# Authenticated Payment
Authenticated payment refers to a payment process where the payer's identity and authorization are verified before the transaction is completed. This type of payment typically involves an additional layer of security to ensure that the person making the payment is the rightful owner of the account or card being used.
Depending on the authentication method used, the payer may be redirected to their bank's website or app to provide additional verification, such as a one-time password (OTP), biometric authentication, or other forms of identity confirmation.
TIP
Call the Payment endpoint to authorize a payment
# Example using full card details
Request example
- Shell
- JavaScript
curl -X POST \
http://api.ompay.com/v1/merchants/w3z8dfhkzvfq0j9n/payment \
-H 'authorization: Basic ODZidWQ0Y2JremlxOXZmYzoweHI1ZDkwOHo2bmo4a2h6' \
-H 'content-type: application/json' \
-d '{
"intent":"sale"
,"payer":{
"payment_type":"CC"
,"funding_instrument":{
"credit_card":{
"number":"4644260581661836"
,"expire_month":04
,"expire_year":2025
,"cvv2":"400"
,"name":"Avish Testing"
}
}
,"payer_info":{
"email":"sda@gmail.com",
"name": "assd",
"billing_address":{
"line1":"18 Avenue"
,"line2":"cassidy"
,"city":"Rose-Hill"
,"country_code":"mu"
,"postal_code":"72101"
,"state":""
,"phone":{
"country_code":"230"
,"number":"57976041"
}
}
}
}
,"payee":{
"email":"mail@test.com"
}
,"transaction":{
"type": "1",
"amount":{
"currency":"OMR",
"total":"10"
}
,"invoice_number":"123455"
}
}'
Response example
{
"id": "35ZQXK7H9YRD17JI6DNU",
"reference_id": "13YD2H7CUYHRH7QU09Z6",
"state": "pending",
"result": {
"authorisation_code": "00000",
"redirect_url": "https://api.ompay.com/v1/redirect/06a7fbfcacad4290b854597dc442138f",
"authenticate_url": "https://api.ompay.com/v1/authenticate/06a7fbfcacad4290b854597dc442138f",
"code": "1007",
"description": "Redirect"
},
"intent": "SALE",
"payer": {
"payment_type": "CC",
"funding_instrument": {
"credit_card": {
"id": "9c22d208-4e25-47f8-8d32-c0e6d97c17c2",
"type": "Visa",
"expire_month": 12,
"expire_year": 2020,
"name": "Tom Hanks",
"cvv_check": "Y",
"avs_check": "S",
"last4": "4821",
"bin": "400552",
"is_default": true,
"bin_data": {
"bin": "400552",
"country_code": "MU",
"country_name": "Mauritius",
"bank_name": "MCB",
"card_scheme": "Visa",
"card_type": "Credit",
"card_category": "1"
}
}
},
"payer_info": {
"id": "0f053a05-9fa2-49a1-871f-3098e4b114e2",
"email": "TomHanks@gmail.com",
"name": "Tom Hanks",
"billing_address": {
"phone": {
"country_code": "230",
"number": "57976041"
},
"line1": "18 Avenue",
"line2": "cassidy",
"city": "Rose-Hill",
"country_code": "MU",
"postal_code": "72101",
"state": ""
}
}
},
"transaction": {
"amount": {
"currency": "OMR",
"total": "3"
},
"type": "1",
"mode": "1",
"items": [
{
"sku": "100299S",
"name": "Ultrawatch",
"description": "Smart watch",
"quantity": "1",
"price": "500",
"shipping": "",
"url": ""
},
{
"sku": "100269S",
"name": "Drone",
"description": "drone x",
"quantity": "1",
"price": "500",
"shipping": "",
"url": ""
}
],
"shipping_address": {
"recipient_name": "Tom Hanks",
"phone": {}
},
"invoice_number": "123455"
},
"custom": {},
"delayed_capture_time": "2020-09-06T21:53:18Z",
"create_time": "2020-09-06T21:50:18Z",
"three_d": {}
}
TIP
Successful response will contain a redirect_url. You must redirect the customer to this URL in order to finalize the OTP flow.
# Authenticate the payment
For enhanced convenience, merchants have the option to capture One-Time Passwords (OTPs) directly through their own web forms. Rather than redirecting customers based on the redirect_url, merchants can integrate a customized web form on their website or application to securely collect OTPs. This feature allows for a seamless user experience while maintaining control over the authentication process. To do so use the following API endpoint.
WARNING
This flow will only work only if the aquirer is OmanNet
Request example
- Shell
- JavaScript
curl -X POST \
http://api.ompay.com/v1/authenticate/9c22d2084e2547f88d32c0e6d97c17c2 \
-H 'authorization: Basic ODZidWQ0Y2JremlxOXZmYzoweHI1ZDkwOHo2bmo4a2h6' \
-H 'content-type: application/json' \
-d '{
"reference_id":"13YD2H7CUYHRH7QU09Z6",
"otp": "111111"
}'
Response example
{
"id": "Y82J4Q7N32DQ070WN6DR",
"reference_id": "13YD2H7CUYHRH7QU09Z6",
"state": "captured",
"result": {
"authorisation_code": "999999",
"actions": {
"capture": {
"id": "Y82J4Q7N32DQ070WN6DR",
"state": "captured",
"code": "0000",
"message": "Approved"
},
"authorization": {
"id": "13YD2H7CUYHRH7QU09Z6",
"state": "authorised",
"code": "0000",
"message": "Approved"
}
},
"code": "0000",
"message": "Approved"
},
"payer": {
"payment_type": "CC",
"funding_instrument": {
"credit_card": {
"id": "fca5802b-1615-48c9-95e1-1005c61e878a",
"type": "Visa",
"expire_month": 4,
"expire_year": 2025,
"name": "Avish Testing",
"last4": "1836",
"bin": "464426",
"bin_data": {
"bin": "464426",
"country_code": "OM",
"country_name": "OMAN",
"bank_name": "BANK DHOFAR (S.A.O.G.)",
"card_scheme": "VISA",
"card_type": "DEBIT",
"card_category": "Consumer"
}
}
},
"payer_info": {
"id": "4b4ece0f-4dff-4f63-b39d-bc8bfbf636d7",
"email": "sda@gmail.com",
"name": "AvishTesting",
"billing_address": {
"phone": {
"country_code": "230",
"number": "57976041"
},
"line1": "18 Avenue",
"line2": "cassidy",
"city": "Rose-Hill",
"country_code": "MU",
"postal_code": "72101",
"state": ""
}
}
},
"transaction": {
"amount": {
"currency": "OMR",
"total": "10"
},
"type": "1",
"mode": "1",
"shipping_address": {
"phone": {}
},
"invoice_number": "123455"
},
"custom": {},
"risk_check": true,
"three_d": {},
"create_time": "2023-08-31T11:55:13Z"
}
# Request
Authenticate a sale using the OTP capture from the payer. Note that this url is retrieved from the initial payment call and is a one time use (once called the payment session will expire).
# Header parameters
The request require a Basic authentication in the header. For more information about HTTP request headers, see HTTP request headers.
# Request parameters
| Parameter | Type | Description |
|---|---|---|
| payment_session_id required | string | Identifier of the payment session |