After reading 3DSecure GlobalPay documentation, my team opted for an integration via JSON, with our own client-side implementation, as we already have on production another integration with another 3DS verification service . For what's worth, we are implementing it using Vue.JS and Laravel.
As it can be seen in their documentation, GlobalPay sample request is:
curl https://api.sandbox.globalpay-ecommerce.com/3ds2/protocol-versions
-H "Content-type: application/json"
-H "X-GP-VERSION: 2.2.0"
-H "Authorization: securehash 0204a841510d67a46fbd305a60253d7bade32c6e"
-X POST
-d '{
"request_timestamp": "2019-07-30T08:41:07.590604",
"merchant_id": "MerchantId",
"account_id": "internet",
"number": "4263970000005262",
"scheme": "VISA",
"method_notification_url": "https://www.example.com/dsNotificationUrl"
}'
We created a method in a Vue.JS component to make a POST request to this version checking endpoint as you can see here:
methods: {
verifyTds(price) {
this.setTdsAuth(price);
},
setTdsAuth() {
let uri = window.tds.globalPay.checkVersion; // https://api.sandbox.globalpay-ecommerce.com/3ds2/protocol-versions
let tdsHeaders = {
'X-GP-Version': '2.2.0',
'Content-Type': 'application/json',
'Authorization': `securehash ${this.billing.threeDs.hash}` // from backend, see below
};
let tdsParams = {
request_timestamp: this.billing.threeDs.timestamp, // from backend, see below
merchant_id: "mymerchantid",
account_id: "myaccountid",
number: parseInt(this.billing.threeDs.pan), // integer, a VISA card from their test cards list: 4263970000005262
scheme: "VISA", // at this moment, hardcoded, I just want to make it work
method_notification_url: window.tds.globalPay.methodNotification // in my case http://website.test/tds/global-pay/method-notification, we created according their sample in the docs too
};
axios.post(uri, { body: tdsParams }, { headers: tdsHeaders }).then(response => {
console.log(response);
// then finish purchase process
}).catch(error => {
console.log(error); // then handle error
});
},
// ...
}
If this request is right, the securehash we generated for the Authorization header is calculated in our backend (PHP) according this:
<?php
// ...
$globalPayMerchantId = 'mymerchantid';
$globalPaySecret = 'mysecret';
$timestamp = Carbon::now()->toDateTimeLocalString();
$requestTimestamp = Carbon::now()->format('YmdHisu');
$requestHashNoSecretStr = "{$requestTimestamp}.{$globalPayMerchantId}.{$billing->threeDs->pan}";
$requestHashNoSecret = sha1($requestHashNoSecretStr);
$requestHashStr = "{$requestHashNoSecret}.{$globalPaySecret}";
$requestHash = sha1($requestHashStr);
$billing->threeDs->hash = $requestHash; // sth like 6200480999455e596ad3dfdb89b0a1db601e9216
$billing->threeDs->requestTimestamp = $requestTimestamp; // 20210127155812886962
$billing->threeDs->timestamp = $timestamp; // 2021-01-27T15:58:12
We basically tried to follow the instructions from the section "How to build the Request Hash" of this part of GlobalPay documentation.
After all, we just have a failure ERR_CONNECTION_RESET. I've already tried from different browsers (Firefox, Chrome, Brave) but it keeps crashing. When emulated in Postman it results in a 415 HTTP response (Unsupported Media Type).
Apart from double checking our credentials (merchantid and so on, which I'm still trying to do by phone), is there any other point that should be verified?
After calling GlobalPay their insisted I should try with their PHP SDK (the most suitable option for my stack). In fact, we are using it now and this checking version process is working now.