Edenred Direct Payment Services
Use Case: Turkey
1. Generalities
In Turkey, with the Ticket Restaurant Card, a user can spend the amount requested in the limit of the balance available on his account (i.e. balance canโt be negative) and with some daily limitations (to be detailed)
Please note that all amounts in our API are given in cents (example: 100โบ = 10000).
The regulation(s) are handled on the Edenred side.
2. User Security Tokens
Please refer to this section for more details about security tokens.
2.1. Login Process
1) To test the API in sandbox, you can get an authorization_code by following the authentication flow of the user, clicking on the link bellow:
Example of account that can be used to test the flow:
Username: edps@edps.com
Password: 258067
OTP: 123456Login Page
At this step, provide the username and password of the user's account
Verify OTP code
At this step, enter the OTP
2) After login, you'll be redirected to a url like:
http://nowhere.edenred.net/oauth/callback?code={authorization_code}&...
3) Copy the authorization_code and paste it in the body of the request "Get Token by authorization_code" (in the "code" parameter) in the following collection of API calls :
Please note that an authorization_code is burned every time you try to use it. If your API call fails, you must get a new authorization_code by requesting the user to follow the authentication flow again.
2.2. Logout Process
Logout the Edenred account from your platform. All tokens are then invalid
GET /connect/endsession?id_token_hint=<idToken>=<postLogoutRedirectUri> HTTP/1.1
Host: {{authentication-URL}}Where
'authentication-URL' = https://sso.sbx.edenred.io
And idToken is retrieved from the refreshing token response
And postLogoutRedirectUri is a callback URL whitelisted on our side (to be provided in the configuration request)
eg: postLogoutRedirectUri = http://nowhere.edenred.net/oauth/callback
3. Direct Payment API
If you use the postman collection, the access_token will automatically be placed in your HTTP. The postman configuration available here is set in auto-clearing mode. Manual clearing mode is not supported.
Token Management:
| Operations | Endpoints | Description |
|---|---|---|
| Get Refresh_token from authorization code | POST /connect/token | Get a new set of tokens |
| Get access_token from refresh token | POST /connect/token | Refresh the access token |
Users Management:
| Operations | Endpoints | Description |
|---|---|---|
| Get Balances | GET /v2/users/{username} | Get user balance |
| Estimate Charge | POST /v2/users/{username}/actions/estimate-charge | Check if you can pay with the given amount |
Transaction Management:
โข Capture Mode auto:
| Operations | Endpoints | Description |
|---|---|---|
| Authorize (+ Capture) | POST /v2/transactions | Authorize and Capture in one call |
| Refund | Not supported in the local backend | - |
3.1. Get Balances
Use the Get balances to get all the available user vouchers including the full sum of their values.
The Authorization header is mandatory for this request.
Please keep in mind that for {{username}} parameter, you need to retrieve the information provided in the id_token via an introspection (the data to retrieve is an ID which corresponds to an encrypted token).
Request:
GET /v2/users/{{username}}/balances HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {{token}}
X-Client-Id: {{payment-clientId}}
X-Client-Secret: {{payment-clientSecret}}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"available_amount": 46969,
"product_class": "ETR",
"currency": "TRY"
}
}3.2. Estimate Charge
Check if an amount can be spent and answer the possible amount that can be spent. If the requested amount is above the available balance, the service will provide the available amount in the response.
The Authorization header is mandatory for this request.
Request:
POST /v2/users/{{username}}/actions/estimate-charge HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {{token}}
Content-Type: application/json
X-Client-Id: {{payment-clientId}}
X-Client-Secret: {{payment-clientSecret}}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"available_amount": 2300,
"currency": "TRY"
}
}3.3. Authorize a payment
A transaction can only be processed via auto-capture mode (authorization and capture are done in the same call)
The amount must be provided in cents.
The authorization header is mandatory for this operation.
Please be advised that the order_ref field should be incremented with every request and it should contain only numbers and should be inferior to 2 147 483 647, not characters. The tstamp should be the current date and current hour of the request. (YYYY-MM-DD and hh:mm should be the same as the Turkish one, so in GMT+3).
The extra_field is composed of BatchNo|ServiceId|TerminalNo|TransactionSource|Hash.
Request:
POST /v2/transactions HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {{payment-clientId}}
X-Client-Secret: {{payment-clientSecret}}
Content-Type: application/json
{
"mid": "17",
"amount": 1,
"security_level": "standard",
"capture_mode": "auto",
"order_ref": "1229192039",
"tstamp": "2021-03-12T15:30:54Z",
"currency": "TRY",
"extra_field": "1000|300051|17|WCE6nGxCKdxtCR(|af8f3b39552a6eed90fe0e6a824fe48acd4d4f6cc559c117af64b4e8443394d4"
}Response:
{
"meta": {
"status": "succeeded"
},
"data": {
"mid": "17",
"status": "captured",
"authorization_id": "1229192039",
"authorized_amount": 1,
"capture_id": "1229192039",
"captured_amount": 1
}
}3.3. Refund a transaction
This process is not supported on the local back-end
Mapped status codes
| Status Code | Status | Code | Level | Description |
|---|---|---|---|---|
| 200 | succeded | SUCCESS | Success | SUCCEEDED |
| 200 | succeded | OK | Success | OK |
| 200 | succeded | AUTH | Success | The transaction has been authorized. |
| 200 | succeded | AUTH_PENDING | Success | The transaction authorization is pending. |
| 200 | succeded | PARTIAL_AUTH | Success | The transaction has been partially authorized. |
| 400 | failed | BAD_REQUEST | Error | SYSTEM ERROR 1 |
| 400 | failed | BAD_REQUEST | Error | SYSTEM ERROR 2 |
| 400 | failed | MEMBER_WORKPLACE_NOT_FOUND | Error | MEMBER WORKPLACE NOT FOUND |
| 400 | failed | MEMBER_WORKPLACE_CANNOT_BE_EMPTY | Error | MEMBER WORKPLACE CANNOT BE EMPTY |
| 400 | failed | MEMBER_PRODUCT_LIST_NOT_FOUND | Error | MEMBER PRODUCT LIST NOT FOUND |
| 400 | failed | TERMINAL_NOT_FOUND | Error | TERMINAL NOT FOUND |
| 400 | failed | TERMINAL_NO_CANNOT_BE_BLANK | Error | TERMINAL NO CANNOT BE BLANK |
| 400 | failed | TERMINAL_PRODUCT_LIST_NOT_FOUND | Error | TERMINAL PRODUCT LIST NOT FOUND |
| 400 | failed | DEVICE_SERIAL_NUMBER_ERROR | Error | DEVICE SERIAL NUMBER ERROR |
| 400 | failed | TERMINAL_NOT_ACTIVE | Error | TERMINAL NOT ACTIVE |
| 400 | failed | TERMINAL_HANGING | Error | TERMINAL HANGING |
| 400 | failed | TERMINAL_NON_CONTACT_PROCESS_NOT_FOUND | Error | TERMINAL NON-CONTACT PROCESS. NOT FOUND |
| 400 | failed | TERMINAL_WORK_PRM_NOT_FOUND | Error | TERMINAL WORK PRM. NOT FOUND |
| 400 | failed | SERVICE_LIST_NOT_FOUND | Error | SERVICE LIST NOT FOUND |
| 400 | failed | NOT_DEFINED_FOR_SERVICE_TERMINAL | Error | NOT DEFINED FOR SERVICE TERMINAL |
| 400 | failed | NO_SALES_PERMISSIONS_FOR_TERMINAL_AND_SERVICE | Error | NO SALES PERMISSIONS FOR TERMINAL AND SERVICE |
| 400 | failed | CARD_NOT_FOUND | Error | NO CARD FOUND |
| 400 | failed | CARD_TEMPORARY_BLOCKED | Error | CARD TEMPORARY BLOCKED |
| 400 | failed | CARD_IS_DISABLED | Error | CARD IS DISABLED |
| 400 | failed | EXPIRED_DATE_OF_EXPIRED | Error | EXPIRED DATE OF EXPIRED |
| 400 | failed | CARD_PRM_ERROR_DAYS | Error | CARD PRM. ERROR (DAYS) |
| 400 | failed | CARD_PRM_FAULT_HOUR | Error | CARD PRM. FAULT (HOUR) |
| 400 | failed | CARD_CANNOT_BE_USED_AT_THIS_HOUR | Error | THE CARD CANNOT BE USED AT THIS HOUR |
| 400 | failed | CARD_PRM_ERROR | Error | CARD PRM. ERROR (NUMBER OF DAYS) |
| 400 | failed | CARD_DAILY_OPERATION_NUMBER_EXCEEDED | Error | CARD'S DAILY OPERATION NUMBER EXCEEDED |
| 400 | failed | CARD_PRM_ERROR | Error | CARD PRM. ERROR (TRANSACTION AMOUNT) |
| 400 | failed | DAILY_TRANSACTION_AMOUNT_EXCEEDED | Error | DAILY TRANSACTION AMOUNT EXCEEDED |
| 400 | failed | CARD_IS_CLOSED_FOR_SALE | Error | THIS CARD IS CLOSED FOR SALE |
| 400 | failed | CARD_DAILY_TRADING_LIMIT_EXCEEDED | Error | CARD'S DAILY TRADING LIMIT EXCEEDED |
| 400 | failed | INADEQUATE_BALANCE | Error | INADEQUATE BALANCE |
| 400 | failed | TRANSACTION_FAILED | Error | TRANSACTION FAILED |
| 400 | failed | TRANSACTION_DETAILS_INCOMPATIBLE | Error | TRANSACTION DETAILS INCOMPATIBLE |
| 400 | failed | ACTION_NOT_FOUND | Error | ACTION NOT FOUND |
| 400 | failed | TRY_AGAIN | Error | TRY AGAIN |
| 400 | failed | NO_PROCESS_THAT_CAN_BE_ROLLBACKED | Error | NO PROCESS THAT CAN BE ROLLBACKED |
| 400 | failed | CANCELLATION_FAILED | Error | CANCELLATION FAILED |
| 400 | failed | CANCELLATION_NOT_AVAILABLE | Error | CANCELLATION NOT AVAILABLE |
| 400 | failed | DAILY_TRADING_NUMBER_ERROR | Error | DAILY TRADING NUMBER ERROR |
| 400 | failed | TRANSACTION_HAS_NOT_BEEN_APPROVED | Error | THE TRANSACTION HAS NOT BEEN APPROVED |
| 400 | failed | TERMINAL_TIME_ERROR | Error | TERMINAL TIME ERROR, INSTALL PARAMETER |
| 400 | failed | REPEATING_REQUEST | Error | REPEATING REQUEST |
| 400 | failed | TERMINAL_MUST_DO_AT_THE_END_OF_THE_DAY | Error | TERMINAL MUST DO AT THE END OF THE DAY |
| 400 | failed | SALES_CANNOT_BE_CANCELLED | Error | SALES CANNOT BE CANCELLED |
| 400 | failed | SALES_CANNOT_BE_APPROVED | Error | SALES CANNOT BE APPROVED |
| 400 | failed | SALES_ALREADY_APPROVED | Error | SALES ALREADY APPROVED |
| 400 | failed | INVALID_SALE_REQUEST | Error | INVALID SALE REQUEST |
| 400 | failed | CARD_CONTACT_OFF_FOR_SALE | Error | CARD CONTACT OFF FOR SALE |
| 400 | failed | CONTACTLESS_SALES_AMOUNT_EXCEEDED | Error | CONTACTLESS SALES AMOUNT EXCEEDED |
| 400 | failed | CONTACTLESS_SALES_PERMISSION_HAS_BEEN_EXCEEDED | Error | CONTACTLESS SALES PERMISSION HAS BEEN EXCEEDED |
| 400 | failed | INVALID_VERIFICATION_CODE | Error | The verification code is invalid or expired |
| 400 | failed | BAD_REQUEST | Error | The input doesn't respect the contract expected (required fields, type, etc.) |
| 400 | failed | EMPTY_AUTHORIZATION_TOKEN | Error | Unable to retrieve the OpenId token from the request. Please verify your request and, if required, contact the API administrator for assistance. |
| 400 | failed | INVALID_SEARCH_PERIOD | Error | The search period is longer than 3 months. |
| 400 | failed | BAD_REQUEST | Error | The server cannot or will not process the request due to an apparent client error. Check messages field for more details. |
| 400 | failed | DECLINED | Error | Transaction declined. |
| 400 | failed | INVALID_REQUEST | Error | The configuration allows only single/dual messaging requests. |
| 400 | failed | CARD_NOT_ACTIVE | Error | No active card found for the username. |
| 400 | failed | INVALID_AMOUNT | Error | Insufficient funds or amount too small/big. |
| 400 | failed | INVALID_MERCHANT | Error | The merchant is not valid, please check the given mid. |
| 400 | failed | INVALID_VOUCHER | Error | Voucher not valid. |
| 400 | failed | LIMIT_EXCEEDED | Error | The amount is incorrect according your past orders. |
| 400 | failed | LOCKOUT | Error | Max PIN tries exceeded. |
| 400 | failed | PARTIAL_REVERSALS_NOT_ALLOWED | Error | Partial refunds are not allowed. |
| 400 | failed | TEMPORARY_HOLD | Error | Transaction temprorary hold. |
| 400 | failed | TRANSACTION_DUPLICATED | Error | A same transaction already exists. |
| 400 | failed | TRANSACTION_NOT_AUTHORISED | Error | The transaction has not been authorized. |
| 400 | failed | TRANSACTION_STATUS_MUST_BE_AUTHORIZED | Error | Invalid operation, the status of the transaction must be authorized |
| 400 | failed | INVALID_AMOUNT | Error | Ensure that the amount you want to cancel matches the authorized amount. |
| 400 | failed | TRANSACTION_NOT_AUTHORISED | Error | Transaction not authorised. |
| 400 | failed | TRANSACTION_STATUS_MUST_BE_CAPTURED | Error | Invalid operation, the status of the transaction must be captured |
| 401 | failed | INVALID_TOKEN | Error | Invalid, revoked or expired token. You should try to re-authenticate the user. |
| 401 | failed | UNAUTHORIZED | Error | Missing, invalid or expired token. To fix, you should re-authenticate the user. |
| 401 | failed | USER_INACTIVE | Error | User Inactive. |
| 401 | failed | INVALID_TOKEN_ISSUER | Error | The token has not been issued (tokenUsername) for the current user (username) |
| 401 | failed | INVALID_TOKEN_ISSUER | Error | The token has been issued for different user. |
| 403 | failed | FORBIDDEN | Error | The request was valid, but the server is refusing action. The user might not have the necessary permissions for this resource. |
| 404 | failed | TRANSACTION_NOT_FOUND | Error | No transaction found for the given transaction_id. |
| 404 | failed | ORIGIN_TRANSACTION_ID_NOT_FOUND | Error | The origin transaction_id is not found. |
| 404 | failed | NOT_FOUND | Error | If no transaction is linked to the transaction_id given as input. |
| 405 | failed | METHOD_NOT_ALLOWED | Error | A request was made of a resource using a request method not supported by that resource; for example, using GET on a form which requires data to be presented via POST, or using PUT on a read-only resource. |
| 405 | failed | METHOD_NOT_ALLOWED | Error | A request was made of a resource using a request method not supported by that resource. |
| 406 | failed | NOT_ACCEPTABLE | Error | The requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request. |
| 412 | failed | PRECONDITION_FAILED | Error | A business precondition has not been; for example, the user has no active cards. |
| 412 | failed | PRECONDITION_FAILED | Error | A business precondition has not been. |
| 415 | failed | UNSUPPORTED_MEDIA_TYPE | Error | The request entity has a media type which the server or resource does not support. |
| 429 | failed | TOO_MANY_REQUEST | Error | Your request has been rejected due to rate limitation. Please check your subscribed service level agreement. |
| 500 | failed | CARD_NOT_AVAILABLE_TODAY | Error | CARD IS NOT AVAILABLE TODAY |
| 500 | failed | INTERNAL_ERROR | Error | We had a problem with our server. Please to try again later. |
| 500 | failed | TRANSACTION_MUST_BE_AUTHORIZED | Error | Invalid operation, the status of the transaction must be authorized |
| 501 | failed | NOT_IMPLEMENTED | Error | For the context of the current business unit, this feature is not supported. |
| 502 | failed | BAD_GATEWAY | Error | We had a problem with one of our backends that returns a http 500 status. Please to try again later. |