Specification and Features
Introduction
The QuickPay API is an open protocol that enables merchants to handle payments in a simple manner. The protocol is based on SSL encrypted HTTP communication and all actions are perfomed by sending a HTTP POST request to https://secure.quickpay.dk/api (See Example 1). Upon each request sent, QuickPay will respond with a simple XML document (See Example 2). Please notice: do not send API requests to https://secure.quickpay.dk/form/. /form/ is only for authorizes using the Quickpay Payment Window.
Example 1. HTTP POST request for cancel
POST /api HTTP/1.1
Host: secure.quickpay.dk
User-Agent: Mozilla/4.0
Content-Length: 107
Content-Type: application/x-www-form-urlencoded
protocol=4
&msgtype=cancel
&merchant=11111111
&transaction=22222222
&md5check=9625ae14fab6adf160cdd3be434dc071
Example 2. XML response for cancel
<?xml version="1.0" encoding="UTF-8"?>
<response>
<msgtype>cancel</msgtype>
<ordernumber>RTEST-119756038112</ordernumber>
<amount>234</amount>
<currency>DKK</currency>
<time>071213163941</time>
<state>5</state>
<chstat>000</chstat>
<qpstat>000</qpstat>
<qpstatmsg>OK</qpstatmsg>
<merchantemail>test@quickpay.dk</merchantemail>
<merchant>QuickPay test account</merchant>
<transaction>5366754</transaction>
<cardtype>Dankort</cardtype>
<md5check>a429f70032e131bed9364a3578953f47</md5check>
</response>
Request data fields
The HTTP POST request consists of some data fields that must obey some syntactical and semantical rules. If one or more data fields does not comply with these rules, it will result in an error. Furthermore, any data fields that are not part of the protocol will be discarded.
| Name | Regular expression | Description |
|---|---|---|
| protocol | /^4$/ | Defines the version of the protocol |
| msgtype | /^[a-z]$/ | Defines which action to perform - Each message type is described in detail later |
| merchant | /^[0-9]{8}$/ | The QuickPayId |
| ordernumber | /^[a-zA-Z0-9]{4,20}$/ | A value by merchant's own choise. Must be unique for each transaction. Usually an incrementing sequence. The value may be reflected in the your bank account list. |
| amount | /^[0-9]{1,12}$/ | The transaction amount in its smallest unit. In example, 1 EUR is written 100. |
| currency | /^[A-Z]{3}$/ | The transaction currency as the 3-letter ISO 4217 alphabetical code. See http://quickpay.net/features/multi-currency/ for more information. |
| autocapture | /^[0-1]{1}$/ | If set to '1', the transaction will be captured automatically - provided that the authorize was succesful. See http://quickpay.net/features/autocapture/ for more information. |
| cardnumber | /^[0-9]{13,19}$/ | The refund card number |
| expirationdate | /^[0-9]{4}$/ | The refund card expiration date |
| cvd | /^[0-9]{0,4}$/ | The refund card verification data |
| cardtypelock | /^[a-zA-Z,]{0,128}$/ | Lock to card type. Multiple card types allowed by comma separation. See http://quickpay.net/features/cardtypelock/ for possible values. |
| transaction | /^[0-9]{1,32}$/ | A transaction id from a previous transaction. |
| description | /^[\w _-.]{0,20}$/ | A value by the merchant's own choise. Used for identifying a subscription payment |
| splitpayment | /^[0-1]{0,1}$/ | Enables multiple partial capture. http://quickpay.net/features/split-payment/ |
| finalize | /^[0-1]{0,1}$/ | Finalizes multiple partial capture. When set transaction will go into a closed state and no more captures will be possible. |
| ipaddress | /^\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}$/ | Log shoppers ip-address. For technical reasons QuickPay can only detect the IP-address of the merchant and not the shopper. This feature offers the possibility to log the shoppers IP-address as detected by the merchant. |
| testmode | /^[0-1]{0,1}$/ | Enables inline testing. If set to '1', QuickPay will handle this and only this transaction in test-mode - even while QuickPay is in production-mode. See http://quickpay.net/faq/test-mode/ for more information. |
| md5check | /^[a-z0-9]{32}$/ | A MD5 checksum to ensure data integrity. See http://quickpay.net/faq/md5check/ for more information. |
Response data fields
| Name | Regular expression | Description |
|---|---|---|
| msgtype | /^[a-z]$/ | Defines which action was performed - Each message type is described in detail later |
| ordernumber | /^[a-zA-Z0-9]{4,20}$/ | A value specified by merchant in the initial request. |
| amount | /^[0-9]{1,10}$/ | The amount defined in the request in its smallest unit. In example, 1 EUR is written 100. |
| currency | /^[A-Z]{3}$/ | The transaction currency as the 3-letter ISO 4217 alphabetical code. See http://quickpay.net/features/multi-currency/ for more information. |
| time | /^[0-9]{12}$/ | The time of which the message was handled. Format is YYMMDDHHIISS. |
| state | /^[1-9]{1,2}$/ | The current state of the transaction. See http://quickpay.net/faq/transaction-states/. |
| qpstat | /^[0-9]{3}$/ | Return code from QuickPay. See http://quickpay.net/faq/status-codes/. |
| qpstatmsg | /^[\w -.]{1,}$/ | A message detailing errors and warnings if any. |
| chstat | /^[0-9]{3}$/ | Return code from the clearing house. Please refer to the acquirers documentation. |
| chstatmsg | /^[\w -.]{1,}$/ | A message from the clearing house detailing errors and warnings if any. |
| merchant | /^[\w -.]{1,100}$/ | The QuickPay merchant name |
| merchantemail | /^[\w_-.\@]{6,}$/ | The QuickPay merchant email/username. |
| transaction | /^[0-9]{1,32}$/ | The id assigned to the current transaction. |
| cardtype | /^[\w-]{1,32}$/ | The card type used to authorize the transaction. |
| cardnumber | /^[\w\s]{,32}$/ | A truncated version of the card number - eg. 'XXXX XXXX XXXX 1234'. Note: This field will be empty for other message types than 'authorize' and 'subscribe'. |
| cardexpire | /^[\d]{,4}$/ | Expire date on the card used in a 'subscribe'. Notation is 'yymm'. Note: This field will be empty for other message types than 'subscribe'. |
| splitpayment | /^[0-2]{0,1}$/ | Tells if the transaction has the split payment feature enabled. |
| md5check | /^[a-z0-9]{32}$/ | A MD5 checksum to ensure data integrity. See http://quickpay.net/faq/md5check/ for more information. |
PCI requirements
The Payment Card Industry Data Security Standard (PCI DSS) was developed by the major refund card companies as a guideline to help organizations that process card payments prevent refund card fraud, cracking and various other security vulnerabilities and threats. QuickPay is PCI certified and subject to annual audits in that regard.
As a merchant you are only affected by PCI DSS if payment card data passes through you physical server. This is the case if you are using the QuickPay API to handle payment card data, and you therefore have to implement security measures as outlined in the PCI DSS Standard Self-Assessment Questionnaire (SAQ).
 |
Tip |