Reference
Need help?

Device identification

The and sections in the XML request serve to identify the device, application, and user for each transaction. Aside from the Application Name and Version fields, all other values must be dynamically determined based on the actual device the App is running on, rather than hard-coded. This helps create a unique reference for every transaction request.

For Continuous-Authority requests (recurring payments), this reference must exactly match the one generated during the initial transaction. If there is a mismatch, the request will be declined.

WebView Browser Headers

For transactions where card details are captured by the App and the E-Commerce transaction class is used, you must provide the User Agent and Accept headers that will be sent in any subsequent WebView request. These headers are crucial, as they are transmitted to the 3-D Secure system during the card enrolment check.

If the transaction requires 3-D Secure authentication, some card issuers may compare the headers from the enrolment check with the headers received during the WebView session. If there is a mismatch, the issuer could reject the authentication request, leading to a declined transaction.

Because XML requests and WebView sessions can use different headers, it is critical to obtain the correct headers before sending the request. In some cases, this can only be done by creating a WebView element, intercepting the headers from its HTTP request, and then closing the WebView before it sends any data. This can be managed by attaching event handlers at the appropriate WebView stage.

It is recommended to check these headers either at App startup or right before a transaction requiring them, as browser details within the WebView may change over time. It should not be done during the App installation, as browser updates may occur after installation.

Location Information

Where available, you should also supply the user's current location using the device's location services. The location information can be submitted using specific fields in the transaction request.

These can be supplied using the following fields:

<mobile>
    ...
   <location>
        <lat>Current latitude</lat>
        <long>Current longitude</long>
    </location>
     ...
</mobile>