External payment service is a RESTful web service that provides an interface from Order Management System for sending credit card and stored value card transactions and receiving responses. Using this service, you can build a custom payment processor that maps to your payment provider.
This payment service needs to be configured to use the integration layer component of Order Management System, as this component controls payment service processing. When configuring the external payment service, the integration layer (.IL) must be defined as the primary authorization service.
Supported credit card transactions:
• authorization request
• deposit request
• return request
• reversal request
• token request
Supported stored value card transactions:
• activation request
• authorization request
• balance inquiry
• deposit request
• generation request
• recharge request
• return request
• reversal request
For more information: For background on credit card and stored value card authorization, see:
• Using the Credit Card Authorization Interface
• Defining Authorization Services (WASV)
In this chapter:
• External Payment Service Setup
- Authorization Service Settings
- Work with Order Types (WOTY)
- Credit Card Authorization Reversal
• Sample Stored Value Card (SVC) Messages
- SVC Activation Request and Response
- SVC Authorization Request and Response
- SVC Balance Request and Response
- SVC Deposit Request and Response
- SVC Deposit Request and Response (Authorization Greater than Deposit)
- SVC Generate Request and Response
- SVC Recharge Request and Response
- SVC Return Request and Response
- SVC Reversal Request and Response
• Sample Credit Card (CC) Messages
- CC Authorization Request and Response without Token
- CC Authorization Request and Response with Token
- CC Deposit Request and Response
- CC Deposit Request and Response with Authorization
- CC Return (Credit) Request and Response
- CC Reversal Request and Response
- CC Token Request and Response
External Payment Service Setup
The required setup for the external payment service is described below, and includes:
• Authorization Service Settings
• Work with Order Types (WOTY)
Additional security requirements: For additional security-related setup requirements, see the External Payment Layer RESTful Service white paper on My Oracle Support.
The External Authorization Service Access (B25) secured feature controls access to the Work with External Authorization Service Screen, where you can work with required settings for the external payment service. These settings are described briefly below under External Service Settings.
The authentication user and password for the external payment service is defined at the Work with External Authorization Service Screen. See the External Payment Layer RESTful Service white paper on My Oracle Support for additional background on authentication.
Authorization Service Settings
Use Defining Authorization Services (WASV) to create a service bureau for the external payment service.
Settings for external payment service: The following table lists some of the required settings, in addition to the basic settings required for all service bureaus and any optional settings, to support the external payment service
Authorization Service Settings |
|
Fields at the first Create/Change/Display Authorization Services screen: |
|
Typically set to EXT or EXC, but can be set to anything. |
|
Select Auth/Deposit. |
|
Select this field to perform credit card tokenization; otherwise, leave unselected. You can select this field only if the Use Credit Card Tokenization (L18) system control value is selected. |
|
Select this field to void any unused portion of a credit card authorization at deposit time. For stored value card authorizations, the setting of Retain Unused Stored Value Card Authorization After Deposit (J21) applies. |
|
Select this field to perform a credit card authorization reversal when you process a cancellation associated with a credit card payment or deactivate a credit card payment. |
|
Fields at the second Create/Change/Display Authorization Services screen: |
|
Select Communication. |
|
Select Online or Batch. |
|
Must be selected. |
|
Must be set to .IL. See .IL Service Bureau Setup for required settings. |
|
Payment Link must be selected, to indicate messages sent the external payment layer are processed directly. |
|
Indicates the number of times to wait for the Response time for a response. For example, if the Response check frequency is 5 and the Response time is 1000, the system checks every second (1000 milliseconds) a total of 5 times, unless it receives a response before this interval ends. The recommended setting is 5. |
|
Defines the number of milliseconds Order Management System waits for a response from the service bureau. The recommended setting is 1000 milliseconds. Note: Order Management System does not wait the entire response time if it is not necessary. |
|
Country codes |
If needed, define a cross reference between your country code and the country code used by the service bureau. Note: This option also indicates whether a service bureau performs address verification processing for the country. |
Currency codes |
If needed, define a cross reference between your currency code and the currency code used by the service bureau; see Defining Authorization Service Currencies. |
Merchant ID Override |
If needed, define a merchant ID override for the different entities in your company; see Defining Merchant ID Overrides. |
Paytype codes |
If needed, define a cross reference between your pay type code and the pay type code used by the service bureau; see Defining Vendor Paytype Codes. |
Response codes |
Define the reasons that the service bureau approves (authorizes) or declines a transaction. The codes are assigned to each transaction by the service bureau when approving or declining the request; see Defining Vendor Response Codes. A response code of SU, indicating service unavailable, must be created. |
The additional External Service Settings at the Work with External Authorization Service Screen are accessible only to users with External Authorization Service Access (B25) authority. All fields on the screen are required, with the exception of the External Service flag. Tracking changes to external service settings: Changes that users make to external service settings are tracked in the User Audit table, and listed on the User Authority Change report. See Tracking User, Authority, and Password Updates for more information. For more information: See the External Payment Layer RESTful Service white paper on My Oracle Support for more information on updating these settings. |
|
External Service |
Select this field to have request messages generated for the external payment service. |
External URL Prefix |
The prefix that forms the beginning of the URL where messages are sent. Must begin with https. The message type defines the endpoint suffix that is appended to the prefix, creating the entire URL. For example, for a credit card authorization request, the entire URL might be https://remote.auth.com:1234/authorization, where remote.auth.com is the remote server, 1234 is the port, and authorization identifies an authorization request. The following endpoints are supported: • /balanceInquiry • /authorization • /reversal • /getToken • /generateGift • /activateGift • /rechargeGift • /deposit • /return |
Authentication User |
The user ID for authentication of the messages to the external service. |
Authentication Password |
The password for authentication of the messages to the external service. Must be at least 6 positions long, include both numbers and letters, include a special character, and cannot end with a number. |
To send transactions through the external payment service, use Defining Authorization Services (WASV) to create a service bureau using the service code.IL and enter a value in the following fields:
• Application: ATDP (authorization and deposit)
• Merchant ID: INTEGRATION LAYER
• Charge description: Integration Layer
• Media type: C (communications)
No other fields are required.
Enter the .IL service bureau in the Primary authorization service field for the external payment service bureau.
Use Working with Pay Types (WPAY) to assign the authorization and deposit service to each pay type that uses the external payment service.
In order to perform online authorization on web orders, the Online Authorization setting for the order type on the web order must be set to Without Window. See Establishing Order Types (WOTY) for more information on setting up an order type.
Credit Card Authorization Reversal
The external payment service supports credit card authorization reversal. See Credit Card Authorization Reversal for an overview and processing details.
For the service bureau in Defining Authorization Services (WASV), select the Send reversal field to indicate the service bureau supports credit card authorization reversal if credit card authorization reversals need to be supported.
System control value for authorization reversal: Use Activation / Reversal Batch Processing (I50). See that system control value for more information.
The external payment service supports credit card tokenization using a 16 digit token. See Credit Card Tokenization in the Data Security and Encryption Guide for an overview and processing details. The setup required for credit card tokenization is as follows.
In Defining Authorization Services (WASV), select the Request token field to indicate the service supports credit card tokenization. You can select this field only if the Use Credit Card Tokenization (L18) system control value is selected.
System control values for credit card tokenization:
System Control Value |
Description |
Select this system control value to replace the credit card number in the Order Management System database with a token provided by the external system. In addition, the number will be encrypted if you have credit card encryption enabled. |
|
Select this system control value to require a token for a credit card number. This ensures that credit card numbers are never stored in the Order Management System database and follows full PCI compliance and maximum security of sensitive data. If the Credit Card Tokenization Process is unable to replace the card number with a token, the system: • During Order Entry/Maintenance, Customer Memberships, and Change Invoice Payment Method: displays the Tokenization Warning window, requiring you to enter a different form of payment. • During web order processing: replaces the credit card number with the text TOKENIZATION FAILED and places the order in an error status with the reason Invalid Credit Card. You can correct the credit card payment method and resend the card for tokenization in batch order entry. Unselect this system control value to allow the system to accept a credit card number that has not been replaced with a token. The credit card number will be replaced by a token during authorization processing or when you use Work with Batch Tokenization (WBTK). Note: If you change the setting of this system control value, you must stop and restart the ORDER_IN integration layer job before your change takes effect for orders received through the Generic Order Interface (Order API). |
| Cybersource Message Layouts | Contents | SCVs | Search | Glossary | Reports | Solutions | XML | Index | Sample External Payment Service Transactions |
SO04_17 OMS 17.1 September 2018 OTN