Pats is waiting to sign the contract on Tech approval. If you need more than what is offered in this, we can arrange to have a conversation with someone on their side.
API Docs: smb://filesrv1.corp.wikimedia.org/Fundraising/Tech/Astropay/API APD version 4.1.pdf
There are more docs available for the business side and the customer flow in that folder as well.
Tech notes
Looks like a typical hosted flow. The initial payment call returns a redirect URL and we present in the Location header.
No chargebacks, cos prepaid and guaranteed.
All communication can be done over POST, with no SOAP. We can specify either json or xml response formatting.
Final redirect from AP to our merchant URL includes a result code, which is good enough for Thank You / failure routing, but not for final confirmation.
We set the x_confirmation URL and they real-time notify us of payment. Once this notification is received, we’re supposed to make a webpaystatus request back to them. FIXME: this extra request is only needed because the real-time notification message lacks the currency field.
We need to collect the donor’s account number in our form, but not necessarily their bank ID—see below.
We should provide the vendor with the donor’s country code, because in that case we don’t have to collect their bank ID, it is done by an existing AP screen. However, we do not actually know their billing address country, only a guess based on country of web request. This will result in “Problems Donating”, which we’ve decided to accept as long as it’s at a low level.
The vendor responds with x_document, their unique transaction ID, in the final redirect from their workflow. If we miss the message, we’ll have to wait for the real-time confirmation.
We should parse the error code into something customer-readable, see section 5.1.
All requests from us and responses from them are signed, and over https.
This gets weird: We’re probably going to have to absorb 0.38% of IOF tax, but since that’s added on top of our charge, we should divide by 1.0038 to calculate the x_amount of our request.
Supported countries:
- Argentina
- Bolivia
- Brazil
- Chile
- Colombia
- Costa Rica
- Mexico
- Paraguay
- Peru
- Uruguay
- Venezuela
Thing to check
Is there a setting to roll taxes into the donation amount (we eat), or do we have to reduce the amount by the reciprocal of tax before starting the transaction?
Configuration
- Get our secret keys for signing API requests.
- Verify HTTPS certs when making API calls. They should give us a static list of IP addresses to unfirewall. We give them our IPs.
- How do we test? My guess is that we just pay using a test account. Ask for these, for a few bank and country combinations.
Future
They support gateway recurring. See “AstroPay API - Credit Cards - Preapproval - v2.5.pdf”. It looks like we’ll need to handle CC numbers, however, so we probably can’t take advantage of recurring.