5.1. FAQ

Gather useful information

Please gather this information and provide it to support to quickly resolve issues which happened during the integration

  • Please indicate whether sandbox or production environments were used.

  • Please indicate whether or not the functionality worked at one time or not. If so, please indicate since when it stopped working.

  • Please add relevant log information ( orderid, serial-number, client_orderid, ENDPOINTID, ENDPOINTGROUPID) when any is available.

Frequently asked questions during the integration

What does INVALID_CONTROL_CODE error mean?

The calculation of the signature may be different for different types of API calls. The most common reasons are:

  • Wrong credentials. Check credentials received from Payment Gateway manager.

  • API calls to sandbox had production environment URL or vise versa.

  • Production credentials (ENDPOINTID, ENDPOINTGROUPID, control key, etc) were used on sandbox or vise versa.

  • Parameters for signature calculation are in incorrect order.

  • The amount of the transaction is not converted to minimal decimal units.

The best way to check signature calculation is to use the request builder sections in API documentation:

  • Choose the correct URL from the combobox with API calls selection, if present.

  • After pressing the Sign button, please check signature value for the String to sign whether the same string is being signed or not.

  • If the signing string looks correct, signature value must be the same as in Signature field.

  • Login to UI and find the particular API requests and responses on the Integration panel screen in Tools section.

What is the difference between ENDPOINTID or ENDPOINTGROUPID?

SBC gateway can support any currency.

  • ENDPOINTID supports only one currency.

  • ENDPOINTGROUPID can support as many currencies as needed. Full list of currencies should be sent to Payment Gateway manager for project configuration.

Due to the different nature of these two entities it is impossible to use ENDPOINTID instead of ENDPOINTGROUPID and vise versa.

Is it possible to use Synchronous API?

All APIs are asynchronous, see Асинхронные ответы. If using synchronous API is required, it should be implemented on Connecting Party side. Ask Payment Gateway manager to refine if it is possible to make synchronous calls in your integration.

How to implement 3-D Secure (Verified by Visa / MasterCard SecureCode) on Native mobile app?

Even in native app embedded WebView component should be used in order to open banking ACS server URL.
To process the transactions without redirect to 3-D Secure page Connecting Party’s application must meet the following requirements:

  • Payers are identified and there is a low fraud probability, it this case Connecting Party can ask Payment Gateway manager to open non3D account.

  • Connecting Party have PCI DSS certificate and can gather cardholder data on their side, in this case Connecting Party can ask Payment Gateway manager to open account with Direct API support to avoid unnecessary redirects.

What is client_orderid?

This transaction identifier is generated on Connecting Party side. It is also referred as merchant-order-id in some APIs.

How to get an approved transaction on sandbox environment?

For different types of API SBC have different mechanisms for getting approved transactions and transactions in other statuses. For e-commerce transactions SBC is using different CVVs, see test_cards. For mPOS transactions see mpos.

Why response is formatted with (0xA)?

To improve readability of the response in most APIs, SBC adds (0xA) character at the end of each parameters value. To process the response from the Payment Gateway please, implement the handling mechanism for this character.

Is it possible to use redirect_url to get transaction status for backoffice?

It is not advisable.
All parameters for the final redirect are passed through the customer’s browser. Parameters can be lost during the transmission over the internet. To get guaranteed result from SBC gateway see Обратный вызов Присоединяющейся Стороны.

Is it possible to use GET instead of POST to submit data to SBC gateway?

Unfortunately it is not possible.
Transmitting parameters using HTTP GET is strictly forbidden to avoid possible data leaks.

What does INVALID_CALLBACK_URL mean?

Please use full public URL with http:// or https://
For example, please pass http://www.example.com or https://www.example.com instead of www.example.com. Only following ports are allowed:

  • 80, 8080 for HTTP

  • 443, 8443 for HTTPS

How often can transaction status be polled?

Status should be requested multiple times with 3-5 seconds interval until final status will be received in response.
Normally it takes up to 5 seconds to process the non3D transaction and up to 60 minutes for 3D transaction. Transactions made via some payment methods or payment channels, especially processed in offline mode, might stay in non-final status for several hours or even days, so there is no point in polling transaction status often for such cases. Connecting Party should rely on callback to get transaction final status, see Обратный вызов Присоединяющейся Стороны.

Why transaction has been declined with base 64 fail reason?

Please use urldecode to process html parameter in SBC gateway response.
SBC is trying to help Connecting Party to correctly handle API responses. Base64 test gives Connecting Party an ability to check if 3DS page provided by bank will be correctly handled on production environment. If Connecting Party is getting this error, this means that urldecode probably was not used to parse the SBC gateway response or probably it works in incorrect way (for example in some versions of PHP it is needed to use rawurldecode instead).