Payment Gateway API¶
This section describes how to make standalone payments using our payment gateway.
Creating a Payment Session¶
For every payment you wish to make you need to create a payment session first. A payment session contains payment information such as the paid amount or merchant reference. A session represents a time window for making a payment up to 24 hours from the time of its creation.
To create a session use the newPaymentSession mutation:
Parameter |
Description |
|---|---|
amount |
The amount the customer pays in minor units. So 100,56 kr would be 10056. |
currency |
The currency the amount is in. If left out, it is set to the merchant’s default currency. Some payment methods are only available for certain currencies, check the corresponding payment method’s documentation. |
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
merchantReference |
Merchant’s own internal reference that may help the merchant in identifying this payment. These have to be globally unique but they should be reused for retrying a payment. |
merchantReference2 (Optional) |
An optional additonal Merchant’s own internal reference that may help the merchant in identifying this payment. No uniqueness check is enforced on these references. Can be upto 1000 characters in length. |
preferredGateway (Optional) |
An optional gateway value that decides which gateway to be used to process this payment. Currently the only supported value is: |
message |
A message to show to the customer on their payment screen. It could be an order id or a reference. |
expiresAt |
The latest point in time (ISO8601) that the session is usable at. Must be between 0 and 24 hours into the future. |
allowExecutionDate |
A boolean value, controls whether an execution date can be chosen for a payment in this session (e.g. for bank transfer payments) |
additionalData (Optional) |
Extra information about a customer making the payment. Fields:
|
The token in the response can be now be used to make payments. See Authentication on how to use the token in your requests.
Avoiding Duplicate Payments¶
Typically, if you reuse the same payment session token across multiple attempts in combination with our payment SDKs, duplicate payments are automatically avoided. However, if you are using the payment gateway API directly or use a different payment session for each payment attempt, you need to take care of this yourself.
For this purpose, we have an additional mutation newPaymentSessionWithReferenceCheck that will check if a payment session with the same merchantReference already exists.
If it does, it will return the token of the existing session. Otherwise, it will create a new one. Additionally, it will return the paymentId of any successful payment
done within an existing session for the same merchantReference. This way you can avoid duplicate payments.
If the currency or amount fields are different from any existing session matching the merchantReference, it will return a new session. It is assumed that the shopping cart
has changed and a different session is required.
To create a session with a merchant reference check, use the newPaymentSessionWithReferenceCheck mutation:
Parameter |
Description |
|---|---|
amount |
The amount the customer pays in minor units. So 100,56 kr would be 10056. |
currency |
The currency the amount is in. Some payment methods are only available for certain currencies, check the corresponding payment method’s documentation. |
country |
The country the money is being received. |
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
merchantReference |
Merchant’s own internal reference that may help the merchant in identifying this payment. This is the field that will be used for finding existing sessions. |
merchantReference2 (Optional) |
An optional additonal Merchant’s own internal reference that may help the merchant in identifying this payment. No uniqueness check is enforced on these references. Can be upto 1000 characters in length. |
preferredGateway (Optional) |
An optional gateway value that decides which gateway to be used to process this payment. Currently the only supported value is: |
message |
A message to show to the customer on their payment screen. It could be an order id or a reference. |
expiresAt |
The latest point in time (ISO8601) that the session is usable at. Must be between 0 and 24 hours into the future. |
allowExecutionDate |
A boolean value, controls whether an execution date can be chosen for a payment in this session (e.g. for bank transfer payments) |
additionalData (Optional) |
Extra information about a customer making the payment. Fields:
|
The token in the response can be now be used to make payments. See Authentication on how to use the token in your requests.
Swish¶
Parameter |
Description |
|---|---|
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
flow |
Set to |
returnUrl |
The url to redirect to after the payment is done. |
Credit Card¶
Parameter |
Description |
|---|---|
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
returnUrl |
The url to redirect to after the payment is done. |
MobilePay¶
Mobilepay is currently only supported for sessions in Danish Krone. Set the currency to "DKK" in newPaymentSession to get a token that can be used for Mobilepay.
Parameter |
Description |
|---|---|
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
returnUrl |
The url to redirect to after the payment is done. |
Vipps¶
Vipps is only supported for sessions in Norwegian Krone. Set the currency to "NOK" in newPaymentSession to get a token that can be used for Vipps.
Parameter |
Description |
|---|---|
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
returnUrl |
The url to redirect to after the payment is done. |
Przelewy24¶
Przelewy24(P24) is currently only supported for sessions in Polish Zloty. Set the currency to PLN and country to PL when creating a payment session to get a token that can be used for P24.
Note that for processing Przelewy24 payments, it is mandatory to pass additionalData.name in the newPaymentSession or newPaymentSessionWithReferenceCheck mutation when you start a payment.
Parameter |
Description |
|---|---|
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
returnUrl |
The url to redirect to after the payment is done. |
Bank Transfer¶
Parameter |
Description |
|---|---|
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
returnUrl |
The url to redirect from the bank after the payment is done. |
merchantReturnUrl |
Merchant’s url to redirect to when using the payment component |
aspspId |
Id of the bank customer chose |
requestRedirectState |
State string passed in the query param of returnUrl |
PayPal¶
PayPal is currently supported via onboarding merchants on our platform with your PayPal accounts. Note that for processing PayPal payments, it is mandatory to pass additionalData.shippingAddress and additionalData.orderLines in the newPaymentSession or newPaymentSessionWithReferenceCheck mutation when you start a payment.
Parameter |
Description |
|---|---|
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
returnUrl |
The url to redirect to after the payment is done. |
Once the payment is approved using the PayPal SDK or PayPal payment URL, you can capture the funds. This is handled automatically in our payment SDKs and in the backend. The mutation is provided as a way for instant payment completions if you are using the payment gateway API directly.
Parameter |
Description |
|---|---|
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
paymentId |
The |
Things to keep in mind¶
Within a payment session, when there’s already a paid or authorized payment, initiating a new payment with a different payment method
will result in the waitToken of the paid or authorized payment. This way users don’t end up paying twice in the same session.
Likewise, if there’s an existing payment P1 for a payment method PM1 and there’s an attempt to create another payment P2 using the same payment method PM1
using the same parameters as P1, it will result in the waitToken of already created pending payment P1. To create a new payment, cancel the existing payment
first and create another one.
Getting Payment Request Status¶
Regardless of the payment method, payment request status can be queried from the following endpoint. This query is useful if you want an overall view of all the payment requests and their respective statuses associated with a payment. A user may cancel the payment request or it could fail due to a mistake or a timeout and so they may attempt to make the payment again. These attempts are all part of the same session and can be queried as follows:
If you are interested in only the latest payment request and its current status, you can use the following query:
The response will contain status information for on-going payments associated
with your API token. The data on this endpoint may be deleted after some time
so do not rely on it to query payment status. Use the wait token obtained from
creating the payment to find a specific payment request. After the payment is
complete with a PAID or AUTHORIZED status, the resultingPaymentId
field will contain the id of the resulting payment that can be used to query
payment information and to generate refunds.
Status |
Description |
|---|---|
PRE_FLIGHT_CHECK |
Payment is undergoing check |
INITIALIZING |
Payment is initialising |
WAITING_FOR_PAYMENT |
Payment is requested and waiting for confirmation |
FLOW_COMPLETED |
User has successfully completed the payment flow for a BANK_TRANSFER payment, wait for the payment to reach PAID state before shipping the order |
ACCEPTED |
Funds for a BANK_TRANSFER payment has been debited from the customer’s bank account, wait for the payment to reach PAID state before shipping the order |
AUTHORIZED |
Card payment is authorized, it will transition to PAID once all the money has been captured |
PARTIALLY_CAPTURED |
Some money from the payment has been captured and paid out, but not all of it |
CAPTURE_DECLINED |
The payment cannot be captured and is declined by the payment gateway. Any further attempts to capture are not allowed. |
PAID |
Payment is paid. |
ERROR |
Payment errored. |
DECLINED |
Payment was declined by the customer. |
CANCELLED |
Payment was cancelled. |
PROCESSING |
Payment is being processed. |
CANCELLING |
Attempting to cancel the payment. |
Getting Payment Status¶
Regardless of the payment method, payment status can be queried from the following endpoint:
The response will contain status information for all paid payments associated with your API token.
The refunds object contains a list of all refunds that have been made to this payment and their status.
In order to avoid having to poll for status we recommend that you use a GraphQL subscription to track the state of the payments over time. E.g.
Payment status subscription example in React¶
Here’s an example of a how a client might subscribe to updates to
paymentRequests in progress. Note that the protocol in the URI needs to be wss
instead of https.
import React from 'react';
import ReactDOM from 'react-dom/client';
import { gql, useSubscription, ApolloClient, InMemoryCache } from '@apollo/client';
import { WebSocketLink } from '@apollo/client/link/ws';
// session token from the newPaymentSession mutation
const authToken = '...'
const client = new ApolloClient({
link: new WebSocketLink({
uri: 'wss://localhost:8080/v1/graphql',
options: {
reconnect: true,
connectionParams: {
headers: {
Authorization: `Bearer ${authToken}`
}
}
}
}),
cache: new InMemoryCache(),
});
const GET_PAYMENT_STATUS = gql`
subscription PaymentStatus {
paymentRequests {
waitToken
amount
status {
status
}
}
}
`;
function App() {
const { loading, error, data } = useSubscription(GET_PAYMENT_STATUS, {
variables: {},
client: client
});
if (loading) return <p>Loading ...</p>;
if (error) return <p>Error: {JSON.stringify(error)}</p>;
return <h1>{JSON.stringify(data)}</h1>;
}
const root = ReactDOM.createRoot(document.getElementById('root'));
root.render(
<React.StrictMode>
<App />
</React.StrictMode>
);
Cancelling a PaymentRequest¶
Sometimes you would want to cancel a payment that’s created. You can only cancel
a payment when it’s in the WAITING_FOR_PAYMENT status.
Parameter |
Description |
|---|---|
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
paymentId |
The |
Release Payment¶
A payment that has been authorized, but not yet captured can’t be refunded. Instead it has to be released. At the moment you can only release the full amount, partial releases aren’t possible. It’s also not possible to release the remaining money after some of it has been captured.
To release a payment, use the following mutation:
Parameter |
Description |
|---|---|
amount |
The amount to be released in minor units. So 100,56 kr would be 10056. |
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
paymentId |
Id of the payment to be refunded, see |
paymentTransactionId |
Transaction ID of the payment to be refunded, see |
createdBy |
Who is creating the refund. |
generatedFrom |
Where is the refund being created, will default to “Portal” when creating a refund from the kronor portal. |
merchantReference |
An optional value that has to be unique across all releases |
Getting Payment Release Status¶
Value |
Description |
|---|---|
IN_PROGRESS |
The release has been registered in the Kronor system |
DONE |
The release has succeeded, this is the final state |
ERROR |
Something went wrong |
The happy flow is to go from IN_PROGRESS to DONE
Refunds¶
A payment can be refunded in several partial refunds, until the amount refunded reaches the amount paid in a specific payment.
To issue a refund use the following mutation:
Parameter |
Description |
|---|---|
amount |
The amount to be refunded in minor units. So 100,56 kr would be 10056. |
idempotencyKey |
Idempotency key is required to prevent double processing a request. See also Idempotency keys. |
paymentId |
Id of the payment to be refunded, see |
paymentTransactionId |
Transaction ID of the payment to be refunded, see |
message |
A message to show to the customer for the refund. |
createdBy |
Who is creating the refund. |
generatedFrom |
Where is the refund being created, will default to “Portal” when creating a refund from the kronor portal. |
merchantReference |
An optional value that has to be unique across all refunds. This is intended to help prevent duplicate refunds. |
Getting Refund Status¶
Refunds can be queried using the payment query to get a specific payment for refunds, or by using the refund status query:
The response will contain status information for all refunds associated with
your API token. The possible values of status are listed in the table below.
Value |
Description |
|---|---|
INITIALIZING |
The refund has been registered in the Kronor system |
CREATED |
The refund has been registered in a third party payment system |
DEBITED |
A third party payment system has confirmed that the refund is debited |
PAID |
The refund has been paid, this is the final state |
ERROR |
Something went wrong |
The happy flow is to go from INITIALIZING to CREATED to DEBITED to
PAID. The DEBITED step is sometimes skipped.
Getting More Payment Request Details¶
Details related to the specific type of payment can be added to the query, e.g.
transactionCreditCardDetails. If the payment wasn’t done using credit card
then the fields under transactionCreditCardDetails will all be null.
These fields are not available to the payment-gateway role. Please use
merchant-backend or merchant-read-only.
Getting More Payment Details¶
Details related to the specific type of payment can be added to the query, e.g.
transactionCreditCardDetails. If the payment wasn’t done using credit card
then the fields under transactionCreditCardDetails will all be null.
These fields are not available to the payment-gateway role. Please use
merchant-backend or merchant-read-only.