Web Payments Integration Guide
membership is approved, typically within 2 business days, return to https //pay samsung com/developers, click sign in and enter your samsung account id and password for site access as a new member registering your domain for the w3c service your domain is the url associated with your website, whether in test or production the service type specifically associates w3c with your domain once you create the service, you will be prompted to configure the domain you want associated with it to create a new service go to my projects > service management and click create a new service select for test to define the service for initial integration with samsung pay, then click next select w3c mobile web payments as the service type and click next enter a service name and select “united states” as the service country select a payment gateway from the list of supported pgs if your payment gateway uses the network token mode, upload the certificate signing request csr you obtained from your pg supported formats are csr or pem contact your pg for details otherwise, key management is already established for pgs supporting samsung pay’s gateway token mode; hence, click connect with to create a new service connection with the pg and click ok enter the payment domain name s for your website in the service domain field and click add for example, if your domain is mywebstore com but the checkout page is hosted on the subdomain payments mywebstore com, you’ll need to enter payments mywebstore com as the service domain in the portal for each additional domain name, click add notewhen entering the domain name on the portal, do not include an https // prefix confirm your agreement with the terms and conditions, then click next adding w3c payment requests objects to your website in order to accept payments from samsung pay, your website must adhere to the w3c payment request api specification you can get started with the basics by completing the steps that follow and making the appropriate substitutions for your website step 1 feature detect prior making a w3c payment request, it’s wise to run a feature detect to ensure the browser in use supports the w3c payment request api if not, you should fall back to your traditional/normal checkout page example if window paymentrequest { // use payment request api } else { // fallback to traditional checkout window location href = ‘/checkout/traditional’; } step 2 create the paymentrequest constructor the first step is to create a paymentrequest object by calling the paymentrequest constructor, which has the following parameters methoddata – contains a list of payment methods that the website supports e g , visa, amex, samsung pay details – contains information about the shopping cart purchases e g , total, tax, fees, etc options – details pertaining to shipping address, user contact information, etc example var request = new paymentrequest methoddata, // required payment method data details, // required information about transaction options // optional parameter for things like shipping, etc ; step 3 add samsung pay to the methoddata parameter the methoddata parameter contains a list of payment methods supported by the merchant to support samsung pay, you’ll need to add it as a supported payment method notebasic-card is an optional supportedmethod for credit and debit cards saved in the browser, the card details of which are returned directly to the website from the browser before configuring this method, make sure your website and pg can handle generic payment information received from the browser and process with required pci compliance, if applicable see the [w3c basic card payment specification][7] for additional details be aware, however, that if you intend to support a branded samsung pay button, only samsung pay can be enabled as a payment method within the paymentrequest object; basic-card or any other payment method cannot be included if you already offer a generic payment request method, you can continue to do so — and include samsung pay as a payment method within that paymentrequest object from a user experience standpoint, the two distinct pathways look like this standard w3c implementation a standard w3c implementation adds samsung pay to your standard paymentrequest object as one of many supportedmethods available for user selection tapping checkout or its equivalent launches the standard browser payment sheet for user selection of the payment method and/or to add a debit/credit card to the list of options selecting samsung pay as the payment method and tapping pay launches the samsung pay payment sheet branded samsung pay implementation a branded implementation displays a "buy with samsung pay" button in place of your standard checkout button tapping the button will skip directly to the samsung pay payment sheet for authentication unless you specify paymentoptions if paymentoptions is not null, the browser payment sheet is launched see paymentoptions in step 7 for additional guidance first launching your website's checkout page is recommended for branded implementations this is because the samsung pay payment sheet only provides the user's billing address, which means your website will need to capture the user's preferred shipping address, where applicable for physical delivery of purchased goods if no shipping address and/or other options are needed, set the paymentoptions parameter to null as mentioned above, if you populate paymentoptions, the browser payment sheet is automatically launched keeping the foregoing implementations in mind, let's look at how to construct the methoddata argument for the network token mode and gateway token mode, respectively the fields in methoddata comprise supportedmethods – required; specifies https //spay samsung com/ i e , the samsung pay app and other methods suppored by your website data – values specific to the method; for samsung pay, these include version specifies the data structure being used by the merchant; should always be set to 1 until further notice required productid the service id obtained from the samsung pay partner portal required for partner verification; see step #8 under registering your domain for the w3c service merchantgatewayparameter this is the userid value registered with your pg required for gateway token mode in addition, userid should be set in the request parameter for mada token if a merchan request mada token, this field is mandatory as this filed should be included in the payload for mada token, there is a 15-character length limit paymentprotocol defaults to “protocol_3ds,” the only protocol currently supported by samsung pay optional allowedcardnetworks specifies the card brands/networks accepted by the merchant and supported by the pg required merchantname the name of the merchant to be displayed on the payment sheet; must be identical to the merchant name registered on the samsung pay partner portal required ordernumber unique value for merchant use as an external reference id optional isrecurring specifies transaction on subscription basis optional; default = false billingaddressrequired determines if a billing address must be filled-in by the user optional; default = false shown next are examples of the methoddata parameter for each of the supported token modes please note that samsung pay's w3c support for card brands is currently limited to mastercard, visa and american express discover is scheduled for support soon example – network token mode var methoddata = [ { supportedmethods ['https //spay samsung com'], data { 'version' '1', // always 1 until further notice 'productid' '2bc3e6da781e4e458b18bc', // service id from partner portal 'allowedcardnetworks' ['mastercard','visa'], 'merchantname' 'shop samsung demo ', // merchantname must be identical to merchant name on portal 'ordernumber' '1233123', } }] example – gateway token mode var methoddata = [ { supportedmethods ['https //spay samsung com'], data { 'version' '1', // always 1 until further notice 'productid' '7qr7h9ws1872bc3e6da781', // service id from partner portal 'merchantgatewayparameter' {"userid" "acct_ 17irf7f6ypzj7wor"}, 'allowedcardnetworks' ['mastercard','visa'], 'merchantname' 'shop samsung demo ', //merchantname must be identical with merchant name on portal 'ordernumber' '1233123', } }] step 4 fill out the transaction details parameter the details parameter contains information about the transaction there are two major components a total, which reflects the total amount and currency to be charged, and an optional set of displayitems that indicate how the final amount was calculated this parameter is not intended to be a line-item list, but is rather a summary of the order’s major components subtotal, discounts, tax, shipping costs, etc example var details = { displayitems [ { label "total of all items", amount { currency "usd", value "65 00" }, // us$65 00 }, { label "friends & family discount", amount { currency "usd", value "-10 00" }, // -us$10 00 pending true // the price is not yet determined } ], total { label "total", amount { currency "usd", value "55 00" }, // us$55 00 } } step 5 check eligibility to display samsung pay button if you do not support basic-card and you try to call show in step 6 when samsung pay or any other supportedmethod is not present on the device, the returned promise will reject with the following error domexception the payment method is not supported you can, however, check beforehand to see if the user has an available/supported method set up this is done with the canmakepayment method, which tells you whether the user has a payment method that can fulfill the current payment request example – canmakepayment const paymentrequest = new paymentrequest supportedpaymentmethods, transactiondetails, options ; // if canmakepayment isn’t available, default to assume the method is supported const canmakepaymentpromise = promise resolve true ; // feature detect canmakepayment if request canmakepayment { canmakepaymentpromise = paymentrequest canmakepayment ; } canmakepaymentpromise then result => { if !result { // the user does not have a supported payment method // todo redirect to traditional checkout flow return; } // todo the user has a payment - call show } catch err => { // todo either fall back to traditional checkout or call show } ; notebranded samsung pay buttons can be found on the [samsung pay developers][8] portal under the resources tab direct cdn links will be available soon step 6 call the show method to display the payment sheet the payment sheet can be activated by calling its show method this method invokes the browser’s native ui so the user can examine the details of the purchase, add or change the information, and submit it for payment a promise, indicated by its then method and callback function, resolves what will be returned when the user accepts or rejects the payment request example – show request show then function paymentresponse { // process paymentresponse here paymentresponse complete "success" ; } catch function err { console error "uh oh, something bad happened", err message ; } ; step 7 handle the paymentresponse once the user approves the payment request by verifying the payment option and shipping option if provided , the show method’s promise resolves, resulting in a paymentresponse object comprised of the following fields methodname string indicating the chose payment method e g , visa details dictionary containing information for methodname shippingaddress shipping address of the user, if requested shippingoption id of the selected shipping option, if requested payeremail email address of the payer, if requested payerphone telephone number of the payer, if requested payername name of the payer, if requested here, it’s important to remember that the response from the payment request api must be submitted by the merchant in accordance with the pg’s integration model and apis in all cases, the samsung pay response is encapsulated within the paymentresponse details parameter, which comprises the following fields paymentcredential – contains the payment credential information necessary for processing the transaction with the pg in network token mode, this field includes 3ds data in gateway token mode, it includes token information network token mode type use “s” version 1 0 0; standard for payment authentication aka mastercard securecode, verified by visa, and american express safekey data encrypted payload value gateway token mode reference token id reference status authorized or rejected/declined billingaddress – contains the billing address and related attributes for the cardholder, possibly including country [iso3166] alpha-2 code; canonical form is upper case for example, “us” addressline[n] most specific part of the address; can include a street name, a house number, apartment number, a rural delivery route, descriptive instructions, or a post office box number region top level administrative subdivision of the country; can be a state, a province, an oblast, or a prefecture city city/town portion of the address dependentlocality dependent locality or sub-locality within a city; fused for neighborhoods, boroughs, districts, or uk dependent localities postalcode postal code or zip code, also known as pin code in india sortingcode bank sorting code; for example, in the british and irish banking industries, the sort code is a six-digit number, is usually formatted as three pairs of numbers, for example 12-34-56, identifying both the bank and the branch where the account is held languagecode [bcp47] language tag for the address, in canonical form; used to determine the field separators and the order of fields when formatting the address for display organization organization, firm, company, or institution at this address recipient name of the recipient or contact person this member may, under certain circumstances, contain multiline information; for example, it might contain “care of” information phone telephone number of the recipient or contact person paymentinfo – contains the payment information, including card_last4digits last four digits of the card’s dpan cardbrand currently, either mastercard or visa ordernumber merchant’s unique external reference id supplied in the original request’s methoddata parameter if the user pays with a credit card using the basic-card method, then the details response returned directly to your website from the browser will contain cardholdername, cardnumber, expirymonth, expiryyear, cardsecuritycode, billingaddress example request show then paymentresponse => { var paymentdata = { // payment method string, e g “amex” method paymentresponse methodname, // payment details contains payment information details paymentresponse details /* request details depends on pg token mode network - e g , first data; or gateway - e g , stripe ---------------------------------------------------------|------------------------------------------------------| * gateway token mode |* network token mode | * “details” { |* “details { | * “paymentcredential” { |* “method” “3ds”, | * “reference” “tok_1asceoyf6ypzj7f8se6grp0i”, |* “paymentcredential” { | * “status” “authorized” |* “type” “s”, | * }, |* “version” “100”, | * |* “data” “long_encrypted_payload_value”, | * |* }, | *--------------------------------------------------------|------------------------------------------------------| * “paymentinfo” { * “card_last4digits” “1489”, * “cardbrand” “mastercard”, * “ordernumber” “1233123”, * “billingaddress” { * “country” “usa”, * “addressline” [“chhccy”, “hdyxych”], * “region” “ca”, * “city” “mountain view”, * “dependentlocality” “”, * “postalcode” “94043”, * “sortingcode” “”, * “languagecode” “en”, * “organization” “”, * “recipient” “”, * “phone” “” * } * } * } * */ }; return fetch ‘/validatepayment’, { method ‘post’, headers { ‘content-type’ ‘application/json’ }, body json stringify paymentdata } then res => { if res status === 200 { return res json ; } else { throw ‘payment error’; } } then res => { paymentresponse complete “success” ; }, err => { paymentresponse complete “fail” ; } ; } catch err => { console error “error, something went wrong”, err message ; } ; once payment information is received from samsung pay, the website should submit the payment information to the merchant’s pg for transaction processing the ui will show a spinner while the request takes place when a response is received, the website should call complete to close the ui the website is then free to show an order complete or order confirmation page for user feedback as previously mentioned, you can simplify integration of network tokens by passing the encrypted payload directly to your pg and letting it handle decryption in all cases, how you handle a submitted network token depends on the payment gateway refer to your particular pg’s documentation for details paymentoptions is an optional parameter in thepaymentrequest constructor depending on your particular requirements, you may want additional information, such as the user’s shipping address for physical goods purchased and contact details for guest users paymentoptions currently comprises the following requestpayername true if payer name is required; otherwise, false requestpayeremail true if payer email address is required; otherwise, false requestpayerphone true if payer telephone number is required; otherwise, false requestshipping true if shipping address is required; otherwise, false shippingtype available label options “shipping/pickup/delivery” for indicating to user; solely for display purposes example var options = { requestpayeremail false, requestpayername true, requestpayerphone false, requestshipping true, shippingtype "delivery" } noteif any of the elements listed above are set to true, the browser payment sheet is launched; otherwise, the samsung pay payment sheet is displayed putting it all together let’s assemble the various code blocks into a prototype to demonstrate the w3c payment request api in action function onbuyclicked { const samsung_pay = 'https //spay samsung com'; if !window paymentrequest { // paymentrequest api is not available - forwarding to legacy form based experience location href = '/checkout'; } // setup var supportedinstruments = [{ supportedmethods [ samsung_pay ], // 'https //spay samsung com' data { "version" "1", "productid" "2bc3e6da781e4e458b18bc", //service id from partner portal "allowedcardnetworks" ['mastercard','visa'], "ordernumber" "1233123", "merchantname" "shop samsung demo ", //merchant name in partner portal "merchantgatewayparameter" {"userid" "acct_17irf7f6ypzj7wor"}, "isrecurring" false, "billingaddressrequired" false, "paymentprotocol" "protocol_3ds" } }]; var details = { displayitems [{ label 'original donation amount', amount { currency 'usd', value '65 00' } }, { label 'friends and family discount', amount { currency 'usd', value '-10 00' } }], total { label 'total due', amount { currency 'usd', value '55 00' } }; var options = { requestshipping true, requestpayeremail true, requestpayerphone true, requestpayername true }; // initialization var request = new paymentrequest supportedinstruments, details, options ; // when user selects a shipping address request addeventlistener 'shippingaddresschange', e => { e updatewith details, addr => { var shippingoption = { id '', label '', amount { currency ‘usd’, value ‘0 00’ }, selected true}; // shipping to us is supported if addr country === 'us' { shippingoption id = 'us'; shippingoption label = 'standard shipping in us'; shippingoption amount value = '0 00'; details total amount value = '55 00'; // shipping to jp is supported } else if addr country === 'jp' { shippingoption id = 'jp'; shippingoption label = 'international shipping'; shippingoption amount value = '10 00'; details total amount value = '65 00'; // shipping to elsewhere is unsupported } else { // empty array indicates rejection of the address details shippingoptions = []; return promise resolve details ; { // hardcoded for simplicity if details displayitems length === 2 { details displayitems[2] = shippingoption; } else { details displayitems push shippingoption ; } details shippingoptions = [shippingoption]; return promise resolve details ; } details, request shippingaddress ; } ; // when user selects a shipping option request addeventlistener 'shippingoptionchange', e => { e updatewith details => { // there should be only one option do nothing return promise resolve details ; } details ; } ; // show ui then continue with user payment info request show then result => { // post the result to the server return fetch '/pay', { method 'post', credentials ‘include’, headers { 'content-type' 'application/json' }, body json stringify result tojson } then res => { // only if successful if res status === 200 { return res json ; } else { throw 'failure'; } } then response => { // you should have received a json object if response success == true { return result complete 'success' ; } else { return result complete 'fail' ; } } then => { console log 'thank you!', result shippingaddress tojson , result methodname, result details tojson ; } catch => { return result complete 'fail' ; } ; } catch function err { console error 'uh oh, something bad happened ' + err message ; } ; } document queryselector '#start' addeventlistener 'click', onbuyclicked ; refer to the official w3c integration specs for additional details and definition testing once you have the code saved and loaded, you’re ready to test be sure to test your website or test domain on a device running samsung internet browser and with the samsung pay wallet app already set up and ready to go in accordance with the prerequisites cited above if you use a separate subdomain for your test environment, be sure to add it as an eligible service domain for the service you configured under registering your domain for the w3c service remember that any/all subdomains for production must also be added to the service, up to a maximum of 10 service domains again, please note that samsung pay’s webpay api currently supports mastercard and visa only support for american express and discover is under development and will be available soon be sure to test using the samsung internet and chrome mobile browser apps to test select samsung pay as the payment method by clicking on the branded samsung pay button branded implementations or the samsung pay radio button standard w3c implementations this should launch the samsung pay payment sheet authenticate payment validate your results end to end isolate issues in the log, debug, and test again contact your samsung pay rm to coordinate assistance with troubleshooting recommended test cases check if the samsung pay is available in the payment option on the website verify samsung pay logo on browser sheet verify order summary on the payment sheet verify “edit” and “pay” buttons on payment sheet verify purchased item in the summary verify the billing address on the payment sheet change the billing address try to change the card in payment sheet when only one card is enrolled in samsung pay try to change the card when multiple cards is enrolled in samsung pay verify the payment amount verify the payment options verify the payment completion screen verify merchant name on the payment sheet verify merchant domain name on the payments sheet verify “cancel” and “pay” buttons on browser sheet try to make payment with large amount larger than max allowed amount and verify the behavior make a payment using samsung pay with a card already added for the merchant’s website basic-card verify transaction notification after w3c purchase verify transaction notification after refund set payment options for shipping address and verify that browser payment sheet launches and captures shipping address input/changes by user verify that the shipping cost is updated based on a shipping address change and is reflected in the updated total amount release once your tests are successful and you are satisfied with the results, take the following steps to ready your integrated with samsung pay website for release go to the samsung pay developers portaland create a new release service sharing identical attributes with the service you successfully tested a click on service management, then click create new service b select for release pictured , then click next c select w3c mobile web payments as the service type, then click next d enter a "release" service name and select "united states" as the service country e select united states as the service country f select your payment gateway from the drop-down menu, then click connect with for gateway token mode or provide a valid csr for network token mode g enter your service domain and click add for each additional domain name, click add remember, when entering domain names on the portal, do not include a "https"//" prefix h confirm your agreement with the terms and conditions, then click next retrieve the service id from the service details page and enter copy-paste it into your website's methoddata object in place of the current testing service id when your service is approved by your samsung pay rm — as indicated in the status column of your service management dashboard — you're ready to release your integrated website to the public send queries concerning service package approval to webpayment@samsungpay com