Proceeding to authentication

Here are the steps for proceeding to authentication:

  1. The merchant website collects the data for creating the SOAP HEADER.
    See chapter SOAP HEADER.
  2. The merchant website computes the value of the authentication token and includes it into the SOAP HEADER.
  3. The merchant website returns the query.
  4. The payment gateway receives the query and analyses the SOAP HEADER.
  5. The payment gateway computes the value of the authentication token authToken.
  6. The payment gateway compares the value of the computed authentication token with the one transmitted by the merchant website.
  7. If the values are different, the query is rejected and returns a SOAP Fault exception of the "bad.authToken: Invalid authentication token" type.
    If not, the platform processes the query.
  8. The payment gateway computes the value of the authentication token and includes it into the HEADER of the response.
  9. The payment gateway creates a response message and sends it to the merchant website.
  10. The merchant website receives the data. It computes the value of the authentication token with the help of the values contained in the HEADER of the response.
    It compares the value of the computed authentication token with the one transmitted in the HEADER of the response.
    Note: the requestId transmitted in the header of the response will be identical to the one transmitted in the query by the merchant website.
  11. If the values are different, the merchant analyses the error source (error, attempted fraud, etc.).
    If not, the merchant website proceeds to analyze the response.