Redirect authorisation on payment

The redirect authorisation on payment is an on demand type of authorisation. In order to gain access to it, please contact your account manager. This authorisation type is needed to support connections to mobile wallets on one-time payments. This authorization flow affects the payment flow that is coming after it.

In order to use this authorisation type in the request you need to specify flow type redirect_auth_on_payment with channel_code and forward_url. As a result of authorisation request charging_token will be generated and supplied in the authorisation callback. Redirect authorisation on payment always succeeds.

After a merchant receives a charging_token from the authorization callback, the merchant makes a payment request with received charging_token. In the callback supplied after the request, the merchant needs to take the redirect URLs (can be redirect_mobile_web_url, redirect_mobile_deeplink, redirect_desktop_web_url, redirect_desktop_qr_code) and direct the end-user to the URL (this is an external wallet page) where end-user will confirm the payment. After the payment confirmation, the user will be redirected to the forward_url specified in the request and payment callback will be received.

Flow object response parameters

In the flow object of the payment callback, different urls are supplied in certain ways for redirection depending on the provider. Integration manager can provide you with information which url merchants should use. The list of the use cases can be found below

Authorisation state Description
redirect_mobile_web_url Redirect url that needs to be used for the redirection to the provider on the mobile flow of the payment
redirect_mobile_deeplink Redirect url that needs to be used for the redirection to the provider on the mobile flow of the payment when the provider requires the confirmation of the payment in the application
redirect_desktop_web_url Redirect url that needs to be used for the redirection to the provider on the desktop flow of the payment in case provider supports web view
redirect_desktop_qr_code Redirect url that needs to be used for the redirection to the provider on the desktop flow of the payment in case the provider requires QR code flow for the desktop. It can be a string that a wallet app can scan in QR format

Possible authorisation states

Authorisation state Description
new A new authorisation object has been created.
verified The authorisation has been verified, the consumer can proceed to the charge.

Request to Fortumo Authorisation API - initiating an authorisation session

For starting a redirect authorisation on payment session merchants need to make a request to Fortumo API with specifying the flow type (redirect_auth_on_payment) and channel code (channel_code). In the flow object mobile_view parameter should be specified. It can be set to true or false (default state). If it is set to true then redirect links for the mobile are supplied in callback.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
POST /authorisations HTTP/1.1
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9....CgVKRghGWI6-QjMv8JpJi1GarWaQ06CG9d0c1PDFek

{
   "flow":{
      "redirect_auth_on_payment":{
         "channel_code":"dana-id",
         "forward_url":"https://your-forward-url-here.com",
         "mobile_view": "false"
      }
   },
   "country":"ID",
   "merchant":"09cfe3106e14991a1079d25b46020abe",
   "callback":"https://your-callback-url-here.com",
   "item_description":"Premium service",
      "price":{
         "amount":9,
         "currency":"IDR"
      },
   "metadata": {}
}

Fortumo callback

Callback with authorisation_state new is made to your server providing you a charging token that can be used for identifying the authorisation session and payment that follows up next.

1
2
3
4
5
6
7
8
9
10
11
12
13
{
  "charging_token": "b35a8c56-8aff-8004-8aee-50cd1f105158:b33e025e",
  "authorisation_state": "verified",
  "merchant": "09cfe3106e14991a1079d25b46020abe",
  "operation_reference": "payment_1",
  "channel": {
    "code": "dana-id",
    "country": "ID"
  },
  "error": {},
  "timestamp": "2021-08-23T07:35:08.538Z",
  "metadata": {}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
{
  "charging_token": "b35a8c56-8aff-8004-8aee-50cd1f105158:b33e025e",
  "authorisation_state": "verified",
  "merchant": "09cfe3106e14991a1079d25b46020abe",
  "operation_reference": "payment_1",
  "channel": {
    "code": "dana-id",
    "country": "ID"
  },
  "error": {},
  "timestamp": "2021-08-23T07:35:08.538Z",
  "metadata": {}
}

As it was mentioned earlier, redirect URLs are supplied in the payment callback with the status pending_charge_confirmation that are sent after payment request is done and callbacks with the statuses new, verified, pending_charge received. Payment request should contain charging_token generated after authorisation session with redirect_auth_on_payment type. Example of the payment request and callback with the status pending_charge_confirmation are listed below. After receiving callback with this status, merchant needs to take suitable url and direct end-user to it. As soon as end-user confirms the payment on the wallet side, callback with the status charged or failed will be sent to merchant indicating about successful or unsuccessful payment.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

POST /payments HTTP/1.1
Content-Type: application/json
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9....CgVKRghGWI6-QjMv8JpJi1GarWaQ06CG9d0c1PDFek

{
   "item_description":"Premium Service",
   "amount":{
      "value":9,
      "currency":"IDR"
   },
   "charging_token":"b35a8c56-8aff-8004-8aee-50cd1f105158:b33e025e",
   "merchant":"09cfe3106e14991a1079d25b46020abe",
   "operation_reference":"payment_1",
   "session_metadata":{},
   "channel": {
    "code": "dana-id",
    "country": "ID"
  },
   "callback":"https://your-callback-url-here.com",
   "error": {},
   "timestamp": "2021-08-23T07:35:08.538Z",
   "metadata":{}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
  "flow": {
    "redirect_auth_on_payment": {
      "redirect_mobile_web_url": "https://redirect-here-if-client-on-mobile",
      "redirect_mobile_deep_link": "https://redirect-here-if-client-on-mobile",
      "redirect_desktop_qr_code": "encoded-qr-payload",
      "redirect_desktop_web_url": "https://redirect-here-if-client-on-desktop"
    }
  },
  "transaction_id": "7c281d2c-c5d8-4e75-b593-3bb4488b2f17",
  "transaction_state": "pending_charge_confirmation",
  "merchant": "09cfe3106e14991a1079d25b46020abe",
  "operation_reference": "payment_1",
  "session_metadata": {},
  "error": {},
  "timestamp": "2021-08-23T07:26:37.188Z",
  "price":{
      "amount":9,
      "currency":"IDR"
   },
  "channel": {
    "code": "dana-id",
    "country": "ID"
  }
}

Help us improve our Merchants Portal. Was this article helpful?