3DS third party merchant plug-in (MPI)

If an acquirer's gateway insists that you use their MPI (or another third party MPI) for 3DS, this page explains how to interface with it. We offer the following merchant plug-ins:

MOLPay

Step one: collect the order and send the first message

  1. The shopper places an order in your online store.
  2. You send the first message with the order and payment information to Worldpay.

    ../resources/images/3ds-mpi-step-1_thumb_350_0.png

Send the authorisation request

You must supply:

  • The id attribute of the <session> element
  • The <telephoneNumber> element
  • The <thirdPartyData> and subsequent <originalAmount> element, and the <telephoneNumber> element of the <billingAddress>
Example authorisation request
Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN"
"http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
  <submit>
    <order orderCode="YOUR ORDER CODE">
      <description>test order</description>
      <amount value="101" currencyCode="MYR" exponent="2" />
      <orderContent />
      <paymentDetails>
        <VISA-SSL>
          <cardNumber>4444333322221111</cardNumber>
          <expiryDate>
            <date month="06" year="2019" />
          </expiryDate>
          <cardHolderName>A SHOPPER</cardHolderName>
          <cvc>123</cvc>
          <cardAddress>
            <address>
              <firstName>A</firstName>
              <lastName>Shopper</lastName>
              <address1>Worldpay</address1>
              <address2>270-289 The Science Park</address2>
              <address3>Milton Road</address3>
              <postalCode>CB4 0WE</postalCode>
              <city>Cambridge</city>
              <countryCode>GB</countryCode>
              <telephoneNumber>01006565658</telephoneNumber>
            </address>
          </cardAddress>
        </VISA-SSL>
      </paymentDetails>
      <shopper>
        <shopperEmailAddress>jshopper@myprovider.com</shopperEmailAddress>
        <browser>
          <acceptHeader>text/html</acceptHeader>
          <userAgentHeader>Mozilla/5.0 ...</userAgentHeader>
        </browser>
      </shopper>
    </order>
  </submit>
</paymentService>

Step two: use our reply and redirect the shopper to the MPI

Our reply contains a redirection URL for the MPI and the information the MPI needs. Use this information to create a HTML form.

../resources/images/figures/3dsmpi_flow2_thumb_350_0.png

Our reply to the authorisation request:

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="STUPRODTESTMC2">
  <reply>
    <orderStatus orderCode="jsxml317676003">
      <requestInfo>
        <request3DSecure>
          <mpiRequest>
            eJxtkl1vgjAUhv/K7k1GS/kYxjSpWLUKSGhl4A1xE51GUYLMj18/qS5R8aqn5zxt3rdvW+5uGaR5mRZ73PKjxB8Hdp9wmhB3NPYEhgC2lBf9irXHXIzcp
            Muo09GxxJ5aTx1Uh1AN0uqQJqGQBpyNPAzfr5L+99XMpZU8TySsgxGQ4/uWdEY8rKs6AggAoEHL0j70qzXiPVrvUG4HzBfV5bvpaZNm++Yb1AzdtAzz8T
            XuUWkkDNWbflldCs562JmlvUERnhtaSU3FzTOAjr9GY78aplmcR6tuuui1kf0Twq+IT+crsii/94uFtV6mOlPtmJlH5bzTBkTMlwe0+TwYDo+XUfschEX
            b2OiE2f18lFLlNBHDc1nMMjLhxnYL5zYv+XQtFVVCHn0SQTEwgKECaL4B0ISgifQngxVTnQpo92pMFpdVBMTjxK6sJyL2KebE4ZKoTZ4jhvWIYQ1S65D6
            qP8S7OtUbonTyGdBfHEILTm/7VvK3Z//A/Ar5P8=
          </mpiRequest>
          <mpiURL>
            <![CDATA[https://www.abmb.com.my/threed/threed/MPI]]>
          </mpiURL>
        </request3DSecure>
      </requestInfo>
      <echoData>117293018684989</echoData>
    </orderStatus>
</reply>
</paymentService>

If you get this error, your setup may not be completed on our system. Contact us and we'll rectify it:

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//Worldpay//DTD Worldpay PaymentService v1//EN"
  "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <!--The merchantCode you supplied in the order-->
  <reply>
    <orderStatus orderCode="ExampleOrder1"> <!--The order code from the first message-->
      <error code="7">
        <![CDATA[Invalid payment details : Error setting MPI request.]]>
      </error>
    </orderStatus>
  </reply>
</paymentService>
  1. Send an HTML form to the shopper, which redirects them to the MPI and contains the MPI request information as form fields.

    First decode the <mpiRequest> message into a readable form. The pure XML can be revealed from the encoded/compressed form as follows:

    1. Decode (base64 decoding as perRFC 3548)

    2. Inflate (use the zlib library)

      Copied!
      echo -n Encoded MPI request message | base64 -d | openssl zlib -d
      Copied!
      <?xml version="1.0"?>
      <MpiRequest>
        <PX_PURCHASE_AMOUNT>101</PX_PURCHASE_AMOUNT>
        <PX_CUSTOM_FIELD5/>
        <PX_CUSTOM_FIELD3/>
        <PX_CUSTOM_FIELD4/>
        <PX_VERSION>1.1</PX_VERSION>
        <PX_MERCHANT_ID>21</PX_MERCHANT_ID>
        <PX_PAN>4444333322221111</PX_PAN>
        <PX_PURCHASE_DESCRIPTION>payment: 14657607</PX_PURCHASE_DESCRIPTION>
        <PX_CVV2/>
        <PX_SIG>3pQczMjq2PaHqocVVIhKBuanm9KORS2RZ8zq2AiK4UGnpr0GrrkBIJXaKAg8gBDTweGUliyF27SKj8cWl8qWSPae9dVBY7XLrsLD4o5wSESxHMvnGFOVIdZlJDQDwo5b</PX_SIG>
        <PX_PURCHASE_DATE>06062017 00:01:10</PX_PURCHASE_DATE>
        <PX_REF/>
        <PX_TRANSACTION_TYPE>SALS</PX_TRANSACTION_TYPE>
        <PX_CUSTOM_FIELD1/>
        <PX_CUSTOM_FIELD2/>
        <PX_PURCHASE_ID>14657607</PX_PURCHASE_ID>
        <PX_EXPIRY>0421</PX_EXPIRY>
      </MpiRequest>
  2. Create the HTML form with the above information. An example:

Copied!
<codeBlockItem title="html" file="/assets/code/wpg/industry-scheme-extras/example-3ds-3rd-party-html-form.html>
  1. Send the HTML form to the shopper. This form redirects the shopper to the MPI.

Enrolment and authentication

The MPI carries out a verification check to see if the card is enrolled:

  • If the card is enrolled, the MPI sends an HTML form to the shopper which redirects them to the issuer for authentication. The issuer then redirects the shopper back to the MPI.
  • If the card isn't enrolled, the shopper completes the payment and is directed back to your website.

Second reply message

The second response returns a status of either:

  • AUTHORISED - Shopper was authenticated, we obtained authorisation from the issuer, and all other checks (such as Worldpay fraud detection services) have passed
  • REFUSED - Either the shopper failed to authenticate themselves, the issuer has declined the transaction, or a Worldpay fraud detection service prevented the authorisation. This status will also be provided should the shopper not complete 3DS authentication within two (2) hours.

Test values

For MOLPay, use the <description> magic value MPIPROVIDER[provider name with no spaces] to test the MPI connection.

For the MPIPROVIDER magic value, contact your Implementation Manager. For the other magic values and test information, see3DS test values.

Redsys

Step one: collect the order and send the first message

  1. The shopper places an order in your online store.
  2. You send the first message with the order and payment information to Worldpay.

    ../resources/images/3ds-mpi-step-1_thumb_350_0.png

Send the first message

You must supply:

  • The id attribute of the <session> element
  • The <acceptHeader> element
  • The <userAgentHeader> element
  • The <thirdPartyData> and subsequent <mpiTermURL> elements
Example first message
Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//Worldpay//DTD Worldpay PaymentService v1//EN"
  "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> 
  <submit>
    <order orderCode="YOUR_ORDER_CODE"> 
      <description>YOUR DESCRIPTION</description> <!--You can use the magic value here-->
      <amount value="2000" currencyCode="EUR" exponent="2"/>
      <orderContent>
        <![CDATA[]]>
      </orderContent>
      <paymentDetails>
        <CARD-SSL> 
          <cardNumber>4444333322221111</cardNumber>
          <expiryDate>
            <date month="01" year="2020"/>
          </expiryDate>
          <cardHolderName>Susan L Smith</cardHolderName>
          <cardAddress>
            <address>
              <address1>Worldpay</address1>
              <address2>270-289 The Science Park</address2>
              <address3>Milton Road</address3>
              <postalCode>CB4 0WE</postalCode>
              <city>Cambridge</city>
              <countryCode>GB</countryCode>
            </address>
          </cardAddress>
        </CARD-SSL>
        <session shopperIPAddress="127.0.0.1" id="SESSION_ID"/> <!--Session id must be unique for each order-->
      </paymentDetails>
      <shopper>
        <shopperEmailAddress>jshopper@myprovider.com</shopperEmailAddress>
        <browser>
          <acceptHeader>text/html</acceptHeader>
          <userAgentHeader>Mozilla/5.0 ...</userAgentHeader>
        </browser>
      </shopper>
      <thirdPartyData>
        <mpiTermURL>www.yourURL.com</mpiTermURL> <!--This is where your shopper will be directed to between authentication and authorisation-->
      </thirdPartyData>
    </order>
  </submit>
</paymentService>

Step two: use our reply and redirect the shopper to the MPI

Our reply contains a redirection URL for the MPI and the information the MPI needs. Use this information to create a HTML form.

../resources/images/figures/3dsmpi_flow2_thumb_350_0.png

Our reply to the first message

Your system must extract the machine cookie passed back in the HTTP header of this reply message. You must then return this cookie in the HTTP header of the second order message.

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" 
  "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="ExampleCode1">
  <reply>
    <orderStatus orderCode="ExampleOrder1">
      <requestInfo>
        <request3DSecure>
          <mpiRequest>Encoded MPI request message</mpiRequest>
          <mpiURL>URL of the MPI</mpiURL>
        </request3DSecure>
      </requestInfo>
      <echoData>244441041882871</echoData>
    </orderStatus>
  </reply>
</paymentService>

If you get this error, your setup may not be completed on our system. Contact us and we'll rectify it:

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//Worldpay//DTD Worldpay PaymentService v1//EN" 
  "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="ExampleCode1"> <!--The merchantCode you supplied in the order-->
  <reply>
    <orderStatus orderCode="ExampleOrder1"> <!--The order code from the first message-->
      <error code="7">
        <![CDATA[Invalid payment details : Error setting MPI request.]]>
      </error>
    </orderStatus>
  </reply>
</paymentService>

If you get this error, you have not included the <thirdPartyData> and <mpiTermURL> elements. Be sure to include these in yourfirst message.

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//Worldpay//DTD Worldpay PaymentService v1//EN" 
  "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="ExampleCode1"> <!--The merchantCode you supplied in the order-->
  <reply>
    <orderStatus orderCode="ExampleOrder1"> <!--The order code from the first message-->
      <error code="7">
        <![CDATA[Third party MPI requires a <thirdPartyData><mpiTermURL>terminatation_url</mpiTermURL></thirdPartyData> element in the first order request.]]>
      </error>
    </orderStatus>
  </reply>
</paymentService>
  1. Send an HTML form to the shopper, which redirects them to the MPI and contains the MPI request information as form fields.

    First decode the <mpiRequest> message into a readable form. The pure XML can be revealed from the encoded/compressed form as follows:

    1. Decode (base64 decoding as perRFC 3548)

    2. Inflate (use the zlib library)

    3. Format the XML with indentation

      Copied!
      echo -n Encoded MPI request message | base64 -d | openssl zlib -d | xmllint --format -
      Copied!
      <MpiRequest>
       <Field1>merchant name</Field1>
       <Field2>card number</Field2> 
       <Fieldn>etc</Fieldn>
      </MpiRequest>
  2. Create the HTML form with the above information. An example:

Copied!
<!DOCTYPE html>
<html>
  <head>
    <meta charset="UTF-8">
    <title>Third party MPI helper page</title>
  </head>
  <body OnLoad="OnLoadEvent();">
 
  This page should forward you to the authentication system that will first check enrollment and whether authentication is required.<br/>
  If your browser does not start loading the page, press the button you see.<br/>
  Once complete, you will be sent back to this site where the payment process will continue.<br/>
 
    <form name="form_name" method="post" action="http://The URL of the MPI we gave you in the response message in step 3 above">
      <input type="hidden" name="Field1" value="data1" />
      <input type="hidden" name="Field1" value="data2" />
      <input type="hidden" name="Fieldn" value="datan" />
      <input type="submit" value="Identify yourself" /> 
    </form>
 
    <script>
      function OnLoadEvent(){
        document.form_name.submit();
      }
    </script>
  </body>
</html>
  1. Send the HTML form to the shopper. This form redirects the shopper to the MPI.

Enrolment and authentication

The MPI carries out a verification check to see if the card is enrolled:

  • If the card is enrolled, the MPI sends an HTML form to the shopper which redirects them to the issuer for authentication. The issuer then redirects the shopper back to the MPI.
  • If the card isn't enrolled, the process skips to step three.

Step three: Use the HTTP form and send the second message

The MPI sends an HTML form to the shopper which redirects them back to you. Use this to create the second message to us, and we'll send back the authorisation response.

../resources/images/figures/3dsmpi_flow2_thumb_350_0.png

  1. The MPI sends an HTML form to the shopper which redirects them back to you. You'll receive a HTTP post to your TermUrl from the shopper's browser. This comes as an HTML form containing fields that correspond to the MPI data response elements. You must produce an XML message representation of this. An example:

    Copied!
    <MpiResponse> <!--Specific to the MPI provider-->
     <Field1>Authentication result code</Field1>
     <Field2>Transaction ID</Field2>
     <Fieldn>checksum</Fieldn>
    </MpiResponse>

    Once you have produced this XML message, you must compress and encode it:

    1. Deflate (using the zlib library)
    2. Encode Decode (base64 decoding as perRFC 3548)

      Copied!
      cat [xml_message] | openssl zlib | base64 --wrap=0
  2. Send a second XML order message to Worldpay that contains the compressed and encoded response from the MPI.

Send the second message

The second message must contain:

  • The orderCode from the first order message
  • The name of the <mpiProvider>
  • The encoded <mpiResponse> message
  • The (case sensitive) machine cookie extracted from the HTTP header of the initial reply message, placed into the HTTP header of this message

If you don't return the machine cookie in the HTTP header, you'll get an error code 7 - 'Could not find bean(s) in session cache'.

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//Worldpay//DTD Worldpay PaymentService v1//EN"
  "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="ExampleCode1"> 
  <submit>
    <order orderCode="YOUR_ORDER_CODE"> <!--The order code in the first message-->
      <info3DSecure>
        <mpiProvider>MPI provider name</mpiProvider> 
        <mpiResponse>Encoded MPI response data here</mpiResponse>
      </info3DSecure>
      <session id="SESSION_ID"/> <!--The session id in the first message-->
    </order>
  </submit>
</paymentService>

This error is caused by incorrectly compressed/encoded XML in your MPI response. The error will explain the formatting problem.

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//Worldpay//DTD Worldpay PaymentService v1//EN" 
  "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="ExampleCode1"> <!--The merchantCode you supplied in the order-->
  <reply>
    <orderStatus orderCode="ExampleOrder1"> <!--The order code from the first message-->
      <error code="7">
        <![CDATA[Parse error with MPI response : Error message specific to the MPI provider.]]>
      </error>
    </orderStatus>
  </reply>
</paymentService>

Second reply message

The second response returns a status of either:

  • AUTHORISED - We obtained authorisation from the issuer, and all other checks (such as Worldpay fraud detection services) have passed.

    Best practice: We recommend checking the ThreeDSecureResult description to see if you are entitled toliability shift.

  • REFUSED - Either the shopper failed to authenticate themselves, the issuer has declined the transaction, or Worldpay fraud detection services prevented the authorisation (in which case the <ISO8583ReturnCode> will indicate FRAUD_SUSPICION)

  • CANCELLED - Worldpay fraud detection service settings stopped the transaction (threshold exceeded).
  • ERROR - Typically this will be a '7 - could not find beans' error (explained below)

This error is caused by a cookie reference not being supplied by your system in the second request.

In the first 3DS XML response you received there will be a machine cookie in the HTTP header which you need to capture. The machine cookie will look similar to Set-Cookie: machine=9b88fe17;path=/, which you then need to place (as Cookie: machine=9b88fe17;path=/) into the HTTP header of your second XML request.

An example of the error message from us:

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//Worldpay//DTD Worldpay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="ExampleCode1"> <!--The merchantCode you supplied in the order-->
   <reply>
      <orderStatus orderCode="ExampleOrder1"> <!--The order code from the first message-->
         <error code="7"><![CDATA[Internal error! Could not find bean(s) in session cache.]]></error>
      </orderStatus>
   </reply>
</paymentService>

Test values

For RedSys, use the <cardHolderName> magic value (3D) in conjunction with the <description> magic value MPIPROVIDERRedsys. For the other magic values and test information, see3DS test values.

Errors

Error codeError MessageComments
7Invalid payment details : Error setting MPI request.Your setup may not be completed on our system. Contact us and we'll rectify it.
7Parse error with MPI response : Error message specific to the MPI provider.Caused by incorrectly compressed/encoded XML in your MPI response. The error will explain the formatting problem.
7Internal error! Could not find bean(s) in session cache.This error is caused by a cookie reference not being supplied by your system in the second request (it comes in our response to the first request).

Iyzico

Step one: collect the order and send the authorisation request

  1. The shopper places an order in your online store.

  2. You send the authorisation request with the order and payment information to Worldpay.

    ../resources/images/3ds-mpi-step-1_thumb_350_0.png

Send the authorisation request

You must supply:

  • The id attribute of the <session> element
  • The <telephoneNumber> element
  • The <thirdPartyData> and subsequent <originalAmount> element, and the <telephoneNumber> element of the <billingAddress>.

The <instalments> elements is optional, and only required if you wish to accept instalments.

Example authorisation request
Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN" "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
  <submit>
    <order orderCode="ExampleOrder1">
      <description>test order</description>
      <amount value="103" currencyCode="TRY" exponent="2"/>
      <orderContent>
        <![CDATA[]]>
      </orderContent>
      <paymentDetails>
        <CARD-SSL>
          <cardNumber>xxxxxxxxx</cardNumber>
          <expiryDate>
            <date month="06" year="2019"/>
          </expiryDate>
          <cardHolderName>Bob Smith</cardHolderName>
          <cvc>123</cvc>
          <cardAddress>
            <address>
              <firstName>Mr Bert</firstName>
              <address1>Worldpay</address1>
              <address2>270-289 The Science Park</address2>
              <address3>Milton Road</address3>
              <postalCode>CB4 0WE</postalCode>
              <city>Cambridge</city>
              <countryCode>GB</countryCode>
            </address>
          </cardAddress>
        </CARD-SSL>
        <session shopperIPAddress="127.0.0.1" id="ssn16190241"/>
      </paymentDetails>
      <shopper>
        <shopperEmailAddress>sp@worldpay.com</shopperEmailAddress>
        <browser>
          <acceptHeader>text/html</acceptHeader>
          <userAgentHeader>Mozilla/5.0 ...</userAgentHeader>
        </browser>
      </shopper>
      <shippingAddress>
        <address>
          <firstName>Bob</firstName>
          <lastName>Smith</lastName>
          <address1>Address Line #1</address1>
          <address2>Add #2</address2>
          <address3/>
          <postalCode>666777</postalCode>
          <city>Ankara</city>
          <state>Ankara</state>
          <countryCode>TR</countryCode>
          <telephoneNumber>96836351</telephoneNumber>
        </address>
      </shippingAddress>
      <billingAddress>
        <address>
          <firstName>Bob</firstName>
          <lastName>Smith</lastName>
          <address1>Address Line #1</address1>
          <address2>Add #2</address2>
          <address3/>
          <postalCode>666777</postalCode>
          <city>Ankara</city>
          <state>Ankara</state>
          <countryCode>TR</countryCode>
          <telephoneNumber>96836351</telephoneNumber>
        </address>
      </billingAddress>
      <thirdPartyData>
        <instalments>3</instalments>
        <originalAmount><amountNoCurrency value="100"/></originalAmount>
      </thirdPartyData>
    </order>
  </submit>
</paymentService>

Step two: use our reply and redirect the shopper to the MPI

Our reply contains a redirection URL for the MPI and the information the MPI needs. Use this information to create a HTML form.

../resources/images/figures/iyzico-step-2_thumb_350_0.png

Our reply to the authorisation request

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//WorldPay//DTD WorldPay PaymentService v1//EN""http://secure.worldpay.com/dtd/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE">
  <reply>
    <orderStatus orderCode="ExampleOrder1">
      <requestInfo>
        <request3DSecure>
          <mpiRequest>
            eJytk71u4zAMx/c8hc5TOiiK4xx8uXMyFL2hQ4GgRR+AppRErT5ciy7qe/pKsZsOHRIU54UWQf3+pEhWd42+V6EztKl+SI/UN4odyJrNpEqGGXD7daZclhwK5GbC4leRJqM
            2uv+n0bM7j8+suOEPCrtWsW3rUYWg3Z5tYa8qMQRPKjEAqtrLPpqdby3Tcp0NGF7IwJMvY4CkvVtnB6Im/BYigJO1f+PQ6FkKbqCfobciWqscCRsTENppioiMWUUHH7GND5
            SN+WrXdMRSdZGqpYwFMQc2nnwrVXsrM/YKpovnxMrznC+KfLFMYjHgPKXW7kRYlavFfHH+TugwvdNja05XLy346PNBIBhTAz7HusWIExco70Cb2Kn/pTziLlFG73a6tZD6+
            x35Y6dHSGr2WcEt3KuXkwyWxc9yOQe++oU5X8oCOcRG83xeLqXMS9wVmCZdpDmMNmCrmw8wqTcST/AKg3fUjkvTpdRme0V/jUq/1/2tnH6Z6qtZ6GqraXr1JwoMjCQ1boM4
            bl0lPhfyHQN1N+E=
          </mpiRequest>
          <mpiURL>
            <![CDATA[]]>
          </mpiURL>
        </request3DSecure>
      </requestInfo>
      <echoData>
        48409882667806
      </echoData>
    </orderStatus>
  </reply>
</paymentService>

If you get this error, your setup may not be completed on our system. Contact us and we'll rectify it:

Copied!
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE paymentService PUBLIC "-//Worldpay//DTD Worldpay PaymentService v1//EN"
  "http://dtd.worldpay.com/paymentService_v1.dtd">
<paymentService version="1.4" merchantCode="YOUR_MERCHANT_CODE"> <!--The merchantCode you supplied in the order-->
  <reply>
    <orderStatus orderCode="ExampleOrder1"> <!--The order code from the first message-->
      <error code="7">
        <![CDATA[Invalid payment details : Error setting MPI request.]]>
      </error>
    </orderStatus>
  </reply>
</paymentService>
  1. Send an HTML form to the shopper, which redirects them to the MPI and contains the MPI request information as form fields.

    First decode the <mpiRequest> message into a readable form. The pure XML can be revealed from the encoded/compressed form as follows:

    1. Decode (base64 decoding as perRFC 3548)

    2. Inflate (use the zlib library)

      Copied!
      echo -n Encoded MPI request message | base64 -d | openssl zlib -d
      Copied!
      <MpiRequest>
      <Field1>merchant name</Field1>
      <Field2>card number</Field2>
      <Fieldn>etc</Fieldn>
      </MpiRequest>
  2. Create the HTML form with the above information. An example:

Copied!
<MpiResult><!doctype html>
  <html lang="en">
    <head>
      <title>iyzico Mock 3D-Secure Processing Page</title>
    </head>
    <body>
      <form id="iyzico-3ds-form" action="https://sandbox-api.iyzipay.com/payment/mock/init3ds" method="post">
        <input type="hidden" name="orderId" value="mock111-23124iyziord">
        <input type="hidden" name="bin" value="979202">
        <input type="hidden" name="successUrl" value="https://sandbox-api.iyzipay.com/payment/iyzipos/callback3ds/success/2">
        <input type="hidden" name="failureUrl" value="https://sandbox-api.iyzipay.com/payment/iyzipos/callback3ds/failure/2">
        <input type="hidden" name="confirmationUrl" value="https://sandbox-api.iyzipay.com/payment/mock/confirm3ds">
        <input type="hidden" name="PaReq" value="c735740a-98c1-4d3c-a231-1074dd17cf3c">
      </form>
      <script type="text/javascript">
        document.getElementById("iyzico-3ds-form").submit();
      </script>
    </body>
  </html>
</MpiResult>
  1. Send the HTML form to the shopper. This form redirects the shopper to the MPI.

Enrolment and authentication

The MPI carries out a verification check to see if the card is enrolled:

  • If the card is enrolled, the MPI sends an HTML form to the shopper which redirects them to the issuer for authentication. The issuer then redirects the shopper back to the MPI.
  • If the card isn't enrolled, the shopper completes the payment and is directed back to your website.

Second reply message

The second response returns a status of either:

  • AUTHORISED - Shopper was authenticated, we obtained authorisation from the issuer, and all other checks (such as Worldpay fraud detection services) have passed
  • REFUSED - Either the shopper failed to authenticate themselves, the issuer has declined the transaction, or a Worldpay fraud detection service prevented the authorisation. This status will also be provided should the shopper not complete 3DS authentication within two (2) hours.

Test values

For Iyzico, use the <description> magic value MPIPROVIDER[provider name with no spaces] to test the MPI connection.

For the MPIPROVIDER magic value, contact your Implementation Manager. For the other magic values and test information, see3DS test values.

Within this page