Craftgate provides you with an uninterrupted and secure payment experience with its end-to-end solutions. In addition to the solutions offered by Craftgate, we also have suggestions for our Merchant to consider. You can contact support@craftgate.io for your questions and comments.
These 2 values, which are required to use Craftgate APIs, should be stored securely (preferably encrypted) and should not be shared with unauthorized persons. In addition, if you wish, you can renew your existing keys periodically from the Merchant Panel. For more information, you can visit the API Key / Secret Key Management page.
Although non-3DS payments are made much faster, they should not be preferred in some cases. It is recommended to pay with 3DS instead of Non-3DS for the following scenarios.
LOST_CARD, STOLEN_CARD, PICKUP_CARD error groups as a result of payment, the user should be followed up and it is recommended to receive new payments with 3DS.In 3D Secure payments, user verification can be done as full or half verification. Full verification takes place by sending the SMS to the user's phone and entering the verification code correctly. Half-verification takes place in cases where the user is not fully included in the 3D Secure system, and/or the phone is not registered in the bank. Half-verified 3D Secure payments can be completed, but there are risks since the user cannot be fully verified.
As Craftgate, we support both solutions. If you wish, you can choose this option from Merchant Panel -> General Settings.
In 3D Secure payments, if the user successfully validates himself, the payment flow continues. While transmitting the verification result to the Merchant, the hash value produced by Craftgate is also transmitted along with some parameters.
Merchant should compare the incoming parameters with the data on its side, basket control, user session information should be checked.
By checking the hash value in the incoming parameters, it should produce the same hash value on its own side and compare the two values. If a hash mismatch occurs the payment should not be continued. For the hash calculation algorithm 3D Secure Payment You can visit the creation page.
You can also verify hashes through the Open Source Libraries that we have presented.
Due to its nature, 3D Secure payments have a flow that takes place in the user's browser and can take an average of 50-60 seconds.
Attention should be paid to the changes made by the user to the basket during the period between the initiation, verification and completion of the 3D Secure payment. When the cart changes, the user should be warned and payment should not be continued. 3D Secure payment should be started again with updated basket information.
The x-cg-signature-v1 value delivered between the HTTP headers should be examined in order to verify that the requests to your webhook URL are being sent from Craftgate.
The information is available on our Webhook page.
If the payment transaction results in an error at the bank, Craftgate groups and classifies the error according to the details of the error and returns you with the most accurate error details. You can find the group of the error in the error group field in the payment response, and the cause of the error in the error description. If you wish, you can show this error message directly to your user, or you can show your own error message according to the error group.
If a payment error is received with LOST_CARD, STOLEN_CARD, PICKUP_CARD error groups as a result of payment, the user should be followed due to fraud possibilities. In case of errors such as NOT_SUFFICIENT_FUNDS, RESTRICTED_BY_LAW, the payment can be tried again by informing the user.
You can find the details on our Error Groups page.