Antom, leading provider of tailored payment solutionsAntom, leading provider of tailored payment solutions

Integration guide

Before an automatic deduction can be made, you need to obtain the buyer's authorization. After the authorization is successfully obtained, you need to obtain a payment token using an authorization code. The payment token is used to perform subsequent one-click payments. If the buyer deauthorizes the payment method, the payment token needs to be handled accordingly.

Prerequisites

Before you begin, you must complete the following tasks:

For details, refer to Integration guide.

Integration steps

To obtain the buyer's authorization and perform auto debit, please complete the following integration steps:

  1. Obtain and display the QR code from Antom.
  2. Obtain the authorization code.
  3. Apply for a payment token.
  4. Initiate a payment
  5. Obtain the payment result

Step 1: Obtain and display the QR code from Antom

1. Obtain the QR code from Antom

After you have signed contracts to support the desired payment methods, you can call the consult API. Antom will return the QR code for obtaining the buyer's authorization in the API response. The QR code value is the value of authCodeForm.codeDetails.codeValue. The value is provided in the format of both an image and a text, and you can choose either one depending on your requirements.

When calling the consult API, specify the following parameters correctly in the request:

  • authRedirectUrl: The URL for redirecting the buyer to the merchant page on their mobile client after the authorization is completed. For Scan to Link payments, the buyer will not be redirected to the merchant page on their mobile client after the authorization is completed.
  • authState: A string specified by yourself to identify an authorization request.
  • customerBelongsTo: specify the target payment method for which you are requesting authorization.
  • scopes: Specify the fixed value AGREEEMENT_PAY.
  • terminalType: indicates your client type. The value is fixed as WEB.

2. Display the QR code

After obtaining the QR code value from Antom, generate a QR code based on the text and display it on your Web client if you want to use the text. If you want to use the picture, directly render the picture on your Web client. The buyer scans the QR code to authorize the payment.

Step 2: Obtain the authorization code

After the buyer's authorization has been obtained, you can obtain the authorization code (authCode) from the authorization success notification sent by Antom.

  1. Configure the address for receiving authorization result notifications. For details, see Notifications.
  2. After the buyer agrees to the authorization, you will receive an authorization success notification sent by Antom.
  3. After receiving the asynchronous notification, return a response as instructed in the Requirements. Otherwise, Antom will resend the asynchronous notification.

The authorization can be successful or failed. The subsequent redirections in these two cases are as follows:

  • Authorization success: Handle the redirection to your authorization result page on your Web client.
  • Authorization failure: If the buyer fails to agree to the authorization due to authorization timeout or failure, we recommend that you guide the buyer to reinitiate the authorization. Usually, if you have not received an authorization success notification after 15 minutes, the authorization fails.

Since the authorization URL can only be used once, if the user authorization fails, you need to call the consult API with a new authState value.

Step 3: Apply for a payment Token

Call the applyToken API within one minute after obtaining the authorization code (authCode) to apply for the payment token (accessToken). Otherwise, the authorization code (authCode) will expire and become invalid. Only with the payment token (accessToken) can an automatic deduction from the buyer's account be implemented.

When calling the applyToken API, specify the following parameters correctly in the request:

  • grantType: Specify the fixed value AUTHORIZATION_CODE.
  • customerBelongsTo: Specify the target payment method for which you are requesting authorization.
  • authCode: Specify the value of authCode that you obtained in Step 2.

The following example is a sample request for applying for the payment token:

copy
{
  "grantType": "AUTHORIZATION_CODE",
  "customerBelongsTo": "GCASH",
  "authCode": "d2f60253-ecdc-e9bc-27d1-566970191040"
}

In the response, you will receive the following key parameters:

  • accessToken: The payment token.

Notes:

  • Due to historical reasons, the above key parameter is applicable to new merchants in Antom. If you are an existed merchant, you can continue to consume the accessTokenExpiryTime, refreshToken, and refreshTokenExpiryTime fields. Refer to the table below for more information on token expiration time.
  • If you do not receive a response after calling the API, we recommend that you resend the request with the same parameters and parameter values.
  • If you receive a response without the payment token (accessToken), we recommend that you handle it as follows:
    • If the value of result.resultStatus is U, resend the request with the same parameters and parameter values.
    • If the value of result.resultStatus is F, troubleshoot the issue according to the result code. If you need to call the API again to obtain a payment token, since the authCode can only be used once, you need to start from Step 1 to obtain a new authorization code (authCode) and then call the applyToken API.
  • If you want to display the buyer's linked account used for Scan to Link in your client, use the userLoginId value returned through the applyToken API response. The value of this field is desensitized and can be directly displayed.

Regarding the payment methods supported by Scan to Link, the validity period of the payment token is shown in the following table:

Payment method

Validity period of token

Alipay

92 years

Kakao Pay

100 years

AlipayHK

100 years

GCash

100 years

DANA

100 years

Touch'n Go eWallet

100 years

TrueMoney

100 years

Step 4: Initiate a payment

If the balance of the target payment method is sufficient to pay for the buyer's order, you can call the pay (Auto Debit) API to initiate an Auto Debit payment. Pass in the following parameters correctly in the request:

  • productCode: Pass in the value AGREEMENT_PAYMENT.
  • paymentMethod.paymentMethodId: The value of the payment token (accessToken) that you obtain using the applyToken API.
  • paymentExpiryTime: You can only specify the parameter to limit the expiration time to less than 1 minute. The value of this field must comply with the ISO 8601 standard. If you do not specify a value for this field, the expiration time of an automatic deduction request is one minute after the payment request is sent. For details, see the pay (Auto Debit) API.
  • paymentNotifyUrl: The address used to receive asynchronous notifications. We recommend you pass in the parameter.

In the pay (Auto Debit) API response, learn whether the deduction is successful based on the result.resultStatus value:

  • If the value is S, the deduction is successful.
  • If the value is U, the transaction is still in progress. You need to inquire about the transaction status using the inquiryPayment API or wait for asynchronous notifications to obtain the transaction result.
  • If the value is F, the deduction fails. You need to handle it according to the result code.

If you cannot receive a response, we recommend you call the pay (Auto Debit) API with the same parameters.

Step 5: Obtain the payment result

Due to network issues, asynchronous notifications may not be sent or may be delayed. To obtain an accurate payment result, you must integrate both the asynchronous notifications and payment result inquiry service.

1. Receive asynchronous notifications

Apart from learning the payment result from the redirection to the payment result page, you can also set the asynchronous notification address by specifying paymentNotifyUrl in the pay (Auto Debit) API. When the payment is completed or expired, Antom sends an asynchronous notification to the address through the notifyPayment API.

When you receive the notification from Antom, you must return a response by following the code sample. If you do not return the response to Antom or the response is not received by Antom due to network issues, Antom automatically resends the asynchronous notification within 24 hours for up to 8 times or until the correct response is received. The sending intervals are as follows: 0 sec, 2 min, 10 min, 10 min, 1 h, 2 h, 6 h, and 15 h.

Note: When a payment is successful, Antom immediately sends you an asynchronous notification of payment success. When a payment fails, Antom sends you an asynchronous notification of payment failure after the payment order is closed. The default order expiry time is 14 minutes after the payment is initiated.

2. Inquire about the payment status

We recommend that you inquire about the payment status by calling the inquiryPayment API. You can use the API after the payment request is initiated and before the order is closed.

In the response returned through the inquiryPayment API, paymentStatus indicates the payment status. See the following table for details:

paymentStatus

Type

Description

Handling

SUCCESS

Final status

The payment is successful.

You can display a payment success page.

PROCESSING

Intermediate status

The payment is being processed.

You can allow the buyer to continue to pay.

FAIL

Final status

The user has not paid or the payment fails.

You can allow the buyer to continue to pay or close the payment order.

CANCELLED

Final status

The payment is canceled by you.

You can allow the buyer to continue to pay or close the payment order.

For details about the payment status, see Payment status description.

Best practices

To obtain accurate payment results, we recommend that you maintain an order table in the database, which should include at least two fields: the order number and order status. And use the asynchronous notification and payment result inquiry services in the following way:

  • Asynchronous notification: Listen to Antom's asynchronous notifications and return a response upon receiving an asynchronous notification. Then check the order status in the database:
    • If the order status is INIT, update the order status according to the asynchronous notification.
    • If the order status is not INIT, it indicates that the final payment result has been obtained through the inquiry service and the order status has been updated accordingly. No further actions are needed.
  • Payment inquiry: Inquire about the payment status. Before each inquiry, you need to check the order status in the database:
    • If the order status is INIT, initiate an inquiry. Update the order status in the database if a final payment result is obtained, otherwise, continue the inquiry process.
    • If the order status is not INIT, it indicates that the inquiry process has been conducted and a final payment result has been obtained and used for updating the order status. No further actions are needed.

Best practice to use the asynchronous notification and payment result inquiry service.png

Figure 1. Best practice to use the asynchronous notification and payment result inquiry service