Operating principle
For more information on how to integrate the JavaScript client on your website, see the documentation quick_start_js.html
- The merchant website initiates a payment request via a call to the Web ServiceCharge/CreatePayment.
- The payment gateway returns aformTokento the merchant website
- The merchant website uses theformTokento display the embedded form.
- The buyer enters their card data and confirms the entry. The payment server proceeds to cardholder authentication.
If the card is not enrolled or if an error occurs during the enrollment verification, the payment is refused. Otherwise, the payment gateway displays the authentication page in a modal window.
OSB selects 1 of the 3 authentication modes.
- By SMS
OSB sends the cardholder an SMS containing a temporary security code (OTP - One Time Password) that is valid for (5) minutes.
The cardholder enters the code on the authentication page.
- By SCA (Strong Customer Authentication)The cardholder enters two codes on the authentication page:
- 1: a temporary code;
- OSB sends the cardholder an SMS containing a temporary security code (OTP - One Time Password) that is valid for (5) minutes.
- 2: a permanent code.
- This security code is transmitted by the cardholder’s bank.
- 1: a temporary code;
- By OOB (Mobile application)
OSB sends a notification to the cardholder via their banking app.
The authentication page is waiting for this notification to be validated.
- By SMS
- If the authentication is valid, the payment gateway makes an authorization request.
If the issuer accepts the request, the payment is accepted.
If the payment is refused, the buyer is invited to try to make another payment.
- The payment gateway notifies the merchant website.
- The payment gateway sends the response to the JavaScript client.
- The merchant website displays the order confirmation page.