Introduction

We are constantly striving to make our API simpler, more intuitive and easier to integrate. We utilize REST architectural style with predictable URLs, built-in HTTP features and HTTP verbs comprehensive for most HTTP clients.

All the API responses, including errors, are sent in JSON format. Again, we only use widespread HTTP response codes for the API error messages. The API only accepts requests sent over HTTPS, therefore any calls made through HTTP as well as requests without authentication will be rejected.

Upon registration with NasPay a new Merchant is provided with one or several terminals, each terminal being protected with separate credentials. A Merchant Terminal can operate in one of the two modes: Server-to-Server or Hosted Payment Page.

Hosted Payment Page mode

This mode implies that Customer is redirected to NasPay-hosted payment page to enter card details and perform payment. Being protected by NasPay PCI DSS certificate this mode is considered to be the most secure and enabled by default for all merchants. Merchant in its turn does not have to be PCI DSS compliant to use this mode.

Hosted Payment Page mode with 3D-Secure

  1. Customer initiates checkout on Merchant’s Site (1)
  2. Merchant sends Payment Request to NasPay via NasPay API: POST /payments (2)
  3. NasPay saves payment request and responds to the Merchant with PaymentResponse object containing checkout URL: links[@rel="checkout"] (3)
  4. Merchant redirects Customer to the Checkout URL from PaymentResponse (4)
  5. Customer enters Card details on Checkout Page and submits form (5)
  6. NasPay verifies 3D-Secure enrollment status of the card (6)-(7)
  7. If Card is enrolled for 3D-Secure program then Customer is redirected to Issuer Bank’s Access Control Page (8)
  8. Customer confirms his identity and authorize transaction on the Issuer Bank’s Access Control Page (9)
  9. Bank Issuer redirects the Customer back to NasPay server when bank verification completed (10)
  10. NasPay shows payment processing status while transaction is being processed (11)
  11. NasPay authorizes and, optionally, captures the payment transaction on the Acquirer Bank (12)-(13)
  12. NasPay, finally, shows a Result Page to the Customer (11)
  13. Customer acknowledge the payment status and navigates back to the Merchant’s Site (14)
  14. NasPay invokes a WebHook URL asynchronously on the Merchant Site (15)

When the card is not participating in 3D-Secure program then steps 7-9 are not applicable.

Server-to-Server mode

This mode implies that card data is collected by Merchant and then sent to NasPay for further processing.

Note

You should be fully PCI compliant in order to use Server-to-Server mode and perform initial payment request on your side as it requires collecting card data. Those not fully PCI compliant can use Hosted Payment Page to collect payment data securely.

Server-to-Server Flow for 3D-Secure Cards

Payment flow with 3D-Secure in Server-to-Server mode when card is enrolled to 3D-Secure program:

Server-to-Server mode with 3D-Secure

  1. Customer initiates checkout on Merchant’s Site (1)
  2. Merchant collects card details and sends Payment Request to NasPay via NasPay API: POST /payments (2)
  3. NasPay saves payment request and verifies 3D-Secure enrollment status of the card (3)-(4)
  4. If Card is enrolled to 3D-Secure program then NasPay sends Payment Response with checkout URL to Merchant (5)
  5. Customer is redirected to NasPay page (6) and then to Issuer Bank’s Access Control Page (7)
  6. Customer confirms his identity and authorize transaction on the Issuer Bank’s Access Control Page (8)
  7. Bank Issuer redirects the Customer back to NasPay server when bank verification is completed (9)
  8. NasPay shows payment processing status while transaction is being processed (10)
  9. NasPay authorizes and, optionally, captures the payment transaction on the Acquirer Bank (11)-(12)
  10. NasPay redirects Customer to Result Page on Merchant Site (13)
  11. NasPay invokes a WebHook URL asynchronously on the Merchant Site (14)

Server-to-Server Flow for non-3D-Secure Cards

The payment flow is a bit different when card is not enrolled to 3D-Secure program:

Server-to-Server mode with 3D-Secure

  1. Customer initiates checkout on Merchant’s Site (1)
  2. Merchant collects card details and sends Payment Request to NasPay via NasPay API: POST /payments (2)
  3. NasPay saves payment request and verifies 3D-Secure enrollment status of the card (3)-(4)
  4. Since the Card is not enrolled to 3D-Secure program NasPay authorizes and, optionally, captures the payment transaction in the Acquirer Bank (5)-(6) without any interaction with the Customer.
  5. After processing complete, NasPay invokes a WebHook URL asynchronously on the Merchant Site (8)