# Automated flow (For merchants)
The Automated flow is the easiest way to start acquiring.
A simple HTML snippet runs the entire authorization process - including 3D Secure.
This is not for PSPs and is not for cases where multiple levels of embedding happens.
# Create an authorization
To create an authorization, prepare an authorization creatable and POST it.
See example:
POST /v1/authorization/redirect
{
"number": "abcdef",
"amount": 7.5,
"currency": "EUR",
"card": {
"pan": "4111111111111111",
"expires": [2, 22],
"csc": "987"
},
"target": "http://your-url.com/",
"contact": {
"email": "cardholder.email@example.com"
}
}
The response will be a HTML snippet that when rendered performs the whole authorization flow, including a 3D Secure challenge if required.
# Receiving a response
You will receive a HTTPS POST request to the url you specified in the target
field on the authorization creatable.
The payload is sent as form data with key being authorization
and value being either a signed JWT containing an authorization or an error.
authorization=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjFOQk9xaWNzZUhZTmhhQk4iLCJtZXJjaGFudCI6InRlc3R0ZXN0IiwibnVtYmVyIjoiVW5pcXVlLW51bWJlciIsInJlZmVyZW5jZSI6Ik1DQTA5NDQ0NzEwMjIiLCJjcmVhdGVkIjoiMjAyMS0xMC0yMlQwNzo0NDo0OS4wNDlaIiwiYW1vdW50IjoyNTAsImN1cnJlbmN5IjoiRVVSIiwiY2FyZCI6eyJzY2hlbWUiOiJ2aXNhIiwiaWluIjoiNDExMTExIiwibGFzdDQiOiIxMTExIiwiZXhwaXJlcyI6WzEyLDIyXSwiY3NjIjoicHJlc2VudCJ9LCJkZXNjcmlwdG9yIjoidGVzdCB0cmFuc2FjdGlvbiIsImhpc3RvcnkiOlt7Im1lcmNoYW50IjoidGVzdHRlc3QiLCJudW1iZXIiOiJVbmlxdWUtbnVtYmVyIiwiZGF0ZSI6IjIwMjEtMTAtMjJUMDc6NDQ6NDkuMDQ5WiIsInR5cGUiOiJjcmVhdGUiLCJzdGF0dXMiOiJzdWNjZXNzIiwidmVyaWZpY2F0aW9uIjoidmVyaWZpZWQifV0sImNhcHR1cmUiOltdLCJyZWZ1bmQiOltdLCJzdGF0dXMiOnsiYXV0aG9yaXplZCI6MjUwfX0.kVHWv6aa0g97rtnAu17TUMSrPg1KOqgsadq15vSqC48
WARNING
The target
url must be a valid url and localhost may not be used.
# Authorization result
If authorization was successfully created (issuer has approved it), you will receive a JWT.
If authorization has failed for any reason, you will receive a failure result as a JSON object.
# Verifying the success JWT
After an authorization has been successfully created you may optionally choose to verify it.
Verifying the authorization returns the full authorization details and ensures that it is originating from Intergiro.
To verify, POST to the authorization/verify
endpoint with the signed JWT as the body. This will unpack the JWT. The response will be an Authorization or an error.
POST /v1/authorization/verify
Content-Type: application/jwt
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjFOQk9xaWNzZUhZTmhhQk4iLCJtZXJjaGFudCI6InRlc3R.....
// Make sure the body contains the string only, not a JSON object
# Example
A full example can be accessed from the github repository.