The swedish payment method Swish is one of the most popular payment methods in Sweden. More than half of the population uses the app on their cell phones. Originally Swish was a joint venture project of the most popular swedish banks as a pure P2P-payment method. Since 2017 it is also available for E-Commerce and POS. If you want to pay, you can either do it via scan of a QR-code or the submission of your mobile or swish number.
You need to order a new Certificate, as described in section 2.6 of the downloaded document. The Certificate Signing Request (CSR) will be provided by Computop.
Overview of the Certificate Management process:
Once you have access to Swish Certificate Management Tool, contact Computop at Computop Helpdesk with request for Swish CSR
Computop creates CSR and sends it to you
You will need to upload the CSR received from Computop in Swish Certificate Management Tool
You will generate and download the Certificate, as described in section 2.6 of the downloaded document. The format of Certificate can be either PEM or PKCS#7.
You will send back to Computop the Certificate as response to email with CSR received from Computop
Paygate interface
Definitions
Data formats
Format
Description
a
alphabetical
as
alphabetical with special characters
n
numeric
an
alphanumeric
ans
alphanumeric with special characters
ns
numeric with special characters
bool
boolean expression (true or false)
3
fixed length with 3 digits/characters
..3
variable length with maximum 3 digits/characters
enum
enumeration of allowed values
dttm
ISODateTime (YYYY-MM-DDThh:mm:ss)
Abbreviations
Abbreviation
Description
Comment
CND
condition
M
mandatory
If a parameter is mandatory, then it must be present
O
optional
If a parameter is optional, then it can be present, but it is not required
C
conditional
If a parameter is conditional, then there is a conditional rule which specifies whether it is mandatory or optional
Notice: Please note that the names of parameters can be returned in upper or lower case.
Call of interface for Swish
Please enter the following URL to process a Swish payment via the Paygate form:
Notice: For security reasons, Computop Paygate rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.
To avoid double payments or actions (e.g. by ETM), enter an alphanumeric value which identifies your transaction and may be assigned only once. If the transaction or action is submitted again with the same ReqID, Computop Paygate will not carry out the payment or new action, but will just return the status of the original transaction or action.
Please note that the Computop Paygate must have a finalized transaction status for the first initial action (authentication/authorisation). This does not apply to 3-D Secure authentications that are terminated by a timeout. The 3-D Secure Timeout status does not count as a completed status in which the ReqID functionality on Paygate does not take effect. Submissions with identical ReqID for an open status will be processed regularly.
Notice: Please note that a ReqID is only valid for 12 month, then it gets deleted at the Paygate.
Um Doppelzahlungen (z.B. durch ETM) zu vermeiden, übergeben Sie einen alphanumerischen Wert, der Ihre Transaktion oder Aktion identifiziert und nur einmal vergeben werden darf. Falls die Transaktion oder Aktion mit derselben ReqID erneut eingereicht wird, führt das Computop Paygate keine Zahlung oder weitere Aktion aus, sondern gibt nur den Status der ursprünglichen Transaktion oder Aktion zurück.
Bitte beachten Sie, dass das Computop Paygate für die erste initiale Aktion (Authentifizierung/Autorisierung) einen abgeschlossenen Transaktionsstatus haben muss. Dies gilt nicht für 3-D Secure Authentifizierungen, die durch einem Timeout beendet werden. Der Status 3-D Secure Timeout gilt nicht als abgeschlossener Status, bei dem ReqID-Funktionalität am Paygate nicht greift. Einreichungen mit identischer ReqID auf einen offenen Status werden regulär verarbeitet.
Hinweis: Bitte beachten Sie, dass eine ReqID nur 12 Monate gültig ist, danach wird sie vom Paygate gelöscht.
Key
Format
CND
Description
Beschreibung
Channel
a3
M
Channel for processing the payment
Possible values: Web or App
Web = eCommerce
App = mCommerce
Kanal, über den die Zahlung abgewickelt werden soll.
Mögliche Werte: Web oder App
Web = eCommerce
App = mCommerce
MobileNr
n..20
C
Customer’s mobile telephone number. (mandatory if Channel = Web)
The submitted mobile telephone number of that person that makes the payment. Only digits are allowed and it must have at least 8 digits and maximal 15 digits. In order to get found by Swish, it also must comply with the following format: Country code + Mobile telephone number (without leading Zero). e.g.: 46712345678
Mobiltelefonnummer des Kunden. (Pflicht, wenn Channel = Web)
Die eingetragene Mobiltelefonnummer der Person, welche die Zahlung vornimmt. Sie darf nur Ziffern enthalten und muss mindestens 8 und maximal 15 Stellen haben. Sie muss auch folgendem Format entsprechen, um von Swish gefunden zu werden: Ländercode + Mobiltelefonnummer (ohne führende Null). z.B.: 46712345678
Complete URL which Paygatecalls up in order to notify the shop about the payment result. The URL may be called up only via port 443. It may not contain parameters: Use the UserData parameter instead.
Common notes:
We recommend to use parameter "response=encrypt" to get an encrypted response by Paygate
However, fraudster may just copy the encrypted DATA-element which are sent to URLFailure and send the DATA to URLSuccess/URLNotify. Therefore ensure to check the "code"-value which indicates success/failure of the action. Only a result of "code=00000000" should be considered successful.
Vollständige URL, die das Paygate aufruft, um den Shop zu benachrichtigen. Die URL darf nur über Port 443 aufgerufen werden. Sie darf keine Parameter enthalten: Nutzen Sie stattdessen den Parameter UserData.
Allgemeine Hinweise:
Wir empfehlen, den Parameter "response=encrypt" zu verwenden, um eine verschlüsselte Antwort von Paygate zu erhalten
Betrüger könnten das verschlüsselte DATA-Element kopieren, welches an URLFailure gesendet wurde, und betrügerisch dasselbe DATA an URLSuccess/URLNotify senden. Überprüfen Sie daher unbedingt den "code"-Wert des DATA-Elements. Nur eine Antwort mit "code=00000000" sollte als erfolgreich angesehen werden.
If specified at request, Paygate forwards the parameter with the payment result to the shop.
Wenn beim Aufruf angegeben, übergibt das Paygate die Parameter mit dem Zahlungsergebnis an den Shop.
Result parameters for Swish payments
The following table gives the results parameters which the Paygate transfers to your URLNotify. If you have specified the Response=encrypt parameter, the following parameters are sent Blowfish encrypted to your system:
If specified at request, Paygate forwards the parameter with the payment result to the shop.
Wenn beim Aufruf angegeben, übergibt das Paygate die Parameter mit dem Zahlungsergebnis an den Shop.
Result parameters for URLNotify
Credit with reference
Credits (refunds) are possible via a Server-to-Server connection. For a Credit with reference to a capture the amount of the Credit is limited to the amount of the previous capture. To carry out a credit with a reference transaction, please use the following URL:
Notice: For security reasons, Computop Paygate rejects all payment requests with formatting errors. Therefore, please use the correct data type for each parameter.
To avoid double payments or actions (e.g. by ETM), enter an alphanumeric value which identifies your transaction and may be assigned only once. If the transaction or action is submitted again with the same ReqID, Computop Paygate will not carry out the payment or new action, but will just return the status of the original transaction or action.
Please note that the Computop Paygate must have a finalized transaction status for the first initial action (authentication/authorisation). This does not apply to 3-D Secure authentications that are terminated by a timeout. The 3-D Secure Timeout status does not count as a completed status in which the ReqID functionality on Paygate does not take effect. Submissions with identical ReqID for an open status will be processed regularly.
Notice: Please note that a ReqID is only valid for 12 month, then it gets deleted at the Paygate.
Um Doppelzahlungen (z.B. durch ETM) zu vermeiden, übergeben Sie einen alphanumerischen Wert, der Ihre Transaktion oder Aktion identifiziert und nur einmal vergeben werden darf. Falls die Transaktion oder Aktion mit derselben ReqID erneut eingereicht wird, führt das Computop Paygate keine Zahlung oder weitere Aktion aus, sondern gibt nur den Status der ursprünglichen Transaktion oder Aktion zurück.
Bitte beachten Sie, dass das Computop Paygate für die erste initiale Aktion (Authentifizierung/Autorisierung) einen abgeschlossenen Transaktionsstatus haben muss. Dies gilt nicht für 3-D Secure Authentifizierungen, die durch einem Timeout beendet werden. Der Status 3-D Secure Timeout gilt nicht als abgeschlossener Status, bei dem ReqID-Funktionalität am Paygate nicht greift. Einreichungen mit identischer ReqID auf einen offenen Status werden regulär verarbeitet.
Hinweis: Bitte beachten Sie, dass eine ReqID nur 12 Monate gültig ist, danach wird sie vom Paygate gelöscht.
Parameters for credits of Swish payments
The following table describes the result parameters with which the Computop Paygate responds to your system
pls. be prepared to receive additional parameters at any time and do not check the order of parameters
the key (e.g. MerchantId, RefNr) should not be checked case-sentive
Basic information about using Batch files and about their structure can be found in the Batch Manager manual. Within batch processing not alle functions are available which are usually available for the online interface.
This section describes the parameters which must be transferred within the data set (Record) for executing credits with Swish, which can be found within the response file about the payment status.
Following table gives an overview of all batch versions that are possible for a specific action and their specialities:
The following table describes the response parameters which the Batch Manager saves in the Record area for each transaction (standard parameters not explained here, such as <TransID> or <RefNR> and request parameters are returned unchanged and correspond to the call as specified before):