Edenred Direct Payment Services
Use Case: Mexico
1. Generalities
In Mexico, with the Ticket Despensas Card, the daily limit for card usage is 10 times per day, with no days restrictions, no minimum purchase and with maximum purchase limit for the card being MXN $1500. These regulations for daily limit to maximum purchase are handled on the Edenred side.
Food restrictions (Alcohol and Tabacco) will apply for users of Ticket Despensas card and will be handled by the partner.
Please note that all amounts in our API are given in cents (example: 9MXN$ = 900).
2. User Security Tokens
Please refer to this section for more details about security tokens.
2.1. Login Process
1) To test the API in sandbox, you can get an authorization_code by clicking on the link bellow:
Example of account that can be used to test the API:
Username: tapia@mailinator.com
Password: Pablo0206
Tarjta: ***********24533
CVC: 4382) After login and agreement acceptance, you'll be redirected to a url like :
http://nowhere.edenred.net/oauth/callback?code={authorizationcode}&...
3) Copy the authorization_code and use the request "Get access_token from authorization_code" in the following collection of API calls :
Please note that an authorization_code is burned every time you try to use it. If your API call fails, you must get a new authorization_code.
2.2. Logout Process
Logout the Edenred account from your platform. All tokens are then invalid
GET /connect/endsession?id_token_hint=<idToken>=<postLogoutRedirectUri> HTTP/1.1
Host: {{authentication-URL}}Where
'authentication-URL' = sso.sbx.edenred.io
And idToken is retrieved from the refreshing token response
And postLogoutRedirectUri is a callback URL whitelisted on our side (to be provided in the configuration request to your local project manager)
eg: postLogoutRedirectUri = http://nowhere.edenred.net/oauth/callback
3. Direct Payment API
3.1. Postman Collection
Postman Collection Link:
3.2. User Balance
Get Balances
Get all the available user vouchers including the full sum of their values.
The authorization header is mandatory for this request.
Request:
GET /v2/users/{username} HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"available_amount": 85000,
"currency": "MXN"
}
}Estimate Charge
Checks if an amount can be spent and answer the exact amount that could be spent (if the balance is below the requested amount).
The authorization header is mandatory for this request.
Request:
POST /v2/users/{username}/actions/estimate-charge HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 1
}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"available_amount": 1,
"currency": "MXN"
}
}3.3. User Transactions
Capture Mode: Auto
Step 1: Auto Capture a payment
An auto capture can be requested with an amount ""in cents"".
The "manual" capture is not supported on the Mexican authorization platform: "Capture" and "cancel" APIs are not implemented / supported
The authorization header should be set for this operation.
Request:
POST /v2/transactions HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"order_ref": "889579",
"mid": "00100128008",
"amount": 1,
"security_level": "standard",
"capture_mode": "auto",
"tstamp": "2021-10-03T15:20:22Z",
"currency": "MXN"
}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"mid": "00100128008",
"authorization_id": "919683",
"authorized_amount": 1,
"capture_id": "919683",
"captured_amount": 1,
"status": "captured",
"order_ref": "889579"
}
}Step 2: Refund a captured payment
Once captured, a transaction can be refunded.
The authorization_id provided during the payment process must be provided in this request.
The authorization header should not be set for this operation.
The field
tstampMUST be the one used in the authorization to manage the refund
Refund Request:
POST /v2/transactions/{authorization_id}/actions/cancel HTTP/1.1
Host: directpayment.stg.eu.edenred.io
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 1,
"tstamp": "2021-10-03T15:20:22Z",
"currency": "MXN"
}Refund Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"mid": "00100128008",
"refund_id": "919683",
"refunded_amount": 1,
"status": "refunded",
"order_ref": "889579"
}
}4. Error Codes
| Status Code | Status | Code | Level | Description |
|---|---|---|---|---|
| 200 | succeded | OK | Success | OK |
| 200 | failed | AUTH | Success | The transaction has been authorized. |
| 200 | failed | AUTH_PENDING | Success | The transaction authorization is pending. |
| 200 | failed | PARTIAL_AUTH | Success | The transaction has been partially authorized. |
| 400 | failed | INVALID_MERCHANT | Error | Invalid Merchant |
| 400 | failed | INVALID_AMOUNT | Error | INSUFFICIENT FUNDS |
| 400 | failed | DECLINED | Error | Declined |
| 400 | failed | INVALID_AMOUNT | Error | Invalid Amount |
| 400 | failed | LIMIT_EXCEEDED | Error | Limit exceeded |
| 400 | failed | TRANSACTION_DUPLICATED | Error | Transaction Duplicated |
| 400 | failed | TEMPORARY_HOLD | Error | Temporary hold |
| 400 | failed | PARTIAL_REVERSALS_NOT_ALLOWED | Error | Partial resversals not allowed |
| 400 | failed | INCORRECT_PIN | Error | Incorrect PIN |
| 400 | failed | INVALID_VOUCHER | Error | Invalid Voucher |
| 400 | failed | LOCKOUT | Error | lockout |
| 400 | failed | PARTIAL_AUTH_NOT_SUPPORTED | Error | Partial authorization not supported |
| 400 | failed | CARD_BLOCKED | Error | Card blocked |
| 400 | failed | CARD_NOT_ACTIVATED | Error | Card is not activated |
| 400 | failed | INVALID_CARD | Error | Invalid card |
| 400 | failed | INVALID_CURRENCY_CODE | Error | Invalid currency |
| 400 | failed | CARD_ALREADY_ACTIVATED | Error | Card is already activated |
| 400 | failed | ACCOUNT_BLOCKED | Error | Account blocked |
| 400 | failed | INVALID_TRANSACTION_TYPE | Error | Invalid transaction type |
| 400 | failed | TOPTP_VALIDATION_FAILED | Error | toptp validation failed |
| 400 | failed | INVALID_CAPTURE_MODE | Error | You are not allowed to capture transaction |
| 400 | failed | INVALID_ACCOUNT | Error | Invalid account |
| 400 | failed | VALIDATION_ERROR | Error | Error for validations |
| 400 | failed | WRONG_USER_DATA | Error | Wrong user data |
| 400 | failed | BAD_REQUEST | Error | Request is null |
| 400 | failed | BAD_REQUEST | Error | The input doesn't respect the contract expected (required fields, type, etc.) |
| 400 | failed | EMPTY_AUTHORIZATION_TOKEN | Error | Unable to retrieve the OpenId token from the request. Please verify your request and, if required, contact the API administrator for assistance. |
| 400 | failed | INVALID_SEARCH_PERIOD | Error | The search period is longer than 3 months. |
| 400 | failed | BAD_REQUEST | Error | The server cannot or will not process the request due to an apparent client error. Check messages field for more details. |
| 400 | failed | DECLINED | Error | Transaction declined. |
| 400 | failed | INVALID_REQUEST | Error | The configuration allows only single/dual messaging requests. |
| 400 | failed | CARD_NOT_ACTIVE | Error | No active card found for the username. |
| 400 | failed | INVALID_AMOUNT | Error | Insufficient funds or amount too small/big. |
| 400 | failed | INVALID_MERCHANT | Error | The merchant is not valid, please check the given mid. |
| 400 | failed | INVALID_VOUCHER | Error | Voucher not valid. |
| 400 | failed | LIMIT_EXCEEDED | Error | The amount is incorrect according your past orders. |
| 400 | failed | LOCKOUT | Error | Max PIN tries exceeded. |
| 400 | failed | PARTIAL_REVERSALS_NOT_ALLOWED | Error | Partial refunds are not allowed. |
| 400 | failed | TEMPORARY_HOLD | Error | Transaction temprorary hold. |
| 400 | failed | TRANSACTION_DUPLICATED | Error | A same transaction already exists. |
| 400 | failed | TRANSACTION_STATUS_MUST_BE_AUTHORIZED | Error | Invalid operation, the status of the transaction must be authorized |
| 400 | failed | INVALID_AMOUNT | Error | Ensure that the amount you want to cancel matches the authorized amount. |
| 400 | failed | TRANSACTION_NOT_AUTHORISED | Error | Transaction not authorised. |
| 400 | failed | TRANSACTION_STATUS_MUST_BE_CAPTURED | Error | Invalid operation, the status of the transaction must be captured |
| 401 | failed | INVALID_TOKEN | Error | Invalid, revoked or expired token. You should try to re-authenticate the user. |
| 401 | failed | UNAUTHORIZED | Error | Missing, invalid or expired token. To fix, you should re-authenticate the user. |
| 401 | failed | USER_INACTIVE | Error | User Inactive. |
| 401 | failed | INVALID_TOKEN_ISSUER | Error | The token has not been issued (tokenUsername) for the current user (username) |
| 403 | failed | FORBIDDEN | Error | The request was valid, but the server is refusing action. The user might not have the necessary permissions for this resource. |
| 404 | failed | TRANSACTION_NOT_FOUND | Error | No transaction found for the given transaction_id. |
| 404 | failed | ORIGIN_TRANSACTION_ID_NOT_FOUND | Error | The origin transaction_id is not found. |
| 404 | failed | NOT_FOUND | Error | If no transaction is linked to the transaction_id given as input. |
| 405 | failed | METHOD_NOT_ALLOWED | Error | A request was made of a resource using a request method not supported by that resource; for example, using GET on a form which requires data to be presented via POST, or using PUT on a read-only resource. |
| 405 | failed | METHOD_NOT_ALLOWED | Error | A request was made of a resource using a request method not supported by that resource. |
| 406 | failed | NOT_ACCEPTABLE | Error | The requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request. |
| 412 | failed | PRECONDITION_FAILED | Error | A business precondition has not been; for example, the user has no active cards. |
| 412 | failed | PRECONDITION_FAILED | Error | A business precondition has not been. |
| 415 | failed | UNSUPPORTED_MEDIA_TYPE | Error | The request entity has a media type which the server or resource does not support. |
| 429 | failed | TOO_MANY_REQUEST | Error | Your request has been rejected due to rate limitation. Please check your subscribed service level agreement. |
| 500 | failed | INTERNAL_ERROR | Error | Internal Server Error |
| 500 | failed | CARD_EXPIRED | Error | Card expired |
| 500 | failed | INTERNAL_ERROR | Error | Invalid Message :Field: [value.amt] must be numeric |
| 500 | failed | INTERNAL_ERROR | Error | Internal error |
| 500 | failed | INTERNAL_ERROR | Error | We had a problem with our server. Please to try again later. |
| 500 | failed | TRANSACTION_MUST_BE_AUTHORIZED | Error | Invalid operation, the status of the transaction must be authorized |
| 501 | failed | NOT_IMPLEMENTED | Error | For the context of the current business unit, this feature is not supported. |
| 502 | failed | BAD_GATEWAY | Error | Oups... Something wrong on one of the underlying servers! Please contact the administrator to report the issue. |
| 502 | failed | BAD_GATEWAY | Error | We had a problem with one of our backends that returns a http 500 status. Please to try again later. |