With Tokenization, a merchant will be able to remotely store credit card data in Gestpay archives and receive a Token in answer; the merchant will save the received Token in its system instead of the credit card data.
For the next purchases, the merchants will send to Gestpay the Token instead of the credit card number.
Gestpay will retrieve the credit card number from its archives starting from the Token and it will complete the transaction.
This operation provides the generation of a new Token during a transaction passing the
requestToken field, so they will obtain a Token in response.
A group of merchants can share a set of tokens.
So if a merchant belongs to a group, it can use all the tokens of the other merchants of the same group.
Merchants cannot directly define and manage groups. Groups are managed only by Banca Sella operators, who will take care of the requests coming from merchants.
The available options are:
- Add a merchant to a group, and take in the group all the tokens previously created by the merchant
- Add a merchant to a group without taking in the group the tokens previously created by the merchant, only those created since that moment will belong to the group
- Remove a merchant from a group and remove all its tokens from the group
- Remove a merchant from a group leaving in the group all its tokens; the new token created by the merchant since its exclusion from the group will be accessible only by that merchant
These are the mandatory informations to send to Gestpay:
MASKEDPANfor a Standard Token any other value for Custom Token)
cardNumber(credit card account number)
expMonth(card expiration month)
expYear(card expiration Year)
cvv(String containing the Card Verification Value printed on the credit card, as specified in Handling of CVV field)
withAuthflag that indicates if the request should also try to authorize the transaction.
callRequestTokens2S method sends to Gestpay all previously assigned data, if the flag
withAuth is set to
Y then Gestpay uses these data to make a transaction request without affecting the account and returns the result of the operation; otherwise only the information about the card are returned back.
callRequestTokens2S request has been performed, it is possible to know the outcome of the operation by using the values in the relevant XML return:
- First it is possible to use the
TransactionResultmethod which will return the string
OKif the check has been performed or the string
KOif not. In the fields
TransactionErrorDescriptionthere are the detailed information in case of error.
AuthorizationResultfield which will return the string
OKif the transaction was authorised or the string
KOif the transaction was not authorised
AuthorizationResultreturns the string
KO, then it is possible to know whether the failure was due to a negative response from the credit card network, using the
AuthorizationErrorCodereturns a value which is
<> 0, the transaction was denied due to technical problems; the value returned will vary according to the specific reason for the failure. The
AuthorizationErrorDescriptionmethod will return a description of the reason for the failure (in the language set within the Back Office environment).
AuthorizationErrorCodereturns the value
0, the transaction did not fail due to technical problems. The description of the error will be shown in the language set within the Back Office environment by using the
AuthorizationResultreturns the value
OK, the transaction was authorised and the card is considered valid.
See the description for other fields in the API section.