™
MasterPass Service Provider Onboarding & Integration
Guide—File- and API-Based Merchant Onboarding
MASTERPASS™ SERVICE PROVIDER
ONBOARDING & INTEGRATION GUIDE—FILEAND API-BASED MERCHANT ONBOARDING
VERSION 6.5, AS OF 25 JUNE 2015
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Notices
Proprietary Rights
The information contained in this document is proprietary and confidential to MasterCard International
Incorporated, one or more of its affiliated entities (collectively “MasterCard”), or both. This material may not
be duplicated, published, or disclosed, in whole or in part, without the prior written permission of
MasterCard.
Trademarks
Trademark notices and symbols used in this document reflect the registration status of MasterCard
trademarks in the United States. Please consult with the Customer Operations Services team or the
MasterCard Law Department for the registration status of particular product, program, or service names
outside the United States. All third-party product and service names are trademarks or registered
trademarks of their respective owners.
Translation
A translation of any MasterCard manual, bulletin, release, or other MasterCard document into a language
other than English is intended solely as a convenience to MasterCard members and other customers.
MasterCard provides any translated document to its members and other customers “AS IS” and makes no
representations or warranties of any kind with respect to the translated document, including, but not limited
to, its accuracy or reliability. In no event shall MasterCard be liable for any damages resulting from
members’ and other customers’ reliance on any translated document. The English version of any
MasterCard document will take precedence over any translated version in any legal proceeding.
Content Disclaimer
No assurances are given that the information provided herein is error-free. You acknowledge and agree that
inaccuracies and inconsistencies may be present. The information is provided to you on an "AS IS" basis for
use at your own risk. MasterCard will not be responsible for any action you take as a result of this document,
or any inaccuracies, inconsistencies, formatting errors, or omissions.
Publication Code
MWMI
2
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Table of Contents
Notices ........................................................................................................................................................... 2
Proprietary Rights ......................................................................................................................................... 2
Trademarks .................................................................................................................................................... 2
Translation ..................................................................................................................................................... 2
Content Disclaimer........................................................................................................................................ 2
Publication Code ........................................................................................................................................... 2
Document Version Notes.............................................................................................................................. 6
Overview ........................................................................................................................................................ 9
MasterPass File-Based Onboarding ............................................................................................................ 9
MasterPass API-Based Onboarding ............................................................................................................ 9
How does MasterPass work? ....................................................................................................................... 9
MasterPass User Interface ........................................................................................................................... 9
Standard “Lightbox Display” (desktop and laptop) ...................................................................................... 9
Standard Mobile Display (.mobi) ............................................................................................................... 10
Standard Full Screen Display.................................................................................................................... 11
MasterPass Checkout Experiences ........................................................................................................... 12
Overview ...................................................................................................................................................... 12
MasterPass Merchant Standard Checkout Process Flow ........................................................................ 13
Standard Checkout Flow: .......................................................................................................................... 19
Service Provider File- and API-Based Onboarding Model ....................................................................... 20
Incorporating MasterPass into Your Site or App...................................................................................... 20
File-Based Onboarding ............................................................................................................................. 20
API-Based Onboarding ............................................................................................................................. 20
Service Providers NEW to MasterPass should start here: .............................................................................. 20
Service Providers with an EXISTING MasterPass Relationship ........................................................................ 21
Single-Merchant API Service ....................................................................................................................... 22
Open Feed Checkout Project .................................................................................................................... 22
Service Provider File- and API-Based Onboarding—Steps ..................................................................... 24
1. Service Provider Registration and Setup—Service Provider Activity ................................................ 24
Auto Approval ........................................................................................................................................... 26
2. Add Developer to Service Provider Profile—Service Provider Activity.............................................. 27
3. Developer Registration—Developer Activity ........................................................................................ 28
MasterPass Developer Account ................................................................................................................ 28
MasterCard Developer Zone Account ....................................................................................................... 28
Generate MasterCard Developer Zone Developer API Keys .................................................................... 29
Initiate Development ................................................................................................................................. 32
4. Request Sandbox Credentials—Developer Activity ............................................................................. 32
Create Checkout Project ........................................................................................................................... 33
File-Based Onboarding ............................................................................................................................. 34
Generate Merchant Files........................................................................................................................... 35
Validate Merchant Files in the Merchant Portal prior to Upload ................................................................ 35
Validate, Select, Upload, and Review ....................................................................................................... 35
Submit Checkout Project for Sandbox Approval ....................................................................................... 41
5. Review Integration Project & Sandbox Approval—Service Provider Activity.................................... 42
6. Access Sandbox Credentials, Complete Development and Test—Developer Activity ..................... 43
3
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Access Sandbox Details ........................................................................................................................... 43
7. Request Production Credentials—Developer Activity ......................................................................... 43
8. Review Integration Project & Production Approval– Service Provider Activity ................................ 44
9. Deploy application using Production Credentials—Developer Activity ............................................. 45
Follow Steps 10–12 to setup Single-Merchant API................................................................................... 45
10. Set Auto-Approval—Service Provider Activity ................................................................................... 45
11. Use Open Feed to Production Checkout Project—Service Provider Activity .................................. 46
12. Upload Merchant Record to Open Feed Checkout Project—System Activity ................................. 47
Integration Process ..................................................................................................................................... 49
Lightbox Integration.................................................................................................................................... 49
Standard Checkout ..................................................................................................................................... 49
Invoke MasterPass UI (Lightbox) .............................................................................................................. 49
Lightbox parameter details can be found here. ........................................................................................ 50
Standard Checkout Callback..................................................................................................................... 50
a.
Redirect to Merchant Callback URL Example ................................................................................. 50
b.
Checkout Callback method Example .............................................................................................. 50
Service Descriptions:.................................................................................................................................. 50
Request Token Service ............................................................................................................................... 50
Sandbox and Production Endpoints .......................................................................................................... 51
Shopping Cart Service ................................................................................................................................ 51
Sandbox and Production Endpoints .......................................................................................................... 51
Merchant Initialization Service ................................................................................................................... 51
Access Token Service ................................................................................................................................ 52
Sandbox and Production Endpoints .......................................................................................................... 52
Retrieve Payment, Shipping Data, Rewards and 3DS Details ................................................................. 52
Postback Service......................................................................................................................................... 53
Sandbox and Production Endpoints .......................................................................................................... 54
Android and iOS App Integration............................................................................................................... 54
MasterPass - Branding ............................................................................................................................... 56
Displaying “Buy with MasterPass” Button and Acceptance Marks........................................................ 56
MasterPass “Learn More” page ................................................................................................................. 57
Testing ......................................................................................................................................................... 59
MasterPass Sandbox Testing .................................................................................................................... 59
3DS Test Cases ........................................................................................................................................... 60
Q/A Checklist ............................................................................................................................................... 64
Asset Placement ....................................................................................................................................... 64
In-Wallet Experience ................................................................................................................................. 64
Post Wallet Experience ............................................................................................................................. 64
Postback ................................................................................................................................................... 65
General ..................................................................................................................................................... 65
Troubleshooting .......................................................................................................................................... 65
Troubleshooting .......................................................................................................................................... 65
Support ........................................................................................................................................................ 66
Appendix ...................................................................................................................................................... 67
Merchant Initialization Service .................................................................................................................. 70
Shopping Cart Service .............................................................................................................................. 74
Access Token Service .............................................................................................................................. 78
Postback Service ...................................................................................................................................... 90
File-Based Merchant Onboarding .............................................................................................................. 95
4
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Merchant Upload Schema......................................................................................................................... 95
Merchant Upload Schema Details............................................................................................................. 95
Merchant Upload Sample—Create ........................................................................................................... 98
Merchant Upload Sample—Create with Advanced Authentication Settings (3DS) for MasterCard .......... 99
Merchant Upload Sample—Create with Advanced Authentication Settings (3DS) for Visa .................... 100
Merchant Upload Sample—Update ........................................................................................................ 101
Merchant Upload Sample—Update ........................................................................................................ 101
Merchant Upload Sample with Advanced Authentication Settings (3DS)—Update ................................ 102
Merchant Upload Sample—Delete.......................................................................................................... 104
Merchant Upload Sample—Delete.......................................................................................................... 104
Merchant Upload Sample with Advanced Authentication Settings (3DS)—Delete.................................. 104
Merchant Upload Validate Response Schema Details ............................................................................ 106
Merchant Download Schema .................................................................................................................. 106
Merchant Download Schema Details ...................................................................................................... 106
Merchant Download Sample ................................................................................................................... 107
Single-Merchant API Service .................................................................................................................... 109
Single-Merchant API ............................................................................................................................... 109
Single-Merchant API Validation Service ................................................................................................. 112
3DS Status ................................................................................................................................................. 114
Developer Zone Key Renewal Process ................................................................................................... 116
Developer Zone Key Tool Utility .............................................................................................................. 118
3DS Overview ............................................................................................................................................ 119
Service Description ................................................................................................................................. 119
General Overview of Transaction Authentication .................................................................................... 120
Important Merchant Information .............................................................................................................. 121
Validation Error Messages ....................................................................................................................... 121
5
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Document Version Notes
Document
Version
6.5
6.4
6.3
Date
Updates
06/25/2015
Added note to the "Submit Checkout Project for Sandbox Approval" section to indicate
that once a checkout project is submitted/approved, it cannot be deleted. (p 41)
Added note to the "Lightbox Integration" section indicating that those invoking the
Lightbox from an iFrame must include the listed scripts on the parent (outer) frame in
addition to the iFrame source that is invoking MasterPass Lightbox. (p 49)
Updated the Sandbox Consumer Account table in the "MasterPass Sandbox Testing"
section to indicate that the security question and answer are "Pet's Name" and "fido,"
respectively, for the 3DS Test accounts. (p 59)
Replaced the "merchant-initialization—XML Schema Request." (p 71)
Replaced the "URL: https://api.mastercard.com/masterpass/v6/merchant-initialization —
Sample Request." (p 72)
Replace the "Shopping Cart V6—XML Schema." (p 75)
Replaced the "Shopping Cart Request XML with Optional SecondaryOriginUrl Field—
Sample." (p 77)
05/28/2015
Updated the document to reflect new branding for the services. The old BMU API has
been rebranded as “Single-Merchant API.” The file-based BMU has been rebranded
as “File-Based Onboarding.” Collectively, they are named “File- and API-Based
Onboarding,” as reflected in the new title of the document. (throughout document)
Added sample Download and Upload files for Create, Update, and Delete Actions with
Advanced Authentication Settings (3DS). (throughout the document where applicable)
Updated the "Are you registering as a Merchant or Service Provider?" screenshot in the
"Service Provider Registration and Setup—Service Provider Activity" section. (p 22)
Introduced a new section titled "Validate Merchant Files prior to Upload." (p 33)
Added a list of information that merchants should email to
[email protected] if they don't have an implementation
manager assigned to them. (p 66)
Introduced a new section in the appendix titled "Validation Error Messages." (p 97)
05/05/2015
Replaced references to the [email protected] email address.
(throughout document)
Updated the "Standard Checkout User Flow" screenshots to reflect the online interface
rather than the mobile interface. (p 11)
Added statement to the "Service Provider Registration and Setup—Service Provider
Activity" section to indicate that, before registering with MasterPass, the service
provider must request an invitation code from their MasterCard representative. (p 21)
Updated verbiage in the "Service Provider Registration and Setup—Service Provider
Activity" section to clarify that once Auto Approval has been enabled for a developer,
subsequent projects that they submit using the same credentials do not need
business owner approval prior to sandbox and production deployment, and any
changes made to the project are effective immediately. (p 23)
Added verbiage to the "Select, Upload, and Review" subsection of the "Request Sandbox
Credentials—Developer Activity" section to indicate that service providers may submit
corrections to the merchant files they upload under the same checkout project as the
original upload if the checkout project has not already been approved. (p 33)
Updated the note in the "Submit Checkout Project for Sandbox Approval" subsection of
the "Request Sandbox Credentials—Developer Activity" section to clarify that once
Auto Approval has been enabled for a developer, subsequent projects that they
submit using the same credentials do not need business owner approval prior to
sandbox and production deployment, and any changes made to the project are
effective immediately. (p 34)
Added verbiage to the "Shopping Cart Service" section about the new SecondaryOriginUrl
6
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
field. (p 41)
Added instruction to the "Android and iOS App Integration" section to set the
android:targetSdkVersion value in your application to 19 or higher if you are
integrating MasterPass for Android devices. (p 44)
Added verbiage to the note in the "Create Production Key" subsection of the "Developer
Registration—Developer Activity" section indicating that the initial files for the key
creation are needed to renew a production API key. (p 49)
Added item to the "Post Wallet Experience" Q/A checklist indicating that the user must
verify that the card PAN has not been provided to any entity that does not have the
appropriate security in place for storage and transmission of card data (per PCI
guidelines). (p 52)
Added the new SecondaryOriginUrl element to the Merchant-initialization—XML Schema
Request XML sample. (p 58)
Added the new SecondaryOriginUrl element to the "MerchantInitializationRequest XML
Details" table. (p 60)
Added the new SecondaryOriginUrl element to the "Shopping Cart V6-XML Schema". (p
62)
Added the new SecondaryOriginUrl element to the "Shopping Cart V6 XML Details" table.
(p 62)
Added the "Shopping Cart Request XML with Optional SecondaryOriginUrl Field—
Sample" (p 63)
Added a note to the "MerchantTransactions Request—Schema" subsection stating that
BMU service providers may ignore the optional PreCheckoutTransactionId and
ExpressCheckoutIndicator elements. (p 77)
Added a note to the "Merchant Upload Sample—Update" section to indicate that if the
Checkout ID is not included in the Checkout Brand element, then MasterPass will
produce a unique checkout ID for merchant record. (p 86)
6.2
6.1
6.0
03/03/2015
Updated screenshots. (throughout document)
Removed note about the activation delay that service providers might experience
following the initial checkout. (p 15)
Added verbiage about the Auto Approval feature, which merchants may use to approve
checkout projects. (p 40)
Removed caveat stating that JCB is supported in select markets only. (p 49)
Added information about a new email element to the “Merchant Upload Schema Details”
table. (p 77)
12/01/2014
Removed the Connected checkout table (p 10)
Added user flows for Standard, Paired, and Returned Checkout (p 13, 16, 17, 19)
Updated information about unpairing (p 20)
Added further information about OAuth (p 32)
Added note about key renewal requirements (p 40)
Clarified production deployment instructions (p 35)
Added note about new SDK/sample code availability (p 44)
Clarified checkout resource URL information (p 52 & 79)
Added note about liability shift and Advanced Checkout (p 57)
Added sandbox JavaScript URL (p 43)
Updated ECI Values (p 86)
Updated XML schema-MerchantAquirerBrand (p 102)
Added note about currency being required field for 3DS (p 105)
Noted inclusion of JCB as an allowed card type (p 62)
9/19/2014
Added Lightbox UI experience (p 7)
Added New Checkout experience: Connected checkout details (p 13)
Merchant Initialization Service - version V6 (p 48)
Shopping Cart Service - version V6 (p47, 66)
Checkout version - version V6 (p 42, 43, 45, 46)
Precheckout Service - version v6 (p48, 82)
Postback Service - version V6 (p50, 94)
Updated QA Checklist (p 56)
7
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Lightbox Parameters (p59)
SINGLE-MERCHANT API Service (p18, 19, 38, 39, 104)
10/26/2013
Checkout project auto approval (p 12)
3DS “No Authentication” value (p 30)
High resolution image links (p 35)
MasterPass ‘Learn More’ link (p 35)
Checkout version v5 schema and xml (p 51-55)
Updated result file schema (p 69)
Instructions to use Developer Zone Key Tool Utility (p 71)
8
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Overview
This guide is intended for service providers that would like to use one of the following mechanisms:
•
•
MasterPass File-Based Onboarding
MasterPass API-Based Onboarding
MasterPass File-Based Onboarding
Under this onboarding method, service providers upload a file with merchant records through the
MasterPass Merchant and Service Provider portal. Service providers can use this onboarding mechanism to
add merchants, update merchants, or delete merchant records on the MasterPass platform. Upon
successful processing of the file by MasterPass, a results file is available for the service provider to
download.
MasterPass API-Based Onboarding
At this time, a Single-Merchant API is available for merchant onboarding.
This onboarding mechanism may be used to onboard a single merchants to MasterPass in real time. This
API may be used to (a) add an individual merchant to MasterPass, (b) update an individual, existing
MasterPass merchant record, or (c) delete an individual merchant record from MasterPass. MasterPass
then provides a real-time response to the API.
How does MasterPass work?
MasterPass is a service that enables consumers to store, manage and securely share their payment,
shipping and rewards information with the websites and mobile apps with which they transact. MasterPass
™
™
supports checkout on full and mobile websites, as well as in-app purchases on Android and iOS apps.
Shop on
merchant
site
Click Buy with
MasterPass
at checkout
Sign into
MasterPass
-enabled
Wallet
Select card,
shipping
address
and loyalty
Select
shipping
method
Review and
confirm
transaction
MasterPass User Interface
The MasterPass user interface, or Lightbox, floats the MasterPass wallet interface on top of the Merchant’s
web page through illuminated overlays, and backgrounds dimmed to 0.7 opacity. This modern method
allows a consumer to interact with their MasterPass digital wallet without having to leave the merchant’s
page. MasterPass Lightbox is built in a responsive design style allowing it to respond dynamically to the
various screen sizes and orientations.
MasterPass supports the following displays:
•
•
Standard Lightbox display
Standard full screen display
Standard “Lightbox Display” (desktop and laptop)
At full screen, where the browser is set to 100% height and width, the overall Lightbox dimensions are 740
pixels (height) by 700 pixels (width). This is inclusive of the Lightbox header and footer. The interior Lightbox
dimensions are 590 pixels (height) by 680 pixels (width).
9
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
If the height of the browser is reduced so that the entire Lightbox has a height of 740 pixels and the width is
maintained, the content container has the following dimensions: 530 pixels (height) by 680 pixels (width).
If the browser is set to 100% maximum width, but is less than 530 pixels in height (for the content container),
vertical scrolling will appear.
If the browser is set to less than 680 pixels in width, the Lightbox layout will change to accommodate small
screen formats (as in, phones and smaller tablets). There is a 320 pixel width threshold for the content
container.
Standard Mobile Display (.mobi)
Within the .mobi experience, the header and footer are approximately 70 pixels high except for the iPhone
5/5S, which has a header and footer which are approximately 30 pixels high. The interior content area for
mobile devices is content dependent. The initial view of content is based on the overall screen sizes.
Content that does not fit within the initial view of content can be accessed by scrolling. There will not be a
landscape view for mobile; only portrait will be supported.
10
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Standard Full Screen Display
Under certain conditions, such as when the consumer’s browser does not support the Lightbox display
(older browser), or if the merchant has not yet made coding changes to invoke the Lightbox display, or if the
URL requesting the Lightbox display is different from the merchant specified origin URL, then MasterPass
will render the wallet experience in full screen. This full screen wallet experience supports all functionality
and design as that of the Lightbox display.
11
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
MasterPass Checkout Experiences
Overview
The following table depicts the steps of involved in the standard MasterPass checkout experience.
Merchant
Experience
Standard
Checkout
Merchant
identifies
consumer
MasterPass
Merchant
Consumer
Clicks
Signs
into
Wallet
Finalizes
Payment
Method/
Address
Reviews/
Submits
Order
Confirms
Order
Receipt/
Thank
You
Page
Buy with
MasterPass
X
X
X
X
X
12
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
MasterPass Merchant Standard Checkout Process Flow
The flows below depict the Standard MasterPass Checkout flow with the Lightbox MasterPass UI.
Standard Checkout User Flow
1) The consumer clicks the Buy with MasterPass button.
13
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
2) The consumer logs in to their wallet.
14
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
3) The consumer selects their payment method and shipping address.
15
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
4) The consumer reviews and submits the order.
16
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
5) The merchant confirms the order.
17
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
18
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Standard Checkout Flow:
19
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Service Provider File- and API-Based Onboarding Model
Incorporating MasterPass into Your Site or App
Enabling checkout with MasterPass on-behalf of your merchant site or mobile app is straightforward—here
are the required activities for service providers that would like to use the File- or API-based methods for
onboarding merchants.
File-Based Onboarding
Under this onboarding method, service providers upload a file with merchant profile records through the
MasterPass Merchant Portal.
Service Providers can onboard merchants by uploading file(s) containing multiple merchant records. Service
Providers will access the MasterPass Merchant Portal to enroll and provision their merchants to
MasterPass. The File-Based Onboarding method should be used by Service Providers who will be
onboarding a large number of merchants and can generate XML formatted files(s) with the required
information for multiple merchants. This process allows multiple merchant profiles to be set up at the same
time rather than manually creating a MasterPass account for each merchant. No Merchant interaction with
MasterPass is required in this onboarding method. Service Provider developers will create checkout projects
and the Service Provider will approve the checkout projects. Service Provides can also enable [Auto
Approval] (insert hyperlink to auto approve section) for each developer to avoid having to approve each and
every checkout project by that developer.
Service providers can use File-Based Onboarding to add merchants, update merchants, or delete merchant
records on the MasterPass platform. Upon successful processing of the file by MasterPass, a results file is
available for the service provider to download.
API-Based Onboarding
At this time, a Single-Merchant API is available for merchant onboarding.
This Single-Merchant API may be used by Service Providers to onboard merchant records one at a time and
in real time to MasterPass. This method is best suited for Service Providers that want to onboard merchants
in real time from their system to MasterPass without any manual intervention. No Merchant interaction with
MasterPass is required in this onboarding method. By using the API, service provider developers do not
have to create multiple checkout projects for onboarding merchants. An Open Feed checkout project is
available for service providers using the API that can be used for ongoing submission of merchant records to
MasterPass.
This API may be used to add, update, or delete merchants one at a time to MasterPass.
provides a real time response to the API.
MasterPass
Service Providers NEW to MasterPass should start here:
All new service providers that have not onboarded merchants, whether using file- or API-based onboarding,
must complete steps 1–9 that are summarized in the table below.
By completing steps 1–9, you will have created your relationship to MasterPass and onboarded an initial set
of merchants. Detailed instructions for steps 1–9 can be found here, or click on the links within the table
below.
At the successful completion of step 9, you will have a Checkout Project that has been approved for
production and at least one merchant in the MasterPass system. At this point, the Service Provider will be
considered existing in the MasterPass system.
20
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Activity
1. Service Provider
Registration and
Setup
2. Add Developer to
Service Provider
Profile
3. Developer
Registration
Actor
Steps
Service
Provider
Create Service Provider account and create shipping
profile
MasterPass
Merchant Portal
Service
Provider
Add Developer to Service Provider Profile
MasterPass
Merchant Portal
Create MasterPass Developer account
MasterPass
Merchant Portal
Developer
Create Developer Zone account
Generate developer’s sandbox and production keys
Review sample code/SDK and design services
integration
Create Checkout Project
Obtain details for merchant(s) and generate merchant
upload file(s).
4. Request Sandbox
Credentials
5. Review Integration
Project & Approval
Environment
Developer
Service
Provider
Business
Owner
Select merchant file(s), Upload and Review results
from the Download Merchant File.
MasterCard
Developer Zone
MasterPass
Merchant Portal
Service Provider
Engineering
Environment
MasterPass
Merchant Portal
Submit Checkout Project for sandbox approval.
MasterPass
Merchant Portal
Approve sandbox credentials.
MasterPass
Merchant Portal
Obtain checkout IDs for each successfully
provisioned merchant. Map each checkout Id to the
correct merchant.
MasterPass
Merchant Portal
6. Access Sandbox
Credentials
Developer
7. Request Production
Credentials
Developer
Submit Checkout Project for production approval
8. Review Integration
Project & Approval
Service
Provider
Business
Owner
Approve production credentials
MasterPass
Merchant Portal
9. Production Migration
Developer
Update MasterPass API endpoints, Consumer key,
Callback URL and Private Key (p12), if different than
Sandbox.
Service Provider
Production
Environment
Test against MasterPass sandbox environment
Service Provider
Engineering
Environment
MasterPass
Merchant Portal
Service Providers with an EXISTING MasterPass Relationship
Existing Service Providers that are using the File-Based Onboarding method and would like to use the
Single-Merchant API can skip down [here] (insert link Single API section)
Existing Service Providers have two options for adding, updating, and deleting merchants in the MasterPass
system:
•
Use File-Based Onboarding via the MasterPass Merchant and Service Portal User Interface to
upload XML file(s). In other words, you can always choose to simply follow steps 4-9 in the table
above to add, update, or delete merchants.
21
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
•
Use the Single-Merchant API Service to upload the XML file containing a single merchant record,
which is explained in the section below. Follow Steps 10-12 below to setup the Single-Merchant
API Service for your account.
Single-Merchant API Service
Once a service provider has at least one checkout project approved all the way through to production (Step
8) that service provider can then choose to activate the Single-Merchant API Service. Interfacing with the
Single-Merchant API Service will require coding on the Service Provider side.
Service Providers using the API can use the Open Feed Checkout Project to submit merchant records to
MasterPass.
Open Feed Checkout Project
The Open Feed to Production Checkout Project has the advantage over a standard checkout project in
that it allows continuous sumbissions of merchant records for the desired action (add/update/delete) directly
to the production environment.
To create the Open Feed to Production Checkout Project, complete the following steps:
10. Set Auto Approval
11. Use Open Feed to
Production Checkout
Project
12. Send XML to Open
Feed Project
Service
Provider
Business
Owner
Service
Provider
Business
Owner
Developer
Check Enable Auto Approval Checkbox
Check Use Open Feed to Production Checkout
Project (Auto Approval must be enabled, step 10)
Send a single merchant record in XML format via
the Single-Merchant API service using the
Checkout Project ID of the Open Feed Project and
the production consumer key, which can be
obtained from one of the previous production
approved checkout projects on the Merchant
Portal.
XML flows automatically to Approved for
Production, step 9.
MasterPass
Merchant Portal
MasterPass
Merchant Portal
Upload XML via
API
Service Provider
Production
Environment
The following accounts will be created during this onboarding process. Use the following table to record the
account information for future reference.
Account Type
Merchant Portal –
Service Provider
account
Merchant Portal Developer Account(s)
Details
Created by Service Provider business owner. This id should be
used to login at https://masterpass.com/SP/Merchant/Home
Account Info
Userid: __________
Email: ___________
Go here to create Service Provider account, invite developers, create
shipping profiles, approve checkout projects etc.
Created when a Service Provider invites a developer. It’s a system
generated user id. This id should be used to login at
https://masterpass.com/SP/Merchant/Home
Userid: __________
Email: ___________
Go here to create checkout project, upload merchant files, get checkout
22
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
project details etc.
Developer Zone Developer Account(s)
Created by developer and is used for key exchange. This id should be
used to login at https://developer.mastercard.com
Userid: __________
Email: ___________
Go here to perform key exchange, download SDKs and Sample
Application, Integration Guides and to access FAQs, etc.
By the end of the integration, your site or mobile app should be able to:
1. Display the Buy with MasterPass button and the Learn More link at the start of the checkout
experience.
2. Invoke and display the MasterPass Lightbox.
3. Relay MasterPass checkout requests to the MasterPass service.
4. Receive consumer’s billing, shipping address, and rewards data from MasterPass service.
5. Process card, shipping and rewards information using existing process.
Note that your implementation must satisfy all criteria in the Q/A checklist.
23
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Service Provider File- and API-Based Onboarding—Steps
1. Service Provider Registration and Setup—Service Provider Activity
Before beginning this process, request an invitation code from your MasterCard representative; this will
grant you access and allow you to register as a service provider within the merchant portal.
From the MasterPass Merchant Portal, select the country – language from the dropdown and click the
Create an Account button to start the registration process. You will be presented with a modal window, into
which you will enter the invitation code. After entering the invitation code, you will be presented with the
option to select the registration type. Select Service Provider to continue with the registration process as
shown in the screen shots below. If you need to register as a Merchant, please access Merchant Integration
Guide.
Create an Account
Enter Invitation Code
Select Service Provider
24
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
25
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
After your account has been created, select Shipping Locations to manage shipping for your merchants.
You can have multiple shipping profiles that you can use with multiple merchants, or you may set a preferred
shipping profile if most of your merchants use it.
Auto Approval
The Service Provider business owner has an option to Enable Auto Approval of checkout projects. This
feature allows Service Providers to determine if they wish to have a checkpoint/audit step prior to having
merchants setup in sandbox and production or not. Once enabled, subsequent projects submitted by the
developer—using the same credentials—do not need business owner approval prior to sandbox and
production deployment. Any changes made to the project are effective immediately. To enable Auto
Approval, click Account Settings from the top navigation bar and click on the Enable Auto Approval check
box.
26
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
2. Add Developer to Service Provider Profile—Service Provider Activity
The next step is to add developers who will integrate MasterPass into the checkout flow. From the landing
page, you will add developers to the Service Provider profile. These developers will handle the technical
implementation of MasterPass. Click on Manage Setup and add developers to your Service Provider
account. To get started, click the Start This Step button from the MasterPass Setup page.
You will need to indicate who will perform the technical integration. Service Providers who have an internal
or contracted engineering team should select An internal or contracted developer, and provide contact
information for each developer he/she wishes to invite.
27
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
MasterPass will send two separate emails to each newly added developer indicating that he/she has been
invited to handle the technical integration of MasterPass on-behalf of your company. These emails will
contain the username and password to log in to the MasterPass Merchant Portal. Invitation emails sent to
the developer will contain links to the MasterPass integration guides that developers can use to get started
with MasterPass integration.
3. Developer Registration—Developer Activity
Developers invited to integrate MasterPass on behalf of a service provider will manage their integration
activities through two portals:
•
MasterPass Merchant Portal (https://masterpass.com/SP/Merchant/Home)
•
MasterCard Developer Zone (http://developer.mastercard.com)
NOTE: These are two different websites that use different login credentials. If you are a new developer for
MasterPass, you must sign up for a new account on Developer Zone.
MasterPass Developer Account
Developers will use the MasterPass Merchant Portal to request, and access merchant-specific integration
credentials, which will be used when interacting with the MasterPass web services. After the service
provider invites you as a developer, you should have received your MasterPass Developer credentials
in two emails from MasterPass. Follow the instructions in the emails to create your developer account.
You will find links to the MasterPass integration documentation in the invitation emails you receive from
MasterPass and on the landing page once you sign in to your Developer account on the MasterPass
Merchant Portal.
You do not need a Developer Zone account to access and view this documentation.
MasterCard Developer Zone Account
Developers invited to integrate MasterPass on behalf of a service provider will use MasterCard Developer
Zone to view integration documentation and generate developer keys. To create a Developer Zone account,
visit Developer Zone and click Create account. After submitting the form, be sure to activate the account
using the confirmation email.
28
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Generate MasterCard Developer Zone Developer API Keys
After creating your account, you will need to generate two API keys: one for the sandbox environment and
one for the production environment. To make keys easy to distinguish, it’s recommended to prefix sandbox
keys with "SBX_" and production keys with "PRD_".
29
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Create Sandbox Key
To create a Sandbox key, click My Account, then My Dashboard.
On the My Dashboard page, click on the My Keys tab and the Add a Key button.
In order to get an API Key, you need to supply a PEM encoded Certificate Request File. You may use a tool
of your choice, such as "openssl" or Java's "keytool" to generate this CSR, or you may use the CSR
generation tool on the developer zone portal. Click here to see instructions for using CSR generation tool.
Complete the form, select Sandbox for Environment, and click Submit.
30
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
You will have Sandbox Key ID at this point.
Create Production Key
To create a Production API key, return to My Dashboard and click on My Keys. Then click on Add a Key
and make sure you select Production environment. Complete the form and click Submit.
At this point, developers will have a Sandbox Key ID and a Production Key ID, which will be used when
creating a checkout project in the MasterPass Merchant Portal.
31
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
NOTE: Keys expire after one year before which they should be renewed by initiating the Developer Zone
Key Renewal process. The Certificate Request File initially submitted for the key creation will be needed to
renew the key. Notifications at 30, 15, and 1 day prior to key expiration will be sent to the email address
associated with the Developer Zone account.
When the keys expire, the checkout project will not work and the MasterPass transactions will fail.
Therefore the keys need to be renewed prior to expiration.
Initiate Development
At this point, developers should begin developing their own implementation. Sample Applications for C#
.NET, Java, PHP, and Ruby will be made available for download from the Sample Code tab in the Developer
Zone. Contact MasterPass Support if the sample applications are not available in the language you need.
MasterPass follows the OAuth 1.0a specification. Any merchant or Service Provider integrating with
MasterPass must strictly adhere to the OAuth specs for interacting with MasterPass through Open API
Gateway. Failure to implement OAuth correctly may impact your integration and transactions with
MasterPass.
Further information can be found here:
https://developer.mastercard.com/portal/display/api/Authentication
4. Request Sandbox Credentials—Developer Activity
Prior to allowing the developer’s code to interact with the MasterPass the project must be approved by the
Service Provider Business Owner. The developer will make two separate approval requests. The first
request is to grant the developer access to credentials that will enable his/her code to transact with the
MasterPass sandbox environment on-behalf of the merchant. The sandbox environment does not contain
real consumer data. The second is for production credentials, which will enable real transactions.
Developers will use MasterPass Merchant Portal to request, and access merchant-specific integration
credentials, which will be used when interacting with the MasterPass services. The credentials are
requested by submitting a checkout project.
32
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Create Checkout Project
To get started, sign into the MasterPass Merchant Portal. Under Manage Development, click Checkout
Projects → Create New Project, and complete the New Project creation wizard.
Enter the Project Name and Project Description. Enter the sandbox and production Key IDs that were
created from MasterCard Developer Zone.
If you are a Service Provider developer uploading files containing several merchant records, choose the
Bulk Merchant Upload Implementation option in the Create Checkout Project window.
33
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Create Checkout Project
Developer Zone – Production Key ID
Developer Zone – Sandbox Key ID
File-Based Onboarding
Service Providers can associate multiple merchant profiles to a checkout project all at once using a
merchant upload file. The first step in this process is to obtain the merchant upload file template referenced
in the appendix. Service Providers should gather the details for each merchant.
34
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Generate Merchant Files
Once the merchant details are available, developer should create the file(s) to upload. Upload file size
cannot be more than 10 MB. For best results, try not to exceed 1000 merchant records in a file. If you want
to upload more than 1000 merchants, consider creating multiple files to upload at the same time or as part of
a new checkout project.
Validate Merchant Files in the Merchant Portal prior to Upload
This feature enables service providers to optionally check or validate their file containing merchant records
and ensure that it meets the schema and business rules requirements before submitting the file for
processing to MasterPass.
To begin the validation process, click the Validate File button on the Checkout Projects page.
Click Choose File and select a file to validate. Initiate the file validation by clicking Validate Now. Once the
validation is complete, the system will display an error message if the file is invalid. Any schema errors must
be corrected before the file can be submitted for validation against business rules. Once validation is
complete, a success or failure result is displayed in the UI, and details of errors are provided in the results
file.Refer to the “Validation Error Messages” section of the Appendix for a list and descriptions of the
validation error messages. The results of the validation are not stored by MasterPass and, hence, will not
available to service providers when they return. Service providers must use the “download” capability to take
note of the validation results, which can be used to correct any errors in the file.
Once the service provider has corrected the XML errors, validate the file again. If there are no errors in the
file, the system will display a “Validation complete, no errors found” message. There are no limits on the
number of times a file or record can be validated.
The validation feature supports the same file sizes as can be used with File-Based Onboarding.
Validate, Select, Upload, and Review
To verify your file submission for schema and business rules validation before uploading, go to the
Checkout Projects page and click the Validate File button.
35
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Click the Choose File button.
Select the file you want to validate and click the Validate Now button.
36
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
The system will first validate the XML schema of your file. If your file does not meet the XML schema rules,
you will receive an error message (as in the screenshot below) and must repair the error.
If your files meets the XML schema rules, the system will then validate against the business rules. If your file
does not meet the business rules, you will receive an error message (as in the screenshot below) and must
repair the error.
37
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
To see the cause of the validation error, click the Download Result File button.
Once your file meets both the XML schema and business rules, you (a) will receive a result file with an
ErrorText status of “Successful” (as in the following screenshot) and (b) are ready to upload the file to
MasterPass.
38
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Once the merchant files have been generated and the merchant is ready to upload files to MasterPass, click
Upload to select the merchant files and initiate the File-Based Onboarding process.
39
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
40
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
A message will display indicating the processing has finished and the number of records processed—
successes and failures. The service provider account owner will still need to approve the successfully
processed merchants before they will be able to process transactions. You will also get an email when the
file processing is complete.
Once the processing is complete, click Download Result File to view the results of the Upload process. Any
merchant records which fail processing will need to be reviewed, corrected and submitted for processing. A
sample Download Result File is available in the appendix.
Corrections can be uploaded under the same checkout project, provided that the checkout project has not
already been approved via manual or auto approval. To check on the 3DS status of a successfully uploaded
merchant, refer to the "3DS Status" section.
Submit Checkout Project for Sandbox Approval
After creating the checkout project but before submission, the developer may modify previously entered
information. To submit the project for sandbox approval, click Submit. Clicking Submit will kick-off the
Checkout Project Approval Process.
NOTE: Once the checkout project is submitted/approved, it cannot be deleted.
41
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
NOTE: If Auto Approval has been enabled by the merchant or service-provider business owner for a
developer, sandbox and production credentials will be generated at this time and steps 5-8 will be skipped.
Once Auto Approval has been enabled for a developer, subsequent projects that they submit using the
same credentials do not need business owner approval prior to sandbox and production deployment. Any
changes made to the project are effective immediately.
5. Review Integration Project & Sandbox Approval—Service Provider
Activity
NOTE: Skip if Auto Approval is enabled.
After the Developer submits the request for sandbox credentials, the Service Provider Business Owner will
get an email notification. The Service Provider Business Owner will log on to the MasterPass Merchant and
Service Provider Portal, review, and provide approval.
After clicking Approval Requests on the navigation bar, the user will see a list of open requests. The user
will be presented with the option to either Approve or Reject the project. Users can also view processing
results by clicking on ‘Download Result File’ button or download the uploaded file by clicking on
‘Download Merchant File’. If rejected, a reason must be provided, and the developer will be allowed to
modify the entry and resubmit.
Upon approval, the developer will receive an email containing the Consumer Key for the sandbox
environment. The developer will be able to sign into the MasterPass Merchant Portal and access credentials
necessary to develop and test his/her MasterPass implementation in the sandbox environment.
42
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
6. Access Sandbox Credentials, Complete Development and Test—
Developer Activity
NOTE: Skip if Auto Approval is enabled.
Access Sandbox Details
After signing into the portal, the developer will click the Action Required button associated with the entry,
and note the Sandbox Consumer Key. For each successfully uploaded merchant, Developers will obtain the
checkout identifiers from the result file and map to the correct merchant. These will be used in the code to
call MasterPass web services. Please refer to MasterCard Developer Zone for sample code and SDKs
7. Request Production Credentials—Developer Activity
NOTE: Skip if Auto Approval is enabled.
Once the application has been tested against sandbox, the Developer will request the production
credential. This is done by submitting the checkout project created in Step 4 and submitting it again for
approval.
43
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
8. Review Integration Project & Production Approval– Service Provider
Activity
NOTE: Skip if Auto Approval is enabled.
After the Developer submits request for production credentials, the Service Provider Business Owner will get
an email notification. The business owner will log on to the MasterPass Merchant Portal, review and provide
approval (similar to step 5). The user will be presented with the option to either Approve or Reject the
project. Users can also view processing results by clicking on ‘Download Result File’ button. If rejected, a
reason must be provided, and the developer will be allowed to modify the entry and resubmit.
44
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
9. Deploy application using Production Credentials—Developer Activity
Once the application has been approved, the Developer will receive an email containing the production
Consumer Key and will enable the Service Provider platform to transact with the MasterPass Services onbehalf of the Merchant. Prior to production deployment:
-
Ensure that you have implemented the MasterPass button on merchant’s site or app
Your sandbox implementation passes all items in the QA checklist
To move your code to production, update your code with the MasterPass API Production endpoints,
Consumer Key, Checkout Identifier and the private key if different than Sandbox. The last step is to
deploy your code to production. You’re all done!
Follow Steps 10–12 to setup Single-Merchant API
10. Set Auto-Approval—Service Provider Activity
Once the first checkout project has been completely approved for production, the Enable Auto Approval
checkbox will be available in the Account Settings.
The Service Provider business owner has an option to enable auto approval of checkout projects, which
must be done to use the API-Based Onboarding method. This feature allows Service Providers to determine
if they wish to have a checkpoint/audit step prior to having merchants setup in sandbox and production or
not. When auto approval is enabled, the system will automatically approve any submitted merchant profiles
for both Sandbox and Production credentials. This is applicable to all developers associated with the
account, and changes are effective immediately. To enable auto approval, click Account Settings from the
top navigation bar and click on the Enable Auto Approval check box. Click Agree when prompted.
45
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
When the Enable Auto Approval checkbox is checked, the checkbox Use Open Feed to Production
Checkout Project will be available.
11. Use Open Feed to Production Checkout Project—Service Provider
Activity
Service Providers that want to use the Single-Merchant API Service, will need to create the Open Feed to
Production Checkout Project. It is created when the Use Open Feed to Production Checkout Project
checkbox is checked for the first time. To create, click Account Settings from the top navigation bar and
click on Use Open Feed to Production Checkout Project checkbox. To view the newly created Open
Feed to Production project, click Checkout Projects.
46
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
When the Use Open Feed to Production Checkout Project checkbox is unchecked, the Open Feed to
Production project will be hidden in the UI from the user, and any calls made to that project will be rejected.
Checking the Use Open Feed to Production Checkout Project checkbox again will unhide the Open Feed
to Production project.
12. Upload Merchant Record to Open Feed Checkout Project—System
Activity
The Open Feed to Production Project can only be used for onboarding via the API.
NOTE: The Single-Merchant API is limited to a file size of less than 399K (409600 bytes) and must be used
for one merchant record at a time.
The Service Provider system must be designed to send the XML containing details for a single merchant
record, the Checkout Project ID and approved consumer key*, to the Open Feed to Production project
through the Single-Merchant API service call. This will auto-submit and push merchant adds/updates/deletes
directly to Production.” See Appendix for SINGLE-MERCHANT API Upload parameter details.
*If you are a new service provider, then you will first need to get a project approved all the way to
production (steps 1–8 in the Onboarding table) and you can use consumer keys of the first
production approved checkout project. If you are an existing Service provider, that has used the
File-Based Onboarding, you can use the consumer key that associated with any checkout project
approved all the way to production that you have used onboard merchants using the File-Based
Onboarding method
The API call to upload each merchant must be made using a production consumer key and the associated
production developer Key ID credentials. The checkout project ID of the Open feed project needs to be used
in the API request URL.
NOTE: Once MasterPass successfully processes the merchant record, the API will provide a response with
the checkout identifier for the merchant.
Validate Merchant API Service
Service providers may use an API service to verify their submission for schema and business rules
validation before uploading merchant records to MasterPass via the onboarding API.
To begin the validation process via the Validation API service, the developer must call the API and send the
XML containing the merchant record.
•
If there are schema errors errors, the system will indicate that and the errors must be corrected
before the xml can be validated against the business rules. Once validation is complete if there are
47
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
•
•
•
any errors, the API response will indicate that, and if the XML contains no errors the API will
provide a success response.
The results of the validation are not stored by MasterPass and available to service providers when
they return, so they must save the results of the API response on their end which can be used to
correct any errors with their submission.
There are no limits on the number of times the validation API can be called for validating an XML.
The validation API supports the same size of the onboarding API (399 KB) and only one merchant
record may be submitted at a time via the validation API.
The Validation API system will display an error message if the file is invalid.
Refer to the “Validation Error Messages” section of the Appendix for a list and descriptions of the validation
error messages. If the XML file is valid, the Validation API system will send a confirmation response
indicating that the XML file was loaded successfully.
48
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Integration Process
For a step by step guide through integration and illustration of the various calls to MasterPass,
you can download the example of our code available in various languages such as Java, C#,
PHP, and Ruby. You can also access the sample code for correct implementation of signature
base string and exchanges with MasterPass at the following link.
https://developer.mastercard.com/portal/display/api/MasterPass+-+Merchant+Checkout+-+Sample+Code
Lightbox Integration
Lightbox integration is required to launch the MasterPass user interface for consumer wallets. In order to
invoke the Lightbox, merchants will need to include the following scripts on the page they implement the
Buy with MasterPass button:
1. https://www.masterpass.com/lightbox/Switch/assets/js/jquery-1.10.2.min.js
» It is recommended to pull the jQuery file from the public jQuery repository
https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
2. MasterPass Script
NOTE: Those invoking the Lightbox from an iFrame must include the following scripts on the parent
(outer) frame in addition to the iFrame source that is invoking MasterPass Lightbox:
a. Production - https://www.masterpass.com/lightbox/Switch/integration/MasterPass.client.js
b. Sandbox https://sandbox.masterpass.com/lightbox/Switch/integration/MasterPass.client.js
Standard Checkout
The following steps are necessary to integrate a standard MasterPass checkout. For further information,
click on each step of the process.
1.
2.
3.
4.
5.
6.
7.
8.
9.
Request Token Service
Shopping Cart Service
Merchant Initialization Service (Optional based on Shopping Cart parameters.)
Invoke MasterPass UI(Lightbox) for checkout
Standard Callback method or Redirect to callback URL
Access Token Service
Retrieve Payment, Shipping Data, Rewards and 3DS Details
Authorize Payment through payment processor
Postback Service
Invoke MasterPass UI (Lightbox)
Within a script tag the merchant must invoke the checkout method with the required parameters. Here is an
example
<script type="text/javascript" language="Javascript">
MasterPass.client.checkout({
"requestToken":"insert_request_token_here",
"callbackUrl":"http://www.somemerchant.com/checkoutcomplete.htm",
"merchantCheckoutId":"insert_checkout_id_here",
"allowedCardTypes":["master,amex,diners,discover,maestro,visa"],
"version":"v6"
});
49
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
</script>
Required parameters are:
»
»
»
»
»
requestToken—The merchants request token from OpenAPI.
callbackUrl—A URL to redirect the browser to when checkout is complete. Required unless you use
the callback method.
merchantCheckoutId—The merchant’s unique checkout identifier from the MasterPass Merchant
Portal
allowedCardTypes—Card types accepted by merchant
version—checkout version (v6)
Lightbox parameter details can be found here.
Standard Checkout Callback
Once a checkout is completed, MasterPass will return context to the merchant. This can be done via one of
the following options:
a.
b.
A callback URL—MasterPass uses the callback URL (oauth_callback) from the request token call
to direct back to the merchant site when Lightbox is rendered in full screen mode.
A javascript callback method—Use “failureCallback” and “successCallback” to give control back to
the page that initiated the Lightbox without any redirects. These parameters must be set when
invoking MasterPass Lightbox UI.
It is recommended that your code takes care of both scenarios.
a.
Redirect to Merchant Callback URL Example
http://www.somemerchant.com/checkoutcomplete.htm?status=success&checkout_res
ource_url=https%3A%2F%2Fstage.api.mastercard.com%2Fmasterpass%2Fv6%2Fcheckou
t%2F10189977%3Fwallet%3Dphw&oauth_verifier=6c50838e31b7441e6eafa222938545288
9255b13&oauth_token=d6fa60984308aebb6183d44fb9688fb9dc8332dc
b.
Checkout Callback method Example
function onSuccessfulCheckout(data)
{
document.getElementById('oauthToken').value=data.oauth_token;
document.getElementById('oauthVerifer').value=data.oauth_verifier;
document.getElementById('checkoutUrl').value=data.checkout_resource
_url;
}
Service Descriptions:
Request Token Service
This should be executed when a consumer clicks the Buy with MasterPass button.
Request and response parameter details can be found here.
50
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Sandbox and Production Endpoints
» https://sandbox.api.mastercard.com/oauth/consumer/v1/request_token
» https://api.mastercard.com/oauth/consumer/v1/request_token
Shopping Cart Service
Merchants must call the Shopping Cart service before invoking the MasterPass UI for checkout. This
enables shopping cart data to be displayed to users as they proceed through the MasterPass login and
checkout.
Shopping cart request has an optional OriginUrl field, which—if the merchant sets it—will remove the need
to call the merchant initialization service before displaying the Lightbox. Request and response parameter
details can be found here.
Shopping cart request has an optional SecondaryOriginUrl field, which—if the merchant sets it—should
only be used when the Lightbox will be invoked from a frame that’s on a merchant site and when that frame
is of a different domain than that of the merchant site, like for a service provider.
NOTE: The product description needs to be HTML-encoded and has a character limit of 100 characters.
Sandbox and Production Endpoints
» https://sandbox.api.mastercard.com/masterpass/v6/shopping-cart
» https://api.mastercard.com/masterpass/v6/shopping-cart
Merchant Initialization Service
This service is used to secure Lightbox connections between merchant and MasterPass. This service
requires a request token (OAuthToken). This service call should be used when shopping cart service is not
called.
Request and response parameter details can be found here.
51
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
https://sandbox.api.mastercard.com/masterpass/v6/merchant-initialization
https://api.mastercard.com/masterpass/v6/merchant-initialization
Access Token Service
Next step is to exchange a Request token for an Access token from the MasterPass service. You will use
the Request Token (oauth_token) and Verifier (oauth_verifier) from the merchant callback to get an access
token. Request and response parameter details can be found here.
Sandbox and Production Endpoints
» https://sandbox.api.mastercard.com/oauth/consumer/v1/access_token
» https://api.mastercard.com/oauth/consumer/v1/access_token
Retrieve Payment, Shipping Data, Rewards and 3DS Details
Now you will use the Checkout Resource URL request parameter (checkout_resource_url) received from the
callback URL to retrieve consumer’s payment, shipping address, reward and 3DS information from
MasterPass.
The checkout resource url supplied by MasterPass should be decoded and consumed by the
merchant or Service Provider as provided by MasterPass. MasterPass may add or delete parameters
in future.
Example:
Below are two example callback urls with the checkout_resource_url parameter highlighted:
1)
https://AnyMerchant.com/CheckoutCallback?mpstatus=success&checkout_resource_url=https%3A%2F
%2Fapi.mastercard.com%2Fmasterpass%2Fv6%2Fcheckout%2F11318523&oauth_verifier=aa2ff8e8f11
44f45c3b8fdc3d42398913a49e387&oauth_token=b8361ad151af35f71df7b395e083befcaf8192dd
Decoded checkout url:
checkout_resource_url=https://api.mastercard.com/masterpass/v6/checkout/11318523
2)
https://AnyMerchant.com/CheckoutCallback?checkout_resource_url=https%3A%2F%2Fapi.mastercard.
com%2Fmasterpass%2Fv6%2Fcheckout%2F11318500&checkoutId=11318500&oauth_verifier=aa2ff8e
8f1144f45c3b8fdc3d42398913a49e387&oauth_token=b8361ad151af35f71df7b395e083befcaf8192dd
Decoded checkout url:
checkout_resource_url=https://api.mastercard.com/masterpass/v6/checkout/11318500&checkoutId=11318500
Request and response parameter details can be found here.
Please note that MasterPass performs a CVC/CVV check at card enrollment. However, in accordance with
PCI standards, CVC2/CVV2 data is not persisted, and will not be provided to the merchant. As the card data
has been validated and securely stored by MasterPass, merchants must not require CVC/CVV entry
from a consumer checking out with MasterPass.
NOTE: In cases where, prior to submitting their order, the cardholder chooses to replace the payment details
provided by MasterPass with different, manually entered payment details, Merchants should ask the
cardholder to enter CVV2/CVC2/CID as they would in the normal course and should not pass the wallet
indicator flag to the acquirer. In this case, the transaction is no longer considered to be a MasterPass
52
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
transaction. Checkout Postback is still required. It is recommended not to allow consumers to change their
card details after returning from MasterPass.
A three-byte wallet Indicator (WID) Flag (WalletID xml element in the checkout xml) will be part of the output
returned by this request. This value must be passed to your acquiring bank, and will indicate that the
customer’s payment details were provided by the MasterPass, rather than being manually entered. You may
need to work with your payment provider (acquirer, payment gateway, etc.) to understand how best to
handle this data element. In the event, your acquirer has not completed implementation of this element, your
transactions will continue to process as is. Contact Customer Support if you have questions.
The following message elements in the Dual Message System (Authorization and Clearing) and Single
Message System carry this WID Flag:
•
•
•
Dual Message System (Authorization)—Data element (DE) 48 (Additional Data—Private Data),
subelement 26 (Wallet Program Data), subfield 1 (Wallet Identifier)
Dual Message System (Clearing)—PDS 0207 (Wallet Identifier)
Single Message System—DE 48 (Additional Data), subelement 26 (Wallet Program Data), subfield
1 (Wallet Identifier)
Postback Service
NOTE: This is a mandatory step.
The final step of a MasterPass transaction is a service call from the merchant to MasterPass,
communicating the result of the transaction (success or failure). Abandoned transactions do not need to be
reported. Please note that the <TransactionId> value should be the value from the <TransactionId> element
of the Checkout XML returned in the Checkout request.
Request and response parameter details can be found here.
The following fields are passed in the postback service call:
•
ConsumerKey: Consumer key from checkout project
53
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
•
•
•
•
•
•
Currency: Currency for the transaction e.g. USD
OrderAmount: Transaction Order Amount e.g., 1500 (for $15 transaction amount)
PurchaseDate: Date of Purchase
ApprovalCode: 6-digit approval code returned by payment API.
TransactionId: Transaction ID from TransactionId element of the Checkout XML from the retrieve
payment, shipping, rewards and 3DS data service call for example, “35201”
TransactionStatus: Status of transaction. Valid values are
o SUCCESS: For approved transaction
o FAILURE: For declined transaction
Sandbox and Production Endpoints
https://sandbox.api.mastercard.com/masterpass/v6/transaction
https://api.mastercard.com/masterpass/v6/transaction
Android and iOS App Integration
Your Android or iOS application should invoke a backend service to initiate the OAuth authorization. On the
native application side, most of the work involves connecting to your backend services.
If you are integrating MasterPass for Android devices, set the android:targetSdkVersion value in your
application to 19 or higher. There will be significant MasterPass User Interface usability issues for users with
the latest devices and Android releases if this version is not declared. For more information on Android SDK
targets, refer to the <uses-sdk> page on the Android Developers site. To maintain your application along
with each Android release, you should increase the value of this attribute to match the latest API level.
The basic process for integrating the Android or iOS application is as follows:
1.
Perform a POST to ${server}/appToWallet/initialize with the shopping cart data in the POST
message
a.
The server will request the Request Token, post the shopping cart data to MasterPass
services and generate the Redirect URL.
b.
The server will pass the Redirect URL and the Callback URL back to the mobile
application.
2.
On a 200 response, save the Callback URL, and use the user Redirect URL to open a Web View
3.
Watch the Web View for navigation to the Callback URL.
4.
On navigation to the Callback URL,
a.
If the query parameter section of the Callback URL only contains the oauth_token, the
user did not complete selection in MasterPass. Return the user to the cart view, or
wherever your particular requirements dictate.
b.
If the query parameter of the Callback URL section contains information, parse out the
oauth_token, oauth_verifier, and checkout_resource parameter values, perform a string
replacement on the checkout_resource value to replace ‘/’ with ‘.’ and use these to
perform a GET
to${server}/appToWallet/checkoutInformation/${oauth_token}/${oauth_verifier}/${checkout
_resource}
c.
NOTE: Do not send the full PAN to the mobile device. This information should be stored
on the server similarly to the server/browser implementation.
54
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
5.
On a 200 response, use the returned information to produce a summary view for the user to give
final approval to the transaction (pursuant to your specific requirements.)
6.
After the consumer completes the transaction, the server should submit postback to MasterPass.
55
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
MasterPass - Branding
Displaying “Buy with MasterPass” Button and Acceptance Marks
The MasterPass acceptance mark and checkout button image URLs can be found below. To ensure the
best consumer experience, the checkout button should be placed at the earliest possible entrypoint, prior to
the collection of shipping and billing information.
To minimize the impact of future branding updates, please use the country specific link to the images on the
checkout page rather than downloading them and hosting the images locally. In order to successfully
integrate with MasterPass and enable successful checkout by an end-user consumer via the service, the
“Buy with MasterPass” checkout button must be integrated on the merchant website and displayed as noted
in the MasterPass Branding Requirements document available on MasterCard developer zone.
For all production button URLs and "Learn More" links, refer to the MasterPass™ Digital Assets – Buttons
and Learn More Links document.
The URL naming convention uses the base URL, Language Code (ISO 639-1), Country Code (ISO 3166and Button as shown below: Base URL/Language/Country/Image File Name
Base URL: https://www.mastercard.com/mc_us/wallet/img/
NOTE: The list of language/country folders can be found at
https://developer.mastercard.com/portal/display/api/MasterPass+-+Merchant+Checkout+-+FAQs under the
question, “Which countries and locales are currently supported to link 'Buy with MasterPass' images?”
Buy with MasterPass button Example:
Below is an example of how a Merchant can include the checkout button.
<div class="MasterPassBtnExample">
<a href="/exampleRedirect">
<img
src="https://www.mastercard.com/mc_us/wallet/img/en/US/mcpp_wllt_btn_chk_147x
034px.png" alt="Checkout with MasterPass Button Example" />
</a>
</div>
MasterPass Checkout Images
PNG Checkout Buttons
/mcpp_wllt_btn_chk_147x034px.png
/mcpp_wllt_btn_chk_160x037px.png
/mcpp_wllt_btn_chk_166x038px.png
/mcpp_wllt_btn_chk_180x042px.png
56
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
GIF Checkout Buttons
/mcpp_wllt_btn_chk_147x034px.gif
/mcpp_wllt_btn_chk_160x037px.gif
/mcpp_wllt_btn_chk_166x038px.gif
/mcpp_wllt_btn_chk_180x042px.gif
GIF Acceptance Marks
/mp_mc_acc_023px_gif.gif
/mp_mc_acc_030px_gif.gif
/mp_mc_acc_034px_gif.gif
/mp_mc_acc_038px_gif.gif
/mp_mc_acc_050px_gif.gif
/mp_mc_acc_065px_gif.gif
/mp_mc_acc_113px_gif.gif
PNG Checkout Buttons – High Resolution
/mcpp_wllt_btn_chk_290x068px.png
/mcpp_wllt_btn_chk_317x074px.png
/mcpp_wllt_btn_chk_326x076px.png
/mcpp_wllt_btn_chk_360x084px.png
GIF Checkout Buttons – High Resolution
/mcpp_wllt_btn_chk_290x068px.gif
/mcpp_wllt_btn_chk_317x074px.gif
/mcpp_wllt_btn_chk_326x076px.gif
/mcpp_wllt_btn_chk_360x084px.gif
GIF Acceptance Marks – High Resolution
/mp_acc_046px_gif.gif
/mp_acc_060px_gif.gif
/mp_acc_068px_gif.gif
/mp_acc_076px_gif.gif
/mp_acc_100px_gif.gif
/mp_acc_130px_gif.gif
/mp_acc_226px_gif.gif
Here are a few examples
U.S. English URL:
https://www.mastercard.com/mc_us/wallet/img/en/US/mcpp_wllt_btn_chk_147x034px.png
Canada French URL:
https://www.mastercard.com/mc_us/wallet/img/fr/CA/mcpp_wllt_btn_chk_147x034px.png
MasterPass “Learn More” page
In addition to the MasterPass checkout button and acceptance mark, MasterPass also requires merchants
to provide a link to “Learn More” page which can be used by the consumers to get additional information
about MasterPass. It is recommended that you place the link in close proximity to the “Buy with
MasterPass” button.
57
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
The “Learn More” page is available in multiple languages and can be accessed from the following link. For
the list of all available languages, refer to the MasterPass™ Digital Assets – Buttons and Learn More Links
document.
The following URLs contain examples of the “Learn More” page in various languages:
English - http://www.mastercard.com/mc_us/wallet/learnmore/en
Swedish - http://www.mastercard.com/mc_us/wallet/learnmore/se
French - http://www.mastercard.com/mc_us/wallet/learnmore/fr
Italian - http://www.mastercard.com/mc_us/wallet/learnmore/it
Spanish - http://www.mastercard.com/mc_us/wallet/learnmore/es
58
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Testing
MasterPass Sandbox Testing
Testing can be conducted in the sandbox environment, using the test consumer account. Your code must
gracefully handle the error states and scenarios listed below.
NOTE: You cannot add cards to a sandbox account. Only shipping addresses can be added to sandbox
accounts.
The accounts in the following table are shared by many sandbox testers. If you experience difficulty using
these accounts, wait at least 30 minutes and try again.
Sandbox Consumer
Account
Test Account 1
Login Email
Password
Security Question
Security Answer
[email protected]
abc123
Pet’s Name
fido
Test Account 2
[email protected]
abc123
Pet’s Name
fido
3DS Test - MasterCard
SecureCode
[email protected]
tester123
Pet’s Name
fido
3DS Test - Visa Verified
by Visa
[email protected]
tester123
Pet’s Name
fido
Use the “remember me” and “remember this device” options when testing so that you don’t have to rekey
the entire test account information every time you login to MasterPass.
Once you are redirected to the sandbox environment, select MasterPass wallet to sign-in to Sandbox
Consumer Wallet Account. Below is a quick walkthrough of the Wallet experience.
(Select) MasterPass Wallet
59
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Sign-in & Verify Your ID (Login email for Sandbox)
Select Payment & Shipping
3DS Test Cases
MasterCard SecureCode
Use the “3DS Test - MasterCard SecureCode” from the Sandbox Consumer Account table above to test
MasterCard and Maestro SecureCode 3DS functionality. The following table provides the expected outputs
for each of the Test Cases for MasterCard SecureCode.
60
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Once you have logged into the “3DS Test - MasterCard SecureCode” account, choose the Test Case Card
nickname that corresponds to the Test Case number from the table above for the Test Case that you would
like to test. For example, use the below Test Case 1 card to test TC# 1 from the MasterCard and Maestro
Test Cases table above.
61
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Verified by Visa
Use the “3DS Test - Visa Verified by Visa” Sandbox Consumer Account from the table above to test Visa’s
Verified by Visa 3DS functionality. The following table provides the expected outputs for each of the Test
Cases for Verified by Visa.
62
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Once you have logged into the “3DS Test - Visa Verified by Visa” account, choose the Test Case Card
nickname that corresponds to the Test Case number from the table above for the Test Case that you would
like to test. For example, use the below Test Case 1 card to test TC# 1 from the Visa Test table above.
63
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Q/A Checklist
Asset Placement
»
»
Verify your adherence to the MasterPass Branding Requirements document.
Verify that you are linking to (versus hosting your own) MasterPass visual assets
In-Wallet Experience
»
»
»
Verify that the consumer can only select card/addresses/rewards that are supported by the merchant
Verify shopping cart information is sent to MasterPass and is displayed.
Merchants requesting liability shift for MasterPass transactions should use Advanced Checkout within
MasterPass
Post Wallet Experience
»
»
After clicking the “Finish Shopping” button, verify the consumer is taken to a valid page.
Verify that MasterPass acceptance mark is displayed for all MasterPass transactions.
64
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
»
Verify that your code handles the return of a consumer with an expired request token. NOTE: The
Request Token is valid for 15 minutes therefore if the process is not completed within the timeout, the
request token will expire and the checkout will need to be restarted.
Ensure you are decoding and consuming the checkout_resource_url as provided by MasterPass
Verify that your code is able to parse and ingest the returned data.
Verify that any post-Wallet page has a clear call to action (e.g. select preferred shipping method),
versus simply having the consumer review the data they just selected in the Wallet.
Verify that consumer is not required to enter CVC/CVV in order to complete the transaction.
Verify that the card PAN has not been provided to any entity that does not have the appropriate security
in place for storage and transmission of card data (per PCI guidelines).
Verify that if merchants are provided with the PAN, this value is not displayed on-screen.
Verify that your system can handle the PostalCode element of up to nine characters; this element is
sent by MasterPass as part of the BillingAddress and the ShippingAddress elements in checkout XML.
»
»
»
»
»
»
»
Postback
»
Verify that the transaction id submitted as part of a postback was sourced from the associated
MasterPass transaction.
Verify that the transaction result (Postback) is reported immediately after card authorization.
»
General
» Ensure you are coding to DNS and not to IP addresses for our urls or endpoints.
Troubleshooting
Troubleshooting
If you get “Error 400” when calling MasterPass web services
»
»
Verify Authorization header is not missing from the request
Verify Authorization header has the following:
–
–
–
–
–
–
–
–
Signature
Consumer Key (exists and correct length)
Nonce
Signature Method
Timestamp
Callback URL (Request Token call only)
oauth_verifier (Access Token call only)
oauth_token (Access Token call only)
If you get “Error 401” when calling MasterPass web services
»
Verify that you are passing the Access Token in the get CheckoutXML call.
If you get “Error 403 - Forbidden” when calling MasterPass services
»
»
Verify correct credentials or correct environment (i.e., sandbox credentials with the prod URL)
Verify timestamp
If you get “Error 500” when calling MasterPass web services
65
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
»
»
»
»
Verify oauth_body_hash exists and is correct (Post Transaction call only)
Verify Content-Type HTTP header is being sent
Verify correct private key
Verify signature is readable (example, encoded incorrectly)
Support
Please refer to the FAQs at https://developer.mastercard.com/portal/display/api/MasterPass++Merchant+Checkout+-+FAQs.
If you have any questions or comments relating to MasterPass merchant testing, contact the implementation
manager assigned to work with you on this implementation. If you don’t have an assigned implementation
manager, send an email—with the following information (as applicable)—to
[email protected]:
•
•
•
•
•
•
•
•
•
•
•
•
Merchant/Service Provider Name
Email Address
Country/Region
Onboarding Model (Direct Merchant, Service Provider Merchant-by-Merchant or Service Provider
File and API Onboarding)
Environment of Integration (Sandbox or Production)
Checkout Version and Checkout Identifier
Consumer Key
Postback Details (Amount, Date and Time of recent Checkout)
Detailed description of the issue, including expected and actual test results (if applicable)
Error Message(s)
Screenshot(s)
Exact Timestamp
66
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Appendix
Lightbox Parameters
Lightbox Parameters invoked on clicking Buy with MasterPass or Connect with MasterPass button.
Parameter name
allowedCardTypes
string[]
O
Connect
Checkout
Card security
Data type
O = Optional; R = Required; A = Automatically populated
Description
This parameter restricts the payment
methods that may be selected based on
card brand. Omit this parameter to
allow all payment methods. Here are the
valid values for different card types
MasterCard: master
Maestro: maestro
American Express: amex
Discover: discover
Diners: diners
Visa: visa
JCB: jcb
loyaltyEnabled
bool
O
This parameter defines if the merchant
is requesting consumer’s loyalty details
from MasterPass for the transaction.
Valid values are true / false
shippingLocationProfile
string[]
O
This parameter defines Merchant’s
Shipping Profile(s) for the transaction
that they set in their account.
callbackUrl
string
O O O This defines the base URL to which the
browser is redirected to upon successful
or failed completion of the flow if there
is no appropriate callback function
available.
67
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
failureCallback
function
O O O This defines the function to be called
when the flow ends in failure.
merchantCheckoutId
string
R
requestToken
suppressShippingAddressEnable
string
Bool
successCallback
function
Refer to the SDK for more examples
This is the checkout identifier which is
used to identify the merchant and their
checkout branding.
R R R This is an OAuth token.
O
When set to “true,” the consumer
placing the order through MasterPass
Wallet will not provide a shipping
address (for example, when the
consumer purchases digital goods).
When set to “false,” the consumer
placing the order through MasterPass
Wallet must provide a shipping address.
O O O This defines the function to be called
when the flow ends in success.
R
R
OAuth Samples
Request Token
Request Token Parameters
request_token
Request
oauth_callback
X
oauth_signature
X
oauth_version
X
oauth_nonce
X
oauth_signature_method
X
oauth_consumer_key
X
oauth_timestamp
X
realm
X
request_token
Response
oauth_token
X
oauth_callback_confirmed
X
oauth_expires_in
X
oauth_token_secret
X
68
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
X
xoauth_request_auth_url
Request Parameter Details
Request Token—Request
Signature Base String
Authorization Header
Description
oauth_callback
Endpoint that will handle the transition from
the wallet site to the merchant checkout
page
Variable
oauth_signature
RSA/SHA1 signature generated from the
signature base string
Variable
oauth_version
oAuth version
1.0
oauth_nonce
Unique alphanumeric string generated from
code
Variable
oauth_signature_method
oAuth signature method.
RSASHA1
oauth_consumer_key
Consumer Key generated when creating a
checkout project on MasterPass Merchant
portal
Variable
oauth_timestamp
Current timestamp
Variable
realm
Used to differentiate between our mobile
and full site. Currently not used.
eWallet
Request Token—Response
Oauth Token
oauth_token
Description
oauth_token is sent in the signature base
string, authorization header and redirect
URL
Possible
Values
Variable
Variable
oauth_callback_confirmed
Request Token
Possible
Values
oauth_expires_in
Time the Request Token expires in seconds
Variable
oauth_token_secret
Oauth Secret
Variable
xoauth_request_auth_url
Authorize URL
Variable
Signature Base String Example
POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Foauth%2Fconsumer%2Fv1%2Freque
st_token&oauth_callback%3Dhttp%253A%252F%252Fprojectabc.com%252Fmerchant%252F
Callback.jsp%26oauth_consumer_key%3DZGho8Df8vqWIpGCIu559HYriL093IBXdJeKavp4dce9db2a%25216464586653467358724b616c744754454433
49466a413d3d%26oauth_nonce%3D1143452272881219%26oauth_signature_method%3DRSASHA1%26oauth_timestamp%3D1339612030%26oauth_version%3D1.0
HTTP Request Example
POST /oauth/consumer/v1/request_token HTTP/1.1
Authorization: OAuth
oauth_callback="http%3A%2F%2Fprojectabc.com%2Fmerchant%2FCallback.jsp",oauth_
signature="pzNogGtgShe16%2FwhP4CsTRXkgJ1mv%2FKm6do5ZVi6doKzAJZ0m8QqhiERi5lRup
hdyUkhW8LKdUL1TetPdxm32Vtr%2BQGF6n6IBjr8dGcyYmfaLyAYVhF%2Fx5oQhUDVpdXIc10dJ0m
iUwZPbJ1QopN3ibeOzvgNxhEiHYKVnpvYEhc%3D",oauth_version="1.0",oauth_nonce="114
3452272881219",oauth_signature_method="RSASHA1",oauth_consumer_key="ZGho8Df8vqWIpGCIu559HYriL093IBXdJeKavp4dce9db2a%216464586653467358724b616c74475445443349
466a413d3d",oauth_timestamp="1339612030",realm="eWallet"
69
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
HTTP Response Example
oauth_callback_confirmed=true&oauth_expires_in=900&oauth_token=a02c5c5c1a128c2
cebc650ea9aa3dfb7&oauth_token_secret=c2daaf0888779d82bd63524159bee91f&xoauth_r
equest_auth_url=https%3A%2F%2Fsandbox.masterpass.com%2Fonline%2FCheckout%2FAut
horize
Merchant Initialization Service
Merchant Initialization Parameters
Merchant
Initialization
resource
Request
oauth_signature
X
oauth_version
X
oauth_nonce
X
oauth_signature_method
X
oauth_consumer_key
X
oauth_timestamp
X
realm
X
oauth_body_hash
X
oauth_token
X
Merchant Initialization Request
XML
Merchant Initialization Response
XML
X
Merchant
Initialization
Resource
Response
X
Merchant Initialization Request Parameter Details
Merchant Initialization Resource—Request
Signature Base String
Description
Possible
Values
oauth_signature
RSA/SHA1 signature generated from the
signature base string
Variable
oauth_version
Oauth version.
1.0
oauth_nonce
Unique alphanumeric string generated from
code
Variable
oauth_signature_method
oauth signature method.
RSASHA1
oauth_consumer_key
Consumer Key generated when creating a
checkout project on MasterPass Merchant
portal
Variable
oauth_timestamp
Current timestamp
Variable
oauth_token
Request token
Variable
Authorization Header
70
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Merchant Initialization
Request XML
MerchantInitializationRequest
XML
Merchant Initialization Resource—Response
Oauth Token
oauth_token
Merchant Initialization details
Description
oauth_token is sent in the request
Possible
Values
Variable
Signature Base String Example
POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Fmasterpass%2Fv6%merchantinitial
ization&oauth_body_hash%3D8K9uhveZjVdZW8AIYiXpR70KCtk%253D%26oauth_consumer_key
%3DcLb0tKkEJhGTITp_6ltDIibO5Wgbx4rIldeXM_jRd4b0476c%2521414f4859446c4a366c726a3
27474695545332b353049303d%26oauth_nonce%3DDEAEB1CD-CA03-405D-A7B4B4263CB5A305%26oauth_signature_method%3DRSASHA1%26oauth_timestamp%3D1380049711%26oauth_version%3D1.0
HTTP Request Example
POST /masterpass/v6/merchant-initialization HTTP/1.1
Authorization: OAuth
realm="eWallet",oauth_consumer_key="cLb0tKkEJhGTITp_6ltDIibO5Wgbx4rIldeXM_jRd4b
0476c%21414f4859446c4a366c726a327474695545332b353049303d",oauth_signature_metho
d="RSA-SHA1",oauth_nonce="DEAEB1CD-CA03-405D-A7B4B4263CB5A305",oauth_timestamp="1380049711",oauth_version="1.0",oauth_body_hash=
"8K9uhveZjVdZW8AIYiXpR70KCtk%3D",oauth_signature="IdV4%2FREyJ7nAXK%2FYvuJ2BtO4C
8t6PlW8xTrDob0WzWJ5%2FRBOPDj534Sm7oPdojivWTGOLAcZq3kbVF6rwrsjGFWlNJITXt3HT3zrav
b02oqTrVQH3Zlx5fi4o0u2xxqrDwHZvbhjPgwByBRmE%2FoTw2l9H%2FznSn45xcS1eJPa%2FGI%3D"
XML
V6/merchant-initialization—XML Schema Request
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="MerchantInitializationRequest"
type="MerchantInitializationRequest"/>
<xs:complexType name="MerchantInitializationRequest">
<xs:sequence>
<xs:element name="OAuthToken" type="xs:string"/>
<xs:element name="PreCheckoutTransactionId" type="xs:string"
maxOccurs="1" minOccurs="0"/>
<xs:element name="OriginUrl" type="xs:string" />
<xs:element name="ExtensionPoint"
type="MerchantInitializationExtension" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:element name="MerchantInitializationExtension"
type="MerchantInitializationExtension"/>
<xs:complexType name="MerchantInitializationExtension">
<xs:sequence>
<xs:element name="SecondaryOriginUrl" type="xs:string"
minOccurs="0"/>
71
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
</xs:sequence>
</xs:complexType>
URL: https://api.mastercard.com/masterpass/v6/merchant-initialization — Sample Request
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantInitializationRequest>
<OAuthToken>oauth_demo_token4sj4x6f1eqka2ib2f1nzd1ib2ivvjx16a</OAuthToken>
<OriginUrl>http://localhost:8080</OriginUrl>
<ExtensionPoint>
<SecondaryOriginUrl>http://localhost:8080</SecondaryOriginUrl>
</ExtensionPoint>
</MerchantInitializationRequest>
V6/merchant-initialization -XML Schema Response
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="MerchantInitializationResponse"
type="MerchantInitializationResponse"/>
<xs:complexType name="MerchantInitializationResponse">
<xs:sequence>
<xs:element name="OAuthToken" type="xs:string"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ExtensionPoint">
<xs:sequence>
<xs:any maxOccurs="unbounded" processContents="lax" namespace="##any" />
</xs:sequence>
<xs:anyAttribute />
</xs:complexType>
</xs:schema>
V6/ MerchantInitialization -Sample Response
<MerchantInitializationResponse>
<OAuthToken>4c7b34cc63a68282bba77a4b34f0192fcb2268fb</OAuthToken>
</MerchantInitializationResponse>
V6 - MerchantInitializationRequest XML Details
MerchantInitializationRequest
XML
MerchantInitializationRequest
Element
Description
MerchantInitializationRequest
Root Element
OAuthToken
Request Token (oauth_token)
returned by call to the
request_token API
Type
Min–
Max
XML
-
72
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
MerchantInitializationRequest
XML
ExtensionPoint
MerchantInitializationResponse
XML
Description
Type
Min–
Max
PreCheckoutTransactionID
Identifies pre-checkout
transaction. Returned from get
pre-checkout data call;
Optional
string
NA
OriginUrl
Identifies the URL of the page
that will initialize the Lightbox.
string
NA
ExtensionPoint
Reserved for future
enhancement. Optional
Any
SecondaryOriginUrl
Identifies the domain URL of
the outer/parent web page.
This optional field should only
be used when the Lightbox will
be invoked from a frame that’s
on a merchant site, and when
that frame is of a different
domain than that of the
merchant site, like for a
service provider.
string
NA
Description
Type
Min–
Max
OAuthToken
Request Token (oauth_token)
returned by call to the
request_token API
XML
-
ExtensionPoint
Reserved for future
enhancement. Optional
Any
-
Element
Element
ExtensionPoint Elements
Starting with API v6, all schema container elements contain a new optional element named
“ExtensionPoint”. These elements are intended to provide expandability of the API without requiring a new
major version. These elements are defined to contain a sequence of “xs:any”, meaning that any XML
content can be contained within the element. In order to ensure future expandability, all integrators must not
perform any validation of elements received inside an ExtensionPoint element, beyond any that may be
defined by MasterPass in the future with a separate schema. Any such extensions will be optional. Further,
only authorized schemas will be allowed inside ExtensionPoint elements, and any unknown elements will be
dropped by MasterPass.
ExtensionPoint — Sample
<ExtensionPoint>
<s:SampleExtension
xmlns:s=”https://www.masterpass.com/location/of/example/ns”>
<s:SampleField>Sample Value</s:SampleField>
</s:SampleExtension>
<f:AnotherExampleExtension
xmlns:f=”https://www.masterpass.com/location/of/example2/ns>
<f:SampleContainer>
<f:AnotherSampleField>Sample
73
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Value</f:AnotherSampleField>
</f:SampleContainer>
</f:AnotherExampleExtension>
</ExtensionPoint>
Shopping Cart Service
Shopping Cart Parameters
Shopping
Cart
Request
oauth_signature
X
oauth_version
X
oauth_nonce
X
oauth_signature_method
X
oauth_consumer_key
X
oauth_timestamp
X
oauth_body_hash
oauth_token
Shopping Cart Request XML
X
X
X
Shopping
Cart
Response
Shopping Cart Response XML
X
X
Shopping Cart Parameter Details
Shopping Cart—Request
Signature Base String
Authorization Header
Description
Possible
Values
oauth_signature
RSA/SHA1 signature generated from the
signature base string
Variable
oauth_version
Oauth version
1.0
oauth_nonce
Unique alphanumeric string generated
from code
Variable
oauth_signature_method
oauth signature method
RSASHA1
oauth_consumer_key
Consumer Key generated when creating a
checkout project on MasterPass Merchant
portal
Variable
oauth_timestamp
Current timestamp
Variable
oauth_body_hash
SHA1 hash of the message body
Variable
Oauth Token
oauth_token
oauth_token is sent in the signature base
string, authorization header and redirect
URL
Variable
Transfer XML Strings
Shopping Cart Request XML
Merchant Shopping Cart details
Shopping Cart—Response
Oauth Token
oauth_token
Transfer XML Strings
Shopping Cart Response XML
Description
oauth_token is sent in the signature base
string, authorization header and redirect
URL
Possible
Values
Variable
74
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Signature Base String Example
POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Fmasterpass%2Fv6%2Fshopping-cart
&oauth_body_hash%3D8K9uhveZjVdZW8AIYiXpR70KCtk%253D%26oauth_consumer_key%3DcLb0
tKkEJhGTITp_6ltDIibO5Wgbx4rIldeXM_jRd4b0476c%2521414f4859446c4a366c726a32747469
5545332b353049303d%26oauth_nonce%3DDEAEB1CD-CA03-405D-A7B4B4263CB5A305%26oauth_signature_method%3DRSASHA1%26oauth_timestamp%3D1380049711%26oauth_version%3D1.0
HTTP Request Example
POST /masterpass/v6/shopping-cart HTTP/1.1
Authorization: OAuth
realm="eWallet",oauth_consumer_key="cLb0tKkEJhGTITp_6ltDIibO5Wgbx4rIldeXM_jRd4b
0476c%21414f4859446c4a366c726a327474695545332b353049303d",oauth_signature_metho
d="RSA-SHA1",oauth_nonce="DEAEB1CD-CA03-405D-A7B4B4263CB5A305",oauth_timestamp="1380049711",oauth_version="1.0",oauth_body_hash=
"8K9uhveZjVdZW8AIYiXpR70KCtk%3D",oauth_signature="IdV4%2FREyJ7nAXK%2FYvuJ2BtO4C
8t6PlW8xTrDob0WzWJ5%2FRBOPDj534Sm7oPdojivWTGOLAcZq3kbVF6rwrsjGFWlNJITXt3HT3zrav
b02oqTrVQH3Zlx5fi4o0u2xxqrDwHZvbhjPgwByBRmE%2FoTw2l9H%2FznSn45xcS1eJPa%2FGI%3D"
Shopping Cart V6—XML Schema
<xs:complexType name="ShoppingCart">
<xs:sequence>
<xs:element name="CurrencyCode" type="xs:string"/>
<xs:element name="Subtotal" type="xs:long"/>
<xs:element name="ShoppingCartItem" type="ShoppingCartItem" minOccurs="0"
maxOccurs="unbounded"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ShoppingCartItem">
<xs:sequence>
<xs:element name="Description" type="xs:string"/>
<xs:element name="Quantity" type="xs:long"/>
<xs:element name="Value" type="xs:long"/>
<xs:element name="ImageURL" type="xs:string" minOccurs="0"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ShoppingCartRequest">
<xs:sequence>
<xs:element name="OAuthToken" type="xs:string"/>
<xs:element name="ShoppingCart" type="ShoppingCart"/>
<xs:element name="OriginUrl" type="xs:string" minOccurs="0"/>
<xs:element name="ExtensionPoint" type="ShoppingCartRequestExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:element name="ShoppingCartRequestExtensionPoint" type="ShoppingCartRequestExtensionPoint"/>
<xs:complexType name="ShoppingCartRequestExtensionPoint">
<xs:sequence>
<xs:element name="SecondaryOriginUrl" type="xs:string" minOccurs="0"/>
75
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
</xs:sequence>
<xs:anyAttribute/>
</xs:complexType>
<xs:element name="ExtensionPoint" type="ExtensionPoint"/>
<xs:complexType name="ExtensionPoint">
<xs:sequence>
<xs:any maxOccurs="unbounded" processContents="lax" namespace="##any"/>
</xs:sequence>
<xs:anyAttribute/>
</xs:complexType>
Shopping Cart V6 XML Details
ShoppingCartRequest
ExtensionPoint
Element
Description
Type
Min–
Max
OAuthToken
Request Token (oauth_token) returned by
call to the request_token API
String
Variable
ShoppingCart
Merchant Shopping Cart details.
XML
-
OriginUrl
Identifies the URL of the page that will
initialize the lightbox.
String
Variable
ExtensionPoint
Reserved for future enhancement. Optional
Any
-
String
NA
CurrencyCode
Defined by ISO 4217 to be exactly three
characters, such as, USD for US Dollars. All
MonetaryValues will be modified by the
CurrencyCode
Alpha
3
SecondaryOriginUrl
Identifies the domain URL of the
outer/parent web page. This optional field
should only be used when the Lightbox will
be invoked from a frame that’s on a
merchant site, and when that frame is of a
different domain than that of the merchant
site, like for a service provider.
Subtotal
Total sum of all the items in the cart
excluding shipping, handling and tax. Integer
without the decimal e.g. $119.00 USD will
be 11900.
Integer
1-12
ShoppingCart
ShoppingCartItem
Details of a single shopping cart item.
XML
-
ShoppingCartItem
Description
Describes a single shopping cart item.
String
1-100
Quantity
Number of a single shopping cart item.
Integer
1-12
Value
Price or monetary value of a single shopping
cart item. Cost * Quantity. Integer without
decimal e.g., $100.00 is 10000.
Integer
1-12
ImageURL
Link to shopping cart item image. URLs
must be HTTPS, and not HTTP.
String
0-2000
ExtensionPoint
Reserved for future enhancement. Optional
Any
-
ShoppingCartResponse
Element
Description
Type
Min–
Max
OAuthToken
Request Token (oauth_token) returned by
call to the request_token API
String
Variable
ExtensionPoint
Reserved for future enhancement. Optional
Any
-
Shopping Cart Request XML—Sample
<?xml version="1.0" ?>
<ShoppingCartRequest>
76
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<OAuthToken>f7f16d8462a9424365498afade20caaa</OAuthToken>
<ShoppingCart>
<CurrencyCode>USD</CurrencyCode>
<Subtotal>11900</Subtotal>
<ShoppingCartItem>
<Description>This is one item</Description>
<Quantity>1</Quantity>
<Value>1900</Value>
</ShoppingCartItem>
<ShoppingCartItem>
<Description>Five items</Description>
<Quantity>5</Quantity>
<Value>10000</Value>
<ImageURL>https://somemerchant.com/someimage</ImageURL>
</ShoppingCartItem>
</ShoppingCart>
<OriginUrl>https://somemerchant.com</OriginUrl>
</ShoppingCartRequest>
Shopping Cart Request XML with Optional SecondaryOriginUrl Field—Sample
<?xml version="1.0" ?>
<ShoppingCartRequest>
<OAuthToken>oauth_demo_token4sj4x6f1eqka2ib2f1nzd1ib2imvce151</OAuthTo
ken>
<ShoppingCart>
<CurrencyCode>USD</CurrencyCode>
<Subtotal>2500</Subtotal>
<ShoppingCartItem>
<Description>Apple MacBook Pro MD101LL/A 13.3-Inch
Laptop</Description>
<Quantity>1</Quantity>
<Value>2500</Value>
<ImageURL>http://ecx.imagesamazon.com/images/I/41t0EjbJXYL._SL500_SS100_.jpg</ImageU
Im>
</ShoppingCartItem>
</ShoppingCart>
<OriginUrl>http://localhost:8080</OriginUrl>
<ExtensionPoint>
<SecondaryOriginUrl>http://localhost:8080</SecondaryOriginUrl>
</ExtensionPoint>
</ShoppingCartRequest>
Shopping Cart Response XML—Sample
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ShoppingCartResponse>
<OAuthToken>a747f7e7c2e0c3048843f640b92806c8</OAuthToken>
77
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
</ShoppingCartResponse>
Shopping Cart-XML Response Schema
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="ShoppingCartResponse" type="ShoppingCartResponse"/>
<xs:complexType name="ShoppingCartResponse">
<xs:sequence>
<xs:element name="OAuthToken" type="xs:string" />
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0" />
</xs:sequence>
</xs:complexType>
<xs:complexType name="ExtensionPoint">
<xs:sequence>
<xs:any maxOccurs="unbounded" processContents="lax"
namespace="##any" />
</xs:sequence>
<xs:anyAttribute />
</xs:complexType>
</xs:schema>
HTTP Response Example
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ShoppingCartResponse>
<OAuthToken>93dcec2e58e1bee050301bb2ee7d9331</OAuthToken>
</ShoppingCartResponse>
Access Token Service
Access Token Parameters
access_token
Request
oauth_signature
X
oauth_version
X
oauth_nonce
X
oauth_signature_method
X
oauth_consumer_key
X
oauth_timestamp
X
realm
X
oauth_token
X
oauth_expires_in
access_token
Response
X
X
78
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
oauth_token_secret
X
xoauth_request_auth_url
X
X
oauth_verifier
Access Token Parameter Details
Access Token—Request
oauth_signature
Signature Base String
Authorization Header
oauth_version
oauth_nonce
oauth_signature_method
oauth_consumer_key
oauth_timestamp
realm
oauth_verifier
oauth_token
Description
RSA/SHA1 signature generated from the
signature base string
Oauth version.
Unique alphanumeric string generated
from code
oauth signature method
Consumer Key generated when creating a
checkout project on MasterPass Merchant
portal
Current timestamp
Used to differentiate between our mobile
and full site. Currently not used.
Verifier is returned on the callback and
used in the access token request
oAuth token obtained from request token
call
Access Token—Response
Oauth Token
Request Token
oauth_token
oauth_expires_in
oauth_token_secret
Description
oauth_token is sent in the signature base
string, authorization header and redirect
URL
Time the Request Token expires in
seconds
Oauth Secret
Possible
Values
Variable
1.0
Variable
RSASHA1
Variable
Variable
eWallet
Variable
Possible
Values
Variable
900
Variable
Signature Base String Example
POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Foauth%2Fconsumer%2Fv1%2Faccess_t
oken&oauth_callback%3Dhttp%253A%252F%252Fprojectabc.com%252Fmerchant%252FCallbac
k.jsp%26oauth_consumer_key%3DZGho8Df8vqWIpGCIu559HYriL093IBXdJeKavp4dce9db2a%25216464586653467358724b616c744754454433494
66a413d3d%26oauth_nonce%3D1144858422275061%26oauth_signature_method%3DRSASHA1%26oauth_timestamp%3D1339613436%26oauth_token%3Da02c5c5c1a128c2cebc650ea9aa3
dfb7%26oauth_verifier%3D96782690ce6289d0faf45be777d2d86f%26oauth_version%3D1.0
HTTP Request Example
POST /oauth/consumer/v1/access_token HTTP/1.1
Authorization: OAuth
oauth_callback="http%3A%2F%2Fprojectabc.com%2Fmerchant%2FCallback.jsp",oauth_sig
nature="OKcp2KmzUEr8kqs%2F7m2ePV6uJ30n786AnZ0kvJSNGV4Q8%2FP3%2Bs7lqv7YIk0yb2h0fU
TC7gSHsfJwmCCk4ES%2FlWVIpSRmVxotgLacxj%2FXI08DS0BZ0XMZZIkhY5Dcg775U3Re4GRN4xa9vm
bztOBd%2BKkNyFIw35To22N1ZUHrYpI%3D",oauth_version="1.0",oauth_nonce="11448584222
75061",oauth_signature_method="RSA-SHA1",oauth_consumer_key="ZGho8Df8vqWIpGCIu559HYriL093IBXdJeKavp4dce9db2a%216464586653467358724b616c74475445443349466
a413d3d",oauth_token="a02c5c5c1a128c2cebc650ea9aa3dfb7",oauth_verifier="96782690
ce6289d0faf45be777d2d86f",oauth_timestamp="1339613436",realm="eWallet"
79
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
HTTP Response Example
oauth_token=9429f23bd08f992c41fb5ddabcc03ecd&oauth_token_secret=cd1ab178419c2111
fb1171083f5dc8d9
Checkout Resource
Checkout Parameters
Checkout
resource
Request
oauth_signature
X
oauth_version
X
oauth_nonce
X
oauth_signature_method
X
oauth_consumer_key
X
oauth_timestamp
X
realm
X
oauth_token
X
Checkout
Resource
Response
Used as endpoint
checkout_resource_url
X
Checkout XML
Checkout Parameter Details
Checkout Resource—Request
oauth_signature
Signature Base String
Authorization Header
oauth_version
oauth_nonce
oauth_signature_method
oauth_consumer_key
oauth_timestamp
realm
oauth_verifier
Checkout Resource—Response
Oauth Token
Transfer XML Strings
oauth_token
Checkout XML
Description
RSA/SHA1 signature generated from the
signature base string
Oauth version.
Unique alphanumeric string generated
from code
oauth signature method.
Consumer Key generated when creating a
checkout project on MasterPass Merchant
portal
Current timestamp
Used to differentiate between our mobile
and full site. Currently not used.
Verifier is returned on the callback and
used in the access token request
Description
oauth_token is sent in the signature base
string, authorization header and redirect
URL
Details of the Checkout
Possible
Values
Variable
1.0
Variable
RSASHA1
Variable
Variable
eWallet
Possible
Values
Variable
Signature Base String Example
GET&https%3A%2F%2Fsandbox.api.mastercard.com%2Fmasterpass%2Fv6%2Fcheckout%2F3494
84&oauth_consumer_key%3DcLb0tKkEJhGTITp_6ltDIibO5Wgbx4rIldeXM_jRd4b0476c%2521414
f4859446c4a366c726a327474695545332b353049303d%26oauth_nonce%3D25780242027605
80
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1380053717
%26oauth_token%3Dc531cce64ca2d88ecb223a8a37afe98e%26oauth_version%3D1.0
HTTP Request Example
GET /masterpass/v6/checkout/4400 HTTP/1.1
Authorization: OAuth
oauth_signature="CKs9xjeHksuVNKotsRmoOG0Rwmveoc2dTqnNw8IwlsZeG1ZNkVrPsTjde32YBndHR
7iLFvujrY1GJRFsWHFeQGVFbCidGUVbOwtDtm5ArJPTIbedw21GhhXGWRrRpjh3ZhHLDOdSxtxjSCJaHF
QkfGyq%2B0DHhMLLYizIzbH8%2Fp0%3D",oauth_version="1.0",oauth_nonce="25780242027605",oau
th_signature_method="RSASHA1",oauth_consumer_key="cLb0tKkEJhGTITp_6ltDIibO5Wgbx4rIldeXM_jRd4b0476c%21414f
4859446c4a366c726a327474695545332b353049303d",oauth_token="c531cce64ca2d88ecb223a
8a37afe98e",oauth_timestamp="1380053717",realm="eWallet"
Checkout XML
V6/Checkout-XML Schema
URL: https://api.mastercard.com/masterpass/v6/checkout/
The checkout resource url supplied by MasterPass should be decoded and consumed by the merchant as
provided by MasterPass. MasterPass may add or delete parameters in future
Examples of decoded url:
checkout_resource_url=https://api.mastercard.com/masterpass/v6/checkout/11318500&checkoutId=113185
00
checkout_resource_url=https://api.mastercard.com/masterpass/v6/checkout/11318501
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="Checkout" type="Checkout"/>
<xs:complexType name="Checkout">
<xs:sequence>
<xs:element name="Card" type="Card"/>
<xs:element name="TransactionId" type="xs:string"/>
<xs:element name="Contact" type="Contact"/>
<xs:element name="ShippingAddress" type="ShippingAddress"
minOccurs="0"/>
<xs:element name="AuthenticationOptions"
type="AuthenticationOptions" minOccurs="0"/>
<xs:element name="RewardProgram" type="RewardProgram"
minOccurs="0"/>
<xs:element name="WalletID" type="xs:string"/>
<xs:element name="PreCheckoutTransactionId" type="xs:string"
minOccurs="0"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
81
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<xs:complexType name="AuthenticationOptions">
<xs:sequence>
<xs:element name="AuthenticateMethod" type="xs:string"
minOccurs="0"/>
<xs:element name="CardEnrollmentMethod" type="xs:string"
minOccurs="0"/>
<xs:element name="CAvv" type="xs:string" minOccurs="0"/>
<xs:element name="EciFlag" type="xs:string" minOccurs="0"/>
<xs:element name="MasterCardAssignedID" type="xs:string"
minOccurs="0"/>
<xs:element name="PaResStatus" type="xs:string" minOccurs="0"/>
<xs:element name="SCEnrollmentStatus" type="xs:string"
minOccurs="0"/>
<xs:element name="SignatureVerification" type="xs:string"
minOccurs="0"/>
<xs:element name="Xid" type="xs:string" minOccurs="0"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="Card">
<xs:sequence>
<xs:element name="BrandId" type="NonEmptyString"/>
<xs:element name="BrandName" type="NonEmptyString"/>
<xs:element name="AccountNumber" type="NonEmptyString"/>
<xs:element name="BillingAddress" type="Address"/>
<xs:element name="CardHolderName" type="NonEmptyString"/>
<xs:element name="ExpiryMonth" type="Month" minOccurs="0"/>
<xs:element name="ExpiryYear" type="Year" minOccurs="0"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="Address">
<xs:sequence>
<xs:element name="City" type="NonEmptyString"/>
<xs:element name="Country" type="Country"/>
<xs:element name="CountrySubdivision" type="NonEmptyString"
minOccurs="0"/>
<xs:element name="Line1" type="NonEmptyString"/>
<xs:element name="Line2" type="NonEmptyString" minOccurs="0"/>
<xs:element name="Line3" type="NonEmptyString" minOccurs="0"/>
<xs:element name="PostalCode" type="NonEmptyString"
minOccurs="0"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="Contact">
<xs:sequence>
<xs:element name="FirstName" type="NonEmptyString"/>
<xs:element name="MiddleName" minOccurs="0">
82
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:minLength value="1"/>
<xs:maxLength value="150"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="LastName" type="NonEmptyString"/>
<xs:element name="Gender" type="Gender" minOccurs="0"/>
<xs:element name="DateOfBirth" type="DateOfBirth"
minOccurs="0"/>
<xs:element name="NationalID" minOccurs="0">
<xs:simpleType>
<xs:restriction base="xs:string">
<xs:minLength value="1"/>
<xs:maxLength value="150"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="Country" type="Country"/>
<xs:element name="EmailAddress" type="EmailAddress"/>
<xs:element name="PhoneNumber" type="xs:string"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="DateOfBirth">
<xs:sequence>
<xs:element name="Year">
<xs:simpleType>
<xs:restriction base="xs:int">
<xs:minInclusive value="1900"/>
<xs:pattern value="\d{4}"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="Month" type="Month"/>
<xs:element name="Day">
<xs:simpleType>
<xs:restriction base="xs:int">
<xs:minInclusive value="1"/>
<xs:maxInclusive value="31"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="Gender">
<xs:restriction base="xs:token">
<xs:enumeration value="M"/>
83
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<xs:enumeration value="F"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="ShippingAddress">
<xs:complexContent>
<xs:extension base="Address">
<xs:sequence>
<xs:element name="RecipientName" type="NonEmptyString"/>
<xs:element name="RecipientPhoneNumber"
type="xs:string"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<xs:complexType name="RewardProgram">
<xs:sequence>
<xs:element name="RewardNumber" type="xs:string"/>
<xs:element name="RewardId" type="xs:string"/>
<xs:element name="RewardName" type="xs:string" minOccurs="0"/>
<xs:element name="ExpiryMonth" type="Month" minOccurs="0"/>
<xs:element name="ExpiryYear" type="Year" minOccurs="0"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="NonEmptyString">
<xs:restriction base="xs:string">
<xs:minLength value="1"/>
<xs:whiteSpace value="collapse"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="Country">
<xs:restriction base="xs:string">
<xs:pattern value="[A-Z]{2}"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="EmailAddress">
<xs:restriction base="xs:string">
<xs:pattern value="[A-Za-z0-9!#-'\*\+\-/=\?\^_`\{-~]+(\.[A-Zaz0-9!#-'\*\+\-/=\?\^_`\{-~]+)*@[A-Za-z0-9!#-'\*\+\-/=\?\^_`\{-~]+(\.[A-Zaz0-9!#-'\*\+\-/=\?\^_`\{-~]+)*"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="Month">
<xs:restriction base="xs:int">
<xs:minInclusive value="1"/>
<xs:maxInclusive value="12"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="Year">
<xs:restriction base="xs:int">
<xs:minInclusive value="2013"/>
84
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<xs:pattern value="\d{4}"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="ExtensionPoint">
<xs:sequence>
<xs:any maxOccurs="unbounded" processContents="lax"
namespace="##any"/>
</xs:sequence>
<xs:anyAttribute/>
</xs:complexType>
</xs:schema>
V6/Checkout -Sample Response
URL: https://api.mastercard.com/online/v6/checkout/512345
<Checkout>
<Card>
<BrandId>master</BrandId>
<BrandName>MasterCard</BrandName>
<AccountNumber>5435579315709649</AccountNumber>
<BillingAddress>
<City>Anytown</City>
<Country>US</Country>
<Line1>100 Not A Real Street</Line1>
<PostalCode>63011</PostalCode>
</BillingAddress>
<CardHolderName>Joe Test</CardHolderName>
<ExpiryMonth>02</ExpiryMonth>
<ExpiryYear>2016</ExpiryYear>
</Card>
<TransactionId>72525</TransactionId>
<Contact>
<FirstName>Joe</FirstName>
<MiddleName>M</MiddleName>
<LastName>Test</LastName>
<Gender>M</Gender>
<DateOfBirth>
<Year>1975</Year>
<Month>03</Month>
<Day>28</Day>
</DateOfBirth>
<NationalID>30258374209</NationalID>
<Country>US</Country>
<EmailAddress>[email protected]</EmailAddress>
<PhoneNumber>1-9876543210</PhoneNumber>
</Contact>
<ShippingAddress>
<City>O Fallon</City>
<Country>US</Country>
<CountrySubdivision>US-AK</CountrySubdivision>
<Line1>1 main street</Line1>
85
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<PostalCode>63368</PostalCode>
<RecipientName>Joe Test</RecipientName>
<RecipientPhoneNumber>1-9876543210</RecipientPhoneNumber>
</ShippingAddress>
<WalletID>101</WalletID>
<RewardProgram>
<RewardNumber>123</RewardNumber>
<RewardId>1234</RewardId>
<RewardName>ABC Rewards</RewardName>
<ExpiryMonth>02</ExpiryMonth>
<ExpiryYear>2015</ExpiryYear>
</RewardProgram>
</Checkout>
V6 - Checkout XML Details
CheckoutXML
Element
Description
Min–
Max
Type
Checkout
Root Element
XML
-
Checkout
Card
BrandId
XML
Alpha
Numeric
-
Card
Child Element
Identifies the card brand id e.g.
master for MasterCard.
Identifies the card brand name e.g.
MasterCard
Card number or primary account
number that identifies the card
Billing Address for the card holder
Cardholder name
Expiration month displayed on the
payment card.
Expiration year displayed on the
payment card.
Reserved for future enhancement.
Optional
Child Element
Child Element
Contact First Name
Contact Middle Name or Initial
Contact Surname
Contact Gender (M or F)
String
0-255
Integer
13-24
XML
String
1-100
XML
format
XML
format
BrandName
AccountNumber
BillingAddress
CardHolderName
ExpiryMonth
ExpiryYear
ExtensionPoint
Checkout
Checkout
Contact
Optional
TransactionID
Contact
FirstName
MiddleName
LastName
Optional*
Gender
Optional *
DateOfBirth
NOTE: This field may only be
requested from a MasterPass wallet
if it is required by law in a region.
Merchants and service providers
seeking to use this field must work
with the local MasterPass
representative to get the necessary
clearances before requesting these
data elements.
Contact DOB – YYYY/MM/DD
NOTE: This field may only be
requested from a MasterPass wallet
if it is required by law in a region.
Merchants and service providers
Date
Date
0-8
Any
-
String
XML
String
String
String
1-255
1-150
1-150
-
“M” or “F”
Sequence:
Year (Int);
Month (Int)
Day (Int)
Y (4)
M (2)
D (2)
86
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
CheckoutXML
Element
Description
Min–
Max
Type
seeking to use this field must work
with the local MasterPass
representative to get the necessary
clearances before requesting these
data elements.
Contact National Identification
Optional* (dependent on
merchant country of
incorporation and the
consumer country of
residence)
Optional
NationalID
Country
EmailAddress
PhoneNumber
DateOfBirth
Year
Month
Day
ExtensionPoint
Checkout
ShippingAddress
Address
ShippingAddress
Address
City
Country
CountrySubdivision
Line 1
Line 2
Line 3
PostalCode
ExtensionPoint
ShippingAddress
RecipientName
ShippingAddress
RecipientPhoneNumber
Checkout
Checkout
AuthenticationOptions
WalletID
AuthenticationOptions
AuthenticateMethod
NOTE: This field may only be
requested from a MasterPass wallet
if it is required by law in a region.
Merchants and service providers
seeking to use this field must work
with the local MasterPass
representative to get the necessary
clearances before requesting these
data elements.
Contact Country of Residence
Contact Email Address
Contact Phone
Contact DOB
Contact DOB Year
Contact DOB Month
Contact DOB Day
Reserved for future enhancement.
Optional
Child Element
Child Element
Cardholder’s city
Cardholder’s country. Defined by
ISO 3166-1 alpha-2 digit country
codes e.g. US is United States, AU
is Australia, CA is Canada, GB is
United Kingdom, etc.
Cardholder’s country subdivision.
Defined by ISO 3166-1 alpha-2 digit
code e.g. US-VA is Virginia, US-OH
is Ohio
Address line 1 used for Street
number and Street Name.
Address line 2 used for Apt
Number, Suite Number ,etc.
Address line 3 used to enter
remaining address information if it
does not fit in Line 1 and Line 2
Postal Code or Zip Code appended
to mailing address for the purpose
of sorting mail.
Reserved for future enhancement.
Optional
Name of person set to receive the
shipped order.
Phone of the person set to receive
the shipped order.
Child Element
Helps identify origin wallet
Method used to authenticate the
cardholder at checkout. Valid
values are “MERCHANT ONLY”,
“3DS” and “No Authentication”.
String
1-150
String
String
String
0-2
5-512
3-20
Integer
Integer
Integer
4
1-2
1-2
Any
-
XML
XML
String
0-25
String
2
String
5
String
1-40
String
0-40
String
0-255
String
0-20
Any
-
String
1-100
String
3-20
XML
String
3
Alpha
NA
87
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
CheckoutXML
Element
CardEnrollmentMethod
CAvv
EciFlag:
MasterCardAssignedID
PaResStatus
SCEnrollmentStatus
Description
Method by which the card was
added to the wallet. Valid values
are:
Manual
Direct Provisioned
3DS Manual
NFC Tap
(CAVV) Cardholder Authentication
Verification Value generated by
card issuer upon successful
authentication of the cardholder and
which should be . This should be
passed in the authorization
message
Electronic commerce indicator (ECI)
flag. Present when the PaRes value
is "Y" or "A." Possible values are;
MasterCard:
00-No Authentication
01-Attempts (Card Issuer Liability)
02- Authenticated by ACS (Card
Issuer Liability)
03-Maestro (MARP)
05-Risk Based Authentication
(Issuer, not in use)
06-Risk Based Authentication
(Merchant, not in use)
Visa:
05-Authenticated (Card Issuer
Liability)
06-Attempts (Card Issuer Liability)
07-No 3DS Authentication
(Merchant Liability)
This value is assigned by
MasterCard and represents
programs associated directly with
Maestro cards. This field should be
supplied in the authorization
request by the merchant.
A message formatted, digitally
signed, and sent from the ACS
(issuer) to the MPI providing the
results of the issuer’s
SecureCode/Verified by Visa
cardholder authentication. Possible
values are:
Y-the card was successfully
authenticated via 3DS
A-signifies that either; 1) the
transaction was successfully
authenticated via a 3DS attempts
transaction; or 2)The cardholder
was prompted to activate 3DS
during shopping but declined (Visa).
U-Authentication results were
unavailable
SecureCode Enrollment Status:
Indicates if the issuer of the card
supports payer authentication for
this card. Possible values are;
Y-The card is eligible for 3DS
authentication.
Type
Min–
Max
Alpha
NA
Alpha
Numeric
NA
Alpha
Numeric
NA
Alpha
Numeric
NA
Alpha
NA
Alpha
NA
88
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
CheckoutXML
Element
SignatureVerification:
XID
ExtensionPoint
Checkout
Reward Program
Reward Program
RewardNumber
RewardId
Reward Program
Description
N-The card is not eligible for 3DS
authentication.
U-Lookup of the card's 3DS
eligibility status was either
unavailable, or the card is
inapplicable (i.e. prepaid cards).
Signature Verification. Possible
values are:
Y- Indicates that the signature of
the PaRes has been validated
successfully and the message
contents can be trusted.
N-Indicates that for a variety of
reasons (tampering, certificate
expiration, etc.) the PaRes could
not be validated, and the result
should not be trusted.
Transaction identifier resulting from
authentication processing.
Reserved for future enhancement.
Optional
Child Element
Consumer’s reward number
associated with the reward program
ID associated with the reward
program
RewardName
Name of reward program
ExpiryMonth
Month the reward program expires
ExpiryYear
Year the reward program expires
ExtensionPoint
Reserved for future enhancement.
Optional
Min–
Max
Type
Alpha
NA
Alpha
Numeric
NA
Any
-
XML
Alpha
Numeric
Alpha
Numeric
Alpha
Numeric
Alpha
Numeric
Alpha
Numeric
Any
-
* Only when legally required and enabled by MasterPass
ExtensionPoint Elements
Starting with API v6, all schema container elements contain a new optional element named
“ExtensionPoint”. These elements are intended to provide expandability of the API without requiring a new
major version. These elements are defined to contain a sequence of “xs:any”, meaning that any XML
content can be contained within the element. In order to ensure future expandability, all integrators must not
perform any validation of elements received inside an ExtensionPoint element, beyond any that may be
defined by MasterPass in the future with a separate schema. Any such extensions will be optional. Further,
only authorized schemas will be allowed inside ExtensionPoint elements, and any unknown elements will be
dropped by MasterPass.
ExtensionPoint — Sample
<ExtensionPoint>
<s:SampleExtension
xmlns:s=”https://www.masterpass.com/location/of/example/ns”>
<s:SampleField>Sample Value</s:SampleField>
</s:SampleExtension>
89
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<f:AnotherExampleExtension
xmlns:f=”https://www.masterpass.com/location/of/example2/ns>
<f:SampleContainer>
<f:AnotherSampleField>Sample
Value</f:AnotherSampleField>
</f:SampleContainer>
</f:AnotherExampleExtension>
</ExtensionPoint>
Postback Service
Postback Parameters
Post
Transaction
Request
oauth_signature
X
oauth_version
X
oauth_nonce
X
oauth_signature_method
X
oauth_consumer_key
X
oauth_timestamp
X
oauth_body_hash
X
MerchantTransactions XML
X
Post
Transaction
Response
X
Postback Parameter Details
Post Transaction—Request
oauth_timestamp
RSA/SHA1 signature generated from the signature
base string
Oauth version.
Unique alphanumeric string generated from code
oauth signature method.
Consumer Key generated when creating a
checkout project on MasterPass Merchant portal
Current timestamp
oauth_body_hash
SHA1 hash of the message body
Merchant Transactions
XML
Transaction details
oauth_signature
Signature Base
String
Authorization
Header
oauth_version
oauth_nonce
oauth_signature_method
oauth_consumer_key
Transfer XML
Strings
Description
Post Transaction—Response
Transfer XML
Strings
Merchant Transactions
XML
Description
Possible
Values
Variable
1.0
Variable
RSA-SHA1
Variable
Variable
Variable
Possible
Values
Transaction details
Signature Base String Example
POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Fmasterpass%2Fv6%2Ftransaction
&oauth_body_hash%3DycNt7A676VEY7i0SkyymKorihCg%253D%26oauth_consumer_key%3DcLb0
tKkEJhGTITp_6ltDIibO5Wgbx4rIldeXM_jRd4b0476c%2521414f4859446c4a366c726a32747469
5545332b353049303d%26oauth_nonce%3D26123188000346%26oauth_signature_method%3DRS
A-SHA1%26oauth_timestamp%3D1380054060%26oauth_version%3D1.0
90
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
HTTP Request Example
POST /masterpass/v6/transaction HTTP/1.1
Authorization: OAuth
oauth_signature="Aom0wFGFI7ItYV1IZFn125BoD6jgFtdX15dQ8XbjvMGgKgKtJ5awV7wSMGwUcc
eGlpl52HFS%2B%2BOQzVrCdXUidvgeKOX1nHDFhns0l1yIaqGdkJQYR%2BCQGu1qo7xVjvzTqpXUlrc
2uzVCjyLoQEroIWv5cAOj5l4aBxDopz7OKQA%3D",oauth_body_hash="ycNt7A676VEY7i0SkyymK
orihCg%3D",oauth_version="1.0",oauth_nonce="26123188000346",oauth_signature_met
hod="RSASHA1",oauth_consumer_key="cLb0tKkEJhGTITp_6ltDIibO5Wgbx4rIldeXM_jRd4b0476c%2141
4f4859446c4a366c726a327474695545332b353049303d",oauth_timestamp="1380054060"
MerchantTransactions Request—Schema
NOTE: Service providers using the File- and API-Based Onboarding method may ignore the optional
PreCheckoutTransactionId and ExpressCheckoutIndicator elements.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="MerchantTransactions" type="MerchantTransactions"/>
<xs:complexType name="MerchantTransactions">
<xs:sequence>
<xs:element name="MerchantTransactions"
type="MerchantTransactions" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="MerchantTransactions">
<xs:sequence>
<xs:element name="TransactionId" type="xs:string"/>
<xs:element name="ConsumerKey" type="xs:string" minOccurs="0"/>
<xs:element name="Currency" type="xs:string"/>
<xs:element name="OrderAmount" type="xs:long"/>
<xs:element name="PurchaseDate" type="xs:dateTime"/>
<xs:element name="TransactionStatus" type="TransactionStatus"/>
<xs:element name="ApprovalCode" type="xs:string"/>
<xs:element name="PreCheckoutTransactionId" type="xs:string"
minOccurs="0"/>
<xs:element name="ExpressCheckoutIndicator" type="xs:boolean"
minOccurs="0"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="TransactionStatus">
<xs:restriction base="xs:string">
<xs:enumeration value="Success"/>
<xs:enumeration value="Failure"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="ExtensionPoint">
<xs:sequence>
91
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<xs:any maxOccurs="unbounded" processContents="lax"
namespace="##any"/>
</xs:sequence>
<xs:anyAttribute/>
</xs:complexType>
</xs:schema>
HTTP Request Example
<MerchantTransactions>
<MerchantTransactions>
<TransactionId>4549794</TransactionId>
<ConsumerKey>0zMKpm0nFtUv8lLXT97jDRo2bp4vNF8MFYyt3R5R87e3f3f4!414b4867
5861677159682b563745776b593652377939673d</ConsumerKey>
<Currency>USD</Currency>
<OrderAmount>1229</OrderAmount>
<PurchaseDate>2014-08-01T14:52:57.539-05:00</PurchaseDate>
<TransactionStatus>Success</TransactionStatus>
<ApprovalCode>sample</ApprovalCode>
<PreCheckoutTransactionId>a4a6x55-rgb1c5-hyaqkemj-1-hybxhplo947</PreCheckoutTransactionId>
<ExpressCheckoutIndicator>false</ExpressCheckoutIndicator>
</MerchantTransactions>
</MerchantTransactions>
MerchantTransactionsResponse—Schema
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<xs:schema version="1.0" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="MerchantTransactions" type="MerchantTransactions"/>
<xs:complexType name="MerchantTransactions">
<xs:sequence>
<xs:element name="MerchantTransactions"
type="MerchantTransactions" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="MerchantTransactions">
<xs:sequence>
<xs:element name="TransactionId" type="xs:string"/>
<xs:element name="ConsumerKey" type="xs:string" minOccurs="0"/>
<xs:element name="Currency" type="xs:string"/>
<xs:element name="OrderAmount" type="xs:long"/>
<xs:element name="PurchaseDate" type="xs:dateTime"/>
<xs:element name="TransactionStatus" type="TransactionStatus"/>
<xs:element name="ApprovalCode" type="xs:string"/>
<xs:element name="PreCheckoutTransactionId" type="xs:string"
minOccurs="0"/>
<xs:element name="ExpressCheckoutIndicator" type="xs:boolean"
92
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
minOccurs="0"/>
<xs:element name="ExtensionPoint" type="ExtensionPoint"
minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:simpleType name="TransactionStatus">
<xs:restriction base="xs:string">
<xs:enumeration value="Success"/>
<xs:enumeration value="Failure"/>
</xs:restriction>
</xs:simpleType>
<xs:complexType name="ExtensionPoint">
<xs:sequence>
<xs:any maxOccurs="unbounded" processContents="lax"
namespace="##any"/>
</xs:sequence>
<xs:anyAttribute/>
</xs:complexType>
</xs:schema>
HTTP Response Example (response will be identical to the XML sent if call was successful)
<MerchantTransactions>
<MerchantTransactions>
<TransactionId>4549794</TransactionId>
<ConsumerKey>0zMKpm0nFt9682b563745776b593652377939673d</ConsumerKey>
<Currency>USD</Currency>
<OrderAmount>1229</OrderAmount>
<PurchaseDate>2014-08-01T14:52:57.539-05:00</PurchaseDate>
<TransactionStatus>Success</TransactionStatus>
<ApprovalCode>sample</ApprovalCode>
<PreCheckoutTransactionId>a4a6x55-rgb1c5-7</PreCheckoutTransactionId>
<ExpressCheckoutIndicator>true</ExpressCheckoutIndicator>
</MerchantTransactions>
</MerchantTransactions>
MerchantTransactionsXML—Details
MerchantTransactionsRequest
Element
Description
Min Max
Type
MerchantTransactions
MerchantTransactions
ExtensionPoint
TransactionID
MerchantTransactions
ConsumerKey
Reserved for future
enhancement. Optional
Uses the TransactionID element
of the Checkout XML
Automatically generated when
creating a checkout project on
MasterPass Merchant portal.
XML
-
Any
-
String
1-255
String
97
93
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Currency
OrderAmount
PurchaseDate
TransactionStatus
ApprovalCode
ExtensionPoint
MerchantTransactionsResponse
Element
Currency of the transaction.
Defined by ISO 4217 to be
exactly three characters, such as,
USD for US Dollars.
(Integer) Transaction order
amount without decimal e.g.
1500.
Date and Time of the shopping
cart purchase.
State of the transaction. Indicates
whether successful. Valid values
are Success or Failure.
Approval code returned to
merchant from merchant's
payment API with payment
gateway or service provider
Reserved for future
enhancement. Optional
Description
String
3
Integer
1-12
Date
XML
format
String
7
String
6
Any
Min Max
Type
MerchantTransactions
MerchantTransactions
ExtensionPoint
TransactionID
ConsumerKey
Currency
MerchantTransactions
OrderAmount
PurchaseDate
TransactionStatus
ApprovalCode
ExtensionPoint
Root Element
Reserved for future
enhancement. Optional
Uses the TransactionID element
of the Checkout XML
Automatically generated when
creating a checkout project on
MasterPass Merchant portal.
Currency of the transaction.
Defined by ISO 4217 to be
exactly three characters, such as,
USD for US Dollars.
Integer Transaction order amount
without decimal e.g. 1500.
Date and Time of the shopping
cart purchase e.g. 2012-0606T15:12:24.254-05:00
State of the transaction. Indicates
whether successful. Valid values
are Success or Failure.
Approval code returned to
merchant from merchant's
payment API with payment
gateway or service provider
Reserved for future
enhancement. Optional
XML
-
Any
-
String
1-255
String
97
String
3
Integer
1-12
Date
XML
format
String
7
String
6
Any
-
ExtensionPoint Elements
Starting with API v6, all schema container elements contain a new optional element named
“ExtensionPoint”. These elements are intended to provide expandability of the API without requiring a new
major version. These elements are defined to contain a sequence of “xs:any”, meaning that any XML
content can be contained within the element. In order to ensure future expandability, all integrators must not
perform any validation of elements received inside an ExtensionPoint element, beyond any that may be
defined by MasterPass in the future with a separate schema. Any such extensions will be optional. Further,
only authorized schemas will be allowed inside ExtensionPoint elements, and any unknown elements will be
dropped by MasterPass.
94
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
ExtensionPoint—Sample
<ExtensionPoint>
<s:SampleExtension
xmlns:s=”https://www.masterpass.com/location/of/example/ns”>
<s:SampleField>Sample Value</s:SampleField>
</s:SampleExtension>
<f:AnotherExampleExtension
xmlns:f=”https://www.masterpass.com/location/of/example2/ns>
<f:SampleContainer>
<f:AnotherSampleField>Sample
Value</f:AnotherSampleField>
</f:SampleContainer>
</f:AnotherExampleExtension>
</ExtensionPoint>
File-Based Merchant Onboarding
Merchant Upload Schema
The file schema can be downloaded from the MasterPass - Merchant Checkout - Documentation page on
Developer Zone.
Merchant Upload Schema Details
NOTE: Please contact Merchant Support for details regarding how to specify a reward program for a
merchant in the Merchant Upload file.
MerchantUpload
Mandatory
/Optional
Description
Merchant
Merchant Details
Element
M
Variable
SPMerchantId
Service Provider
Issued Merchant
ID. This should be
unique per Service
Provider
String
M
Variable
Action
Merchant
Type
Element
Profile
CheckoutBrand
AuthOption
Merchant Action
Merchant Profile
String
M
Child
Mandatory
for Create
and
Update.
Not used
for Delete.
Branding
Information
Child
Authentication
Options
Child
Mandatory
for Create,
Optional for
Update and
Delete
Min
1
1
Max
Comment
e.g.
123456789
1
Valid
values are
C (Create),
U (Update)
and D
(Delete)
1
Mandatory
for Create
(Action=C)
and Update
(Action=U)
At least one
CheckoutBr
and
element
MUST be
present for
merchant
creation.
Variable
per
95
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Merchant
MerchantAcquirer
Name
DoingBusAs
FedTaxId
Profile
Url
BusinessCategory
Address
Phone
Acquirer
Address
Child
Merchant Name
String
M
1
255
String
M
1
255
String
O
1
100
String
M
5
1000
String
O
1
255
Doing Business As
- Alias
Merchant’s
Federal Tax ID
Merchant’s
Website URL
Merchant’s
business type
Merchant’s
Address
Merchant’s Phone
Merchant’s
Acquirer
Child
Child
O
Merchant’s City
M
1
25
Country
Merchant’s
Country
M
2
2
Country
Subdivision
Line2
Line3
PostalCode
CountryCode
Phone
Merchant’s
Country
Subdivision.
Defined by ISO
3166-1 alpha-2
digit code e.g. USVA is Virginia, USOH is Ohio
Merchant’s
Address Line 1
Merchant’s
Address Line 2
Merchant’s
Address Line 3
Merchant’s Postal
Code
Merchant’s phone
country code
Number
Merchant’s phone
Number
Action
Merchant Acquirer
action
Id
Merchant’s
Acquirer Id
Name
Merchant’s
Acquirer Name
e.g. XYZ
Pizza
E.g. XYZ
Pizza Inc
e.g.
999990001
e.g.
www.xyzpiz
za.com
e.g.
Restaurant
Child
City
Line1
Acquirer
Merchant Acquirer
String
e.g. New
York
Standard 2letter ISO
3166
country
codes e.g.
US
O
1
100
if defined
choose
string (1100) or
defined
enumerator
e.g. US-NY
M
1
40
e.g. 1 Main
Street
O
1
40
O
1
40
M
1
10
e.g. 10001
M
1
10
e.g. 75
M
3
20
O
1
1
M
1
15
e.g. 453214
250
e.g., Test
Acquirer.
3DS
merchants
must
reduce their
M
1
e.g.
978545343
2
Valid
values are
C (Create),
U (Update),
and D
(Delete)
96
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
AssignedMerchan
tId
Acquirer assigned
merchant ID
M
1
255
Password
Acquirer Password
for 3DS setup
O
1
8
CheckoutId
Name
O
1
255
e.g.
a4c411by7l
ob4i81xb6r
41i820mw3
n151
M
1
255
e.g. XYZ
Pizza
DisplayName
Display Name
M
1
255
ProductionUrl
Production
checkout URL
M
5
255
SandboxUrl
Sandbox checkout
URL
M
5
255
LogoUrl
Merchant logo
displayed on
MasterPass site
during checkout. If
not specified, the
Name is displayed
O
2
2000
CheckoutBrand
CardBrand
Card brands
enrolled for
advanced
authentication
M
NA
NA
Type
Authentication type
M
NA
NA
Action
Action
O
0
C, U,
or D
AuthOption
MerchantAcquirer
If not specified for
Update Action,
then MasterPass
will produce a
unique checkout
ID.
Name displayed
on MasterPass site
during checkout
when no logo is
provided
Child
character
limit to 250
to meet
Cardinal
Commerce’s
API
specifications.
e.g.
435t6543
e.g., Visa.
3DS
merchants
must
reduce their
character
limit to 8 to
meet
Cardinal
Commerce’s
API
specifications.
e.g. XYZ
Pizza
e.g.
https://xyzpi
zza.com
e.g.
https://test.
xyzpizza.co
m
e.g.
http://xyzpiz
za.com/log
o.jpg
Refer to the
schema to
get valid
values. For
example,
for
MasterCard
, use
"MASTER".
Refer to the
schema to
get valid
values.
Used to
create (C),
update (U)
97
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
or delete
(D) Visa
Password
Acquirer
MerchantAcquirer
Brand
Acquirer
Merchant Acquirer
Brand
Child
Child
M
CardBrand
Card Brand
M
NA
NA
Currency
Currency
O
3
3
MerchantAcquirer
Brand
Refer to the
schema to
get valid
values. For
example,
for
MasterCard
, use
"MASTER".
ISO 4217
standard 3letter
currency
code. Refer
to the
schema to
get valid
values.
NOTE: If
this field is
left blank,
then all
currency
codes will
be enabled.
Merchant Upload Sample—Create
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantUpload>
<Merchant>
<SPMerchantId>SPMerch58401</SPMerchantId>
<Action>C</Action>
<Profile>
<Name>SPMerch58401</Name>
<DoingBusAs>SPMerch58401</DoingBusAs>
<FedTaxId>211624440</FedTaxId>
<Url>https://SPMerch58401.com</Url>
<BusinessCategory>test</BusinessCategory>
<Address>
<City>SPMerch58401</City>
<Country>US</Country>
<Line1>898 SPMerch58401</Line1>
<PostalCode>78090</PostalCode>
</Address>
<Phone>
<CountryCode>1</CountryCode>
<Number>3734517671</Number>
</Phone>
<Acquirer>
<Id>292978156</Id>
98
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<Name>QATESTACQ</Name>
<AssignedMerchantId>MCQA1</AssignedMerchantId>
</Acquirer>
</Profile>
<CheckoutBrand>
<Name>SPMerch58401</Name>
<DisplayName>SPMerch58401</DisplayName>
<ProductionUrl>https://SPMerch58401.com</ProductionUrl>
<SandboxUrl>https://SPMerch58401.com</SandboxUrl>
<LogoUrl>http://www.mastercard.us/_globalAssets/img/nav/n
avl_logo_mastemasterca.png</LogoUrl>
</CheckoutBrand>
</Merchant>
</MerchantUpload>
Merchant Upload Sample—Create with Advanced Authentication Settings (3DS) for MasterCard
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantUpload xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Merchant>
<SPMerchantId>022416_TESTMERCH</SPMerchantId>
<Action>C</Action>
<Profile>
<Name>022416_TESTMERCH</Name>
<DoingBusAs>022415testmerchant</DoingBusAs>
<Url>http://www.testmerchant.com</Url>
<Address>
<City>Padova</City>
<Country>IT</Country>
<Line1>Boettgerstr</Line1>
<PostalCode>35129</PostalCode>
</Address>
<Phone>
<CountryCode>39</CountryCode>
<Number>0614554552</Number>
</Phone>
</Profile>
<CheckoutBrand>
<Name>022416_TESTMERCH</Name>
<DisplayName>022416_TESTMERCH</DisplayName>
<ProductionUrl>https://TESTMERCH.com</ProductionUrl>
<SandboxUrl>http://TESTMERCH.com</SandboxUrl>
</CheckoutBrand>
<AuthOption>
<CardBrand>MASTER_CARD</CardBrand>
<Type>ALL_TRANSACTIONS</Type>
</AuthOption>
<MerchantAcquirer>
<Acquirer>
<Id>523078</Id>
99
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<Name>CartaSI</Name>
<AssignedMerchantId>001</AssignedMerchantId>
</Acquirer>
<MerchantAcquirerBrand>
<CardBrand>MASTER_CARD</CardBrand>
<Currency>EUR</Currency>
</MerchantAcquirerBrand>
</MerchantAcquirer>
</Merchant>
</MerchantUpload>
Merchant Upload Sample—Create with Advanced Authentication Settings (3DS) for Visa
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantUpload>
<Merchant>
<SPMerchantId>SPMerchantId1</SPMerchantId>
<Action>C</Action>
<Profile>
<Name>XYZ Pizza</Name>
<DoingBusAs>XYZ Pizza</DoingBusAs>
<FedTaxId>123456785</FedTaxId>
<Url>https://xyzpizza.com</Url>
<BusinessCategory>Restaurant</BusinessCategory>
<Address>
<City>Springfield</City>
<Country>US</Country>
<Line1>1234 Main Street</Line1>
<PostalCode>12345</PostalCode>
</Address>
<Phone>
<CountryCode>1</CountryCode>
<Number>1234567895</Number>
</Phone>
</Profile>
<CheckoutBrand>
<Name>XYZ Pizza</Name>
<DisplayName>XYZ Pizza</DisplayName>
<ProductionUrl>https://test.xyzpizza.com</ProductionUrl>
<SandboxUrl>https://xyzpizza.com</SandboxUrl>
<LogoUrl>http://www.xyzpizza.com/logo.png</LogoUrl>
</CheckoutBrand>
<AuthOption>
<CardBrand>VISA</CardBrand>
<Type>ALL_TRANSACTIONS</Type>
</AuthOption>
<MerchantAcquirer>
<Action>C</Action>
<Acquirer>
<Id>12345678</Id>
100
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<Name>CRDNLDEMO4</Name>
<AssignedMerchantId>00710212014</AssignedMerchantId>
<Password>tester456</Password>
</Acquirer>
<MerchantAcquirerBrand>
<CardBrand>VISA</CardBrand>
<Currency>USD</Currency>
</MerchantAcquirerBrand>
</MerchantAcquirer>
</Merchant>
</MerchantUpload>
Merchant Upload Sample—Update
NOTE: If the Checkout ID is not included in the Checkout Brand element, then MasterPass will produce a
unique checkout ID for merchant record.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantUpload>
<Merchant>
<SPMerchantId>SPMerchantId1</SPMerchantId>
<Action>U</Action>
<Profile>
<Name>XYZ Pizza Co</Name>
<DoingBusAs>XYZ Pizza</DoingBusAs>
<FedTaxId>999999999</FedTaxId>
<Url>https://xyzpizza.com</Url>
<BusinessCategory>Restaurant</BusinessCategory>
<Address>
<City>Springfield</City>
<Country>US</Country>
<Line1>1 Main Street</Line1>
<PostalCode>12345</PostalCode>
</Address>
<Phone>
<CountryCode>1</CountryCode>
<Number>1234567895</Number>
</Phone>
</Profile>
<CheckoutBrand>
<CheckoutId> a466w1sj09wfehqqy3xxl12</CheckoutId>
<Name>XYZ Pizza</Name>
<DisplayName>XYZ Pizza Co</DisplayName>
<ProductionUrl>https://test.xyzpizza.com</ProductionUrl>
<SandboxUrl>https://xyzpizza.com</SandboxUrl>
<LogoUrl>http://www.xyzpizza.com/logo.png</LogoUrl>
</CheckoutBrand>
</Merchant>
</MerchantUpload>
Merchant Upload Sample—Update
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
101
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<MerchantUpload>
<Merchant>
<SPMerchantId>SPMerch58401</SPMerchantId>
<Action>U</Action>
<Profile>
<Name>SPMerch58401</Name>
<DoingBusAs>SPMerch58401</DoingBusAs>
<FedTaxId>211624440</FedTaxId>
<Url>https://SPMerch58401.com</Url>
<BusinessCategory>test</BusinessCategory>
<Address>
<City>SPMerch58401</City>
<Country>US</Country>
<Line1>898 SPMerch58401</Line1>
<PostalCode>78090</PostalCode>
</Address>
<Phone>
<CountryCode>1</CountryCode>
<Number>3734517671</Number>
</Phone>
<Acquirer>
<Id>292978156</Id>
<Name>QATESTACQ</Name>
<AssignedMerchantId>MCQA1</AssignedMerchantId>
</Acquirer>
</Profile>
<CheckoutBrand>
<Name>SPMerch58401</Name>
<DisplayName>SPMerch58401</DisplayName>
<ProductionUrl>https://SPMerch58401.com</ProductionUrl>
<SandboxUrl>https://SPMerch58401.com</SandboxUrl>
<LogoUrl>http://www.mastercard.us/_globalAssets/img/nav/navl_logo_maste
rcardcom.png</LogoUrl>
</CheckoutBrand>
</Merchant>
</MerchantUpload>
Merchant Upload Sample with Advanced Authentication Settings (3DS)—Update
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantUpload xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Merchant>
<SPMerchantId>022416_TESTMERCH</SPMerchantId>
<Action>U</Action>
<Profile>
<Name>022416_TESTMERCH</Name>
<DoingBusAs>022415testmerchant</DoingBusAs>
<Url>http://www.testmerchant.com</Url>
<Address>
<City>Padova</City>
<Country>IT</Country>
102
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<Line1>Boettgerstr</Line1>
<PostalCode>35129</PostalCode>
</Address>
<Phone>
<CountryCode>39</CountryCode>
<Number>0614554552</Number>
</Phone>
</Profile>
<CheckoutBrand>
<CheckoutId>a4a6w4vr8jzii6j0wk2e1i6kx962m2gle</CheckoutId>
<Name>022416_TESTMERCH</Name>
<DisplayName>022416_TESTMERCH</DisplayName>
<ProductionUrl>https://TESTMERCH.com</ProductionUrl>
<SandboxUrl>http://TESTMERCH.com</SandboxUrl>
</CheckoutBrand>
<AuthOption>
<CardBrand>MASTER_CARD</CardBrand>
<Type>ALL_TRANSACTIONS</Type>
</AuthOption>
<AuthOption>
<CardBrand>VISA</CardBrand>
<Type>ALL_TRANSACTIONS</Type>
</AuthOption>
<MerchantAcquirer>
<Acquirer>
<Id>523078</Id>
<Name>CartaSI</Name>
<AssignedMerchantId>001</AssignedMerchantId>
</Acquirer>
<MerchantAcquirerBrand>
<CardBrand>MASTER_CARD</CardBrand>
<Currency>EUR</Currency>
</MerchantAcquirerBrand>
</MerchantAcquirer>
<MerchantAcquirer>
<Acquirer>
<Id>453997</Id>
<Name>CartaSI</Name>
<AssignedMerchantId>011</AssignedMerchantId>
</Acquirer>
<MerchantAcquirerBrand>
<CardBrand>VISA</CardBrand>
<Currency>EUR</Currency>
</MerchantAcquirerBrand>
</MerchantAcquirer>
</Merchant>
</MerchantUpload>
103
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Merchant Upload Sample—Delete
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantUpload>
<Merchant>
<SPMerchantId>SPMerchantId1</SPMerchantId>
<Action>D</Action>
</Merchant>
</MerchantUpload>
Merchant Upload Sample—Delete
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantUpload>
<Merchant>
<SPMerchantId>SPMerch58401</SPMerchantId>
<Action>D</Action>
<Profile>
<Name>SPMerch58401</Name>
<DoingBusAs>SPMerch58401</DoingBusAs>
<FedTaxId>211624440</FedTaxId>
<Url>https://SPMerch58401.com</Url>
<BusinessCategory>test</BusinessCategory>
<Address>
<City>SPMerch58401</City>
<Country>US</Country>
<Line1>898 SPMerch58401</Line1>
<PostalCode>78090</PostalCode>
</Address>
<Phone>
<CountryCode>1</CountryCode>
<Number>3734517671</Number>
</Phone>
<Acquirer>
<Id>292978156</Id>
<Name>QATESTACQ</Name>
<AssignedMerchantId>MCQA1</AssignedMerchantId>
</Acquirer>
</Profile>
<CheckoutBrand>
<Name>SPMerch58401</Name>
<DisplayName>SPMerch58401</DisplayName>
<ProductionUrl>https://SPMerch58401.com</ProductionUrl>
<SandboxUrl>https://SPMerch58401.com</SandboxUrl>
<LogoUrl>http://www.mastercard.us/_globalAssets/img/nav/navl_log
l_mastercardcom.png</LogoUrl>
</CheckoutBrand>
</Merchant>
</MerchantUpload>
Merchant Upload Sample with Advanced Authentication Settings (3DS)—Delete
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantUpload xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
104
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<Merchant>
<SPMerchantId>022416_TESTMERCH</SPMerchantId>
<Action>D</Action>
<Profile>
<Name>022416_TESTMERCH</Name>
<DoingBusAs>022415testmerchant</DoingBusAs>
<Url>http://www.testmerchant.com</Url>
<Address>
<City>Padova</City>
<Country>IT</Country>
<Line1>Boettgerstr</Line1>
<PostalCode>35129</PostalCode>
</Address>
<Phone>
<CountryCode>39</CountryCode>
<Number>0614554552</Number>
</Phone>
</Profile>
<CheckoutBrand>
<CheckoutId>a4a6w4vr8jzii6j0wk2e1i6kx962m2gle</CheckoutId>
<Name>022416_TESTMERCH</Name>
<DisplayName>022416_TESTMERCH</DisplayName>
<ProductionUrl>https://TESTMERCH.com</ProductionUrl>
<SandboxUrl>http://TESTMERCH.com</SandboxUrl>
</CheckoutBrand>
<AuthOption>
<CardBrand>MASTER_CARD</CardBrand>
<Type>ALL_TRANSACTIONS</Type>
</AuthOption>
<AuthOption>
<CardBrand>VISA</CardBrand>
<Type>ALL_TRANSACTIONS</Type>
</AuthOption>
<MerchantAcquirer>
<Acquirer>
<Id>523078</Id>
<Name>CartaSI</Name>
<AssignedMerchantId>001</AssignedMerchantId>
</Acquirer>
<MerchantAcquirerBrand>
<CardBrand>MASTER_CARD</CardBrand>
<Currency>EUR</Currency>
</MerchantAcquirerBrand>
</MerchantAcquirer>
<MerchantAcquirer>
<Acquirer>
<Id>453997</Id>
<Name>CartaSI</Name>
<AssignedMerchantId>011</AssignedMerchantId>
</Acquirer>
<MerchantAcquirerBrand>
<CardBrand>VISA</CardBrand>
<Currency>EUR</Currency>
</MerchantAcquirerBrand>
</MerchantAcquirer>
</Merchant>
</MerchantUpload>
105
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Please refer to the FAQs for additional sample scenarios for using Create, Update and Delete at
https://developer.mastercard.com/portal/display/api/MasterPass+-+Merchant+Checkout+-+FAQs.
Merchant Upload Validate Response Schema Details
ValidateFileResponse
Element
Description
ValidatedMerchant
Validation
Details of a
Merchant
MerchantId
ValidatedMerchant
ErrorText
ExtensionPoint
ExtensionPoint
Name
Identifier of
the merchant
defined by
the Service
Provider
Description
of validation
error
Reserved for
future
enhancemen
t.
Merchant
Name
Type
Mandatory /
Optional
Element
M
String
M
Max
Comment
Variable
1
1
e.g.
STGQA09
VBMU0140:
merchantId
already
exists for
serviceProvi
derId=28541
5466 and
spMerchantI
d=STGQA09
M
0
unbou
nded
Optional
0
unbou
nded
M
1
255
String
Any
Min
String
e.g. XYZ
Pizza
Merchant Download Schema
The file schema can be downloaded from the MasterPass - Merchant Checkout - Documentation page on
Developer Zone.
Merchant Download Schema Details
MerchantDownload
MerchantDownload
Mandatory
/Optional
Min
Max
Summary of the
Upload
List of merchants
uploaded/edited
Element
M
-
-
System assigned
Batch ID
Desctiption provided
during file upload
Integer
M
Variable
M
1
50
1
255
Description
Summary
MerchantResp
onseRecord
BatchId
Description
Summary
Type
Element
Element
String
Date/Time
UploadTimestam
p
Upload Time Stamp
UploadFileName
Upload File Name
Comment
M
String
M
e.g. 277800
e.g. Merchant
file upload
DateTime
field e.g.
2013-0518T11:45:19.
444-05:00
e.g.
merchant.xml
106
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
SuccessCount
FailureCount
ErrorText
Number of
successfully
uploaded Merchant
Brandings
Number of
unsuccessfully
uploaded Merchant
Brandings
Description of errors
resulting upload
failures
Integer
M
NA
NA
e.g. 490
M
NA
NA
e.g. 10
O
1
255
e.g. Invalid
Format
Integer
String
String
SandboxKey
Developer’s
sandbox API key
1
50
1
50
String
ProductionKey
Developer’s
production key
SPMerchantId
Merchant identifier
for a specific Service
provider
String
M
Child
MerchantResponseR
ecord
CheckoutBrand
Checkout Branding
ErrorText
Error description for
failure
Name
CheckoutIdentifi
er
CheckoutBrand
ProductionUrl
SandboxUrl
Checkout Brand
Name
Checkout identifier
generated by
MasterPass
Production
Checkout Branding
URL
Sandbox Checkout
Branding URL
String
String
String
String
Variable
e.g.,
245d5a537a4
57c2f2b55644
b7041426944
49644b56673
d9d
e.g.,
245d5a537a4
57c2f2b55644
b7041426944
49644b56673
d9d
e.g. 12345
Choice
(ErrorText or
CheckoutBra
nd)
O
1
255
M
1
255
M
1
255
M
5
255
M
5
255
e.g. Invalid
rewards logo
URL
e.g. XYZ
Pizza
e.g.
a4a6x3oehb3f
zhgu2e
e.g.
https://xyzpizz
a.com
e.g.
https://test.xyz
pizza.com
Merchant Download Sample
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantDownload>
<Summary>
<BatchId>277800</BatchId>
<Description>Merchant Upload</Description>
<UploadTimestamp>2013-05-18T11:45:19.444-05:00</UploadTimestamp>
<UploadFileName>merchant_1.xml</UploadFileName>
<SuccessCount>1</SuccessCount>
<FailureCount>0</FailureCount>
<ProjectKeys>
<SandboxKey>41496b7a452f35764d715752755579436b70467871476f3d</SandboxKey>
<ProductionKey>41496b7a452f35764d715752755579436b70467871476f3d</ProductionKey>
107
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
</ProjectKeys>
</Summary>
<MerchantResponseRecord>
<SPMerchantId>SPMerchantId1</SPMerchantId>
<CheckoutBrand>
<Name>XYZ Pizza</Name>
<CheckoutIdentifier>a4a6x3oehb3fzh</CheckoutIdentifier>
<ProductionUrl>https://test.xyzpizza.com</ProductionUrl>
<SandboxUrl>https://xyzpizza.com</SandboxUrl>
</CheckoutBrand>
</MerchantResponseRecord>
</MerchantDownload>
Merchant Download Sample with Advanced Authentication Settings (3DS)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantDownload Version="1.1">
<Summary>
<BatchId>285395970</BatchId>
<Description>1P_Upload_MC_3DS.xml</Description>
<UploadTimestamp>2015-04-03T15:00:12.331-05:00</UploadTimestamp>
<UploadFileName>1P_Upload_MC_3DS (1).xml</UploadFileName>
<SuccessCount>1</SuccessCount>
<FailureCount>0</FailureCount>
<ProjectKeys>
<SandboxKey>456d5a537a346c2f2b55644b704142694449644b56673d3d</SandboxKey>
<ProductionKey>456d5a537a346c2f2b55644b704142694449644b56673d3d</ProductionKey>
</ProjectKeys>
</Summary>
<MerchantResponseRecord>
<SPMerchantId>022416_RAMA</SPMerchantId>
<CheckoutBrand>
<Name>022416_RAMA</Name>
<CheckoutIdentifier>a4c411by7lob4i81xb6r41i820mw3n151</CheckoutIdentifier>
<ProductionUrl>https://RAMA.com</ProductionUrl>
<SandboxUrl>http://RAMA.com</SandboxUrl>
</CheckoutBrand>
<MerchantAcquirer>
<ID>523078</ID>
<Name>CartaSI</Name>
<AssignedMerchantID>001</AssignedMerchantID>
<DSStatus>Not Submitted</DSStatus>
</MerchantAcquirer>
</MerchantResponseRecord>
</MerchantDownload>
108
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Single-Merchant API Service
Single-Merchant API
The Single-Merchant API is used by service providers to onboard merchant information one at a time to
MasterPass through the Open Feed Project. The XML schema for the Single-Merchant API is the same as
that used for the File-Based Merchant onboarding via the merchant and service provider portal. See the
Merchant Upload Schema and Merchant Download Schema for details.
Single-Merchant API Parameters
Upload
oauth_signature
X
oauth_version
X
oauth_nonce
X
oauth_signature_method
X
oauth_consumer_key
X
oauth_timestamp
X
oauth_body_hash
X
Merchant Upload XML
X
Response
X
Merchant Download XML
Single-Merchant API Parameter Details
MerchantUpload—Request
Signature Base String
Possible
Values
oauth_signature
RSA/SHA1 signature generated from the
signature base string
Variable
oauth_version
Oauth version
1.0
oauth_nonce
Unique alphanumeric string generated
from code
Variable
oauth_signature_method
oauth signature method
RSASHA1
oauth_consumer_key
Consumer Key generated when creating a
checkout project on MasterPass Merchant
portal
Variable
oauth_timestamp
Current timestamp
Variable
oauth_body_hash
SHA1 hash of the message body
Variable
MerchantUpload
Uploaded Merchant Information (XML)
Authorization Header
Merchant Upload XML
Description
MerchantDownload—Response
Description
Possible
109
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Values
Merchant Download
MerchantDownload
Results File of a Merchant Upload
Signature Base String Example
POST&https%3A%2F%2F.api.mastercard.com%2Fmasterpasspsp%2Fv6%2Fcheckoutproject%2
F[0-9]+%2Ffile
&oauth_body_hash%3D8K9uhveZjVdZW8AIYiXpR70KCtk%253D%26oauth_consumer_key%3DcLb0
tKkEJhGTITp_6ltDIibO5Wgbx4rIldeXM_jRd4b0476c%2521414f4859446c4a366c726a32747469
5545332b353049303d%26oauth_nonce%3DDEAEB1CD-CA03-405D-A7B4B4263CB5A305%26oauth_signature_method%3DRSASHA1%26oauth_timestamp%3D1380049711%26oauth_version%3D1.0
HTTP Request Example
POST /masterpasspsp/v6/checkoutproject/[0-9]+/file
Authorization: OAuth
realm="eWallet",oauth_consumer_key="cLb0tKkEJhGTITp_6ltDIibO5Wgbx4rIldeXM_jRd4b
0476c%21414f4859446c4a366c726a327474695545332b353049303d",oauth_signature_metho
d="RSA-SHA1",oauth_nonce="DEAEB1CD-CA03-405D-A7B4B4263CB5A305",oauth_timestamp="1380049711",oauth_version="1.0",oauth_body_hash=
"8K9uhveZjVdZW8AIYiXpR70KCtk%3D",oauth_signature="IdV4%2FREyJ7nAXK%2FYvuJ2BtO4C
8t6PlW8xTrDob0WzWJ5%2FRBOPDj534Sm7oPdojivWTGOLAcZq3kbVF6rwrsjGFWlNJITXt3HT3zrav
b02oqTrVQH3Zlx5fi4o0u2xxqrDwHZvbhjPgwByBRmE%2FoTw2l9H%2FznSn45xcS1eJPa%2FGI%3D"
HTTP Response Sample
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantDownload version=”1.1”/>
<Summary>
<BatchId>10247700</BatchId>
<Description>test</Description>
<UploadTimestamp>2014-04-02T16:55:31.308-05:00</UploadTimestamp>
<UploadFileName>CreateMerchant1314.xml</UploadFileName>
<SuccessCount>1</SuccessCount>
<FailureCount>0</FailureCount>
<ProjectKeys>
<SandboxKey>5a4830514b4531706e326e44494953754c39594c46413d3d</SandboxKey>
<ProductionKey>414d7a322b4363567531485146614a48543351505670343d</ProductionKey>
</ProjectKeys>
</Summary>
<MerchantResponseRecord>
<SPMerchantId>Merchant13_03132014</SPMerchantId>
<CheckoutBrand>
<Name>Merchant13_03132014</Name>
<CheckoutIdentifier>a4d6x6szgu68phtbovwx11htj5lew816jn</CheckoutIdentifier>
<ProductionUrl>http://gh-fxgx1r1.corp.mastercard.org</ProductionUrl>
<SandboxUrl>http://gh-fxgx1r1.corp.mastercard.org</SandboxUrl>
</CheckoutBrand>
</MerchantResponseRecord>
</MerchantDownload>
110
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
HTTP Response Sample
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantDownload Version="1.1">
<Summary>
<BatchId>21946024</BatchId>
<Description>Uploaded Via API</Description>
<UploadTimestamp>2015-03-02T11:25:43.080-06:00</UploadTimestamp>
<UploadFileName>API_UPLOADED_RECORDS</UploadFileName>
<SuccessCount>1</SuccessCount>
<FailureCount>0</FailureCount>
<ProjectKeys>
<SandboxKey>5a7172776e4e2f4c2f6151366c2b4a6947334a3452413d3d</SandboxKey>
<ProductionKey>414f51415350374966414f4f504f78395a2b56573930513d</ProductionKey>
</ProjectKeys>
</Summary>
<MerchantResponseRecord>
<SPMerchantId>BAPPI01</SPMerchantId>
<CheckoutBrand>
<Name>BAPPI1</Name>
<CheckoutIdentifier>a4d6x32y2j9lsi6lbphnw1i6s50ybh14fa</CheckoutIdentifier>
<ProductionUrl>https://cccc.com</ProductionUrl>
<SandboxUrl>https://bbbbbb.com</SandboxUrl>
</CheckoutBrand>
</MerchantResponseRecord>
</MerchantDownload>
HTTP Response Sample with Advanced Authentication Settings (3DS)
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantDownload Version="1.1">
<Summary>
<BatchId>285395970</BatchId>
<Description>1P_Upload_MC_3DS.xml</Description>
<UploadTimestamp>2015-04-03T15:00:12.331-05:00</UploadTimestamp>
<UploadFileName>1P_Upload_MC_3DS (1).xml</UploadFileName>
<SuccessCount>1</SuccessCount>
<FailureCount>0</FailureCount>
<ProjectKeys>
<SandboxKey>456d5a537a346c2f2b55644b704142694449644b56673d3d</SandboxKey>
<ProductionKey>456d5a537a346c2f2b55644b704142694449644b56673d3d</ProductionKey>
</ProjectKeys>
</Summary>
<MerchantResponseRecord>
<SPMerchantId>022416_RAMA</SPMerchantId>
<CheckoutBrand>
<Name>022416_RAMA</Name>
<CheckoutIdentifier>a4c411by7lob4i81xb6r41i820mw3n151</CheckoutIdentifier>
<ProductionUrl>https://RAMA.com</ProductionUrl>
<SandboxUrl>http://RAMA.com</SandboxUrl>
111
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
</CheckoutBrand>
<MerchantAcquirer>
<ID>523078</ID>
<Name>CartaSI</Name>
<AssignedMerchantID>001</AssignedMerchantID>
<DSStatus>Not Submitted</DSStatus>
</MerchantAcquirer>
</MerchantResponseRecord>
</MerchantDownload>
Single-Merchant API Validation Service
The Single-Merchant API Validation Service is used by service providers to validate upload merchant prior
to actual onboarding submission via Open Feed Project. This process mimics the validation xml process via
the user interface used within the merchant portal. See the Merchant Upload Schema Details section for the
Merchant Upload Validate schema, the Merchant Upload Validate Response Schema Details section for the
Merchant Upload Validate Response schema, and the Validation Error Messages section of the appendix for
details of the validation error messages.
Single-Merchant API Validation Parameters
Upload
oauth_signature
X
oauth_version
X
oauth_nonce
X
oauth_signature_method
X
oauth_consumer_key
X
oauth_timestamp
X
oauth_body_hash
X
Merchant Upload XML
Validated Merchant Response
XML
X
Response
X
Single-Merchant API Validation Parameter Details
MerchantUpload—Request
Signature Base String
Authorization Header
Description
Possible
Values
oauth_signature
RSA/SHA1 signature generated from the
signature base string
Variable
oauth_version
Oauth version
1.0
oauth_nonce
Unique alphanumeric string generated
from code
Variable
oauth_signature_method
oauth signature method
RSASHA1
112
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
Merchant Upload XML
oauth_consumer_key
Consumer Key generated when creating a
checkout project on MasterPass Merchant
portal
Variable
oauth_timestamp
Current timestamp
Variable
oauth_body_hash
SHA1 hash of the message body
Variable
MerchantUpload
Uploaded Merchant Information (XML)
ValidatedMerchant—Response
Validated Merchant
ValidatedMerchant
Description
Possible
Values
Results of the merchant validation
HTTP Request Example
POST /masterpasspsp/v6/checkoutproject/[0-9]+/file/validation
Authorization: OAuth
oauth_signature="eWr32NfsnxEN%2FUiNX3ntaRvJPWKV6p0sqcy%2F5EiEgSCQYm3%2Bm8MPPvr0
5EdoRwDsm%2Fu7iqg8BA5P40WHdq0TsOX8k6NbFjZwWXZuLv%2BkqRS6oFBJH0sL4ajdE%2BcevuJiR
M6wSZ1LLwCwniUE%2Fm81r%2F43KWQPIw7KGgUYDndz5T4%3D",oauth_body_hash="CWrePW5A%2B
KMde7DxI5mBpNVr%2Fok%3D",oauth_version="1.0",oauth_nonce="17157164231493",oauth
_signature_method="RSASHA1",oauth_consumer_key="ewdIBgRu1i6uCoFjuWGU4BNGDb0Udvh26N_mYah68efd62f9%2141
496b7a452f35764d715752755579436b70467871476f3d",oauth_timestamp="1432749165"
Signature Base String Example
POST&https%3A%2F%2Fapi.mastercard.com%2Fitf%2Fmasterpasspsp%2Fv6%2Fcheckoutproj
ect%2F285415568%2Ffile%2Fvalidation&oauth_body_hash%3DCWrePW5A%252BKMde7DxI5mBp
NVr%252Fok%253D%26oauth_consumer_key%3DewdIBgRu1i6uCoFjuWGU4BNGDb0Udvh26N_mYah6
8efd62f9%252141496b7a452f35764d715752755579436b70467871476f3d%26oauth_nonce%3D1
7157164231493%26oauth_signature_method%3DRSASHA1%26oauth_timestamp%3D1432749165%26oauth_version%3D1.0
Merchant Upload Validation Request Sample
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MerchantUpload>
<Merchant>
<SPMerchantId>STGQA09</SPMerchantId>
<Action>C</Action>
<CheckoutBrand>
<Name>STGQA09</Name>
<DisplayName>STGQA09</DisplayName>
<ProductionUrl>https://STGQA09.com</ProductionUrl>
<SandboxUrl>https://STGQA09.com</SandboxUrl>
<LogoUrl>http://www.mastercard.us/_globalAssets/img/nav/navl_logo_mastercardcom.png</LogoUrl>
</CheckoutBrand>
113
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
</Merchant>
</MerchantUpload>
Merchant Upload Validation Response Sample
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ValidateFileResponse>
<ValidatedMerchant>
<MerchantId>STGQA09</MerchantId>
<ErrorText>VBMU0140: merchantId already exists for serviceProviderId=285415466
and spMerchantId=STGQA09</ErrorText>
</ValidatedMerchant>
</ValidateFileResponse>
3DS Status
Service Providers can include Advanced Authentication information as an XML element during the File- and
API-Based Merchant Onboarding processes. This is done using the <MerchantAcquirer> element as
detailed starting on Page 75.
MasterCard uses a Third Party, Cardinal Commerce, to act as a Merchant Plug In (MPI) for the 3DS step-up
process. When used, 3DS will run for all checkout transactions for the appropriate card brand. Where
available, 3DS may be opted into for MasterCard, Maestro, and Visa only.
Once the File- or API-Based Merchant Onboarding process has been completed for a merchant, the Service
Provider can check on the 3DS status of the uploaded merchant.
The possible 3DS statuses are as follows:
•
•
•
•
NOTSUBMITTED: Merchant’s acquirer information has not been submitted to Cardinal Commerce
SUBMITTED: Merchant’s acquirer information has been submitted to Cardinal Commerce
ACTIVE: The Merchant has been successfully registered in the Cardinal Commerce system, and
the acquirer is participating. You are ready to process 3DS production transactions
ACQUIRERNOTPARTICIPATING: The acquirer ID (BIN) used in the merchant registration is not
valid. Upon receiving this message, contact the implementation manager assigned to work with
you on this implementation. If you don’t have an assigned implementation manager, send an
email—with the information listed in the Support section—to
[email protected].
An uploaded Merchant 3DS status can be checked in one of two ways:
114
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
1)
The Service Provider developer can click on the “Download Result File” button located with the
Checkout Project used to upload the Merchant.
The result file will show the current status of each Acquirer for the Merchant that was uploaded:
2)
The Service Provider developer can use the “Search” button found at the top of the Checkout
Project page:
When the Search Bar pops up, enter the SPMerchantID of the uploaded merchant:
115
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
The Search output will display the current 3DS status for the Merchant:
Developer Zone Key Renewal Process
Login to MasterCard’s Developer Zone (https://developer.mastercard.com), click My Account, then My
Dashboard.
116
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
On the My Dashboard page, click My Keys button, select the key you want to renew and then click on
Renew Key button.
In order to renew the API Key, you need to supply a PEM encoded Certificate Request File. Choose the file,
and click Submit. Notice the updated Key ID expiry date.
117
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
NOTE: If the CSR file is different than the CSR that was originally submitted when you created the key,
make sure that your application is using the correct key store (.p12), otherwise calls to MasterPass services
will fail.
Developer Zone Key Tool Utility
From the Add a Key screen, click Click Here, to launch the Key Tool utility.
Click on “Generate Keys and CSR” and then click on “Save to Files”. Next screen will prompt you to select
the password.
Choose the folder where you want to save the files. This utility will create the PEM and p12 file.
118
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
3DS Overview
Service Description
™
When enrolling for MasterPass, a merchant selects either Basic Checkout services, or Advanced Checkout
™
payer authentication services. Basic Checkout is already offered with the core MasterPass offering, and
facilitates a simple checkout experience. Advanced Checkout provides merchants a payer authentication
service to enable a merchant to authenticate its transactions with the issuer of the applicable card account
®
leveraging the 3D Secure protocol provided through the MasterCard SecureCode or Verified by Visa
programs (collectively, the “Programs”).
Merchants have two authentication options to choose from when implementing “Buy with MasterPass”
Button:
™
Basic Checkout: A simple checkout experience where a consumer logs in to their MasterPass wallet and
selects their payment method for use at the merchant site. The payment method will be returned to the
merchant for checkout completion.
»
No additional enrollment steps are required for merchant integration with Basic Checkout as it is part of
™
the core MasterPass Online services.
Advanced Checkout: When this option is selected by a merchant, Advanced Checkout will, on behalf of a
®
™
merchant, attempt authentication leveraging the MasterCard SecureCode or Verified by Visa protocols,
™
depending on the card selected by the consumer in connection with the purchase. At this time, MasterPass
supports only the brands included here. A merchant may choose this service for each supported card brand
offered, such as MasterCard cards, or Visa cards, or for both.
Before ‘Advanced Checkout’ is selected, a merchant must take the following actions:
»
»
»
»
»
®
™
A merchant must first be enrolled in the MasterCard SecureCode and/or Verified by Visa program, as
applicable, directly with their Acquirer. Merchants should contact their Acquirer in connection with any
such enrollment(s).
™
Merchant must, in connection with their MasterPass enrollment and Advanced Checkout opt-in,
provide the applicable Acquiring Merchant ID and Acquirer ID (BIN) for the appropriate card brand. In
connection with their Acquirer enrollment, merchants must also provide the Acquiring Merchant ID and
Acquirer ID (BIN) for each currency processed (dependent on the applicable Acquirer’s processing
requirements). Once submitted, it will take 5 business days to complete setup.
The merchant is responsible for providing accurate Acquirer data to MasterCard in connection with their
™
MasterPass enrollment and for updating such information on a timely basis should it change.
Providing accurate enrollment data to MasterCard is critical and required—without it, the merchant most
likely cannot receive the benefits of the Advanced Checkout service or of the associated Programs.
The merchant is responsible for submitting correctly formatted authorization and clearing ecommerce
®
™
values to their payment processor to indicate use of the MasterCard SecureCode or Verified by Visa
as defined by the Programs, respectively. Specifically, ECI and CAVV (if present) must be amended to
the Authorization request.
119
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
General Overview of Transaction Authentication
®
™
The MasterCard SecureCode and Verified by Visa payer authentication programs (also, “Programs”) are
based on the 3-D Secure Protocol.
Service Process Flow for Merchant who Select Advanced Checkout
™
1. Consumer shops online at merchant website and selects the MasterPass Checkout Button to pay.
2. The consumer logs into their wallet to access payment and shipping information.
3. The consumer selects their MasterCard, Maestro or Visa Card for a payment.
™
4. Based on the payment information provided, the MasterPass system receives a cmpi_lookup message
in order to check the card participation in the applicable card issuer’s payer authentication.
5. Based on the response, the status of the consumer’s participation in the applicable Program will be
identified. The three responses include an enrolled, not enrolled, and unavailable for authentication.
6. A. If the card is not enrolled or unavailable, there will be no consumer interaction with their issuing bank
™
and the applicable consumer’s MasterPass Wallet
™
a) Data will be returned to the merchant via MasterPass indicating that the merchant attempted to
authenticate the consumer with the issuer. The merchant will need to pass these data elements in
the authorization request, specifically the ECI value.
6. B. If the response is the consumer is enrolled in the applicable Program, the consumer will have an
interaction with their issuing bank. Below are the four consumer experiences that can occur. This is
™
controlled only by the card issuer and not the bank providing the MasterPass Wallet service.
b) Consumer enters issuer challenge
c) Consumer is asked to Activate their card for 3-D Secure
d) Attempts (Visa US only scenario)
Risk Based
Data will be returned indicating that the merchant attempted to authenticate the consumer with the
issuer, the merchant will need to pass these data elements in the authorization request, specifically
the ECI value, and AAV or CAVV.
7. The issuing bank encrypts the results of authentication between the consumer and their issuing bank
and returns this value to MasterPass.
8. MasterCard will receive a response indicating the result of authentication between the consumer and
their Issuing Bank. Below are the scenarios that can occur.
a) Consumer Fully Authenticates
b) Consumer Attempted Authentication (Prompted for Activation During Shopping and did Not Activate
their Card)
c) Failed Authentication
d) Issuing bank Unavailable
e) Attempts/Risk Based Authentication
9. Based on the Authentication response from Cardinal, MasterCard will prompt the consumer for another
form of payment or send back the authentication details to the Merchant for processing of the
transaction.
120
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
10. The authentication data sent back will be:
a) AAV (Accountholder Authentication Value): This value is generated by the issuer and presented to
the merchant for placement in the authorization request upon successful authentication of the
consumer
b) Authentication Method Used - Value should be created by Wallet for merchant to receive (Initial
possible values: "merchant only"; "3DS")
c) Card Enrollment status - Value should be created by Wallet for merchant to receive (Initial possible
values: "manual" ; "directly provisioned"; "3DS manual")
d) ECI (electronic commerce indicator) Flag
e) Pa Res Status
f) Secure Code Enrollment Status
g) Signature Verification
h) SLI (SecureCode Level Indicator)
11. Specifically the CAVV and the ECI value must be amended to the authorization in clearing messages in
accordance with program rules.
Important Merchant Information
MasterCard does not represent or warrant that the Advanced Checkout service referenced herein is free
from defects and mistakes and provides the service on an “as is” basis. No particular results are promised or
assured. Merchant expressly assumes all risk for the use of the Advanced Checkout service. MasterCard, at
all times, and in its sole discretion, reserves the right to begin and stop supporting any particular brand,
service and/or type of payment transaction.
Merchant indemnifies and holds harmless MasterCard from and against any claim, demand, loss, cost, or
expense arising from or relating to use of the Advanced Checkout services. MasterCard expressly disclaims
any responsibility with regard to the acts or omissions of any Merchant or other person in regard to its
™
compliance with applicable law or regulation. The signing or electronic signature of the MasterPass
™
Merchant Terms of Use for MasterPass services inclusive of Advanced Checkout, and the submission of
any other forms related thereto, including the Information Sheet referenced above, indicates that the
Merchant understands and agrees to the terms and conditions set forth herein. Merchant acknowledges that
its acceptance of these terms and conditions is relied upon by MasterCard in permitting the Merchant’s
™
participation in MasterPass and Advanced Checkout.
Validation Error Messages
The following table contains the error messages resulting from business validations. if there are any schema
errors in the file, they must be resolved first before the file can be validated for business rules.
Error Codes
Description
Sample Error Message
VBMU0100
Validate that a provided checkout brand data
element exists.
VBMU0100: minimum of one checkoutBrand
required : merchant-spMerchantId=STGQA09
VBMU0101
Validate that a merchant with action code “C” does
not include any brandings with checkout
identifiers.
VBMU0101: checkoutBrand cannot include
checkout identifiers on create :
checkoutId=a4a6w4vnkdeazi6c6ynxk1i6cdd6e2aki
VBMU0102
Validate that a provided checkout identifier exists
when using Action Code “U” within CheckoutBrand
VBMU0102: checkoutBrand does not exist :
121
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
data element.
checkoutId=a4d6x344fquvhi8ix0v6n1i8udwvar1zv6
VBMU0110
For Merchant Action Code “U” and Merchant
Acquirer Action Code “C," validate the merchant
acquirer doesn’t exist in Cardinal Commerce.
VBMU0110: invalid merchant acquirer actionCode
during create : actionCode=U
VBMU0111
For Merchant Action Code “U” and Merchant
Acquirer Action Codes “U” or “D," validate the
merchant acquirer does exist in Cardinal
Commerce.
VBMU0111: invalid merchant acquirer action code:
U or D
VBMU0112
Validate Profile data element exists in the
MerchantUpload XML file.
VBMU0112: merchant create requires profile for
spMerchantId=STGQA09
VBMU0120
Validate Reward Program Name is Unique.
VBMU0120: reward program name must be
unique: RAMAQA312, spMerchantId=STGQA09
VBMU0121
Validate Reward Program ID is Unique.
VBMU0121: reward program id must be unique:
RAMAQA312, spMerchantId=STGQA09
VBMU0130
Validate a Merchant Acquirer is provisioned in
Cardinal for a specified CardBrand.
VBMU0130: no merchant acquirer for cardbrand
type=MAESTRO
VBMU0140
Validate SPMerchantID is Unique when applying
Merchant Action Code of “C.”
VBMU0140: merchantId already exists for
serviceProviderId=305960760 and
spMerchantId=STGQA03
VBMU0141
Validate Merchant Acquirer ID is unique when
applying Merchant Action Code of “C.”
VBMU0141: invalid merchant acquirer
actionCode=C : acquirer record already exists :
acquirerId=523078 assignedMerchantId=001test
cardBrand=MASTER_CARD currencyCode=EUR
VBMU0142
Validate Merchant Acquirer ID exists in Cardinal
Commerce.
VBMU0142: acquirer id does not exist :
id=88848888, cardBrand=MASTER_CARD
VBMU0150
Validate SPMerchantID exists for Merchant Action
Codes "U" or "D".
VBMU0150: merchant not found for update or
delete
VBMU0160
Validate the SPMerchantID is alphanumeric and
less than 25 characters.
VBMU0160: invalid
assignedMerchantId=STGAPI21_******5681M,
must be alpha-numeric and less than 25
characters in length
VBMU0170
Validate the Merchant Acquirer CurrencyCode is
supported by Cardinal Commerce.
VBMU0170: unsupported currency code : USD
VBMU0171
Validate two merchant acquirers of the same
CardBrand are not configured to support the same
currency by Cardinal Commerce.
VBMU0171: acquirer card brand currency code
pairing must be unique
Validation Error Message Sample
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ValidateFileResponse>
<ValidatedMerchant>
<MerchantId>584RAMAKOTI07</MerchantId>
122
™
MasterPass Service Provider Onboarding & Integration Guide—
File- and API-Based Merchant Onboarding
<ErrorText>VBMU0140: merchantId already exists for serviceProviderId=5 and
spMerchantId=584RAMAKOTI07</ErrorText>
</ValidatedMerchant>
</ValidateFileResponse>
© 2014–2015 MasterCard. Proprietary and Confidential. All rights reserved.
123