3. Initiate Pay

After validating the merchant request, This API is used to process payment requests securely by encrypting card data using AES and RSA encryption.

API Endpoints

Direct Pay Production Base URL /InitiatePay

Direct Pay Sandbox Base URL /InitiatePay

Sample Request & Response

The request body should include the following fields:

 "Initiate pay request{
     "ReferenceId" : "xxxxxxxxx",//15-digit reference id received in the validate requet response
     "MerchantId": xxxxxx, //merchant code
     "ECardData" = "encryptedCard", //card data encrypted using AES Encryption 
     "ECardKey" = "encryptedKey", // Encrypt the 32 digit AES key using the public key
     "ACS_CallbackURL"= "call back url for 3DS"+ReferenceId   //optional
     }
     
 };

{
  "errorCode": 0,
  "errorMessgae": "SUCCESS",
  "result": {
    "authentication": {
      "the3Ds1": null,
      "the3Ds2": null,
      "acceptVersions": null,
      "channel": null,
      "purpose": null,
      "redirect": {
        "customized": null,
        "domainName": "ap.gateway.mastercard.com",
        "html": "<div id=\"threedsChallengeRedirect\" xmlns=\"http://www.w3.org/1999/html\" style=\"height: 100vh\"> <form id =\"threedsChallengeRedirectForm\" method=\"POST\" action=\"https://ap.gateway.mastercard.com/acs/mastercard/v2/prompt\" target=\"challengeFrame\"> <input type=\"hidden\" name=\"creq\" value=\"eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjNmN2E4MmVjLTEzZjYtNDg2Ni05ODVjLTlkOTgxZjIzMGQ0OSJ9\" /> </form> <iframe id=\"challengeFrame\" name=\"challengeFrame\" width=\"100%\" height=\"100%\" ></iframe> <script id=\"authenticate-payer-script\"> var e=document.getElementById(\"threedsChallengeRedirectForm\"); if (e) { e.submit(); if (e.parentNode !== null) { e.parentNode.removeChild(e); } } </script> </div>"
      },
      "redirectHtml": null,
      "version": "3DS2",
      "the3Ds": null,
      "method": "OUT_OF_BAND",
      "payerInteraction": null
    }
  }
}

Field Name

Type

Description

ReferenceId

string

15-digit reference id received in the validate requet response

MerchantId

string

Merchant code

ECardData

string

The encrypted card data encrypted using AES encryption with a 32-bit key. Explained below

ECardKey

string

ACS_CallbackURL

string

Explanation of the `ECardData` Encryption Object

The ECardData field in the request is an encrypted representation of the sensitive card details. The following explains the object that is encrypted using AES encryption before being included in the API request:

{
    "CardNumber": "xxxxxxxxxxxxxxxx",//16-digit card number
    "CardName": "John Doe", //Name mentioned on card
    "CardExpiry": "mm/yy", //month/year format
    "CardCVV": "xxx" //3 decimal number
}

ACS_CallbackURL

Response Explaination

Upon receiving the response from the InitiatePay API, the merchant must verify the errorCode to determine the next steps. If the errorCode is 0, indicating a successful initiation, the merchant should parse the result object and render the HTML content provided in result.redirect.html to proceed with the 3DS authentication process.

Previous2. Validate Request Next4. Process Payment

Last updated 21 hours ago

Was this helpful?

"Initiate pay request{ "ReferenceId" : "xxxxxxxxx",//15-digit reference id received in the validate requet response "MerchantId": xxxxxx, //merchant code "ECardData" = "encryptedCard", //card data encrypted using AES Encryption "ECardKey" = "encryptedKey", // Encrypt the 32 digit AES key using the public key "ACS_CallbackURL"= "call back url for 3DS"+ReferenceId //optional } };

{ "errorCode": 0, "errorMessgae": "SUCCESS", "result": { "authentication": { "the3Ds1": null, "the3Ds2": null, "acceptVersions": null, "channel": null, "purpose": null, "redirect": { "customized": null, "domainName": "ap.gateway.mastercard.com", "html": "<div id=\"threedsChallengeRedirect\" xmlns=\"http://www.w3.org/1999/html\" style=\"height: 100vh\"> <form id =\"threedsChallengeRedirectForm\" method=\"POST\" action=\"https://ap.gateway.mastercard.com/acs/mastercard/v2/prompt\" target=\"challengeFrame\"> <input type=\"hidden\" name=\"creq\" value=\"eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjNmN2E4MmVjLTEzZjYtNDg2Ni05ODVjLTlkOTgxZjIzMGQ0OSJ9\" /> </form> <iframe id=\"challengeFrame\" name=\"challengeFrame\" width=\"100%\" height=\"100%\" ></iframe> <script id=\"authenticate-payer-script\"> var e=document.getElementById(\"threedsChallengeRedirectForm\"); if (e) { e.submit(); if (e.parentNode !== null) { e.parentNode.removeChild(e); } } </script> </div>" }, "redirectHtml": null, "version": "3DS2", "the3Ds": null, "method": "OUT_OF_BAND", "payerInteraction": null } } }

{ "CardNumber": "xxxxxxxxxxxxxxxx",//16-digit card number "CardName": "John Doe", //Name mentioned on card "CardExpiry": "mm/yy", //month/year format "CardCVV": "xxx" //3 decimal number }

API Endpoints

Sample Request & Response

Explanation of the ECardData Encryption Object

ACS_CallbackURL

Response Explaination

API Endpoints

Sample Request & Response

Explanation of the ECardData Encryption Object

ACS_CallbackURL

Response Explaination

Explanation of the `ECardData` Encryption Object

Explanation of the `ECardData` Encryption Object