Before starting with this integration, make sure that you created a test account as described in the Getting started tutorial.
When you are ready to go live, complete the SAQ-A form and Adyen will add the Client-Side Encryption (CSE) role to your web service user.
Your card payments go through many stages. The below diagram helps you understand the flow:
ws@Company.[YourCompanyAccount] - username format for a company level account.
[YourCompanyAccount] - This is a placeholder. For example, ws@company.TestCompany or ws_123456@Company.TestCompany.
For automated request and retrieval operations, you can specify this information in the library, which handles your server-to-server requests and responses with the Adyen platform.
If you are integrating the Adyen platform of products and services with a third-party system, we strongly recommend you follow defensive programming best practices.
Start by creating a payment form integrated with the Adyen encryption library, which you can retrieve using the unique URL provided to you by Adyen.
- Go to Settings → Users and filter the list of users by System in the drop-down box.
- Navigate to the Web Service (ws) user page.
- Go to Easy Encryption → Library location.
If the library is not available yet, click Generate and then Save to create a new URL.
Ensure that your payment form includes the mandatory fields. To test the given code example, replace [payment request handler] with your payment handler URL of your server.
Card input fields should not have the
name attribute, but should be annotated by the
data-encrypted-name attribute to mark them for encryption. The attribute makes sure that the call does not send the data values to the server.
generationtime field is used to include a server-side timestamp in the data you submit the form. It determines whether a payment request is valid or not. Adyen refuses the transactions sent later than 24 hours from the timestamp. This value must be obtained on the server-side as the client’s system clock may not be correctly synchronized which can cause the payment transaction to fail.
- Format: ISO 8601; YYYY-MM-DDThh:mm:ss.sssTZD
- Example: 2017-07-17T13:42:40.428+01:00
Prevent payment form reload
For example, you can:
- Pass an additional options parameter in the createEncryptedForm method.
- Change the name of the encrypted data container. Its default name is adyen-encrypted-data.
- Submit the form using AJAX instead of the default submit action, as shown in this example:
Use the encrypted data to make the payment request to our test endpoint including your valid web service credentials. Retrieve your web service credentials from the Adyen Customer Area (CA) by navigating to Settings → Users → System users → ws@Company.[YourCompanyAccount].
The following example shows a basic authorise request the amount is in minor units, e.g. 20000 is 200 euros. You can find the number of decimal points per currency in the currency codes.
While submitting payments from your server, include your valid credentials and specify the
Content-Type header as shown in the example.
You can use one of our test credit cards to make the request.
To know more about the required fields, see PaymentRequest.
If the message passes validation, Adyen performs a risk analysis. Depending on the outcome, we attempt authorisation, and you receive a payment response. The response includes a PSP reference that uniquely identifies each payment and can be used later for capture, cancel, or refund.
For other possible response codes and fields of the payment response, refer to PaymentResult.
Local payment methods
For an overview of the various payment methods available, see Payment Methods.
The flow of a payment using a local payment method is illustrated in the diagram below:
To process local payment methods:
- Create a new skin and style the form to let your shopper select a payment method. Go to Adyen Customer Area (CA) → Skins → Create a new skin .
- Add the skin description.
- Generate the HMAC keys for the test and live platforms (remember to take a note of this key) and click Save.
- Select the skin from the list and click Test from the menu bar to verify that Currently on Test displays the version information in green.
The directory lookup returns the available payment methods for the shopper based on the country they are shopping from, the amount and currency and skin code you provided. The returned data is a JSON object containing an array of the payment methods. You can parse the response and provide the list of payment methods to your shopper.
Request local payment methods
To retrieve a list of available local payment methods make a lookup request to the directory endpoint with the fields in the code example. For Adyen to verify the authenticity of the request calculate the signature of the request and include this in the
The example below shows how to make such a request. For additional fields and more details for the payment methods request refer to the API Reference.
Display local payment methods
A response returns a JSON object containing a list of applicable payment methods. Each payment method has a
brandCode, and optionally, a list of issuers (depending on the payment method). In this case, the
issuerId identifies a specific issuer and can be used to direct a shopper to the related method's webpage.
When parsing this response, you can format and display the methods according to your design if you like.
In case you made a directory lookup request to version 2 (https://test.adyen.com/hpp/directory/v2.shtml), each payment method also returns the
logos field containing links to normal, small, and tiny images.
Submit a payment request
After your shopper selects the local payment method, make a POST request including the brandCode and issuerId (if available) of the selected payment method.
Recalculate the signature of your payment request with the brandCode and issuerId as extra fields and post the request to the
skipDetails.shtml endpoint. Your shopper is then redirected to the selected local method to finalize the payment.
The HTML code below is an example form.
After shoppers have completed the payment, they are redirected to a result page of your choice. You can set a custom result URL in the Customer Area on the skin configuration page. Another option is to include the result URL in the
resURL field in the payment request.
Adyen appends parameters to this result URL to inform you about the payment status. If the status is already determined (either authorised or refused), you can use this information to display a payment successful or payment failed page. In a case when the current status is pending, use payment notifications to get the outcome of a payment request and store this result in your back office, if necessary.
An example of a redirect URL to a result page:
An example of a corresponding
To ensure that the response is not tampered with validate the response by calculating the signature of the returned fields, except the merchantSig field. Adyen uses your secret HMAC key to sign the data, so the calculated signature should be the same as the
merchantSig included in the response.
For more information on additional response fields, visit the API Reference.
Skip Hosted Payment Pages (HPP)
Skip the payment method selection page, if the payment method is already known to you, by routing your shopper directly to the payment or order detail entry page.
To use this payment flow:
- Make a payment request call to skipDetails.shtml.
- In the call, include the
For more information on Skins and Hosted Payment Pages, see the Skin page in our HPP manual.
Fields for this call vary per payment method, contact support for more information.
Complete the payment
You can opt for automatic or manual capture - for instance, if you are processing more than a handful of payments on a daily basis we recommend that you automate this process. The Adyen Customer Area (CA) offers an option to configure an automated capture process to automatically capture payments after a specified number of days, ranging from no delay, 1 day, 2 days, 3 days, 4 days, 5 days, 6 days, 7 days, and manual. To define a capture delay, go to CA → Settings → Merchant Setting → Capture Delay.
To manually capture an authorized payment, send a request to the capture endpoint passing the fields as in the example below. To uniquely identify the payment to be captured, pass the PSP reference (e.g. 9914430855683260) that is returned to you in the authorise payment response.
Besides synchronous responses, Adyen uses notifications to keep you updated about actions and their result (e.g. a payment authorization). In addition, notifications help you synchronize your back-office system to always have up-to-date information on payment statuses.
It is mandatory for you to integrate with Adyen notifications when testing your integration. For more information, refer to Notifications.
Cancel and/or refund
Sometimes you may need to cancel or refund a payment. To know how this can be done with the Adyen platform, refer to Cancel or refund.
Enable recurring payments
If your business model requires billing your customers on a recurring basis, you may enable recurring payments using the Adyen platform. In this case, Adyen securely stores payment details when you make the first authorisation call, so that you no longer need to provide this data in the future.
To do this, add the recurring field to the payment request you make from your server to the Adyen platform. For example, if you want to enable both shopper-not-present and one-click recurring modes for a specific payment, add the following field to the API call above:
For more information on recurring payments, refer to the Recurring payments.