Edenred Direct Payment Services icon

Edenred Direct Payment Services

2.0.x
(0 reviews)

Use Case: Spain

Generalities

In Spain, a user can spend the exact amount requested without any limitation (apart from the balance available on his account), i.e. balance can’t be negative.

These regulations are handled on the Edenred side. Please note that all amounts in our API are given in cents (example: 9€ = 900).

User Security Tokens

Please refer to this section for more details about security tokens.

1) To test the API in sandbox, you can get an authorization_code by clicking on the link bellow:

https://sso.sbx.edenred.io/connect/authorize?response_type=code&client_id=bf79413250f449948ce12b98b08e3fc0&scope=openid%20edg-xp-mealdelivery-api%20offline_access&redirect_uri=http://nowhere.edenred.net/oauth/callback&state=abc123&nonce=456azerty&acr_values=tenant:es-ben&ui_locales=es

Example of account that can be used to test the API:

    Account: trc_user_edps
    Password: Qw123456
    Mail OTP to retrieve with: trc_user_edps@yopmail.com

2) After login, you'll be redirected to a url like :

http://nowhere.edenred.net/oauth/callback?code={authorization_code}&...

3) Copy the authorization_code and use the request "Get access_token from authorization_code**" in the following collection of API calls :

Run in Postman

Please note that an authorization_code is burned every time you try to use it. If your API call fails, you must get a new authorization_code.

Logout

Logout the Edenred account from your platform. All tokens are then invalid

GET /connect/endsession?id_token_hint=<idToken>=<postLogoutRedirectUri> HTTP/1.1
Host: {{authentication-URL}}

Where

'authentication-url' = sso.sbx.edenred.io

And idToken is retrieved from the refreshing token response

And postLogoutRedirectUri is a callback URL whitelisted on our side (to be provided in the configuration request)

eg: postLogoutRedirectUri = http://nowhere.edenred.net/oauth/callback

Direct Payment API

If you use the postman collection, the access_token will automatically be placed in your HTTP Authorization header.

Get Balance

Gets all the available user vouchers including the full sum of their values.

The authorization header is mandatory for this request.

Request:

 GET /v2/users/{username} HTTP/1.1
 Host: directpayment.stg.eu.edenred.io
 Authorization: Bearer {token}
 X-Client-Id: {payment-clientId}
 X-Client-Secret: {payment-clientSecret}

Response:

 {
  "meta": {
     "status": "succeeded",
     "messages": []
   },
  "data": {
     "available_amount": 12000
   }
 }

Estimate Charge

Check if an amount can be spent and answer the possible amount that can be spent. If the requested amount is above the available balance, the service will provide the available amount in the response.

The authorization header is mandatory for this request.

Request:

 POST /v2/users/{username}/actions/estimate-charge HTTP/1.1
 Host: directpayment.stg.eu.edenred.io
 Authorization: Bearer {token}
 X-Client-Id: {payment-clientId}
 X-Client-Secret: {payment-clientSecret}
 Content-Type: application/json
 {
   "amount": 1900
 }

Response:

 {
   "meta": {
      "status": "succeeded",
      "messages": []
    },
   "data": {
      "available_amount": 1500
    }
 }

First Scenario: Capture Mode is set to Manual

Step 1: Authorize a payment

An authorization can be requested with an amount and/or a voucher array.

The authorization header should be set for this operation.

The field tstamp MUST be set in order to manage idempotency

Request:

 POST /v2/transactions HTTP/1.1
 Host: directpayment.stg.eu.edenred.io
 Authorization: Bearer {token}
 X-Client-Id: {payment-clientId}
 X-Client-Secret: {payment-clientSecret}
 Content-Type: application/json
  {
    "order_ref": "order-001",
    "mid": "336826441",
    "amount": 1,
    "capture_mode": "manual",
    "tstamp": "2019-05-21T11:57:52Z",
    "currency": "{{currency}}"
 }

Response:

{
 "meta": {
     "status": "succeeded",
     "messages": []
  },
 "data": {
      "order_ref": "order-001",
      "mid": "336826441",
      "authorization_id": "MTU1ODQzOTg3MjMzNjgyNjQ0MTQwM-382424",
      "authorized_amount": 1,
      "status": "authorized"
    }
}

Step 2: Cancel OR Capture a payment

An authorized payment can be cancelled or captured.

The authorization_id provided during the payment process must be provided in this request.

The authorization header should not be set for the two operations cancel and capture.

Cancel Request:

 POST /v2/transactions/{authorization_id}/actions/cancel HTTP/1.1
 Host: directpayment.stg.eu.edenred.io
 X-Client-Id: {payment-clientId}
 X-Client-Secret: {payment-clientSecret}
 Content-Type: application/json
 {
   "amount": 1,
   "tstamp": "2019-05-21T12:10:12Z"
 }

Cancel Response:

{
  "meta": {
     "status": "succeeded",
     "messages": []
  },
  "data": {
      "order_ref": "order-001",
      "mid": "336826441",
      "cancel_id": "MTU1ODQ1MDM3MjE5OTkyMjQ0MDEwM",
      "cancelled_amount": 1,
      "status": "cancelled",
      "authorization_id": "MTU1ODQ1MDM3MjE5OTkyMjQ0MDEwM-559604",
      "authorized_amount": 1
    }
}

OR

Capture Request:

 POST /v2/transactions/{authorization_id}/actions/capture HTTP/1.1
 Host: directpayment.stg.eu.edenred.io
 X-Client-Id: {payment-clientId}
 X-Client-Secret: {payment-clientSecret}
 Content-Type: application/json
 {
   "mid": "336826441",
   "amount": 1,
   "tstamp": "2019-05-21T12:15:29Z"
 }

Capture Response:

{
  "meta": {
     "status": "succeeded",
     "messages": []
  },
  "data": {
      "order_ref": "order-001",
      "mid": "336826441",
      "capture_id": "MTU1ODQzOTg3MjMzNjgyNjQ0MTQwM-382424",
      "capture_amount": 1,
      "status": "captured",
      "authorization_id": "MTU1ODQzOTg3MjMzNjgyNjQ0MTQwM-382424",
      "authorized_amount": 1
    }
}

Step 3: Refund a captured payment

Once captured, a transaction can't be cancelled but have to be refunded.

The authorization_id provided during the payment process must be provided in this request.

The authorization header should not be set for this operation.

The capture_mode is mandatory in the case of dual messaging (Authorize + Capture).

The field tstamp MUST be set in order to manage idempotency

Refund Request:

 POST /v2/transactions/{authorization_id}/actions/refund HTTP/1.1
 Host: directpayment.stg.eu.edenred.io
 X-Client-Id: {payment-clientId}
 X-Client-Secret: {payment-clientSecret}
 Content-Type: application/json
 {
    "amount": 1,
    "capture_mode": "manual",
    "currency": "EUR",
    "tstamp": "2019-05-21T12:17:53Z"
 }

Refund Response:

 {
   "meta": {
     "status": "succeeded",
     "messages": []
   },
   "data": {
      "order_ref": "order-001",
      "mid": "336826441",
      "refund_id": "MTU1ODQ2MjYyMDE5OTkyMjQ0MDEwM",
      "refunded_amount": 1,
      "status": "refunded",
      "authorization_id": "MTU1ODQ2MjYyMDE5OTkyMjQ0MDEwM-535907",
      "authorized_amount": 1
    }
 }

Second Scenario: Capture Mode is set to Auto

Step 1: Auto Capture a payment

An auto capture can be requested with an amount and/or a voucher array.

The authorization header should be set for this operation.

The field tstamp MUST be set in order to manage idempotency

Request:

 POST /v2/transactions HTTP/1.1
 Host: directpayment.stg.eu.edenred.io
 Authorization: Bearer {token}
 X-Client-Id: {payment-clientId}
 X-Client-Secret: {payment-clientSecret}
 Content-Type: application/json
 {
    "order_ref": "order-001",
    "mid": "336826441",
    "amount": 1,
    "tstamp": "2019-05-21T11:57:52Z",
    "currency": "EUR"
 }

Response:

{
   "meta": {
        "status": "succeeded",
        "messages": []
    }
    "data": {
        "order_ref": "order-001",
        "mid": "336826441",
        "authorization_id": "MTU1ODQ0NzM3MDMzNjgyNjQ0MTQwM-455211",
        "authorized_amount": 1,
        "capture_id": "MTU1ODQ0NzM3MDMzNjgyNjQ0MTQwM-455211",
        "capture_amount": 1,
        "status": "captured"
    }
}

Step 2: Refund a captured payment

Once captured, a transaction can't be cancelled but have to be refunded.

The authorization_id provided during the payment process must be provided in this request.

The authorization header should not be set for this operation.

The field tstamp MUST be set in order to manage idempotency

Refund Request:

 POST /v2/transactions/{authorization_id}/actions/refund HTTP/1.1
 Host: directpayment.stg.eu.edenred.io
 X-Client-Id: {payment-clientId}
 X-Client-Secret: {payment-clientSecret}
 Content-Type: application/json
 {
   "amount": 1,
   "tstamp": "2019-05-21T14:04:00Z"
 }

Refund Response:

 {
   "meta": {
     "status": "succeeded",
     "messages": []
   },
   "data": {
      "order_ref": "order-001",
      "mid": "336826441",
      "refund_id": "MTU1ODQ0NzQ0MDE5OTkyMjQ0MDEwM",
      "refunded_amount": 1,
      "status": "refunded"
    }
 }

Error Codes

Status CodeStatusCodeLevelDescription
200succededAUTHSuccessThe transaction has been authorized.
200succededAUTH_PENDINGSuccessThe transaction authorization is pending.
200succededPARTIAL_AUTHSuccessThe transaction has been partially authorized.
200succededOKSuccessOK
400failedBAD_REQUESTErrorThe input doesn't respect the contract expected (required fields, type, etc.)
400failedEMPTY_AUTHORIZATION_TOKENErrorUnable to retrieve the OpenId token from the request. Please verify your request and, if required, contact the API administrator for assistance.
400failedINVALID_SEARCH_PERIODErrorThe search period is longer than 3 months.
400failedBAD_REQUESTErrorThe server cannot or will not process the request due to an apparent client error. Check messages field for more details.
400failedDECLINEDErrorTransaction declined.
400failedINVALID_REQUESTErrorThe configuration allows only single/dual messaging requests.
400failedCARD_NOT_ACTIVEErrorNo active card found for the username.
400failedINVALID_AMOUNTErrorInsufficient funds or amount too small/big.
400failedINVALID_MERCHANTErrorThe merchant is not valid, please check the given mid.
400failedINVALID_VOUCHERErrorVoucher not valid.
400failedLIMIT_EXCEEDEDErrorThe amount is incorrect according your past orders.
400failedLOCKOUTErrorMax PIN tries exceeded.
400failedPARTIAL_REVERSALS_NOT_ALLOWEDErrorPartial refunds are not allowed.
400failedTEMPORARY_HOLDErrorTransaction temprorary hold.
400failedTRANSACTION_DUPLICATEDErrorA same transaction already exists.
400failedTRANSACTION_NOT_AUTHORISEDErrorThe transaction has not been authorized.
400failedTRANSACTION_STATUS_MUST_BE_AUTHORIZEDErrorInvalid operation, the status of the transaction must be authorized
400failedINVALID_AMOUNTErrorEnsure that the amount you want to cancel matches the authorized amount.
400failedTRANSACTION_NOT_AUTHORISEDErrorTransaction not authorised.
400failedTRANSACTION_STATUS_MUST_BE_CAPTUREDErrorInvalid operation, the status of the transaction must be captured
400failedINVALID_MERCHANTErrorInvalid Merchant
400failedINVALID_AMOUNTErrorINSUFFICIENT FUNDS
400failedINVALID_AMOUNTErrorInvalid Amount
400failedDECLINEDErrorDeclined
400failedTRANSACTION_DUPLICATEDErrorTransaction Duplicated
400failedLIMIT_EXCEEDEDErrorLimit exceeded
400failedTEMPORARY_HOLDErrorTemporary hold
400failedPARTIAL_REVERSALS_NOT_ALLOWEDErrorPartial resversals not allowed
400failedTRANSACTION_NOT_AUTHORISEDErrorTransaction not authorised
400failedINVALID_VOUCHERErrorInvalid Voucher
400failedLOCKOUTErrorlockout
400failedPARTIAL_AUTH_NOT_SUPPORTEDErrorPartial authorization not supported
400failedCARD_NOT_ACTIVATEDErrorCard is not activated
400failedCARD_EXPIREDErrorCard expired
400failedCARD_BLOCKEDErrorCard blocked
400failedINVALID_CARDErrorInvalid card
400failedINVALID_ACCOUNTErrorInvalid account
400failedINVALID_CURRENCY_CODEErrorInvalid currency
400failedCARD_ALREADY_ACTIVATEDErrorCard is already activated
400failedINVALID_TRANSACTION_TYPEErrorInvalid transaction type
400failedINVALID_CARDErrorINVALID CARD SERIAL NUMBER
400failedCARDHOLDER_ALREADY_EXISTSErrorCARDHOLDER ALREADY EXISTS
400failedREFERENCE_ALREADY_EXISTSErrorREFERENCE ALREADY EXISTS
400failedINVALID_ACCOUNTErrorINVALID ACCOUNT NUMBER
400failedINVALID_ACTIVATION_CODEErrorINVALID ACTIVATION CODE
400failedCARD_ACTIVATION_FAILEDErrorCARD ACTIVATION FAILED
400failedBAD_REQUESTErrorINVALID PAGE OFFSET
400failedBAD_REQUESTErrorINVALID DATE RANGE
400failedBAD_REQUESTErrorDATE FROM TOO OLD
400failedINVALID_CARDHOLDERErrorINVALID CARDHOLDER
400failedINVALID_EMAILErrorINVALID EMAIL
400failedINVALID_PHONEErrorINVALID PHONE
400failedDUPLICATE_CARDHOLDERErrorDUPLICATE CARDHOLDER
400failedNON_UNIQUE_MOBILE_NUMBERErrorNON-UNIQUE MOBILE NUMBER
400failedCARD_NOT_BLOCKEDErrorCANNOT RESUME(Card not blocked or already blocked)
400failedCARD_ALREADY_REGISTEREDErrorCARD ALREADY REGISTERED
400failedREGISTRATION_NOT_ALLOWEDErrorREGISTRATION NOT ALLOWED
400failedCARD_BLOCKEDErrorCard is not in valid state
400failedBAD_REQUESTErrorPIN REQUIRED
400failedBAD_REQUESTErrorPIN ERROR
400failedCARDHOLDER_STATUS_INVALIDErrorCARDHOLDER STATUS INVALID
400failedCARD_BLOCKEDErrorCARD/ACCOUNT BLOCKED
400failedBAD_REQUESTErrorINVALID PRODUCT BALANCE
400failedBAD_REQUESTErrorINVALID ACCOUNT EXTERNAL REFERENCE
400failedBAD_REQUESTErrorPIN STATUS NOT BLOCKED
400failedBAD_REQUESTErrorPIN LOCKED
400failedBAD_REQUESTErrorCARD NOT FULFILLED
400failedBAD_REQUESTErrorCARD NOT ACTIVE
400failedBAD_REQUESTErrorPIN STATUS NOT ACTIVE ACTIVATING
400failedBAD_REQUESTErrorMAX PIN TRIES EXCEEDED
401failedINVALID_TOKENErrorInvalid, revoked or expired token. You should try to re-authenticate the user.
401failedUNAUTHORIZEDErrorMissing, invalid or expired token. To fix, you should re-authenticate the user.
401failedUSER_INACTIVEErrorUser Inactive.
401failedINVALID_TOKEN_ISSUERErrorThe token has not been issued (tokenUsername) for the current user (username)
401failedUNAUTHORIZEDErrorSSL CONNECTION REQUIRED
401failedUNAUTHORIZEDErrorINVALID SSL CERTIFICATE
401failedUNAUTHORIZEDErrorINVALID CREDENTIALS
403failedFORBIDDENErrorThe request was valid, but the server is refusing action. The user might not have the necessary permissions for this resource.
403failedFORBIDDENErrorINVALID IP
403failedFORBIDDENErrorINVALID MAC
404failedTRANSACTION_NOT_FOUNDErrorNo transaction found for the given transaction_id.
404failedORIGIN_TRANSACTION_ID_NOT_FOUNDErrorThe origin transaction_id is not found.
404failedNOT_FOUNDErrorIf no transaction is linked to the transaction_id given as input.
405failedMETHOD_NOT_ALLOWEDErrorA request was made of a resource using a request method not supported by that resource; for example, using GET on a form which requires data to be presented via POST, or using PUT on a read-only resource.
405failedMETHOD_NOT_ALLOWEDErrorA request was made of a resource using a request method not supported by that resource.
406failedNOT_ACCEPTABLEErrorThe requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request.
412failedPRECONDITION_FAILEDErrorA business precondition has not been; for example, the user has no active cards.
412failedPRECONDITION_FAILEDErrorA business precondition has not been.
415failedUNSUPPORTED_MEDIA_TYPEErrorThe request entity has a media type which the server or resource does not support.
429failedTOO_MANY_REQUESTErrorYour request has been rejected due to rate limitation. Please check your subscribed service level agreement.
500failedINTERNAL_ERRORErrorWe had a problem with our server. Please to try again later.
500failedTRANSACTION_MUST_BE_AUTHORIZEDErrorInvalid operation, the status of the transaction must be authorized
500failedINTERNAL_ERRORErrorInternal Server Error
500failedINCORRECT_PINErrorIncorrect PIN
500failedACCOUNT_BLOCKEDErrorAccount blocked
500failedTOPTP_VALIDATION_FAILEDErrortoptp validation failed
500failedINVALID_POST_CODEErrorINVALID POST CODE
500failedCOMPLIANCE_DATA_NOT_ALLOWEDErrorCOMPLIANCE DATA NOT ALLOWED
501failedNOT_IMPLEMENTEDErrorFor the context of the current business unit, this feature is not supported.
502failedBAD_GATEWAYErrorWe had a problem with one of our backends that returns a http 500 status. Please to try again later.
502failedBAD_GATEWAYErrorINVALID ORIGINATING SYSTEM
502failedBAD_GATEWAYErrorERROR

Reviews