provider

3DS Parameter

Parameter	Description
notificationApiVersion	Version of the notification service, always set to "2.0"
notificationId	Payengine notification identifier
globalTrackId	Payengine global tracking ID (for debugging)
eventType	type of the event, for example trx.debit.success
createdAt	timestamp of the event
merchantId	Payengine merchantId
threeAuthenticationId	Identifier of the 3DS authentication transaction generated by the Payengine if the transaction was triggered through a dedicated authentication service
orderData	Order object in case the authentication was triggered as part of an order
orderData.transactionId	Payengine transactionId
orderData.orderId	Payengine orderId
orderData.merchantOrderId	Merchant order reference
authenticationResult	Object containing the result of the 3DS authentication transaction (final results will be available only in case of frictionless flow)
authenticationResult.version	Parameter indicating the version of the 3DS: 1.0 or 2.0
authenticationResult.status	Enum:"Y" "N" "A" "U" "R" Indicates whether a transaction qualifies as an authenticated transaction or account verification. Y = authentication successfulN = not authenticated; transaction deniedU = authentication could not be performed; technical or other problemA = attempts processing performed; not attemptedR = authentication rejected; issuer is rejectingN = not authenticated; transaction denied
authenticationResult.transactionId	The transaction identifier from the 3DS authentication 3DS 1.0: This will be the XID 3DS 2.0: This will be the dsTransID
authenticationResult.authenticationValue	The authenticationValue returned in the 3DS authentication CAVV: Visa, AMEX, JCB, Diners/Discover UCAF: Mastercard
authenticationResult.eci	The Electronic Commerce Indicator (ECI) provided by the ACS or DS to indicate the results of the attempt to authenticate the cardholder. The ECI values might differ depending on the card scheme. For all fully authenticated or authentication attempted transactions the liability will be shifted to the card issuer. Mastercard:00 - no authentication available01 - authentication attempted02 - fully authenticated (default)07 - fully authenticated (recurring) All other card schemes: 05 - fully authenticated06 - authentication attempted07 - no authentication available
authenticationResult.errorDetails	Object containing error information in case of error
authenticationResult.errorDetails.providerCode	Original error code from the 3DS server or MPI
authenticationResult.errorDetails.providerMessage	Original error message from the 3DS server or MPI
type	Enum:"PAYMENT_TRANSACTION", "RECURRING_TRANSACTION", "RECURRING_CARDCHECK", "ADD_CARD" The type of the authentication requested. PAYMENT_TRANSACTION: authentication with payment; the authentication is used for a normal payment transaction,RECURRING_TRANSACTION: authentication with payment; the authentication is used for an initial recurring payment transaction,RECURRING_CARDCHECK: authentication without payment; the authentication is used for a card check representing the initial recurring payment transaction,ADD_CARD: authentication without payment; the authentication is only used for the verification of stored card credentials, e.g. within a wallet
paymentInstrumentId	Identifier of the payment instrument used for the 3DS authentication.

Email

The email notification should include a pre-defined set of parameters, limited to the most relevant parameters.

NOTE Currenlty only transaction - related events are supported.

Status

Event type status

Timestamp

Timestamp of the transaction update

Merchant ID

Payengine merchant identifier

Order ID

Payengine orderId

Transaction ID

Payengine transactionId for this event

Merchant Order ID

Merchant order reference

Order Amount

Order amount

Currency

Currency of the order

Transaction Amount

Transaction amount for the transaction status, might fully match the order amount

Subscription via API

The following parameters are required in the async.notification object to subscribe to a Notification version 2.0 via API requests.

Parameter: notificationUrn

The URN to which the notification should be sent to.

Number of notification URNs, which can be specified when setting up notifications via API, is limited to 8.

There are three options for the type of specified notification URNs:

Notification URNs to be specified only as URLs with an upper limit of eight URLs. Notification URNs to be specified only as email addresses with an upper limit of eight emails. Notification URNs to be specified as a combination of URLs and email addresses with a combined upper limit of eight URLs and emails.

Parameter: notificationVersion

1.0 or 2.0

In case the notificationVersion is not provided automatically, version 1.0 should be used for the notifications

notificationEvent

Supported values: see the values from Events abovesection.

Integrators should explicitly specify the events they are interested in rather than wildcard everything.

NOTE: Only the events that are supported for the corresponding transaction type should be raised as a notification. The others should be ignored.

The notificationState should not be used anymore for vervion 2.0.

SAMPLE V2.0 ASYNC.NOTIFICATIONS OBJECT

"async": {
                ...
                "notifications": [
                  {