Network and gateway tokens

To complete the payment, your designated payment gateway (PG) handles one of 2 types of tokens: network tokens with a direct merchant server-to-PG connection or gateway tokens with an indirect connection through the Samsung PG Interface server. Samsung Pay supports both token types, so you must check with your PG which token type they use.

The essential difference between the token types is who decrypts the token information: network tokens require that the merchant app handles decryption of the token bundle or work with the PG to handle decryption, whereas gateway token decryption is handled by the PG via the Samsung PG Interface server.

Network token mode (direct)

The following figure illustrates the handling of a network token.

During Samsung Pay onboarding, the certificate signing request (CSR) you have provided when creating your service has originated from your PG. When Samsung Pay encrypts the payment information into a network token, your PG has the private key to decrypt it.

Network token flow

  1. The customer selects Samsung Pay as the payment method during checkout in your app and Samsung Pay requests partner verification from the Samsung Pay Online Payment server.
  2. Encrypted payment information (network token) is passed from Samsung Pay to the PG through your app using the PG SDK.
  3. Applying the private key, the PG decrypts the payment information structure and processes the payment through the acquirer.
  4. Upon receiving authorization or rejection, the PG notifies your app through its PG SDK.

Gateway token mode (indirect)

The following figure illustrates the handling of a gateway token.

Gateway token flow

  1. The customer selects Samsung Pay as the payment method during checkout in your app and Samsung Pay requests partner verification from the Samsung Pay Online Payment server.
  2. Encrypted payment information (gateway token) and the merchant ID are passed from Samsung Pay to the Samsung PG Interface server.
  3. The Samsung PG Interface server sends a transaction authorization request to the PG on behalf of the merchant. The PG authenticates the merchant ID before generating a transaction reference ID.
  4. The reference ID is passed to the merchant from the PG through the Samsung PG Interface server.
  5. Your app passes the reference ID to the PG for payment process execution.
  6. The PG continues payment processing through the acquirer.
  7. Upon receiving authorization or rejection, the PG notifies your app.