# Automated flow (For merchants)

The Automated flow is the easiest way to start acquiring.
A simple HTML snippet runs the entire authorization process - including 3D Secure.

This is not for PSPs and is not for cases where multiple levels of embedding happens.

GET flow

# Create an authorization

To create an authorization, prepare an authorization creatable and POST it.
See example:

 













POST /v1/authorization/redirect

{
    "number": "abcdef",
    "amount": 7.5,
    "currency": "EUR",
    "card": {
		"pan": "4111111111111111",
		"expires": [2, 22],
		"csc": "987"
    },
    "target": "http://your-url.com/",
}

The response will be a HTML snippet that when rendered performs the whole authorization flow, including a 3D Secure challenge if required.

# Receiving a response

You will receive a HTTPS POST request to the url you specified in the target field on the authorization creatable.

The payload is sent as form data with key being authorization and value being either a signed JWT containing an authorization or an error.

 

authorization=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjFOQk9xaWNzZUhZTmhhQk4iLCJtZXJjaGFudCI6InRlc3R0ZXN0IiwibnVtYmVyIjoiVW5pcXVlLW51bWJlciIsInJlZmVyZW5jZSI6Ik1DQTA5NDQ0NzEwMjIiLCJjcmVhdGVkIjoiMjAyMS0xMC0yMlQwNzo0NDo0OS4wNDlaIiwiYW1vdW50IjoyNTAsImN1cnJlbmN5IjoiRVVSIiwiY2FyZCI6eyJzY2hlbWUiOiJ2aXNhIiwiaWluIjoiNDExMTExIiwibGFzdDQiOiIxMTExIiwiZXhwaXJlcyI6WzEyLDIyXSwiY3NjIjoicHJlc2VudCJ9LCJkZXNjcmlwdG9yIjoidGVzdCB0cmFuc2FjdGlvbiIsImhpc3RvcnkiOlt7Im1lcmNoYW50IjoidGVzdHRlc3QiLCJudW1iZXIiOiJVbmlxdWUtbnVtYmVyIiwiZGF0ZSI6IjIwMjEtMTAtMjJUMDc6NDQ6NDkuMDQ5WiIsInR5cGUiOiJjcmVhdGUiLCJzdGF0dXMiOiJzdWNjZXNzIiwidmVyaWZpY2F0aW9uIjoidmVyaWZpZWQifV0sImNhcHR1cmUiOltdLCJyZWZ1bmQiOltdLCJzdGF0dXMiOnsiYXV0aG9yaXplZCI6MjUwfX0.kVHWv6aa0g97rtnAu17TUMSrPg1KOqgsadq15vSqC48

WARNING

The target url must be a valid url and localhost may not be used.

# Authorization result

If authorization was successfully created (issuer has approved it), you will receive a JWT.
If authorization has failed for any reason, you will receive a failure result as a JSON object.

# Verifying the success JWT

After an authorization has been successfully created you may optionally choose to verify it.
Verifying the authorization returns the full authorization details and ensures that it is originating from Intergiro.

To verify, POST to the authorization/verify endpoint with the signed JWT as the body. This will unpack the JWT. The response will be an Authorization or an error.

 





POST /v1/authorization/verify
Content-Type: application/jwt

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjFOQk9xaWNzZUhZTmhhQk4iLCJtZXJjaGFudCI6InRlc3R.....
// Make sure the body contains the string only, not a JSON object

# Example

A full example can be accessed from the github repository.