Edenred Direct Payment Services
Use Case: France
I. Generalities
In France, a user can spend the exact amount requested up to 19β¬ per day, i.e. he canβt spend more than 19β¬ in a given day (or 38 euros in some cases).
These regulations are handled on the Edenred side.
Please note that all amounts in our API are given in cents (9β¬ = 900)
II. Login Process
1) To test the API in sandbox, you can get an authorization_code by clicking on the link bellow:
Example of account that can be used to test the API:
Account: lerouxpablo@yopmail.com
Password: Edenred2021*
Masked PAN : 44752) After login, you'll be redirected to a url like :
http://nowhere.edenred.net/oauth/callback?code={authorization_code}&...
3) Copy the authorization_code and paste it in the body of the request "Get Token by authorization_code" (in the "code" parameter) in the following collection of API calls (Please note the environment is set up in capture mode auto) :
Please note that an authorization_code is burned every time you try to use it. If your API call fails, you must get a new authorization_code by requesting the user to follow the authentication flow again.
2.2. Logout Process
Logout the Edenred account from your platform. All tokens are then invalid
GET /connect/endsession?id_token_hint=<idToken>=<postLogoutRedirectUri> HTTP/1.1
Host: {{authentication-URL}}Where
'xp-authentication-URL' = sso.sbx.edenred.io
And idToken is retrieved from the refreshing token response
And postLogoutRedirectUri is a callback URL whitelisted on our side (to be provided in the configuration request)
eg: postLogoutRedirectUri = http://nowhere.edenred.net/oauth/callback
III. Direct Payment API
If you use the postman collection, the access_token will automatically be placed in your HTTP Authorization header.
Token Management:
| Operations | Endpoints | Description |
|---|---|---|
| Get access_token | POST /connect/token | Get a new access token |
| Get refresh_token | POST /connect/token | Refresh the access token |
Users Management:
| Operations | Endpoints | Description |
|---|---|---|
| Get Balance | GET /v2/users/{username} | Get user balance |
| Estimate Charge | POST /v2/users/{username}/actions/estimate-charge | Check if you can pay with the given amount |
Transaction Management
- Capture Mode auto:
| Operations | Endpoints | Description |
|---|---|---|
| Authorize + Capture | POST /v2/transactions | Authorize and Capture in one call |
| Refund | POST /v2/transactions/{authorization_id}/actions/refund | Refund the auto captured transaction |
- Capture Mode Manual:
a- Authorize > Cancel
| Operations | Endpoints | Description |
|---|---|---|
| Authorize Manual | POST /v2/transactions | Authorize a new payment |
| Cancel | POST /v2/transactions/{authorization_id}/actions/cancel | Cancel the authorized payment |
b- Authorize > Capture > Refund
| Operations | Endpoints | Description |
|---|---|---|
| Authorize Manual | POST /v2/transactions | Authorize a new payment |
| Capture | POST /v2/transactions/{authorization_id}/actions/capture | Capture the authorized payment |
| Refund | POST /v2/transactions/{authorization_id}/actions/refund | Refund the captured payment |
The postman configuration available here is set in auto-clearing mode => cancel and capture routes are not available.
You can request an access to our UAT environment in manual-clearing mode if you choose to implement the payment with Edenred this way.
II.1. Get Balance
Get the available amount to spend available on the user account. This amount is the one available at the given moment to manage a payment
The authorization header is mandatory for this request.
Request:
GET /v2/users/{username} HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"available_amount": 1900,
"currency": "EUR"
}
}II.2. Estimate Charge
Check if an amount can be spent and answer the possible amount that can be spent. If the requested amount is above the available balance, the service will provide the available amount in the response.
The authorization header is mandatory for this request.
Request:
POST /v2/users/{username}/actions/estimate-charge HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 1900
}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"available_amount": 1800,
"currency": "EUR"
}
}II.3. Transactions
EDPS manages two kinds of transaction mode, auto and manual. The postman collection is set up in capture mode auto. If you want to test an environment in capture mode manual, please request a dedicated environment.
In the next sections, we will explain the difference between those two modes.
II.3.1. Capture Mode - Auto
In this mode, we can perform only the below operations:
| Operations | Endpoints | Description |
|---|---|---|
| Authorize & Capture | POST /v2/transactions | Create a transaction, the capture_mode MUST be auto |
| Refund | POST /v2/transactions/{authorization_id}/actions/refund | Refund a captured transaction. The authorization_id is returned by the Authorize operation |
II.3.1.1. Authorize & Capture a payment
An auto capture is requested with an amount in cents of Euros (19β¬ = 1900 in the request).
The authorization header should be set for this operation.
The field
tstampMUST be set in order to manage idempotency
Request:
POST /v2/transactions HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"order_ref": "order-001",
"mid": "1999224",
"amount": 1,
"capture_mode": "auto",
"extra_field": "order-fr-001",
"tstamp": "2018-08-31T14:22:00Z"
}Response:
{
"meta": {
"status": "succeeded"
},
"data": {
"order_ref": "order-fr-002",
"mid": "1999224",
"status": "captured",
"authorization_id": "MTU5MjM3NjcyNzE5OTkyMjQ4MDAwM-642338",
"authorized_amount": 1,
"capture_id": "MTU5MjM3NjcyNzE5OTkyMjQ4MDAwM-642338",
"captured_amount": 1
}
}II.3.1.2. Refund a Captured payment
Once captured, a transaction can't be cancelled but have to be refunded.
The authorization_id provided during the payment process must be provided in this request.
The refund can only be performed for the full amount that has been captured
The field
tstampMUST be set in order to manage idempotency
Refund Request:
POST /v2/transactions/{authorization_id}/actions/refund HTTP/1.1
Host: directpayment.stg.eu.edenred.io
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 1,
"capture_mode": "auto",
"tstamp": "2019-05-21T14:04:00Z"
}Refund Response:
{
"meta": {
"status": "succeeded"
},
"data": {
"mid": "1999224",
"status": "refunded",
"refund_id": "MTU5MjM3NjcyNzE5OTkyMjQ4MDAwM",
"refunded_amount": 1,
"order_ref": "order-fr-002",
"authorization_id": "MTU5MjM3NjcyNzE5OTkyMjQ4MDAwM-642338",
"authorized_amount": 1,
"capture_id": "MTU5MjM3NjcyNzE5OTkyMjQ4MDAwM-642338",
"captured_amount": 1
}
}II.3.2. Capture Mode - Manual
In this mode, we can perform the below operations:
| Operations | Endpoints | Description |
|---|---|---|
| Authorize | POST /v2/transactions | Create a transaction, the capture_mode MUST be manual |
| Cancel | POST /v2/transactions/{authorization_id}/actions/cancel | Cancel an authorized transaction. The authorization_id is returned by the Authorize operation |
| Capture | POST /v2/transactions/{authorization_id}/actions/capture | Capture an authorized transaction. A Cancelled transaction can't be captured. The authorization_id is returned by the Authorize operation |
| Refund | POST /v2/transactions/{authorization_id}/actions/refund | Refund a captured transaction. The authorization_id is returned by the Captured operation |
II.3.2.1. Authorize a payment
An authorization is requested with an amount in cents of Euros (19β¬ = 1900 in the request).
The authorization header should be set for this operation.
The field
tstampMUST be set in order to manage idempotency
Request:
POST /v2/transactions HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"order_ref": "order-fr-001",
"mid": "1999224",
"amount": 1,
"currency": "EUR"
"capture_mode": "manual",
"extra_field": "order-fr-001",
"tstamp": "2019-05-27T10:02:50Z"
}Response:
{
"meta": {
"status": "succeeded"
},
"data": {
"order_ref": "order-fr-001",
"mid": "1999224",
"status": "authorized",
"authorization_id": "MTU5MjMyMzI2NzE5OTkyMjQ4MDAwM-199570",
"authorized_amount": 1
}
}II.3.2.2. Cancel OR Capture a payment
An authorized payment can be cancelled or captured.
Cancel and capture are for the full amount authorized
The field
tstampMUST be set in order to manage idempotency
Cancel Request:
POST /v2/transactions/{authorization_id}/actions/cancel HTTP/1.1
Host: directpayment.stg.eu.edenred.io
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 1,
"tstamp": "2019-05-21T12:10:12Z"
}Cancel Response:
{
"meta": {
"status": "succeeded"
},
"data": {
"mid": "1999224",
"status": "cancelled",
"cancel_id": "MTU4ODY2MzI0NTE5OTkyMjQ4MDAwM",
"cancelled_amount": 1,
"order_ref": "order-fr-001",
"authorization_id": "MTU5MjMyMzI2NzE5OTkyMjQ4MDAwM-199570",
"authorized_amount": 1
}
}Capture Request:
POST /v2/transactions/{authorization_id}/actions/capture HTTP/1.1
Host: directpayment.stg.eu.edenred.io
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 1,
"tstamp": "2019-05-21T12:15:29Z"
}Capture Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"order_ref": "order-fr-001",
"mid": "1999224",
"capture_id": "MTU5MjM3NTg1MjE5OTkyMjQ4MDAwM-520011",
"capture_amount": 1,
"status": "captured",
"authorization_id": "MTU5MjM3NTg1MjE5OTkyMjQ4MDAwM-520011",
"authorized_amount": 1
}
}II.3.2.3. Refund a captured payment
Once captured, a transaction can't be cancelled but have to be refunded.
The capture_mode is mandatory in the case of dual messaging (Authorize and Capture) and must be set to "manual".
The refund can only be performed for the full amount that has been captured
The field
tstampMUST be set in order to manage idempotency
Refund Request:
POST /v2/transactions/{authorization_id}/actions/refund HTTP/1.1
Host: directpayment.stg.eu.edenred.io
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 1,
"capture_mode": "manual",
"tstamp": "2019-05-21T12:17:53Z"
}Refund Response:
{
"meta": {
"status": "succeeded"
},
"data": {
"mid": "1999224",
"status": "refunded",
"refund_id": "MTU4ODY2MzI0NTE5OTkyMjQ4MDAwM-520011",
"refunded_amount": 1,
"order_ref": "order-fr-001",
"capture_id": "MTU5MjM3NTg1MjE5OTkyMjQ4MDAwM-520011",
"capture_amount": 1,
"authorization_id": "MTU5MjM3NTg1MjE5OTkyMjQ4MDAwM-520011",
"authorized_amount": 1
}
}IV Error Codes
| Status Code | Status | Code | Level | Description |
|---|---|---|---|---|
| 200 | succeded | OK | Success | OK |
| 200 | succeded | AUTH | Success | The transaction has been authorized. |
| 200 | succeded | AUTH_PENDING | Success | The transaction authorization is pending. |
| 200 | succeded | PARTIAL_AUTH | Success | The transaction has been partially authorized. |
| 400 | failed | INVALID_EMAIL | Error | Email is already in use by another user. |
| 400 | failed | INVALID_CARD | Error | Invalid card information provided |
| 400 | failed | INVALID_MERCHANT | Error | Invalid Merchant |
| 400 | failed | INVALID_AMOUNT | Error | Invalid Amount |
| 400 | failed | INVALID_AMOUNT | Error | INSUFFICIENT FUNDS |
| 400 | failed | TRANSACTION_DUPLICATED | Error | Transaction Duplicated |
| 400 | failed | DECLINED | Error | Declined |
| 400 | failed | LIMIT_EXCEEDED | Error | Limit exceeded |
| 400 | failed | PARTIAL_REVERSALS_NOT_ALLOWED | Error | Partial resversals not allowed |
| 400 | failed | TRANSACTION_NOT_AUTHORISED | Error | Transaction not authorised |
| 400 | failed | TEMPORARY_HOLD | Error | Temporary hold |
| 400 | failed | INVALID_VOUCHER | Error | Invalid Voucher |
| 400 | failed | LOCKOUT | Error | lockout |
| 400 | failed | INCORRECT_PIN | Error | Incorrect PIN |
| 400 | failed | PARTIAL_AUTH_NOT_SUPPORTED | Error | Partial authorization not supported |
| 400 | failed | INVALID_CARD | Error | Invalid card |
| 400 | failed | CARD_NOT_ACTIVATED | Error | Card is not activated |
| 400 | failed | ACCOUNT_BLOCKED | Error | Account blocked |
| 400 | failed | CARD_BLOCKED | Error | Card blocked |
| 400 | failed | INVALID_ACCOUNT | Error | Invalid account |
| 400 | failed | CARD_ALREADY_ACTIVATED | Error | Card is already activated |
| 400 | failed | INVALID_CURRENCY_CODE | Error | Invalid currency |
| 400 | failed | INVALID_TRANSACTION_TYPE | Error | Invalid transaction type |
| 400 | failed | INVALID_CAPTURE_MODE | Error | You are not allowed to capture transaction |
| 400 | failed | TOPTP_VALIDATION_FAILED | Error | toptp validation failed |
| 400 | failed | CARD_NOT_FOUND | Error | Card not found |
| 400 | failed | NO_ACTIVE_CARD | Error | No Active Card found |
| 400 | failed | ACCOUNT_NOT_FOUND | Error | Account not found |
| 400 | failed | BAD_REQUEST | Error | The input doesn't respect the contract expected (required fields, type, etc.) |
| 400 | failed | EMPTY_AUTHORIZATION_TOKEN | Error | Unable to retrieve the OpenId token from the request. Please verify your request and, if required, contact the API administrator for assistance. |
| 400 | failed | INVALID_SEARCH_PERIOD | Error | The search period is longer than 3 months. |
| 400 | failed | BAD_REQUEST | Error | The server cannot or will not process the request due to an apparent client error. Check messages field for more details. |
| 400 | failed | DECLINED | Error | Transaction declined. |
| 400 | failed | INVALID_REQUEST | Error | The configuration allows only single/dual messaging requests. |
| 400 | failed | CARD_NOT_ACTIVE | Error | No active card found for the username. |
| 400 | failed | INVALID_AMOUNT | Error | Insufficient funds or amount too small/big. |
| 400 | failed | INVALID_MERCHANT | Error | The merchant is not valid, please check the given mid. |
| 400 | failed | INVALID_VOUCHER | Error | Voucher not valid. |
| 400 | failed | LIMIT_EXCEEDED | Error | The amount is incorrect according your past orders. |
| 400 | failed | LOCKOUT | Error | Max PIN tries exceeded. |
| 400 | failed | PARTIAL_REVERSALS_NOT_ALLOWED | Error | Partial refunds are not allowed. |
| 400 | failed | TEMPORARY_HOLD | Error | Transaction temprorary hold. |
| 400 | failed | TRANSACTION_DUPLICATED | Error | A same transaction already exists. |
| 400 | failed | TRANSACTION_NOT_AUTHORISED | Error | The transaction has not been authorized. |
| 400 | failed | TRANSACTION_STATUS_MUST_BE_AUTHORIZED | Error | Invalid operation, the status of the transaction must be authorized |
| 400 | failed | INVALID_AMOUNT | Error | Ensure that the amount you want to cancel matches the authorized amount. |
| 400 | failed | TRANSACTION_NOT_AUTHORISED | Error | Transaction not authorised. |
| 400 | failed | TRANSACTION_STATUS_MUST_BE_CAPTURED | Error | Invalid operation, the status of the transaction must be captured |
| 401 | failed | INVALID_TOKEN | Error | Invalid, revoked or expired token. You should try to re-authenticate the user. |
| 401 | failed | UNAUTHORIZED | Error | Missing, invalid or expired token. To fix, you should re-authenticate the user. |
| 401 | failed | USER_INACTIVE | Error | User Inactive. |
| 401 | failed | INVALID_TOKEN_ISSUER | Error | The token has not been issued (tokenUsername) for the current user (username) |
| 403 | failed | FORBIDDEN | Error | The request was valid, but the server is refusing action. The user might not have the necessary permissions for this resource. |
| 404 | failed | TRANSACTION_NOT_FOUND | Error | No transaction found for the given transaction_id. |
| 404 | failed | ORIGIN_TRANSACTION_ID_NOT_FOUND | Error | The origin transaction_id is not found. |
| 404 | failed | NOT_FOUND | Error | If no transaction is linked to the transaction_id given as input. |
| 405 | failed | METHOD_NOT_ALLOWED | Error | A request was made of a resource using a request method not supported by that resource; for example, using GET on a form which requires data to be presented via POST, or using PUT on a read-only resource. |
| 405 | failed | METHOD_NOT_ALLOWED | Error | A request was made of a resource using a request method not supported by that resource. |
| 406 | failed | NOT_ACCEPTABLE | Error | The requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request. |
| 412 | failed | PRECONDITION_FAILED | Error | A business precondition has not been; for example, the user has no active cards. |
| 412 | failed | PRECONDITION_FAILED | Error | A business precondition has not been. |
| 415 | failed | UNSUPPORTED_MEDIA_TYPE | Error | The request entity has a media type which the server or resource does not support. |
| 429 | failed | TOO_MANY_REQUEST | Error | Your request has been rejected due to rate limitation. Please check your subscribed service level agreement. |
| 500 | failed | CARD_TEMPORARILY_BLOCKED | Error | This card is temporarily blocked |
| 500 | failed | INTERNAL_ERROR | Error | Internal Server Error |
| 500 | failed | CARD_EXPIRED | Error | Card expired |
| 500 | failed | INTERNAL_ERROR | Error | Invalid Message :Field: [value.amt] must be numeric |
| 500 | failed | INTERNAL_ERROR | Error | We had a problem with our server. Please to try again later. |
| 500 | failed | TRANSACTION_MUST_BE_AUTHORIZED | Error | Invalid operation, the status of the transaction must be authorized |
| 501 | failed | NOT_IMPLEMENTED | Error | For the context of the current business unit, this feature is not supported. |
| 502 | failed | BAD_GATEWAY | Error | Oups... Something wrong on one of the underlying servers! Please contact the administrator to report the issue. |
| 502 | failed | BAD_GATEWAY | Error | We had a problem with one of our backends that returns a http 500 status. Please to try again later. |