Edenred Direct Payment Services
Use case: Luxembourg
1. Generalities
In Luxembourg, a user can spend the exact amount requested without any limitation (apart from the balance available on his account), i.e. balance canβt be negative.
These regulations are handled on the Edenred side.
Please note that all amounts in our API are given in cents 9β¬ = 900
2. User Security Tokens
Please refer to this section for more details about security tokens.
2.1. Login Process
1) To test the API in sandbox, you can get an authorization_code by clicking on the link bellow:
Example of account that can be used to test the API:
Account: test.lux@edenred.com
Password: Secret123
Masked PAN: 45462) After login, you'll be redirected to a url like :
http://nowhere.edenred.net/oauth/callback?code={authorization_code}&...
3) Copy the authorization_code and use the request "Get access_token from authorization_code" in the following collection of API calls:
Please note that an authorization_code is burned every time you try to use it. If your API call fails, you must get a new authorization_code.
2.2. Logout Process
Logout the Edenred account from your platform. All tokens are then invalid
GET /connect/endsession?id_token_hint=<idToken>=<postLogoutRedirectUri> HTTP/1.1
Host: {{authentication-URL}}Where
'authentication-URL' = sso.sbx.edenred.io
And idToken is retrieved from the refreshing token response
And postLogoutRedirectUri is a callback URL whitelisted on our side (to be provided in the configuration request)
eg: postLogoutRedirectUri = http://nowhere.edenred.net/oauth/callback
3. Direct Payment API
3.1. Postman Collection
If you use the postman collection, the access_token will automatically be placed in your HTTP Authorization header.
The postman configuration available here is set in auto-clearing mode.
Notes: You can request an access to our UAT environment in manual-clearing mode if you choose to implement the payment with Edenred this way.
3.2. User Balance
Get Balances
Gets the available user balance for the wallet enabled.
The Authorization header is mandatory for this request.
Request:
GET /v2/users/{username}/balances HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": [
{
"available_amount": 4758,
"currency": "EUR"
}
]
}Estimate Charge
Check if an amount can be spent and answer the possible amount that can be spent. If the requested amount is above the available balance, the service will provide the available amount in the response.
The Authorization header is mandatory for this request.
Request:
POST /v2/users/{username}/actions/estimate-charge HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 2300
}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"available_amount": 2300,
"currency": "EUR"
}
}Capture Mode: Auto
Step 1: Auto Capture a payment
An authorization with auto capture can be requested with an amount in cents of Euros (10β¬ = 1000).
The authorization header should be set for this operation.
The field
tstampMUST be set in order to manage idempotency
Request:
POST /v2/transactions HTTP/1.1
Host: directpayment.stg.eu.edenred.io
Authorization: Bearer {token}
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"mid": "{{mid}}",
"order_ref": "Test-01",
"amount": 1,
"capture_mode": "auto",
"security_level": "standard",
"currency": "EUR",
"tstamp": "2022-01-10T10:31:09Z"
}Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"order_ref": "Test-01",
"mid": "428618",
"authorization_id": "MTY0MTgxMDY2OTQyODYxODYzMDEwMz-652612",
"authorized_amount": 1,
"capture_id": "MTY0MTgxMDY2OTQyODYxODYzMDEwMz-652612",
"captured_amount": 1,
"status": "captured"
}
}Step 2: Refund a captured payment
Once captured, a transaction can't be cancelled but have to be refunded.
The authorization_id provided during the payment process must be provided in this request.
The authorization header should not be set for this operation.
The field
tstampMUST be set in order to manage idempotency
Refund Request:
POST /v2/transactions/{authorization_id}/actions/refund HTTP/1.1
Host: directpayment.stg.eu.edenred.io
X-Client-Id: {payment-clientId}
X-Client-Secret: {payment-clientSecret}
Content-Type: application/json
{
"amount": 1,
"currency": "EUR",
"tstamp": "2022-01-10T10:31:09Z"
}Refund Response:
{
"meta": {
"status": "succeeded",
"messages": []
},
"data": {
"mid": "428618",
"refund_id": "MTY0MTgxMjQwNzQyODYxODYzMDEwMz",
"refunded_amount": 1,
"status": "refunded"
}
}4. Error Codes
| Status Code | Status | Code | Level | Description |
|---|---|---|---|---|
| 200 | succeded | OK | Success | OK |
| 200 | succeded | AUTH | Success | The transaction has been authorized. |
| 200 | succeded | AUTH_PENDING | Success | Authorization pending |
| 200 | succeded | PARTIAL_AUTH | Success | The transaction has been partially authorized. |
| 400 | failed | ACCOUNT_BLOCKED | Error | Account blocked |
| 400 | failed | BAD_REQUEST | Error | DATE FROM TOO OLD |
| 400 | failed | BAD_REQUEST | Error | INVALID DATE RANGE |
| 400 | failed | BAD_REQUEST | Error | INVALID PAGE OFFSET |
| 400 | failed | BAD_REQUEST | Error | PIN REQUIRED |
| 400 | failed | BAD_REQUEST | Error | PIN ERROR |
| 400 | failed | BAD_REQUEST | Error | INVALID PRODUCT BALANCE |
| 400 | failed | BAD_REQUEST | Error | INVALID ACCOUNT EXTERNAL REFERENCE |
| 400 | failed | BAD_REQUEST | Error | PIN STATUS NOT BLOCKED |
| 400 | failed | BAD_REQUEST | Error | CARD NOT FULFILLED |
| 400 | failed | BAD_REQUEST | Error | PIN LOCKED |
| 400 | failed | BAD_REQUEST | Error | CARD NOT ACTIVE |
| 400 | failed | BAD_REQUEST | Error | PIN STATUS NOT ACTIVE ACTIVATING |
| 400 | failed | BAD_REQUEST | Error | MAX PIN TRIES EXCEEDED |
| 400 | failed | BAD_REQUEST | Error | The input doesn't respect the contract expected (required fields, type, etc.) |
| 400 | failed | BAD_REQUEST | Error | The server cannot or will not process the request due to an apparent client error. Check messages field for more details. |
| 400 | failed | CARD_ALREADY_ACTIVATED | Error | Card is already activated |
| 400 | failed | CARD_ALREADY_REGISTERED | Error | CARD ALREADY REGISTERED |
| 400 | failed | CARD_BLOCKED | Error | Card is not in valid state |
| 400 | failed | CARD_BLOCKED | Error | CARD/ACCOUNT BLOCKED |
| 400 | failed | CARD_BLOCKED | Error | Card blocked |
| 400 | failed | CARD_NOT_ACTIVATED | Error | Card is not activated |
| 400 | failed | CARD_NOT_ACTIVE | Error | No active card found for the username. |
| 400 | failed | CARD_NOT_BLOCKED | Error | CANNOT RESUME(Card not blocked or already blocked) |
| 400 | failed | CARDHOLDER_ALREADY_EXISTS | Error | CARDHOLDER ALREADY EXISTS |
| 400 | failed | CARDHOLDER_STATUS_INVALID | Error | CARDHOLDER STATUS INVALID |
| 400 | failed | DECLINED | Error | Declined |
| 400 | failed | DECLINED | Error | Transaction declined. |
| 400 | failed | DUPLICATE_CARDHOLDER | Error | DUPLICATE CARDHOLDER |
| 400 | failed | EMPTY_AUTHORIZATION_TOKEN | Error | Unable to retrieve the OpenId token from the request. Please verify your request and, if required, contact the API administrator for assistance. |
| 400 | failed | INCORRECT_PIN | Error | Incorrect PIN |
| 400 | failed | INVALID_ACCOUNT | Error | INVALID ACCOUNT NUMBER |
| 400 | failed | INVALID_ACCOUNT | Error | Invalid account |
| 400 | failed | INVALID_ACTIVATION_CODE | Error | INVALID ACTIVATION CODE |
| 400 | failed | INVALID_AMOUNT | Error | INSUFFICIENT FUNDS |
| 400 | failed | INVALID_AMOUNT | Error | Invalid Amount |
| 400 | failed | INVALID_AMOUNT | Error | Insufficient funds or amount too small/big. |
| 400 | failed | INVALID_AMOUNT | Error | Ensure that the amount you want to cancel matches the authorized amount. |
| 400 | failed | INVALID_CAPTURE_MODE | Error | You are not allowed to capture transaction |
| 400 | failed | INVALID_CARD | Error | Invalid card information provided. |
| 400 | failed | INVALID_CARD | Error | Invalid card |
| 400 | failed | INVALID_CARD | Error | INVALID CARD SERIAL NUMBER |
| 400 | failed | INVALID_CARDHOLDER | Error | INVALID CARDHOLDER |
| 400 | failed | INVALID_CURRENCY_CODE | Error | Invalid currency |
| 400 | failed | INVALID_EMAIL | Error | INVALID EMAIL |
| 400 | failed | INVALID_MERCHANT | Error | Invalid Merchant |
| 400 | failed | INVALID_MERCHANT | Error | The merchant is not valid, please check the given mid. |
| 400 | failed | INVALID_PHONE | Error | INVALID PHONE |
| 400 | failed | INVALID_REQUEST | Error | The configuration allows only single/dual messaging requests. |
| 400 | failed | INVALID_SEARCH_PERIOD | Error | The search period is longer than 3 months. |
| 400 | failed | INVALID_TRANSACTION_TYPE | Error | Invalid transaction type |
| 400 | failed | INVALID_VOUCHER | Error | Invalid Voucher |
| 400 | failed | INVALID_VOUCHER | Error | Voucher not valid. |
| 400 | failed | LIMIT_EXCEEDED | Error | Limit exceeded |
| 400 | failed | LIMIT_EXCEEDED | Error | The amount is incorrect according your past orders. |
| 400 | failed | LOCKOUT | Error | lockout |
| 400 | failed | LOCKOUT | Error | Max PIN tries exceeded. |
| 400 | failed | NON_UNIQUE_MOBILE_NUMBER | Error | NON-UNIQUE MOBILE NUMBER |
| 400 | failed | PARTIAL_AUTH_NOT_SUPPORTED | Error | Partial authorization not supported |
| 400 | failed | PARTIAL_REVERSALS_NOT_ALLOWED | Error | Partial resversals not allowed |
| 400 | failed | PARTIAL_REVERSALS_NOT_ALLOWED | Error | Partial refunds are not allowed. |
| 400 | failed | REFERENCE_ALREADY_EXISTS | Error | REFERENCE ALREADY EXISTS |
| 400 | failed | REGISTRATION_NOT_ALLOWED | Error | REGISTRATION NOT ALLOWED |
| 400 | failed | TEMPORARY_HOLD | Error | Temporary hold |
| 400 | failed | TEMPORARY_HOLD | Error | Transaction temprorary hold. |
| 400 | failed | TOPTP_VALIDATION_FAILED | Error | toptp validation failed |
| 400 | failed | TRANSACTION_DUPLICATED | Error | Transaction Duplicated |
| 400 | failed | TRANSACTION_DUPLICATED | Error | A same transaction already exists. |
| 400 | failed | TRANSACTION_NOT_AUTHORISED | Error | Transaction not authorised. |
| 400 | failed | TRANSACTION_STATUS_MUST_BE_AUTHORIZED | Error | Invalid operation, the status of the transaction must be authorized |
| 400 | failed | TRANSACTION_STATUS_MUST_BE_CAPTURED | Error | Invalid operation, the status of the transaction must be captured |
| 401 | failed | BAD_CREDENTIALS | Error | Bad credentials (401) |
| 401 | failed | INVALID_TOKEN | Error | Invalid, revoked or expired token. You should try to re-authenticate the user. |
| 401 | failed | INVALID_TOKEN_ISSUER | Error | The token has not been issued (tokenUsername) for the current user (username) |
| 401 | failed | UNAUTHORIZED | Error | SSL CONNECTION REQUIRED |
| 401 | failed | UNAUTHORIZED | Error | INVALID SSL CERTIFICATE |
| 401 | failed | UNAUTHORIZED | Error | INVALID CREDENTIALS |
| 401 | failed | UNAUTHORIZED | Error | Missing, invalid or expired token. To fix, you should re-authenticate the user. |
| 401 | failed | USER_INACTIVE | Error | User Inactive. |
| 403 | failed | FORBIDDEN | Error | INVALID IP |
| 403 | failed | FORBIDDEN | Error | INVALID MAC |
| 403 | failed | FORBIDDEN | Error | The request was valid, but the server is refusing action. The user might not have the necessary permissions for this resource. |
| 404 | failed | NOT_FOUND | Error | If no transaction is linked to the transaction_id given as input. |
| 404 | failed | ORIGIN_TRANSACTION_ID_NOT_FOUND | Error | The origin transaction_id is not found. |
| 404 | failed | TRANSACTION_NOT_FOUND | Error | No transaction found for the given transaction_id. |
| 405 | failed | METHOD_NOT_ALLOWED | Error | A request was made of a resource using a request method not supported by that resource; for example, using GET on a form which requires data to be presented via POST, or using PUT on a read-only resource. |
| 405 | failed | METHOD_NOT_ALLOWED | Error | A request was made of a resource using a request method not supported by that resource. |
| 406 | failed | NOT_ACCEPTABLE | Error | The requested resource is only capable of generating content not acceptable according to the Accept headers sent in the request. |
| 412 | failed | PRECONDITION_FAILED | Error | A business precondition has not been; for example, the user has no active cards. |
| 412 | failed | PRECONDITION_FAILED | Error | A business precondition has not been. |
| 415 | failed | UNSUPPORTED_MEDIA_TYPE | Error | The request entity has a media type which the server or resource does not support. |
| 429 | failed | TOO_MANY_REQUEST | Error | Your request has been rejected due to rate limitation. Please check your subscribed service level agreement. |
| 500 | failed | CARD_EXPIRED | Error | Card expired |
| 500 | failed | COMPLIANCE_DATA_NOT_ALLOWED | Error | COMPLIANCE DATA NOT ALLOWED |
| 500 | failed | INTERNAL_ERROR | Error | Internal Server Error |
| 500 | failed | INTERNAL_ERROR | Error | Invalid Message :Field: [value.amt] must be numeric |
| 500 | failed | INTERNAL_ERROR | Error | We had a problem with our server. Please to try again later. |
| 500 | failed | INVALID_POST_CODE | Error | INVALID POST CODE |
| 500 | failed | TRANSACTION_MUST_BE_AUTHORIZED | Error | Invalid operation, the status of the transaction must be authorized |
| 501 | failed | NOT_IMPLEMENTED | Error | For the context of the current business unit, this feature is not supported. |
| 502 | failed | BAD_GATEWAY | Error | INVALID ORIGINATING SYSTEM |
| 502 | failed | BAD_GATEWAY | Error | The server, while acting as a gateway or proxy, received an invalid response from the upstream server. |
| 502 | failed | BAD_GATEWAY | Error | Oups... Something wrong on one of the underlying servers! Please contact the administrator to report the issue. |
| 502 | failed | BAD_GATEWAY | Error | ERROR |
| 502 | failed | BAD_GATEWAY | Error | We had a problem with one of our backends that returns a http 500 status. Please to try again later. |