1.2. Server-to-Server Preauth, Capture and Cancel

Introduction

Preauthorization is a transaction type in which bank blocks the specified amount in the Payer’s card account and does not allow the cardholder to use this blocked money. It is important to know that the block remains for a definite period of time depending on whether this is a debit or a credit card (usually the maximum block period is 7 days for debit cards and 28 days for credit cards). In this use case Server-to-server Preauth, card data is transferred directly in initiating request.

See terms definitions (Connecting Party, 3DS Method, etc) in Glossary.

Capture is a transaction followed after preauth which deducts the locked amount from Payer’s card.
Cancel is opposite of Capture which cancels the deduction and returns locked amount back to Payer’s card.

Preauth Flow

skinparam roundcorner 20 skinparam sequenceArrowThickness 1 skinparam maxmessagesize 1200 skinparam sequenceParticipant underline actor Плательщик participant "Присоединяющаяся Сторона" as A participant Payneteasy as B autonumber Плательщик -> A: Инициализация activate A A -> B: /api/v2/preauth/ activate B B --> A: ИД транзакции B -> B: Обработка\nпреавторизации hnote over Плательщик,B : См. Схема прохождения 3DS group Получение финального статуса == Получение обратного вызова Присоединяющейся Стороны == A <- B: Обратный вызов с финальным статусом A --> B: HTTP 200 deactivate B == Запрос статуса == A -> B: Получение статуса по ИД транзакции activate B B --> A: Конечный статус deactivate B end A --> Плательщик: Конечный статус deactivate Плательщик deactivate A

(2) To implement preauth request see /api/v2/preauth/. See 3DS Overview to get more information about 3DS flow. See 3DS Decision Making Schema and 3DS Implementation Scenarios to correctly implement 3DS flow for this Use-Case.
(5) To implement callback with final status handling see Connecting Party Callback.
(7) To implement order status request see /api/v2/status/. Status should be requested multiple times with 3-5 seconds interval until final status will be received in response.

3DS Decision Making Schema

<style> activityDiagram { BackgroundColor #Turquoise diamond { BackgroundColor #Turquoise } } document { BackgroundColor #fcfcfc } </style> title Схема прохождения 3DS start : (1) Отправка запроса **/api/v2/status**\nс orderid=**paynet-order-id**\nОбработка ответа **/api/v2/status**; while ((2) Проверка равенства поля ответа **status**\nодному из конечных статусов\n**status** == approved\nOR **status** == declined\nOR **status** == error\nOR **status** == unknown\nOR **status** == filtered) is (NO); if ((3) параметр **tds_status** присутствует) then (YES) if ((4) **tds_status** == MethodUrlFrame?) then (YES) #Plum :(5) Создание iframe\nдля прохождения метода 3DS\nОсуществляется прохождение\n3DS 2.x Frictionless flow.\n\nСм. 3DS 2.x Frictionless Flow; (NO ) elseif ((6) **tds_status** == CReqForm?) then (YES) #Plum :(7) Создание CReq HTML страницы\nперенапраляющая на ACS\nОсуществляется прохождение\n3DS 2.x Challenge Flow\n\nСм. 3DS 2.X Challenge Flow; (NO ) elseif ((8) **tds_status** == PaReqForm?) then (YES) #Plum :(9) Создание PaReq HTML страницы\nперенапраляющая на ACS\nОсуществляется прохождение\n3DS 1.0.2 Authentication Flow\n\nСм. 3DS 1.0.2 Authentication Flow; endif (NO )elseif ((10) присутствует параметр **html**) then (YES) #Plum :(11) Возврат данных поля\n**html** в Payeras \n(Осуществляется 3DS 2.x или 1.0.2)\n\nСм. Simplified authentication flow; else (NO) endif backward:(12) Отправка нового\n**/api/v2/status** запроса\nОбработка\n**/api/v2/status** ответа; endwhile (YES) :(13) Показ конечной страницы Плательщику; stop legend left =Legend | Цвет | Ответственность за обработку | |<#Turquoise>| Присоединяющаяся Сторона | |<#Plum>| Присоединяющаяся и другие Стороны | | | Другие Стороны | endlegend

Connecting party has to implement all steps marked in green and purple. Below are the description for steps which reference specific API commands according to the step ID:

(1) To implement order status request see /api/v2/status/. Status should be requested multiple times with 3-5 seconds interval until final status will be received in response.
(5) If tds_status is MethodUrlFrame see Frictionless 3DS 2.x.
(7) If tds_status is CReqForm see 3DS 2.X Challenge.
(9) If tds_status is PaReqForm see 3DS 1.0.2 Authentication.
(11) If tds status is not present, but html field is present, see Simplified authentication.
(12) The same as point (1).

Non3D Flow

Preauth transaction should be considered as non3D (no 3DS authentication) if all conditions are met:

1. steps 1-2-(12)-13 of 3DS decision making schema were followed.
2. tds_status, html and redirect-to parameters were not present.
3. transaction received final status (approved, declined, error, filtered).

Note

Please note that transaction status “unknown” might appear for both 3DS and non3D transactions. See details in Statuses.

3DS 2.x.0 Frictionless Flow

<style> activityDiagram { diamond { BackgroundColor #Turquoise } } document { BackgroundColor #fcfcfc } </style> title 3DS 2.x.0 Frictionless Flow start #Turquoise:(1) Отправка API запроса **/api/v2/status/**; #Turquoise:(2) Обработка ответа **/api/v2/status/**. Сборка: **tds-method-url-frame-3ds-server-trans-id** **tds-method-url-frame-3ds-method-url**; if ((3) присутствует параметр **tds-method-url-frame-3ds-method-url**) then (yes) #Turquoise:(4) Присоединяющая Сторона передаёт **HTML страницу 3DS метода**,\nсодержащую скрытый iframe и публикацию **HTML-форму результата 3DS метода**,\nиспользуя параметры, полученные на предыдущих шагах\nи предоставляя **threeDSMethodNotificationURL**; #Turquoise:(5) HTML страница, открытая однажды, автоматически подтверждается в iframe (используя HTML страницу целевого свойства); fork note left Жизненный цикл **iframe** end note :(6) iframe Плательщика перенаправляется на **tds-method-url-frame-3ds-method-url** URL (ACS Банка-эмитента); :(7) ACS Банка-эмитента собирает данные идентификации Плательщика из браузера; :(8) ACS Банка-эмитента уведомляет (используя HTTP POST) **threeDSMethodNotificationURL** о завершении; #Turquoise:(9) При получении уведомления о сборе данных **threeDSMethodData**. Base64Decode-декодирование и проверка **threeDSServerTransID**; #Turquoise:(10) Сохранение **threeDSCompInd=Y** для повторных платежей; #Turquoise:(11) Возврат **HTML страницы завершённого 3DS метода**; fork again note left Жизненный цикл **HTML страница 3DS метода** end note repeat #Turquoise:(12) Проверка получения уведомления ACS Банка-эмитента от iframe внутреннего JavaScript; repeat while ((13) уведомление получено ИЛИ произошел тайм-аут?) is (no) -> (yes); if ((14) произошел тайм-аут?) then (yes) #Turquoise:(15) Сохранение **threeDSCompInd=N** для данной транзакции; else (no) endif :(16) После осуществления 3DS метода\nотправка данных на сервер Присоединяющейся Стороны; end fork else (no) #Turquoise:(17) Сохранение **threeDSCompInd=U** для данной транзакции; endif #Turquoise:(18) Отправка запроса **api/3ds/v1/upload-method-url-result/** с собранными данными Плательщика **threeDSCompInd**, информацией браузера Плательщика **notificationURL**, которая будет использована далее в Challenge Flow (См. Схема прохождения 3DS и 3DS 2.X Challenge Flow).; #Turquoise:(19) Отправка API запроса **/api/v2/status/** Обработка ответа **/api/v2/status/** и последующая **Схема прохождения 3DS**.; stop legend left =Legend | Цвет | Ответственность за обработку | |<#Turquoise>| Присоединяющаяся Сторона | | | Другие стороны | endlegend

Connecting party has to implement all steps marked in green. Below are the description for steps which reference specific API commands according to the step ID:

(1) To implement order status request see /api/v2/status/. Status should be requested multiple times with 3-5 seconds interval until final status will be received in response.
(2) The same as point (1).
(4) To construct 3DS Method HTML page see example below.
(9) To process 3DS Method Notification see Process 3DS Method Notification.
(11) To construct 3DS Method Done HTML page see example.
(18) To upload method url result see /api/3ds/v1/upload-method-url-result/.
(19) The same as point (1).

3DS Method HTML Page Example

3DS Method HTML Page example below performs 3DS Method initiation through iframe technique and holding of the Payer’s browser until the 3DS Method is not finished on the Connecting Party server. Once it is finished or timeout is reached Connecting Party has to follow the next steps following 3DS Decision Making Schema and redirect Payer’s browser to the corresponding URL (either Challenge Flow or payment result page). Normal timeout value is 30 sec.

3DS Method HTML Page consists of the following parameters:

Parameter

Description

tds-method-url-frame-3ds-method-url

ACS 3DS Method URL is received by the Connecting Party in the /api/v2/status/ response.

tdsMethodUploadUrl

Connecting Party’s URL, where the result comes after the completion of the flow.

threeDSMethodData

JSON value containing threeDSServerTransID and threeDSMethodNotificationURL. See below how to construct threeDSMethodData.

Construct threeDSMethodData

In order to construct threeDSMethodData the Connecting Party has to use the following parameters.

Parameter

Description

threeDSServerTransID
Universally unique transaction identifier assigned by the 3DS Server to identify a single transaction.
Received in the /api/v2/status/ response as tds-method-url-frame-3ds-server-trans-id parameter.

threeDSMethodNotificationURL

The URL that will receive the notification of 3DS Method completion from the ACS. The Connecting Party is responsible for providing valid threeDSMethodNotificationURL. Normally when the Connecting Party receives any request on this URL is has to return 3DS Method Done HTML Page (see example below).

threeDSMethodData construction example

  1. Construct threeDSMethodData JSON.

{"threeDSServerTransID":"3d671629-a410-4a5d-9288-b38ceadd41f2","threeDSMethodNotificationURL":"https://connectingparty.com/3ds-method-complete/"}

  1. Apply base64 url encoding to resultant JSON.

eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjNkNjcxNjI5LWE0MTAtNGE1ZC05Mjg4LWIzOGNlYWRkNDFmMiIsInRocmVlRFNNZXRob2ROb3RpZmljYXRpb25VUkwiOiJodHRwczovL21lcmNoYW50LmNvbS8zZHMtbWV0aG9kLWNvbXBsZXRlLyJ9

Generate Fingerprint

The 3DS Method can be optionally used by issuers to gather browser fingerprints using JavaScript. This is done by loading a URL in a hidden iframe, before the authentication. This iframe will then execute some fingerprinting JavaScript, before POST’ing to the prespecified URL belonging to the requestor. The 3DS Method fingerprint result is tied to the authentication by the threeDSServerTransID.

function gatherBrowserData() {
  var colorDepth = screen.colorDepth; // 24
  var javaEnabled = navigator.javaEnabled(); // true
  var browserLanguage = navigator.language; // en_US
  var screenHeight = screen.height; // 1080
  var screenWidth = screen.width; // 1920
  var userAgent = navigator.userAgent; // Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36
  var browserTimezoneZoneOffset = new Date().getTimezoneOffset(); // 0
}

Construct 3DS Method HTML page example:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8"/>
    <title>ACS v2 3DS Method ...</title>
    <style>
.progress{
    position: absolute;
    height: 10px;
    width: 100%;
}
.progress .color{
    position: absolute;
    background-color: #444;
    width: 100%;
    height: 10px;
    animation: progres 11s linear;
}
@keyframes progres{
    0%{
      width: 0%;
     background-color: #ddd;
   }
    25%{
        width: 50%;
        background-color: #ccc;
    }
    50%{
        width: 75%;
        background-color: #bbb;
    }
    75%{
        width: 85%;
        background-color: #aaa;
    }
    100%{
        width: 100%;
        background-color: #777;
    }
};
    </style>
    <script>
var fallbackTimeout = null;
function processForm() {
    document.title = "ACS v2 AReq ...";
    document.getElementById( "browserJavaEnabled"       ).value = navigator.javaEnabled();
    document.getElementById( "browserJavascriptEnabled" ).value = true;
    document.getElementById( "browserLanguage"          ).value = navigator.language;
    document.getElementById( "browserColorDepth"        ).value = screen.colorDepth;
    document.getElementById( "browserScreenHeight"      ).value = screen.height;
    document.getElementById( "browserScreenWidth"       ).value = screen.width;
    document.getElementById( "browserTZ"                ).value = new Date().getTimezoneOffset();
    document.autoForm.submit();
}
function onPostMessage(event) {
    if(!event.data.hasOwnProperty('methodNotification')) {
       return;
    }
    if(fallbackTimeout != null) {
         clearTimeout(fallbackTimeout);
         fallbackTimeout = null;
    }
    document.getElementById( "threeDSCompInd" ).value = 'Y';
    processForm();
}
function onPageLoaded() {
    fallbackTimeout = setTimeout(processForm, 10 * 1000);
    document.methodForm.submit();
    window.addEventListener('message', onPostMessage);
}
    </script>
</head>
<body onload="onPageLoaded()">
<div class="progress">
    <div class="color"></div>
</div>
<iframe style="width:0; height:0; border:0;" name="methodFrame"></iframe>
<form name="methodForm" target="methodFrame" action="[=tds-method-url-frame-3ds-method-url]" method="POST">
    <input type="hidden" name="threeDSMethodData" value="[=threeDSMethodData]">
</form>
<form name="autoForm" action="[=tdsMethodUploadUrl]" method="post">
    <input type="hidden" name="threeDSServerTransID" value="[=threeDSServerTransID]"/>
    <input type="hidden" name="threeDSCompInd" id="threeDSCompInd" value="N"/>
    <input type="hidden" name="browserJavaEnabled"       id="browserJavaEnabled"        value="" />
    <input type="hidden" name="browserJavascriptEnabled" id="browserJavascriptEnabled"  value="" />
    <input type="hidden" name="browserLanguage"          id="browserLanguage"           value="" />
    <input type="hidden" name="browserColorDepth"        id="browserColorDepth"         value="" />
    <input type="hidden" name="browserScreenHeight"      id="browserScreenHeight"       value="" />
    <input type="hidden" name="browserScreenWidth"       id="browserScreenWidth"        value="" />
    <input type="hidden" name="browserTZ"                id="browserTZ"                 value="" />
    <noscript>
        <input type="submit" name="submit" value="Upload 3DS Method Result"/>
    </noscript>
</form>
</body>
</html>

Process 3DS Method Notification

When 3DS Method is completed, the Connecting Party receives HTTP POST request at threeDSMethodNotificationURL with threeDSMethodData, which contains threeDSServerTransID (in base64 encoded JSON).

  1. Get threeDSMethodData.

threeDSMethodData=eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6IjNkNjcxNjI5LWE0MTAtNGE1ZC05Mjg4LWIzOGNlYWRkNDFmMiJ9Cg

  1. Apply base64 url decoding to get JSON, which contains threeDSServerTransID.

{"threeDSServerTransID":"3d671629-a410-4a5d-9288-b38ceadd41f2"}

3DS Method Done HTML Page Example

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8"/>
    <title>ACS v2 3DS Method Notification Handler...</title>
    <script>
        window.parent.postMessage({ methodNotification: "COMPLETE" }, "*");
    </script>
</head>
<body>
<p>This should not be displayed</p>
</body>
</html>

3DS 2.x.0 Challenge Flow

<style> document { BackgroundColor #fcfcfc } </style> title 3DS 2.x.0 Challenge Flow start #Turquoise:(1) Отправка API запроса **/api/v2/status/**; #Turquoise:(2) Обработка ответа **/api/v2/status/** Gather: **tds-creq-form-creq** **tds-creq-form-acs-url**; #Turquoise:(3) Построение HTML страницы CReq на основе собранных параметров. Добавление **threeDSSessionData** с пользовательскими данными в формате: Макс. длина: 1024 bytes, формат: Alphanumeric, закодировано base64url без заполнения.; #Turquoise:(4) Возврат HTML страницы CReq браузеру Плательщика; :(5) Страница CReq gперенаправляется на ACS URL **tds-creq-form-acs-url**. Плательщик проходит Верификацию 3DS Challenge. ACS возвращает CRes страницу. Страница CRes отправляется на подтверждение на **notificationURL**; #Turquoise:(6) Обработка параметров страницы CRes Page. Сбор параметров: **cres** **threeDSSessionData**; #Turquoise:(7) Отправка HTTP POST API запроса **/api/3ds/v1/upload-cres-result/** providing **cres**, **orderid=paynet-order-id**; #Turquoise:(8) Отправка API запроса **/api/v2/status/** Обработка ответа **/api/v2/status/** и последующая **Схема прохождения 3DS**.; stop legend left =Legend | Цвет | Ответственность за обработку | |<#Turquoise>| Присоединяющаяся Сторона | | | Другие Стороны | endlegend

(1) To implement order status request see /api/v2/status/. Status should be requested multiple times with 3-5 seconds interval until final status will be received in response.
(2) The same as point (1).
(3) To create CReq HTML Page see example.
(5) To implement CRes redirect see CRes redirect.
(7) To upload CRes result see /api/3ds/v1/upload-cres-result/.
(8) The same as point (1).

CReq HTML Page Example

CReq HTML Page redirects the Payer’s browser to ACS Server URL, provided in tds-creq-form-acs-url parameter. The result CRes value will be returned from ACS to notificationURL provided by Connecting Party in /api/3ds/v1/upload-method-url-result request during 3DS 2.x.0 Frictionless Flow.

Field

Description

Necessity

creq

ACS 3DS CReq data, which received by the Connecting Party in the /api/v2/status/ response. The same as tds-creq-form-creq.

Required

threeDSSessionData

value which will be posted back within CRes to notificationURL at the end of the process. Max length: 1024 bytes, format: Alphanumeric, Base64url encoded without padding.

Optional

 
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <title>Redirecting ...</title>
  <script type="text/javascript" language="javascript">
    function makeSubmit() {
              document.returnform.submit();
        }
  </script>
</head>
<body onLoad="makeSubmit()">
<form name="returnform" action="https://acs.bank-domain.com/mdpayacs/creq" method="POST">
  <input type="hidden" name="creq" value="eyJ0aHJlZURTU2VydmVyVHJhbnNJRCI6ImM1NDA5N2VhLTc0ZTctNDE2My05MTQ4LTNjMTY1NTg3NGIwMCIsImFjc1RyYW5zSUQiOiIxMjU1NTkyMi1lZmYzLTRjOTQtOTk4Mi0yMDM3NjJhMzdmMjkiLCJjaGFsbGVuZ2VXaW5kb3dTaXplIjoiMDIiLCJtZXNzYWdlVHlwZSI6IkNSZXEiLCJtZXNzYWdlVmVyc2lvbiI6IjIuMS4wIn0=">
  <input type="hidden" name="threeDSSessionData" value="NjY4MDU3NQ">
  <noscript>
    <input type="submit" name="submit" value="Press this button to continue"/>
  </noscript>
</form>
</body>
</html>

3DS 1.0.2 Authentication Flow

<style> document { BackgroundColor #fcfcfc } </style> title 3DS 1.0.2 Authentication Flow start #Turquoise:(1) Отправка API запроса **/api/v2/status/**; #Turquoise:(2) Обработка ответа **/api/v2/status/**. Gather: **tds-pareq-form-pareq** **tds-pareq-form-acs-url**; #Turquoise:(3) Построение HTML страницы PAReq на основе собранных параметров. Добавление **TermUrl** куда Плательщик будет перенаправлен с подтверждёнными данными PARes. Добавление **MD** с пользовательсими данными, которые будут отправлены назад.; #Turquoise:(4) Возврат HTML страницы PAReq браузеру Плательщика.; :(5) PaReq страница перенаправляется на URL ACS **tds-pareq-form-acs-url**; :(6) Плательщик проходит Верификацию 3DS Challenge; :(7) ACS возвращает страницу PARes; :(8) PaRes страница отправляется на подтверждение **TermUrl**; #Turquoise:(9) Обработка параметров страницы PARes. Сбор параметров: **PaRes** **MD**; #Turquoise:(10) Отправка HTTP POST API запроса **/api/3ds/v1/upload-pares-result/** предоставление **paRes**, **orderid=paynet-order-id**; #Turquoise:(11) Отправка API запроса **/api/v2/status/** Обработка ответа **/api/v2/status/** и последующая **3Схема прохождения 3DS**.; stop legend left =Legend | Цвет | Ответственность за обработку | |<#Turquoise>| Присоединяющаяся Сторона | | | Другие стороны | endlegend

(1) To implement order status request see /api/v2/status/. Status should be requested multiple times with 3-5 seconds interval until final status will be received in response.
(2) The same as point (1).
(3) To construct PaReq HTML Page see example.
(5) To implement PaRes redirect see PaRes redirect.
(10) To upload PaRes result see /api/3ds/v1/upload-pares-result/.
(11) The same as point (10).

PaReq HTML Page Example

PaReq HTML Page redirects the Payer’s browser to ACS Server URL, provided in tds-pareq-form-acs-url parameter.

PaReq HTML Page consists of the following parameters:

Field

Description

Necessity

tds-pareq-form-acs-url

ACS 3DS PaReq URL is received by the Connecting Party in the /api/v2/status/ response.

Required

MD

Connecting Party Data, which comes back to your termination page.

Optional

PaReq

ACS 3DS PaReq data, which received by the Connecting Party in the /api/v2/status/ response. The same as tds-pareq-form-pareq.

Required

TermURL

URL of termination page, where the Payer gets redirected back with PaRes data submitted.

Required

 
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <title>Loading acs..</title>
  <script type="text/javascript" language="javascript">
    function makeSubmit() {
      document.returnform.submit();
    }
  </script>
</head>
<body onLoad="makeSubmit()">
<form name="returnform" action="$tds-pareq-form-acs-url" method="POST">
  <input type="hidden" name="MD" value="some_merchant_data"/>
  <input type="hidden" name="PaReq" value="$tds-pareq-form-pareq"/>
  <input type="hidden" name="TermUrl" value="https://termination.page"/>
  <noscript>
    <input type="submit" name="submit" value="Submit"/>
  </noscript>
</form>
</body>
</html>

Simplified Authentication Flow

<style> document { BackgroundColor #fcfcfc } activitydiagram { diamond { BackgroundColor #Turquoise } } </style> title Simplified Authentication Flow start #Turquoise:(1) Send **/api/v2/status/** API request; #Turquoise:(2) Process **/api/v2/status/** response; fork #Turquoise:(3)Gather **html** parameter; #Turquoise:(4) Return content from **html** parameter to the Payer's browser as is; forkagain #Turquoise:(5)Gather **redirect-to** parameter; #Turquoise:(6)Redirect Payer to redirect URL (value of redirect-to parameter); endfork :(7) Payer's browser gets redirected to ACS and Payer passes either 3DS 1.0.2 or 3DS 2.X flow.; :(8) Payer's browser gets redirected back to **redirect_url** provided in the initial **api/v2/sale/** request.; #Turquoise:(9) Process Payer's Browser final redirect to **redirect_url**.; #Turquoise:(10) Return Wait HTML Page to the Payer's browser; fork note left **Wait HTML Page** lifecycle end note repeat #Turquoise: (11) Request Connecting Party Server on the status of the transaction; #Turquoise: (12) Process transaction status; repeat while ((13) Received finished status\n(approved, declined, error, filtered or unknown)?) is (no) -> (yes); #Turquoise:(14) Redirect Payer's browser to the result page; fork again note left **Connecting Party Server** lifecycle end note repeat #Turquoise:(15) Send **/api/v2/status/** API request; #Turquoise:(16) Process **/api/v2/status/** response; repeat while ((17) Received final status from "Payneteasy") is (no) -> (yes); #Turquoise:(18) Save transaction status; end fork stop legend left =Legend | Color | Implementation responsibility | |<#Turquoise>| Connecting party | | | Other Party | endlegend

(1) To implement order status request see /api/v2/status/. Status should be requested multiple times with 3-5 seconds interval until final status will be received in response.
(2) The same as point (1).
(6) To implement final redirect see Final redirect.
(7) The HTML wait page on Connecting Party side can have custom design and should communicate with Connecting Party server as described on the diagram.
(12) and (13) The same as point (1).

Capture Flow

skinparam roundcorner 20 skinparam sequenceArrowThickness 1 skinparam maxmessagesize 100 skinparam sequenceParticipant underline actor Плательщик participant "Присоединяющаяся Сторона" as A participant "Платёжный Шлюз" as B hnote over Плательщик,B : Успешная транзакция преавторизации autonumber == Списание == group Опционально Плательщик -> A: Инициация списания activate Плательщик activate A end A -> B: api/v2/capture activate B B --> A: ИД транзакции B -> B: Обработка списания group Получение финального статуса == Получение обратного вызова == A <- B: Обратный вызов с финальным статусом A --> B: HTTP 200 deactivate B == Запрос статуса == A -> B: Получение статуса по ИД транзакции api/v2/status activate B B --> A: Ответ со статусом, Order-stage deactivate B end group Опционально A --> Плательщик: Конечный статус deactivate Плательщик deactivate A end

(1) Capture can be initiated by Connecting Party based on internal business process or Payer’s request.
(2) To implement capture request see /api/v2/capture/.
(5) Callback for Capture will be sent only if notify_url was provided in initial transaction request or additional callback URL for Capture transactions is specified on the endpoint level. If server_callback_url was provided in initial transaction request, callback for Capture will not be sent. To implement callback with final status handling see Connecting Party Callback.
(7) To implement order status request see /api/v2/status/. Status should be requested multiple times with 3-5 seconds interval until final status will be received in response.
(9) Final Status can be sent by Connecting Party based on internal business model or by Payer’s request.

Cancel Flow

skinparam roundcorner 20 skinparam sequenceArrowThickness 1 skinparam maxmessagesize 100 skinparam sequenceParticipant underline actor Плательщик participant "Присоединяющаяся Сторона" as A participant "Платёжный Шлюз" as B hnote over Плательщик,B : Успешная транзакция преавторизации autonumber == Отмена == group Опционально Payer -> A: Инициация отмены activate Плательщик activate A end A -> B: api/v2/return activate B B --> A: ИД транзакции B -> B: Обработка отмены group Получение финального статуса == Получение обратного вызова == A <- B: Обратный вызов с финальным статусом A --> B: HTTP 200 deactivate B == Запрос статуса == A -> B: Получение статуса по ИД транзакции api/v2/status activate B B --> A: Ответ со статусом, Order-stage deactivate B end group Опционально A --> Плательщик: Конечный статус deactivate Плательщик deactivate A end

(1) Cancel can be initiated by Connecting Party based on internal business process or Payer’s request.
(2) To implement cancel request see /api/v2/return/.
(5) Callback for Cancel will be sent only if notify_url was provided in initial transaction request or additional callback URL for Cancel transactions is specified on the endpoint level. If server_callback_url was provided in initial transaction request, callback for Cancel will not be sent. To implement callback with final status handling see Connecting Party Callback.
(7) To implement order status request see /api/v2/status/. Status should be requested multiple times with 3-5 seconds interval until final status will be received in response.
(9) Final Status can be sent by Connecting Party based on internal business model or by Payer’s request.