Integration methods > XPay Build > Version 3

Version 3

Payment form creation

The card data collection form as well as the alternative payment methods (APM) buttons are returned by the API:

To invoke version 3 of XPay Build, you need to set the "version" parameter to "3" in the above mentioned API.

The request returns an object containing the iframes corresponding to the card payment method and the APMs active on the merchant's terminal. Below is an example in JSON format:

                                    {
    "sessionId": "Md6fiNaHuADc%2FL%2BcxXVvvw%3D%3D",
    "securityToken": "fd68b72f1fe9471a96865e70a245edd6",
    "fields": [
        {
            "type": "ACTION",
            "id": "SATISPAY",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=SATISPAY...",
            "class": "APM"
        },
        {
            "type": "ACTION",
            "id": "MULTIBANCO",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=MULTIBANCO...",
            "class": "APM"
        },
        {
            "type": "ACTION",
            "id": "WECHAT",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=WECHAT...",
            "class": "APM"
        },
        {
            "type": "ACTION",
            "id": "EPS",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=EPS...",
            "class": "APM"
        },
        {
            "type": "ACTION",
            "id": "IDEAL",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=IDEAL...",
            "class": "APM"
        },
        {
            "type": "ACTION",
            "id": "PAYPAL",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=PAYPAL...",
            "class": "APM"
        },
        {
            "type": "ACTION",
            "id": "P24",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=P24...",
            "class": "APM"
        },
        {
            "type": "ACTION",
            "id": "ALIPAY",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=ALIPAY...",
            "class": "APM"
        },
        {
            "type": "ACTION",
            "id": "PIS",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=PIS...",
            "class": "APM"
        },
        {
            "type": "ACTION",
            "id": "BANCONTACT",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=BANCONTACT...",
            "class": "APM"
        },
        {
            "type": "ACTION",
            "id": "GIROPAY",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=GIROPAY...",
            "class": "APM"
        },
        {
            "type": "ACTION",
            "id": "PAY_WITH_CARD",
            "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=PAY_WITH_CARD...",
            "class": "CARD"
        }
    ]
}
                                

Each iframe represents a button that allows the customer to choose the desired payment method, these components must then be shown on the shop checkout page.

Payment management is subject to variations between cards and APMs, indications below.

Payment by card

Once the card payment method has been clicked, an object containing the following data is returned via an event:

"event": parameter set to "BUILD_FLOW_STATE_CHANGE".
"state": parameter set to "CARD_DATA_COLLECTION".
"fieldSet": object containing the iframes of the individual fields necessary for entering card data, details below.

FIELDSET OBJECT

NAME

DESCRIPTION

FORMAT

sessionId

Session identifier.

Object

fields

Array of objects containing the iframes of the individual fields necessary for entering card data.

Object

type	Type of field, possible values: TEXT: text field that needs to be filled in by the cardholder, like the fields for entering card data. ACTION: field that requires an action by the cardholder, such as the checkboxes to accept the terms and conditions.	AN
id	Field identifier, possible values: CARD_NUMBER: pan card. EXPIRATION_DATE: card expiration. SECURITY_CODE: CVV/CV2 card security code. CARDHOLDER_NAME: cardholder name. CARDHOLDER_SURNAME: cardholder surname. CARDHOLDER_EMAIL: cardholder email. PRIVACY_CONDITIONS: any terms and conditions for proceeding with the payment.	AN
src	Iframe URL.	AN
class	Field class, possible values: CARD_FIELD	AN

Below is an example of the object in JSON format of the "fieldSet" object:

                                    {
  "sessionId": "%2B33rcw1A7gdFcjYlvfcznA%3D%3D",
  "fields": [
    {
      "type": "TEXT",
      "id": "CARD_NUMBER",
      "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=CARD_NUMBER...",
      "class": "CARD_FIELD"
    },
    {
      "type": "TEXT",
      "id": "EXPIRATION_DATE",
      "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=EXPIRATION_DATE...",
      "class": "CARD_FIELD"
    },
    {
      "type": "TEXT",
      "id": "SECURITY_CODE",
      "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=SECURITY_CODE...",
      "class": "CARD_FIELD"
    },
    {
      "type": "TEXT",
      "id": "CARDHOLDER_NAME",
      "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=CARDHOLDER_NAME...",
      "class": "CARD_FIELD"
    },
    {
      "type": "TEXT",
      "id": "CARDHOLDER_SURNAME",
      "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=CARDHOLDER_SURNAME...",
      "class": "CARD_FIELD"
    },
    {
      "type": "TEXT",
      "id": "CARDHOLDER_EMAIL",
      "src": "https://ngwecomm-dev.nexi.it/phoenix-0.0/hostedfields-demo/iframe.html?id=CARDHOLDER_EMAIL...",
      "class": "CARD_FIELD"
    }
  ]
}
                                

On the HTML page, it's necessary to dynamically inject each field from the received 'fields'.

ATTENTION: t is necessary to include, accompanied by a checkbox, the privacy policy of Nexi, available at the link https://www.nexi.it/privacy/xpay.html. It is recommended to directly embed the indicated link within the page so that the text remains always updated.

SDK Initialization

Based on the customer's actions, once one of the card fields has been entered correctly, several events are triggered on the main HTML page. These events allow for providing appropriate feedback to the customer to inform them about the correctness of the entered data. Capturing these events is made easier by an SDK provided by Nexi.

Insert this statement at any point on the page, replacing "nexiDomain" with the test or production domain of XPay:

                                    <script type="text/javascript" src="{nexiDomain}/monetaweb/resources/hfsdk.js"></script>
                                

Afterwards, set up the actions to be performed in each of the following situations:

                                    <script type="text/javascript">
    let build = new Build({
        onBuildSuccess: function(evtData) {

            // write the code to manage the successful data entered in the specified field: evtData.id
        },

        onBuildError: function(evtData) {

            // write the code to manage the wrong data entered in the specified field: evtData.id
            // the action can be finely tuned based on the provided error code available at evtData.errorCode
            // the possible cases are:
            // HF0001 - generic build field error
            // HF0002 - temporary unavailability of the service
            // HF0003 - session expired – the payment experience shall be restarted from the post orders/build
            // HF0004 - card validation error – the luhn key check on the card number was failed
            // HF0005 - brand not found – the card brand is not in the list of supported brands
            // HF0006 - expiration date exceeded – the provided card is expired
            // HF0007 – internal error – if the issue persists the payment has to be restarted
            // HF0009 – 3DS GDI verification failed – the payment experience has to be stopped with failure.
        },
        onConfirmError: function(evtData) {
            // this event is returned as a consequence of the invocation of confirmData() SDK function.
            // the possible cases are:
            // HF0002 – temporary unavailability of the service
            // HF0003 - session expired – the payment experience shall be restarted from the post orders/build
            // HF0007 – internal error – if the issue persists the payment has to be restarted
        },
        onBuildFlowStateChange: function(evtData, state) {
            // this event is returned for each state transition. The possible values are READY_FOR_PAYMENT and PAYMENT_COMPLETE,
            // described in the following paragraphs.
        },
        cssLink: "https://{yourdomain}/yourcssfile.css"
            // see the paragraph Graphic Changes to Credit Card Data Collection Form (CSS)
    });
</script>
                                

Confirmation Button for Entered Data

The card data, entered by the customer in the internal iframes, are stored on the Nexi server only when the customer clicks on the confirmation button. This button must be independently developed on the checkout page of the ecommerce site.

The button must have an "onClick" event associated with it that calls the "confirmData" function:

                                    <input type="button" onClick="build.confirmData(myLoader)" ></input>
<script> function myLoader() {<<do some animation and make the button insensitive>>} </script>

The "confirmData" function can trigger the following state changes:

PAYMENT_COMPLETE: Payment has been completed in one step. No further actions are required. The 'operation' object containing the operation details is returned.
READY_FOR_PAYMENT: This event confirms that it's possible to proceed with the payment by invoking the API:

POST /build/finalize_payment

The response to the above API changes according to the following cases:

3D Secure authentication: payment requires 3D Secure authentication by the cardholder. Parameters are returned:

"url": the customer must be redirected to the address contained in the field, where the cardholder can authenticate and authorize the payment. At the end of the authentication, the payment result is returned to the request parameters "resultUrl", "notificationUrl" and possibly "cancelUrl".
"state": set with REDIRECTED_TO_EXTERNAL_DOMAIN".

Payment result: the transaction does not require 3D Secure authentication by the cardholder, the payment is then completed. Parameters are returned:

"operation": object containing the detail of the operation.
"state": set with "PAYMENT_COMPLETE".

Graphic Changes to Credit Card Data Collection Form (CSS)

You can modify the credit card data collection form by inserting a link to a CSS file. The file should include the style specification to be applied to all input tags contained in the iframe pages. Additionally, you can differentiate the style for each of the fields on the credit card data collection page. Below is an example:

                                    input {
    display: block;
    width: 100%;
    line-height: 1.5;
    padding: 8px 10px;
    height: 50px;
    background-color: transparent;
    border: 1px solid rgba(50, 50, 50, 0.5);
    border-radius: 2px;
    transition: all 0.2s ease-in-out;
    font-family: Karbon !important;
    font-size: 16px;
    letter-spacing: 0.8px;
    font-weight: normal;
}
#CARD_NUMBER {
    border-color: rgba(45, 50, 170, 0.5);
}
#EXPIRATION_DATE {
    border-color: rgba(45, 50, 170, 0.5);
}
#SECURITY_CODE {
    border-color: rgba(45, 50, 170, 0.5);
}
#CARDHOLDER_NAME {
    border-color: rgba(45, 50, 170, 0.5);
}
#CARDHOLDER_EMAIL {
    border-color: rgba(45, 50, 170, 0.5);
}
                                

Payment via APM

Once the alternative payment method has been clicked, an object containing the following data is returned via an event:

"sessionId": filled with the payment session identifier.
"url": address required for redirection to the checkout page of the alternative payment method. At the end of the payment, the result is returned to the request parameters "resultUrl", "notificationUrl" and possibly "cancelUrl".

                                    {
    "sessionId": "%2B33rcw1A7gdFcjYlvfcznA%3D%3D"
    "url": "https://externaldomain...",
}
                                

Additional APIs

Session cancellation: POST /build/cancel
Session state query: GET /build/state
Card data query: GET /build/cardData
Integrity check: GET /build/integrity

NOTE:

The XPay Build solution is not compatible with the DCC feature.