Sample Payment Flows
This article shows how to handle payment flows when implementing a Create Transaction endpoint. For general information about this endpoint, see Processing Payments.
The Payment Provider Platform supports the following payment flows:
- Card payments
- Digital wallet payments
- Redirection-Based payments
- Recurring payments
- Mail order/telephone order (MOTO) payments
The following sections include examples of each payment flow. These examples are based on the Create Transaction request body and the Submit Event request body. The values in these examples are fake. Examples are applicable for both live and sandbox modes.
Card payments
Card payments are payments made using a credit or debit card. In the simplest case, card payments are processed without additional buyer input. These payments are either instantly approved or declined, or are in a pending state for a short time while fraud verification is completed. In some cases, card payments require additional buyer input in the form of 3D Secure verification. In these cases, the PSP must treat the card payment as a redirection-based payment. See 3D Secure Payments for more information.
Here are some examples of instant card payments flows:
Instant approval
-
Wix calls
Create Transaction. The total amount for the payment and the credit card details are included in the request body as follows:Copy1{2//...3"order": {4//...5"description": {6"totalAmount": 1000,7"currency": "USD"8//...9}10},11//...12"paymentMethodData": {13"card": {14"number": "4111111111111111",15"year": 2030,16"month": 12,17"cvv": "777",18"holderName": "John Smith"19}20}21} -
The PSP approves the payment and responds with an HTTP status code of
200, and this JSON object:Copy1{2"pluginTransactionId": "e89b-12d3-a456-42665"3} -
The PSP sends this webhook to
Submit Event:Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665"9}10}11}' -
Wix marks the payment as approved and responds with an HTTP status code of
200and an empty JSON object.
Instant decline
Note: In some cases of instant decline, a PSP may not create a transaction ID. In these cases, the PSP doesn't need to include a pluginTransactionId field in the response in step 1 of this flow, and doesn't need to send the webhook in step 2.
-
Wix calls
Create Transaction. The remaining card limit isn't enough to cover the payment. The PSP responds with an HTTP status code of200, and the following JSON object:Copy1{2"pluginTransactionId": "e89b-12d3-a456-42665",3"reasonCode": 3019,4"errorCode": "CARD_LIMIT_EXCEEDED",5"errorMessage": "Not enough credit left on the card limit for this payment."6} -
The PSP sends this webhook to
Submit Event:Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665",9"reasonCode": 3019,10"errorCode": "CARD_LIMIT_EXCEEDED",11"errorMessage": "Not enough credit left on the card limit for this payment."12}13}14}' -
Wix marks the payment as declined and responds with an HTTP status code of
200and an empty JSON object.
Payment is pending and moves to the final state
-
Wix calls
Create Transaction. The payment requires fraud verification. The PSP responds with an HTTP status code of200and this JSON object:Copy1{2"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",3"pluginTransactionId": "e89b-12d3-a456-42665",4"reasonCode": 50055} -
The PSP sends this webhook to
Submit Event:Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665",9"reasonCode": 500510}11}12}' -
Wix marks the payment as pending and responds with an HTTP status code of
200, and an empty JSON object. -
If the fraud verification passes, the PSP sends the following webhook to indicate a successful payment:
Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665"9}10}11}' -
Wix marks the payment as approved and responds with an HTTP status code of
200, and an empty JSON object. -
If fraud verification fails, the PSP sends the following webhook:
Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665",9"reasonCode": 5001,10"errorCode": "RISK_MANAGEMENT_DECLINED",11"errorMessage": "Risk management declined"12}13}14}' -
Wix marks the payment as declined and responds with an HTTP status code of
200and an empty JSON object.
Digital wallet payments
The Payment Provider Platform supports payments from digital wallet services such as Google Pay. Digital wallet transaction requests are similar to credit card requests but include additional decrypted payment data. The platform will never send an encrypted digital wallet token such as a Google Pay token as part of a transaction request. Because of this, PSPs never need to contact merchants about these transactions. They should process these requests the same way they process credit card payments.
In some cases, digital wallet transactions require additional buyer input in the form of 3D Secure verification. In these cases, the PSP must treat the digital wallet payment as a redirection-based payment. See the examples below for more details.
Note: Currently, the platform only supports instant payment transactions for digital wallets. Recurring payments are not supported.
Here are some examples of sample flows for the digital wallet services currently supported by the platform:
Google Pay
Google Pay transaction requests include the decrypted payment details from a Google Pay transaction as well other relevant data. These requests never include Card Verification Values (CVV) since these are not supported by Google Pay.
Google Pay instant approval
-
Wix calls
Create Transaction. The total amount for the payment and the Google Pay payment details are included in the request body as follows:Copy1{2"wixMerchantId": "fcd2655f-e261-4c5b-8129-72a241461a27",3"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",4"paymentMethod": "googlePay",5"merchantCredentials": {6"client_id": "e89b-12d3-a456-42665",7"client_secret": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1"8},9"paymentMethodData": {10"googlePay": {11"pan": "11111111-1111-1111-1111-111111111111",12"expirationYear": 2025,13"expirationMonth": 12,14"authenticationMethod": "CRYPTOGRAM_3DS",15"cryptogram": "uug1soribziny223gmxmh39gdegwve",16"accountVerified": true,17"cardholderAuthenticated": false,18"eci": "02"19}20},21"order": {22"id": "11111111-1111-1111-1111-111111111111",23"description": {24"totalAmount": 1000,25"currency": "USD",26"items": [27{28"id": "it_1",29"name": "Digital camera",30"quantity": 1,31"price": 1000,32"description": "Portable digital camera",33"category": "physical"34}35],36"buyerInfo": {37"buyerId": "ffc0a971-60cb-4c63-8016-39b1bce41e8d",38"buyerLanguage": "en"39}40},41"returnUrls": {42"successUrl": "https://merchant.com/success",43"errorUrl": "https://merchant.com/error",44"cancelUrl": "https://merchant.com/cancel",45"pendingUrl": "https://merchant.com/pending"46}47},48"installments": 1,49"mode": "live",50"offSession": true51} -
The PSP approves the payment and responds with an HTTP status code of
200, and this JSON object:Copy1{2"pluginTransactionId": "e89b-12d3-a456-42665",3"cardDetails": {4"bin": "444444",5"lastFour": "4444"6}7} -
The PSP sends this webhook to
Submit Event:Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665",9"cardDetails": {10"bin": "444444",11"lastFour": "4444"12}13}14}15}'
Google Pay instant decline
Instant decline Google Pay payments are handled the same way as instant decline credit card payments.
Google Pay with successful 3DS verification
-
Wix calls
Create Transaction. The total amount for the payment and the Google Pay payment details are included in the request body as follows:Copy1{2"wixMerchantId": "fcd2655f-e261-4c5b-8129-72a241461a27",3"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",4"paymentMethod": "googlePay",5"merchantCredentials": {6"client_id": "e89b-12d3-a456-42665",7"client_secret": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1"8},9"order": {10"id": "11111111-1111-1111-1111-111111111111",11"description": {12"totalAmount": 1000,13"currency": "USD",14"items": [15{16"id": "it_1",17"name": "Digital camera",18"quantity": 1,19"price": 1000,20"description": "Portable digital camera",21"category": "physical"22}23],24"buyerInfo": {25"buyerId": "ffc0a971-60cb-4c63-8016-39b1bce41e8d",26"buyerLanguage": "en"27}28},29"returnUrls": {30"successUrl": "https://merchant.com/success",31"errorUrl": "https://merchant.com/error",32"cancelUrl": "https://merchant.com/cancel",33"pendingUrl": "https://merchant.com/pending"34}35},36"installments": 1,37"mode": "live",38"paymentMethodData": {39"googlePay": {40"pan": "11111111-1111-1111-1111-111111111111",41"expirationYear": 2025,42"expirationMonth": 12,43"authenticationMethod": "PAN_ONLY",44"accountVerified": true,45"cardholderAuthenticated": false,46"eci": "02"47}48},49"offSession": true50} -
The PSP responds with an HTTP status code of
200, and this JSON object.
The object includes aredirectUrlfield, whose value is the URL of the PSP's web page where the buyer can complete 3DS verification.
1{2 "pluginTransactionId": "e89b-12d3-a456-42665",3 "redirectUrl": "https://example.com/redirect-sale-form"4}
-
Wix opens the
redirectUrlin an iframe or in a browser window for the buyer to complete verification. -
If the verification succeeds, the PSP's page redirects the browser to the
successUrlsent in theCreate Transactionrequest. The PSP sends this webhook toSubmit Event:
1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5 "event": {6 "transaction": {7 "wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8 "pluginTransactionId": "e89b-12d3-a456-42665",9 "cardDetails": {10 "bin": "444444",11 "lastFour": "4444"12 }13 }14 }15}'
If the verification fails, is canceled, or is pending the PSP's page must redirect to other URLs and send different webhooks, depending on the case. See Redirection-based payments for more details.
Redirection-based payments
The Payment Provider Platform allows PSPs to support redirection-based payments. In these cases, buyers select a payment method, such as Paypal, during checkout. Wix then redirects the buyer to the PSP's web page to complete the payment. The PSP then redirects the buyer back to Wix. Wix supports a large number of payment methods. If the payment method you need isn't supported, you can implement a hosted-page payment flow. In this case, the buyer is redirected to a page hosted by the PSP where they can select a payment method.
Credit cards that require 3D Secure verification are also treated as redirection-based payments. See 3D Secure payments for more information.
Configure the redirection-based payment methods you support in your app's payment gateway extension in the Wix Developers Center.
Note: Hosted-page payment methods don't support 3D Secure verification or recurring payments.
Here is an example of a redirection-based payment flow:
-
Wix calls
Create Transaction.
If the payment method selected is supported by Wix, it's included as the value for thepaymentMethodfield in the request body. For hosted-page payments, a string representing the PSP's Wix app ID is included. The request body also includes anorder.returnUrlsfield with the URLs of the pages to redirect the buyer to after handling the payment request. Here is a sample request body with the relevant fields highlighted:Copy1{2//...3"paymentMethod": "paypal",4"order": {5//...6"returnUrls": {7"successUrl": "https://merchant-site.com/success",8"errorUrl": "https://merchant-site.com/error",9"cancelUrl": "https://merchant-site.com/cancel",10"pendingUrl": "https://merchant-site.com/pending"11}12}13} -
The PSP responds with an HTTP status code of
200, and this JSON object.
The object includes aredirectUrlfield, whose value is the URL of the PSP's web page where the buyer can complete the payment.Copy1{2"pluginTransactionId": "e89b-12d3-a456-42665",3"redirectUrl": "https://example.com/redirect-sale-form"4} -
Wix opens the
redirectUrlin an iframe or in a browser window for the buyer to complete. There are 4 possible outcomes, depending on the buyer's actions. The PSP must respond to each outcome differently:- Success: If the verification succeeds, the PSP's page redirects the browser to the
successUrlsent in theCreate Transactionrequest. The PSP sends this webhook toSubmit Event:Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665"9}10}11}' - Failure: If the verification fails, the PSP's page redirects the browser to the
errorUrlsent in theCreate Transactionrequest. The PSP sends a webhook indicating why the payment failed. For example:Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665",9"reasonCode": 3012,10"errorCode": "INSUFFICIENT_FUNDS",11"errorMessage": "Insufficient funds"12}13}14}' - Cancelation: If the buyer cancels the verification, the PSP's page redirects the browser to the
cancelUrlsent in theCreate Transactionrequest. The PSP sends this webhook:Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665",9"reasonCode": 3030,10"errorCode": "BUYER_CANCELED",11"errorMessage": "Buyer canceled"12}13}14}' - Pending: If the verification is pending, the PSP's page redirects the browser to the
pendingUrlsent in theCreate Transactionrequest. The PSP sends this webhook with a5005reason code:Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665",9"reasonCode": 500510}11}12}'
- Success: If the verification succeeds, the PSP's page redirects the browser to the
-
In each case, Wix marks the payment appropriately and responds with an HTTP status code of
200and an empty JSON object. -
If the payment was pending, the PSP sends a webhook to update the payment as either approved or declined when it's finalized.
Payment approved request:
Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665"9}10}11}'Payment declined request:
Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665",9"reasonCode": 5001,10"errorCode": "RISK_MANAGEMENT_DECLINED",11"errorMessage": "Risk management declined"12}13}14}' -
Wix marks the payment as approved or declined and responds with an HTTP status code of
200and an empty JSON object.
3D secure payments
Cards that support 3D Secure (3DS) verification require buyers to complete an additional verification step when making a payment. This verification step is completed on a web page hosted by the PSP. The flow for handling 3DS payments is similar to the flow for other redirection-based payments. The difference is that the value of paymentMethod in the Create Transaction request body is creditCard. It's up to the PSP to determine if the card supports 3DS verification and send the appropriate redirect response.
Recurring payments
Recurring payments (also known as subscription payments, automatic payments, or recurring billing) occur when buyers authorize a merchant to charge them repeatedly for goods or services on a prearranged schedule such as monthly, weekly, or annually. In these cases, Wix sends a request to the PSP to set up the recurring payment. The PSP responds with a unique identifier for the recurring payment. Wix uses this identifier to charge the buyer based on an agreed schedule.
The Payment Provider Platform supports these unique identifiers for recurring payments:
- Network ID: An ID representing a payment created by credit card networks such as Visa and Mastercard. These IDs are used to represent the recurring payment in the card network. The PSP requests the ID from the credit card network and sends it to Wix.
- Token: A token representing a payment created by the PSP. Both the PSP and Wix store the token locally and use it to represent the recurring payment.
The payment processing flow for recurring payments includes these phases:
- Setting up an "off-session" payment. This is a payment where a buyer allows a merchant to charge them in certain cases even when the buyer isn't present to confirm the payment, such as a recurring payment.
- Processing the recurring payments.
Here are examples of each phase:
Off-session payment setup
- Wix calls
Create Transactionwith a request to set up a recurring payment.
This request looks the same as a credit card payment request, with one difference: it includes asetupCredentialsOnFilefield whose value is an object with a field calledoffSessionwhose value istrue. This flag indicates that Wix is requesting that the PSP set up a recurring payment, not process a one-time payment. Here is a sample request body with the relevant fields highlighted:Copy1{2//...3"paymentMethod": "creditCard",4//...5"paymentMethodData" : {6"card": {7"number": "4111111111111111",8"year": 2030,9"month": 12,10"cvv": "777",11"holderName": "John Smith"12}13},14"setupCredentialsOnFile": {15"offSession": true16}17} - If the card supports 3D Secure verification, the PSP must redirect the buyer to a 3DS verification page before proceeding. See 3D Secure payments for more information.
- The PSP responds with an HTTP status code of
200, and a JSON object that includes acredentialsOnFilefield. The value of this field depends on the type of recurring payment identifier the PSP supports.
For network IDs, the response looks like this:Copy1{2"pluginTransactionId": "e89b-12d3-a456-42665",3"credentialsOnFile": {4"cardReference": {5"networkTransactionId": "NTI-e89b-12d3-a456-42665"6}7}8}Note: If 3DS verification occurs, the PSP must include the
dsTransactionIdfield in thecardReferenceobject. This field's value is the ID of the 3DS verification transaction. For tokens, the response looks like this:Copy1{2"pluginTransactionId": "e89b-12d3-a456-42665",3"credentialsOnFile": {4"paymentMethodReference": {5"token": "PMR-e89b-12d3-a456-42665"6}7}8} - The PSP sends a webhook to
Submit Eventto confirm the recurring payment setup request.
For network IDs, the webhook looks like this:For tokens, the webhook looks like this:Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665",9"credentialsOnFile": {10"cardReference": {11"networkTransactionId": "NTI-e89b-12d3-a456-42665"12}13}14}15}16}'Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665",9"credentialsOnFile": {10"paymentMethodReference": {11"token": "PMR-e89b-12d3-a456-42665"12}13}14}15}16}' - Wix responds with an HTTP status code of
200, and an empty JSON object.
Processing recurring payments
-
Wix calls
Create Transactionwith a request to charge a recurring payment.
This request'spaymentMethodfield has a value ofcreditCard. The request also includes a field calledoffSessionwhose value istrue. This flag indicates that Wix is requesting that the PSP charge a recurring payment. The request'spaymentMethodDatafield includes different data depending on the type of recurring payment identifier the PSP sent to Wix when the recurring payment was set up.For network ID payments:
Copy1"paymentMethodData": {2"card": {3"number": "4111111111111111",4"year": 2030,5"month": 12,6"networkTransactionId": "NTI-e89b-12d3-a456-42665",7"dsTransactionId": "DTI-e89b-12d3-a456-42665",8"holderName": "John Smith"9}10}For token payments:
Copy1"paymentMethodData": {2"reference": {3"token": "PMR-e89b-12d3-a456-42665"4}5} -
The PSP processes the payment and responds with an HTTP status code of
200, and this JSON object:Copy1{2"pluginTransactionId": "e89b-12d3-a456-42665"3} -
The PSP sends this webhook to
Submit Event:Copy1curl -X POST 'https://www.wixapis.com/payments/v1/provider-platform-events' \2-H 'Content-Type: application/json' \3-H 'Authorization: <AUTH>' \4-d '{5"event": {6"transaction": {7"wixTransactionId": "a15a3ee3-22d3-4a3f-920e-2186e13a19d1",8"pluginTransactionId": "e89b-12d3-a456-42665"9}10}11}'
Mail Order/Telephone Order payments
A mail order/telephone order (MOTO) payment is a card-not-present transaction where a buyer provides a merchant with their order and payment details by regular mail, fax, or telephone. Once the order details are recorded in the Wix dashboard, Wix sends a request to the PSP to process the payment. This request is the same a standard credit card request, except it includes a field called moto whose value is true. The flow for processing this request is the same as for regular card payments.