Pockyt Credit Card Payments w/ Capture 3DS

Introduction

This solution enables merchants to securely process credit card payments through Pockyt's hosted 3D Secure (3DS) authentication flow. The process begins by registering the customer via API and continues through a redirect to a secure hosted authentication page. Once the customer completes the 3DS flow, the payment result is confirmed through a webhook or optional status query.

  1. Customer Registration: The merchant registers the customer using the POST /v1/customers/create endpoint to obtain a customerNo, which is required to initiate the payment.
  2. Capture with 3DS: The merchant calls the POST /order/v4/capture endpoint, and Pockyt returns an authenticationUrl for redirecting the customer to complete 3DS authentication.
  3. Transaction Confirmation: After authentication, the merchant receives the payment result either through a webhook notification or by calling the POST app-data-search/v3/tran-query endpoint.

🚧

## Pre-requisites

API Credentials: Obtain merchantNo, storeNo, and verifySign values from Pockyt.

Webhook Configuration: Set up webhook URLs to receive asynchronous transaction updates.

Server Setup: A secure server for handling webhooks (ipnUrl) and callback URLs.

Compliance PCI compliance for handling credit card data if applicable.


API Diagram

API workflow

Step-by-Step Hosted Credit Card Payment with 3DS Workflow

📘

API References for Endpoints in this Workflow:


Step 1: Register Customer

Action: The merchant backend registers the customer using the
POST /v1/customers/create endpoint.
This returns a customerNo that will be referenced in the Capture request.


Step 2: Call Capture API (3DS Enabled)

Action: The customer initiates a card payment.
The merchant backend calls the POST /order/v4/capture endpoint with 3DS enabled.

  • Pockyt returns an authenticationUrl.
  • The merchant redirects the customer to this URL to complete 3D Secure authentication and payment.

Step 3: Complete 3DS Authentication

Action: The customer completes the authentication process on the hosted page.

  • This step finalizes the transaction on the payment provider’s side.
  • No further input is required from the merchant at this point.

Step 4: (Optional) Query Transaction Status

Action: If webhook confirmation is delayed or not received, the merchant may query the transaction status using
POST app-data-search/v3/tran-query.

Use Case: This endpoint retrieves the transaction status using the original transaction number.


Step 5: Handle Webhook Notifications

Action: After the payment is completed and authenticated,
Pockyt sends a webhook to the merchant backend with the transaction result.

  • The webhook includes transaction number, status, and related details.
  • The merchant should rely on this webhook to finalize and update their system records.

Always confirm payment success through webhook or status query before fulfillment.