Payment Session

It is recommended to use /paymentsession to authenticate your requests, as this flow supports the full payment flow handling Customer Initiated Transactions for alternative payment methods and 3D Secure transactions.

This method of authentication ensures that any intermediate steps are handled automatically by Judopay.

We also recommend using paymentSession when authorising /payments or /preauths for 3D Secure 2 transactions for the same reason.

 

The deadline for PSD2 and SCA implementation for all the European Union countries members and UK merchants has now passed.
3D Secure 1 is no longer supported.

We have made it a simple implementation for you to upgrade to 3D Secure 2 within your payment flow. See Integrating 3D Secure 2 (EMV 3D Secure)

Store the reference returned in the response in your backend server. Then Invoke a /payments or /preauths transaction using the paymentSession reference.

Create a paymentSession

Make sure you are using Judopay's API version 6.0.0.0 or higher.

Make a HTTP POST Request: /paymentsession

For the full schema details and descriptions, see Transaction API /paymentsession

 

Response Model

Payment-Session - Response Reference:

 

The paymentSession will expire in 30 minutes, unless an ExpiryDate is set in the /paymentsession request body.

The expiry date must be within one year: "ExpiryDate": "2022-10-06T17:43:21+01:00"

Your backend server should store the paymentSession response reference returned by Judopay's API.
Use this reference from the response to populate paymentSession when calling /payments and /preAuths from your front-end client.

The following parameters need to remain consistent between the/paymentsession requests and the /payments and /preauths requests, otherwise the transaction will fail:

• YourPaymentReference

• YourConsumerReference

• JudoID

• Currency

• Amount

This is used to cross reference the validity of the transaction.

 

Authenticating via API

When authorising /payments or /preauths you can call directly to the API using:

• /paymentsession

• TokenSecretAuth

  • The token and secret pair

  • Specify your token in Username and secret in Password

For more information on creating a /paymentsession, see Transaction API /paymentSession.

For more information on headers to authenticate a transaction using TokenSecretAuth, see Authenticating using TokenSecretAuth.

 

Headers to Authenticate a Transaction

headers to use when authenticating a transaction using paymentSession

 

Prerequisites

• You are using Judopay's API version 6.0.0.0 or higher.

• You have the /paymentsession response reference.

The paymentSession will expire in 30 minutes, unless an ExpiryDate is set in the /paymentsession request body.

Request Message Structure:

API-Version:	6.19   For the latest version of the Judopay Transaction API, see Latest Version.
Content-Type:	application/json
Accept:	application/json
Authorization Method TokenSecretAuth	In the Authorization Header: Supply: Basic {authstring} Example: Basic TXpFdPdRSzWmSGk4djhxeTpjBTS4YjQ5OTdkZmO7CTk1YTE0OWEyMDg1MmY3YWYyZWEyZTcwYmQyZGY3O     Replace {authstring} with base64 encoding of: API Token (username) Colon API Secret (password) Example: MzPdkQK1mGi8v3ky:y158n4732dfc7595a149a20381f7af2ea2e70gr6df794b8rnwc019cc5f799kk3
Authorization Method: PaymentSessionAuthToken	For Payment Session authentication In the Api-Token header: Supply the token used to authenticate the call to generate a payment session The Payment-Session header value must also be supplied.
Authorization Method: PaymentSessionAuthReference	For Payment Session authentication In the Payment-Session header: Supply the reference returned in the create payment session response The Api-Token header value must also be supplied.