Zeppto provides online merchants with a service to automatically retry failed payments using different payment methods:
1. Another bank card payment service (e.g. with Stripe)
2. Other alternative payment method(s)
All these payment methods are integrated and managed by Zeppto. They will be referred to as Backup PSP in this document.
Upon the activation of Zeppto service, the clients of the merchant will be offered THE SAME checkout experience, enhanced with the ability:
1. To retry card payments automatically with another card payment service without having the end customer retype payment details
2. To choose an alternative payment method after all card payment attempts fail
The PCI DSS profile of the merchant remains unchanged.
This service has 3 technical parts as described below:
1. A Javascript Library, running on Client Browser side, detecting card payment forms and card payment failures to provide an automated retry without modifying the website look and feel. Instructions on how to install the JavaScript Library can be found here.
Note: it means that removing the Javascript Library is enough to provide an instant rollback.
2. A CMS Integration, running on CMS side. It provides the APIs required to make secure payments through the Zeppto service and validate orders.
Note: these APIs may already be available in your CMS and can be used then. Otherwise, this integration will require a custom development on your side that will be discussed thoroughly during the launch phase of the project.
3. A Zeppto Backend, making secure authorization and capture requests with the Backup PSP.
Please find below the payment process followed by the Zeppto service and some associated technical requirements:
a. Our custom Javascript Library must be loaded in every page of the website, including order confirmation/error pages. The URL is https://safeconnecty.com/loader.js and it is customized by Zeppto for each domain.
b. On the client side, once loaded, the Javascript Library (also noted JS Library) enhances the payment page with a temporary tokenization of payment card information. Zeppto technical teams take care of this step with no visual change.
c. If the card payment with your Main PSP succeeds, Zeppto service does not take any action
d. If the card payment with your Main PSP fails, Zeppto service will start a payment request with Backup PSP and will need to validate the order upon a successful authorization. The overall data flow is as follows:
e. The Authorization process with Backup PSP is managed by Zeppto directly, this includes 3DS where applicable. Upon authorization completion, the Javascript Library sends the payment authorization id to the CMS Integration to validate the order. This is a call made by the end customer browser to the CMS, so it has all session cookies. It means this call can be as simple as a POST request with the payment authorization id to a predefined endpoint.
Example:
POST /zeppto/validate_order
Origin: https://www.yourcoolshopping.com
Cookies: whatever
Content-Type: application/json
{
"authorizationId": "st_egr_123436556_SDfdg", // String, unique payment identifier given by Javascript Library
}
f. The CMS Integration makes the payment capture request to Zeppto Backend with a POST request to https://safeconnecty.com/capture_payment with Origin header set to the public hostname of the website (note: if you want to capture later, you still need to confirm the validity of the authorization, it is your responsibility to make sure an authorization id is not used for multiple orders and to capture the payment within the authorization validity period)
POST https://safeconnecty.com/validate_payment
Origin: https://www.yourcoolshopping.com
Content-Type: application/json
{
"authorizationId": "st_egr_123436556_SDfdg", // String, unique payment identifier given by Javascript Library
"amount": 2499, // Integer, in cents
"currency": "EUR", // String
"orderId": "245778808", // String, CMS identifier for this order to be added in PSP metadata (can be order identifier, or whatever that may help later on identify the transaction)
"captureLater": false, // OPTIONAL Boolean, defaults to false}
}
g. Zeppto Backend forwards the capture request to the Backup PSP and sends the capture response back to the CMS Integration with the transaction identifier
{"status": "ok", "transactionId": "235454756DFGFH5"}
Zeppto Backend answers with error details in case anything goes wrong:
{"status": "ok", "transactionId": "235454756DFGFH5"}
h. Upon a successful payment validation, the order MUST BE validated by CMS Integration
i. The CMS Integration now answers the validate_order request with a link to next page to redirect the end customer to (validation page, payment failure page), for example:
{
"status": "ok", // String, ok or error
"url": "https://www.yourcoolshopping.com/order/success" // String, where to redirect
}
In case of error, "status" should be "error" and "errorMessage" will be displayed to end customer before redirecting to the provided "url" (if any)
Refunds can be done directly with the Backup PSP by connecting to the Backup PSP dashboard and/or integrating with their APIs.
The CMS Integration can otherwise take care of refunds directly with Zeppto Backend by sending a request similar to the capture payment request:
POST https://safeconnecty.com/refund
Origin: https://www.yourcoolshopping.com
Content-Type: application/json
{
"transactionId": "235454756DFG FH5", // String, unique payment identifier given by Javascript Library at capture
"amount": 2499, // Integer, in cents
"currency": "EUR", // String
"noteToPayer": "Following phone call", // Optional String
}