Migrated from Redmine #712 | Author: abdullah noman
Status: Rejected | Priority: High, I’m very impatient | Created: 2021-06-09
Hello,
I have added required information for Payfort payment options, I asked payfort to move my account to production, and now they are asking me to make sure of the following :
- You are detecting the customer Actual email address and pass it to customer_email parameter, and you are also detecting the public IP address for the customer who’s browsing your website/ application and passing it to customer_ip parameter in the Payment Operation request, sending s static value to customer_email or customer ip parameter will cause transaction to be blocked by our fraud detection tool in production environment.
2.The return_url submitted in the API Request accepts the response returned as POST FORM since in the production environment you will have only POST Method option to receive the responses. In addition, the value passed to return_url parameter in the API Request should be https .
3.You are validating the response you are receiving from Amazon Payment services using the SHA Response value configured in your account under Security Settings.
You need to validate the signature you receive from Amazon Payment Services by calculating the signature for the response parameters you receive on the return_url once the transaction is processed using the SHA response phrase listed in your test account under:
Integration settings >> Security settings , the value of the calculated signature should match the value of the signature returned from Amazon Payment Services .
4.Your code handles the response parameters received on the Direct Transaction Feedback URL under Technical Settings. In this step, you need to create an endpoint to receive response parameters as a POST form .
Note: The Direct Transaction Feedback URL required to send you the response parameters after processing the transaction on the server side , so incase the customer closed the browser before getting redirected to your return_url because the Internet connection dropped or he closed the browser , we will send you the response on the Direct transaction Feedback URL in both cases .
To configure the Direct Transaction Feedback URL , please go to your Technical Settings Tab in your Amazon Payment services account and click on the activated channel you have, then configure the URL under Direct Feedback URL field.
- You are submitting Tokenization service_command as POST FORM, from client side (browser/mobile app) only.
This is PCI mandate, to submit this request from client side & you should not process/store/handle/log/save clear card details.
6.Please make sure to implement a dynamic controller from your end to handle the 3DS service , if you receive the 3ds_url you can redirect the customers to it , otherwise "if it’s “NULL” you need to consider the final response returned to you in JSON body and update the customer in his checkout page about the final payment status.
7.Please make sure to have a validation at your side to validate the actual amount should be deducted from the customer to match the same amount you submit in the API requests to Amazon Payment services, this is required to protect your website from any fraud.
kindly check above and let me know ur thought about it