SEPA Direct Debit


SEPA Direct Debit is the new European cashing system. SEPA Direct Debit (SDD) enables to reach all bank accounts that allow direct charge in SEPA area.

With Gestpay, you can request an approvation order and then issue recurrent payments.

How does it work for the user?




How to enable in Gestpay

Contact our customer support to enable SEPA direct debit in your Gestpay account.

To use SEPA Direct Debit, you must explicitly set the paymentType to SEPADD.

Requesting an approvation order

To request an approvation order, you can perform a call to our payment page using the payment type SEPADD. Here are the steps:

1. call Encrypt

The first step is to call Encrypt. You can see an example call in the API section.

The Encrypt call requires a mandatory amount, but in the preapproval phase it’s discarded. The only amount that will be charged is the amount passed to callPagamS2S. See Performing a recurrent payment later in this page.

2. Redirect the user to the returned URL

Gestpay will answer to the previous request the CryptDecryptString. You should redirect your buyer to

http://ecomm.sella.it/pagam/pagam.aspx?a=<ShopLogin>&b=<CryptDecryptString>

or, in case of test environment,

http://sandbox.gestpay.net/pagam/pagam.aspx?a=<ShopLogin>&b=<CryptDecryptString>

Gestpay will show you a preapproval page, where the buyer can enter his bank account number.

3. Response from the preapproval page

In the merchant backoffice, configure the URLs for positive and negative responses, together with the URL Server to Server. This can be set in Configuration -> Environment -> Response Address.

If Gestpay cannot reach your server to server URL, he may try for other 48 hours.

The response will be a GET to the specified URL, with these query parameters:

http://<url merchant>?a=<ShopLogin>&b=<encrypted string>

the <encrypted string> has to be passed to WsCryptDecrypt web service, calling the Decrypt method.

When decrypting the preaprroval Gestpay will answer with XX as the TransactionResult code, that means that this is not the final result. Gestpay will send XX when the outcome is asynchronous. A new communication will be provided to the merchant when the transaction will assume the final OK/KO status.

Here is an example:

<DecryptResponse xmlns="https://ecomm.sella.it/">
  <DecryptResult>
    <GestPayCryptDecrypt xmlns="">
    <TransactionType>DECRYPT</TransactionType>
    <TransactionResult>XX</TransactionResult><!-- XX: final response code will come in the future -->
    <ShopTransactionID>MYSHOP-1123</ShopTransactionID>
    <BankTransactionID/>
    <AuthorizationCode/><!-- This field is empty now... -->
    <Currency>242</Currency>
    <Amount>10.00</Amount>
    <Country/>
    <CustomInfo/>
    <Buyer>
      <BuyerName/>
      <BuyerEmail/>
    </Buyer>
    <TDLevel/>
    <ErrorCode>0</ErrorCode>
    <ErrorDescription>Transaction correctly processed</ErrorDescription>
    <AlertCode>0</AlertCode>
    <AlertDescription>Transaction correctly processed</AlertDescription>
    ... 
  </DecryptResult>
</DecryptResponse>

The final response of a SEPA payment takes some time; Gestpay will then send the final outcome of the payment to the Server to Server URL, always in the form:

http://<url merchant>?a=<ShopLogin>&b=<encrypted string>

By decrypting the enctypted string, we’ll get a new DecryptResponse with an updated TransactionResult and a filled AuthorizationCode field. Example:

<DecryptResponse xmlns="https://ecomm.sella.it/">
  <DecryptResult>
    <GestPayCryptDecrypt xmlns="">
      <TransactionType>DECRYPT</TransactionType>
      <TransactionResult>OK</TransactionResult><!-- Actual response -->
      <ShopTransactionID>3 year SubScription</ShopTransactionID>
      <BankTransactionID/>
      <AuthorizationCode>SPOEJ4NWDAKEBU5H<AuthorizationCode><!-- we have finally recevied a token to use with callPagamS2S -->
      <Currency>242</Currency>
      <Amount>10.00</Amount>
      <Country/>
      <CustomInfo/>
      <Buyer>
        <BuyerName/>
        <BuyerEmail/>
      </Buyer>
      <TDLevel/>
      <ErrorCode>0</ErrorCode>
      <ErrorDescription>Transaction correctly processed</ErrorDescription>
      <AlertCode>0</AlertCode>
      <AlertDescription>Transaction correctly processed</AlertDescription>
      ...
    </GestPayCryptDecrypt>
  </DecryptResult>
</DecryptResponse>

If the confirmation message contains OK as TransactionResult, Gestpay will also send the AuthorizationCode that is a token that can be used later with CallPagamS2S.

You can read more about Encrypt and Decrypt and the payment process at this link.

Performing a recurrent payment

Once you have the token, you can pay via callPagamS2S.

Together with usual callPagamS2S mandatory parameters, there are two more: tokenValue and BillingAddress.CountryCode.

For example, if the received token is SPOEJ4NWDAKEBU5H, a call to callPagamS2S would be:

<callPagamS2S>
    <shopLogin>GESPAYxxxxx</shopLogin>
    <uicCode>242</uicCode>
    <amount>10</amount>
    <shopTransactionId>MYSHOP-paymentExecution1</shopTransactionId>
    <tokenValue>SPOEJ4NWDAKEBU5H</tokenValue><!-- mandatory -->
    <OrderDetails>
      <BillingAddress>
        <ProfileID></ProfileID>
        <FirstName></FirstName>
        <MiddleName></MiddleName>
        <Lastname></Lastname>
        <StreetNumber></StreetNumber>
        <StreetName></StreetName>
        <Streetname2></Streetname2>
        <HouseNumber></HouseNumber>
        <HouseExtention></HouseExtention>
        <City></City>
        <ZipCode></ZipCode>
        <State></State>
        <CountryCode>IT</CountryCode><!-- mandatory -->
        <Email></Email>
        <PrimaryPhone></PrimaryPhone>
        <SecondaryPhone></SecondaryPhone>
        <Company></Company>
        <StateCode></StateCode>
      </BillingAddress>
    </OrderDetails>
</callPagamS2S>

Here is an example response:

<callPagamS2SResult>
  <GestPayS2S xmlns="">
    <TransactionType>PAGAM</TransactionType>
    <TransactionResult>XX</TransactionResult><!-- again! -->
    <ShopTransactionID>SlimPay_Test</ShopTransactionID>
    <BankTransactionID>2922</BankTransactionID>
    ...
  </GestPayS2S>
</callPagamS2SResult>

Notice that the TransactionResult is XX, again. That’s because SEPA requires two days to process payments, and the final result will be sent via GET request to your Server to Server URL.

When Gestpay has performed the payment, a call to the server to server will be issued in the classic form:

http://<server-to-server merchant url>?a=<ShopLogin>&b=<encrypted string>

This call can be decrypted by calling Decrypt, as usual, and a payment confirm will be in this form:

<callPagamS2SResponse mlns="https://ecomms2s.sella.it/">
  <callPagamS2SResult>
    <GestPayS2S xmlns="">
      <TransactionType>PAGAM</TransactionType>
      <TransactionResult>OK</TransactionResult>
      <ShopTransactionID>SlimPay_Test</ShopTransactionID>
      <BankTransactionID>2922</BankTransactionID>
      <AuthorizationCode/>
      <Currency>242</Currency>
      <Amount>10.00</Amount>
      <Country/>
      <Buyer>
        <BuyerName/>
        <BuyerEmail/>
      </Buyer>
      <CustomInfo/>
      <TDLevel/>
      <ErrorCode>0</ErrorCode>
      <ErrorDescription>Transaction correctly processed</ErrorDescription>
      <AlertCode>0</AlertCode>
      <AlertDescription>Transaction correctly processed</AlertDescription>
      <TransactionKey></TransactionKey>
      <VbV>
        <VbVFlag>KO</VbVFlag>
        <VbVBuyer/>
        <VbVRisp/>
      </VbV>
      <RedResponseCode/>
      <RedResponseDescription/>
      <Red3DSecureResults/>
      <AVSResultCode/>
      <AVSResultDescription/>
      <RiskResponseCode/>
      <RiskResponseDescription/>
    </GestPayS2S>
  </callPagamS2SResult>
</callPagamS2SResponse>