“Die First Cash Solution ist stets zuverlässig und bietet einen
super Service durch ständige Bereitschaft uns zu helfen
sowie schnelle und kompetente Antworten auf all unsere Fragen.”
Thomas Quindt,
Projektleiter SOCCERBEAT GmbH
Giropay
1.1 General information about giropay
2 1cs Online Payment System interface
2.2 Calling the giropay interface
1 About giropay
1.1 General information about giropay
Logo
| Info | Type |
| giropay is an online bank transfer with PIN and TAN that provides you with access to nearly 40 million online banking users in Germany in Austria. Additionally, to the full 100% payment guarantee the use of giropay is relatively low priced. | Payments by Online Bank Transfer |
giropay is a standard founded by the German banks Sparkasse, Postbank, and Volks- und Raiffeisen Banken. The giropay online transfer has a number of advantages for merchants. Firstly giropay provides the vendor with a guarantee for payments of up to 10,000 euros; secondly the transfer is a prepayment which minimises the payment term. Finally the customer is using the familiar and trusted online banking of its own credit institution, just the same as with online banking.
In the first step the customer chooses the giropay payment method at the checkout of the online shop and selects its credit institution. The customer is then connected directly to its Sparkasse/bank and logs on as normal using a PIN. A pre-completed transfer form then appears. The customer need only enter their TAN to confirm the payment.
With online banking, the data disclosed in the online transfer is encrypted with SSL (Secure Sockets Layer) to prevent manipulation.
Further information can be found on the webpage of giropay (http://www.giropay.de).
1.2 Process flow chart
giropay process flow
2 1cs Online Payment System interface
2.1 Definitions
2.1.1 Data formats
| Format | Description |
| a | alphabetical |
| as | alphabetical with special characters |
| n | numeric |
| an | alphanumeric |
| ans | alphanumeric with special characters |
| ns | numeric with special characters |
| bool | boolean expression (true or false) |
| 3 | fixed length with 3 digits/characters |
| ..3 | variable length with maximum 3 digits/characters |
| enum | enumeration of allowed values |
| dttm | ISODateTime (YYYY-MM-DDThh:mm:ss) |
2.1.2 Abbreviations
| Abbreviation | Description | Comment |
| CND | condition | |
| M | mandatory | If a parameter is mandatory, then it must be present |
| O | optional | If a parameter is optional, then it can be present, but it is not required |
| C | conditional | If a parameter is conditional, then there is a conditional rule which specifies whether it is mandatory or optional |
Notice: Please note that the names of parameters can be returned in upper or lower case.
2.2 Calling the giropay interface
To initiate a payment with giropay, call up the following URL:
https://www.computop-paygate.com/giropay.aspx
Notice: Please observe that a connection via iFrame is not possible due to existing regulations and will be technically prevented.
Notice: For security reasons, the 1cs Online Payment System rejects all payment requests with formatting errors. Therefore please use the correct data type for each parameter.
The following table describes the encrypted payment request parameters:
| Key | REST | Format | CND | Description |
|---|---|---|---|---|
| MerchantID | BasicAuth.Username | ans..30 | M | MerchantID, assigned by Computop. Additionally this parameter has to be passed in plain language too. |
| TransID | “transactionId”: “…” | ans..64 | M | TransactionID provided by you which should be unique for each payment |
| RefNr | “referenceNumber”: “…” | ans..30 | OC | Unique reference number.In case of PPRO: Only characters a-zA-Z0-9,-_ are allowed, format ans..40. |
| Amount | “amount”: { “value”: …} | n..10 | M | Amount in the smallest currency unit (e.g. EUR Cent). Please contact the service@1cs.de, if you want to capture amounts <100 (smallest currency unit). |
| Currency | “amount”: { “currency”: “…”} | a3 | M | Currency, three digits DIN / ISO 4217, e.g. EUR, USD, GBP. Please find an overview here: A1 Currency table |
| MAC | — | an64 | M | Hash Message Authentication Code (HMAC) with SHA-256 algorithm. Details can be found here:HMAC Authentication (Request)HMAC Authentication (Notify) |
| OrderDesc | “order”: {“description”: “…”} | ans..768 | M | Description of purchased goods, unit prices etc.Please note: The first 27 characters appear on the customer-account statement. You can view the full data in Computop Analytics. |
| UserData | “metadata[userData]”: “…” | ans..1024 | O | If specified at request, Paygate forwards the parameter with the payment result to the shop. |
| URLSuccess | “urls”: {“success”: “…”} | ans..256 | M | Complete URL which calls up Paygate if payment has been successful. The URL may be called up only via port 443. This URL may not contain parameters: In order to exchange values between Paygate and shop, please use the parameter UserData. Common notes:We recommend to use parameter “response=encrypt” to get an encrypted response by PaygateHowever, fraudster may just copy the encrypted DATA-element which are sent to URLFailure and send the DATA to URLSuccess. Therefore ensure to check the “code”-value which indicates success/failure of the action. Only a result of “code=00000000” should be considered successful. |
| URLFailure | “urls”: {“failure”: “…”} | ans..256 | M | Complete URL which calls up Paygate if payment has been unsuccessful. The URL may be called up only via port 443. This URL may not contain parameters: In order to exchange values between Paygate and shop, please use the parameter UserData. Common notes:We recommend to use parameter “response=encrypt” to get an encrypted response by PaygateHowever, fraudster may just copy the encrypted DATA-element which are sent to URLFailure and send the DATA to URLSuccess/URLNotify. Therefore ensure to check the “code”-value which indicates success/failure of the action. Only a result of “code=00000000” should be considered successful. |
| Response | — | a7 | O | Status response sent by Paygate to URLSuccess and URLFailure, should be encrypted. For this purpose, transmit Response=encrypt parameter. |
| URLNotify | “urls”: {“notify”: “…”} | ans..256 | M | Complete URL which Paygate calls up in order to notify the shop about the payment result. The URL may be called up only via port 443. It may not contain parameters: Use the UserData parameter instead. Common notes:We recommend to use parameter “response=encrypt” to get an encrypted response by PaygateHowever, fraudster may just copy the encrypted DATA-element which are sent to URLFailure and send the DATA to URLSuccess/URLNotify. Therefore ensure to check the “code”-value which indicates success/failure of the action. Only a result of “code=00000000” should be considered successful. |
| ReqId | “requestId”: “…” | ans..32 | O | To avoid double payments or actions (e.g. by ETM), enter an alphanumeric value which identifies your transaction and may be assigned only once. If the transaction or action is submitted again with the same ReqID, Computop Paygate will not carry out the payment or new action, but will just return the status of the original transaction or action. Please note that the Computop Paygate must have a finalized transaction status for the first initial action (authentication/authorisation). This does not apply to 3-D Secure authentications that are terminated by a timeout. The 3-D Secure Timeout status does not count as a completed status in which the ReqID functionality on Paygate does not take effect. Submissions with identical ReqID for an open status will be processed regularly. Notice: Please note that a ReqID is only valid for 12 month, then it gets deleted at the Paygate. |
| SellingPoint | “payment”: {“giropay”: {“sellingPoint”: “…”}} | ans..50 | C | Only with PPRO: Selling point |
| Service | “payment”: {“giropay”: {“service”: “…”}} | ans..50 | C | Only with PPRO: products or service sold |
| Channel | “channel”: {“code”: “…”} | ans..64 | OC | Only with PPRO: configuration channel of the PPRO contract (account and ContractID are stored in the system). If it exists, it may overwrite channels stored in the system. |
| Language | “language”: “…” | a2 | O | Only with PPRO: 2-letter language code (e.g.. de) that should be preferred when presenting payment pages to the consumer |
| AccOwner | “payment”: {“giropay”: {“account”: {“accountHolder”: “…”}}} | a3..50 | C | Only with PPRO: Name of the card holder in the format <first name><space><last name><space> |
| Scheme | “payment”: {“giropay”: {“scheme”: “…”}} | enum | O | Defines the scheme: „gir“ or „eps“ |
| BIC | “payment”: {“giropay”: {“account”: {“code”: “…”}}} | ans..11 | O | Bank Identifier Code |
| Plain | “metadata[plain]”: “…” | ans..50 | O | A single value to be set by the merchant to return some information unencrypted in response/notify, e.g. the MID. “Plain”-parameter is part of encrypted “Data” in Computop Paygate and therefore protected against manipulation. |
| Custom | “metadata”: “…” | ans..1024 | O | “Custom”-parameter is added to the request data before encryption and is part of encrypted “Data” in Computop Paygate request. By this they are protected against manipulation by a consumer. The Custom-value is added to the Computop Paygate response in plain text and the “|” is replaced by a “&”. By this you can put a single value into Custom-parameter and get multiple key-value-pairs back in response for your own purpose. Please find a samples here: Custom |
| expirationTime | “expirationTime”: “…” | ans..19 | O | Timestamp for the end time of the transaction processing, specified in UTC.Format: YYYY-MM-ddTHH:mm:ss |
| IBAN | “payment”: {“giropay”: {“account”: {“number”: “…”}}} | ans..34 | C | Only for EVO: International Bank Account Number (mandatory for credit function and account check via EVO) |
| Capture | “capture”: {“auto”: “Yes”} “capture”: {“manual”: “Yes”} | an..6 | M | Determines the type and time of capture. |
| AUTOCapturing immediately after authorisation (default value).MANUALCapturing made by the merchant. Capture is normally initiated at time of delivery. | ||||
| ShoppingBasketCategory | “payment”: {“giropay”: {“basketCategory”: “…” }} | ans..32 | O | Categorizes the shopping basket:„DIGITAL“ for shopping baskets with solely digital goods„PHYSICAL“ for shopping baskets with solely physical goods„MIXED“ for shopping baskets with digital and physical goods”ANONYMOUS_DONATION”: The sopping basket solely is an anonymous donation”AUTHORITIES_PAYMENT”: The sopping basket solely contains payments for authorities |
| DeliveryMethod | “payment”: {“giropay”: {“deliveryMethod”: “…” }} | ans..12 | O | Delivery place STANDARD, PACKSTATION or STORE_PICKUP. The default value is STANDARD.STANDARD: The goods will be delivered to a normal postal address.PACKSTATION: The goods will be delivered to a packstation.STORE_PICKUP: The goods will be picked-up within a branch store.For express checkouts this field always has the value STANDARD and will not be updated depending on selected delivery option. |
| sdFirstName | “shipping”: {“consumer”: { “firstName”: “…” }} | ans..50 | C | First name in the delivery address. Mandatory, if ShoppingBasketCategory IS NOT „AUTHORITIES_PAYMENT“ and IS NOT „ANONYMOUS_DONATION“ |
| sdLastName | “shipping”: {“consumer”: { “lastName”: “…” }} | ans..50 | C | Surname in the delivery address. Mandatory, if ShoppingBasketCategory IS NOT „AUTHORITIES_PAYMENT“ and IS NOT „ANONYMOUS_DONATION“ |
| sdCompany | “shipping”: {“business”: { “companyLegalName”: “…” }} | ans..100 | O | Company name in the delivery address |
| sdAddressAddition | “shipping”: {“addressInfo”: { “addressLine2”: “…” }} | ans..30 | O | Address addition in the delivery address |
| sdStreet | “shipping”: {“addressInfo”: {“addressLine1”: {“street”: “…” }}} | ans..100 | C | Street name in the delivery addressMandatory, if ShoppingBasketCategory IS NOT “DIGITAL” and IS NOT “AUTHORITIES_PAYMENT” and IS NOT “ANONYMOUS_DONATION” |
| sdStreetNr | “shipping”: {“addressInfo”: {“addressLine1”: {“streetNumber”: “…” }}} | ans..8 | C | Street number in the delivery addressMandatory, if ShoppingBasketCategory IS NOT “DIGITAL” and IS NOT “AUTHORITIES_PAYMENT” and IS NOT “ANONYMOUS_DONATION” |
| sdZip | “shipping”: {“addressInfo”: { “postalCode”: “…” }} | n..5 | C | Postcode in the delivery addressMandatory, if ShoppingBasketCategory IS NOT “DIGITAL” and IS NOT “AUTHORITIES_PAYMENT” and IS NOT “ANONYMOUS_DONATION” |
| sdCity | “shipping”: {“addressInfo”: { “city”: “…” }} | ans..100 | C | Town/city in the delivery addressMandatory, if ShoppingBasketCategory IS NOT “DIGITAL” and IS NOT “AUTHORITIES_PAYMENT” and IS NOT “ANONYMOUS_DONATION” |
| sdCountryCode | “shipping”: {“addressInfo”: { “country”: { “A2”: “…” } }} | an2 | C | Country code in the delivery addressMandatory, if ShoppingBasketCategory IS NOT “DIGITAL” and IS NOT “AUTHORITIES_PAYMENT” and IS NOT “ANONYMOUS_DONATION” |
| sdEMail | “shipping”: {“contactInfo”: { “email”: “…” }} | ans..100 | C | Email address of the receivermandatory, if ShoppingBasketCategory = „DIGITAL“ |
| MinAge | “payment”: {“giropay”: {“minAge”: “…” }} | n..3 | O | Using the field minimum age will result in the single option “giropay-Login” for the customers, because an age verification at the time is solely possible with an existing giropay account. Minimum age in years. |
Parameters for online transfers with giropay
The following table gives the result parameters which 1cs Online Payment System transmits to URLSuccess or URLFailure and URLNotify. If you have specified the Response=encrypt parameter, the following parameters are sent Blowfish encrypted to your system:
pls. be prepared to receive additional parameters at any time and do not check the order of parameters
the key (e.g. MerchantId, RefNr) should not be checked case-sentive>
| Parameter | Format | CND | Description |
| MID | ans..30 | M | MerchantID, assigned by First Cash Solution |
| PayID | an32 | M | ID assigned by the 1cs Online Payment System for the payment, e.g. for referencing in batch files and in the capture or credit request. |
| XID | an32 | M | ID for all single transactions (authorisation, capture, credit note) for one payment assigned by 1cs Online Payment System |
| TransID | ans..64 | M | TransactionID provided by you which should be unique for each payment |
| Status | a..50 | M | OK (URLSuccess) or FAILED (URLFailure) |
| Description | ans..1024 | M | Further details in the event that payment is rejected. Please do not use the Description but the Code parameter for the transaction status analysis! |
| Code | n8 | M | Error code according to the 1cs Online Payment System Response Codes (Error Codes) |
| RefNr | ans..30 | OC | Unique reference number. Only ASCII characters are allowed. Special characters such as (“umlauts”, …) are not permitted and may have to be replaced by ASCII characters (e.g. ü → ue, é → e, …). |
| UserData | ans..1024 | O | If specified at request, the 1cs Online Payment System forwards the parameter with the payment result to the shop |
| MAC | an64 | M | Hash Message Authentication Code (HMAC) with SHA-256 algorithm. Details can be found here: HMAC Authentication (Request) HMAC Authentication (Notify) |
| Plain | ans..50 | O | A single value that can be set by you to return information unencrypted in the response or notify, e.g. the MID. “Plain” parameter is part of the encrypted “Data” in the 1cs online payment system and therefore protected against manipulation. |
| Custom | ans..1024 | O | The “Custom” parameter is appended to the call before encryption and is part of the encrypted “Data” in the 1cs Online Payment System call. This protects the value against manipulation. The custom value is then appended to the 1cs Online Payment System response in plain text with “|” replaced by “&”. This allows you to pass a custom value and get back multiple key-value pairs for your own use in the response. |
Result parameters for URLNotify, URLSuccess and URLFailure in case of giropay
2.3 Credit with reference
Credits (refunds) are possible via a Server-to-Server connection. The 1cs Online Payment System permits only credits for giropay that reference a previously made transaction via the 1cs Online Payment System. The amount of the Credit is limited to the amount of the previous capture.
To carry out a credit with a reference transaction, please use the following URL:
https://www.computop-paygate.com/credit.aspx
Notice: For security reasons, the 1cs Online Payment System rejects all payment requests with formatting errors. Therefore please use the correct data type for each parameter.
The following table describes the encrypted payment request parameters:
| Parameter | Format | CND | Description |
| MerchantID | ans..30 | M | MerchantID, assigned by First Cash Solution. Additionally this parameter has to be passed in plain language too. |
| PayID | an32 | M | ID assigned by the 1cs Online Payment System for the payment to be credited |
| TransID | ans..64 | M | TransactionID provided by you which should be unique for each payment |
| MAC | an64 | M | Hash Message Authentication Code (HMAC) with SHA-256 algorithm. Details can be found here: HMAC Authentication (Request) HMAC Authentication (Notify) |
| Amount | n..10 | M | Amount in the smallest currency unit (e.g. EUR Cent) Please contact the helpdesk, if you want to capture amounts < 100 (smallest currency unit). |
| Currency | a..3 | M | Currency code, three digits DIN / ISO 4217, e.g. EUR, USD, GBP. Please find an overview here: A1 Currency table EN |
| OrderDesc | ans..768 | OC | Description of refunded goods, unit prices, merchant’s comment etc. |
| ReqID | ans..32 | O | To avoid duplicate payments, pass an alphanumeric value that identifies your transaction or action and may only be assigned once. If the transaction or action is resubmitted with the same ReqID, the 1cs Online Payment System will not execute a payment or further action but will only return the status of the original transaction or action. Please note that the 1cs Online Payment System must have a completed transaction status for the first initial action. Submissions with identical ReqID on an open status will be processed regularly. Notice: Please note that a ReqID is only valid for 12 month, then it gets deleted at the Paygate. |
Parameters for credits of giropay payments
The following table describes the result parameters that the 1cs online payment system returns as a response:
be prepared to receive additional parameters at any time and do not check the order of parameters
the parameters (e.g. MerchantId, RefNr) should not be checked case-sentive
| Parameter | Format | CND | Description |
| MID | ans..30 | C | MerchantID, assigned by First Cash Solution |
| PayID | an32 | M | ID assigned by the 1cs Online Payment System for the payment, e.g. for referencing in batch files as well as for capture or credit request. |
| XID | an32 | M | ID for all single transactions (authorisation, capture, credit note) for one payment assigned by the 1cs Online Payment System |
| TransID | ans..64 | M | TransactionID provided by you which should be unique for each payment |
| Status | a..30 | M | OK or FAILED and only in the case of PPRO AUTHORIZE_REQUEST |
| Description | ans..1024 | M | Further details in the event that payment is rejected. Please do not use the Description but the Code parameter for the transaction status analysis! |
| Code | n8 | M | Error code according to the 1cs Online Payment System Response Codes Excel file |
| RefNr | ans..30 | OC | Merchant’s unique reference number Only ASCII characters are allowed. Special characters such as (“umlauts”, …) are not permitted and may have to be replaced by ASCII characters (e.g. ü → ue, é → e, …). |
Result parameters for credits of giropay payments
3. Batch processing via the interface
Basic information about using Batch files and about their structure can be found in the Batch Manager manual. Within batch processing not alle functions are available which are usually available for the online interface.
This section describes the parameters which must be transferred within the data set (Record) for executing a giropay payment and which information can be found within the response file about the payment status.
Notice: Please note that Batch processing for giropay is possible only via PPRO connection.
Following table gives an overview of all batch versions that are possible for a specific action an their specialities:
| Action | Version | Description |
|---|---|---|
| Credit | 1.0 / 2.0 | Standard version without return of parameter Code |
| 1.x / 2.x | with RefNr (valid for all versions other than 1.0) |
Description of the possible batch versions
The structure for a giropay payment within a Batch file to be submitted is the following:
HEAD,<MerchantID>,<Date>,<Version>GIROPAY,Credit,<Amount>,<Currency>,<TransID>,(<RefNr>,)<PayID>FOOT,<CountRecords>,<SumAmount> |
Example for Master MID function:
HEAD,[Master]MerchantID,Date,2.xType,Action,[Slave]MID,Amount,Currency,TransID,Data (depends on Action)FOOT,CountRecords,SumAmount |
The following table describes the individual fields and values used within the data set (record) in the batch file:
| Key | Format | CND | Description |
|---|---|---|---|
| Type | a..11 | M | HEAD for Header, FOOT for Footer, GIROPAY for giropay |
| Action | a..20 | M | The parameter Action defines the type of transaction:Credit |
| Amount | n..10 | M | Amount in the smallest currency unit (e.g. EUR Cent). Please contact the service@1cs.de, if you want to capture amounts <100 (smallest currency unit). |
| Currency | a3 | M | Currency, three digits DIN / ISO 4217, e.g. EUR, USD, GBP. Please find an overview here: A1 Currency table |
| TransID | ans..64 | M | TransactionID provided by you which should be unique for each payment |
| RefNr | ans..30 | O | Unique reference number.In case of PPRO: Only characters a-zA-Z0-9,-_ are allowed, format ans..40. |
| PayID | an32 | M | ID assigned by Paygate for this transaction |
Description of fields within the record for Batch files
The record area within the response file for Batch transactions looks the following way:
HEAD,<MerchantID>,<Date>,<Version>GIROPAY,Credit,<Amount>,<Currency>,<TransID>,(<RefNr>,)<PayID>,<Status>,<Code>FOOT,<CountRecords>,<SumAmount> |
The following table describes the response parameters which the Batch Manager saves in the Record area for each transaction (standard parameters not explained here, such as <TransID> or <RefNR> and request parameters are returned unchanged and correspond to the call as specified before):
| Key | Format | CND | Description |
|---|---|---|---|
| Action | a..20 | M | The parameter Action defines the type of transaction: Credit |
| PayID | an32 | M | ID assigned by Paygate for this transaction |
| Status | a..50 | M | OK (URLSuccess) or FAILED (URLFailure) |
| Code | n8 | M | Error code according to Paygate Response Codes (A4 Error codes) |
Description of result parameters within the record for Batch files
