Understanding the payment flows for processing transactions through Solidgate is crucial for ensuring a smooth integration.
Auth + Settle
This process involves the merchant obtaining authorization to hold a customer’s funds, Solidgate communicating with the acquirer to process the transaction, and the merchant settling the transaction.
auth
+settle
secures transactions by finalizing payments only after confirming delivery, facilitating smoother refunds and cancellations.
![](https://cdn.solidgate.com/sl-guides/pmt_pmt_ovw_1.0.png)
- The merchant requests
auth
to hold the customer's funds, specifying the hold duration in hours. The merchant either specifies asettle_interval
for auto-settlement or intends to manually settle at a later point. - Solidgate acknowledges receipt and forwards the request to the acquirer for determination of
auth
approval. - Solidgate receives the
auth
response from the acquirer. - Solidgate processes the
auth
response and sends a callback request with transaction status to the merchant. - The merchant confirms receipt of the
auth
status to Solidgate. - After the specified time interval
settle_interval
, Solidgate requests the acquirer to settle the transaction. The merchant can initiate partial settlement before the time interval expires, which results in the automaticvoid
of the remaining hold amount. - The acquirer returns a
settle
response to Solidgate, confirming the transaction settlement. - Solidgate processes the
settle
response and sends it to the merchant via a callback request. - The merchant confirms receipt of the transaction status to Solidgate.
3DS
3D Secure (3DS) enhances online payment security by adding an extra authentication step for credit and debit card transactions. This protocol protects cardholders by requiring a one-time password (OTP) during payment, which only the cardholder can access.
- PSD2 compliance
Under PSD2, 3DS and Strong Customer Authentication (SCA) are mandatory for transactions within the European Economic Area (EEA), enhancing transaction security. - Liability shift
Offers merchants protection by shifting liability for fraudulent transactions to the card issuer if proper authentication is used. This minimizes merchants’ risk of financial loss due to fraud.
3DS is vital for secure e-commerce transactions, protecting both merchants and cardholders by preventing unauthorized card use.
3D Secure 2, the latest version of the protocol, defines two types of authentication flows:
-
Frictionless flow
This is the process of authentication achieved without Cardholder interaction. It streamlines the transaction process by minimizing user input, provided the transaction is deemed low-risk or meets certain criteria set by the issuing bank. -
Challenge flow
If the ACS (Access Control Server - a component that operates in the Issuer Domain) determines that further Cardholder interaction is required to complete the authentication, the Frictionless Flow transitions into the Challenge Flow. This additional step may be necessary in situations where the transaction is deemed high-risk, exceeds certain thresholds, or requires a higher level of authentication due to country mandates or regulations. In such cases, 3DS Requestors (merchants or their acquiring banks) must decide whether to proceed with the challenge or to terminate the 3-D Secure authentication process.
![](https://cdn.solidgate.com/sl-guides/pmt_pmt_ovw_1.1.png)
- The merchant collects card details from the cardholder. They can send a request (
auth
orcharge
) to Solidgate. Concurrently, they have the option to request 3DS authentication by setting theforce3DS:true
parameter in the request. - Upon receipt, Solidgate confirms the request. If the merchant requested 3DS authentication, Solidgate defaults to the 3DS flow.
- Solidgate sends a 3DS request to the acquiring bank. If the transaction is executable, the acquiring bank returns the ACS (Access Control Server) URL to Solidgate.
- Solidgate forwards a
verify_url
embedded with the ACS URL to the merchant. - When the client accesses this URL, Solidgate receives the verification request.
- After the client interacts with the 3DS page, the merchant sends a 3DS request to Solidgate.
- Solidgate then requests the 3DS check status from the acquiring bank.
- The acquiring bank returns a verification response to Solidgate, indicating whether the transaction is approved or declined.
- Solidgate processes the verification response and initiates a callback request, providing the transaction status to the merchant.
- The merchant takes necessary steps and confirms to Solidgate the receipt of the transaction status.
Void
The process involves the merchant obtaining authorization to hold the Customer’s funds and initiating a void
operation if needed. Effective communication between Solidgate, the acquirer, and the merchant is crucial in ensuring a successful transaction.
![](https://cdn.solidgate.com/sl-guides/pmt_pmt_ovw_1.2.png)
- The merchant requests
auth
to hold the customer's funds. - Solidgate acknowledges receipt and forwards the request to the acquirer for determination of
auth
approval. - Solidgate receives the
auth
response from the acquirer. - Solidgate processes the
auth
response and sends a callback request with transaction status to the merchant. - The merchant confirms receipt of the
auth
status to Solidgate. - To initiate the
void
operation, the merchant sends avoid
request to Solidgate. - Solidgate acknowledges receipt and forwards the
void
request to the acquirer. - The acquirer returns a
void
response to Solidgate, indicating whether the transaction is declined or approved. - Solidgate processes the
void
response and sends it to the merchant via the callback request. - The merchant confirms receipt of the transaction status to Solidgate.
Refund
The refund involves coordination between the merchant, Solidgate, and the acquirer for successful processing.
Solidgate immediately forwards refund requests to the cardholder’s bank, but the visibility of funds in the cardholder’s account can take 5-10 business days, depending on the bank. Merchants should advise cardholders to contact their bank if refunds are not visible within this period, using the ARN to expedite the process.
![](https://cdn.solidgate.com/sl-guides/pmt_pmt_ovw_1.3.png)
- The merchant submits a refund request to Solidgate.
- Solidgate acknowledges receipt and forwards the request to determine refund eligibility.
- The acquirer returns a refund response to Solidgate, indicating approval or denial of the refund.
- Solidgate processes the refund response and sends the merchant a callback request with the transaction status.
- The merchant takes necessary actions and confirms receipt of the refund status to Solidgate.
The request to
-
refund
API
for transferring funds back to the cardholder Refunds can be made only for approved transactions.
- get ARN codes API retrieves these codes for specific orders, providing essential information about refunds, currencies, and transaction statuses
- Go to Payments > Orders.
- Select the relevant order and go to the Orders details section.
- Click on Refund.
Tracking refunds with ARN
Acquirer Reference Number (ARN) is crucial for tracing the path of refund transactions from the issuing to the acquiring bank.
The unique 12-character identifier, ARN, enables cardholders to precisely track the refund process with their bank and located in the Transactions section.
Refunds may be declined primarily due to the cardholder’s account being unable to accept them. The common reasons for a declined refund include:
- Prepaid cards: The card does not support refunds, as some prepaid cards often do.
- Frozen account: The account has been frozen due to the suspected fraud, with the freeze initiated either by the cardholder or the bank.
- Closed account: The cardholder has closed their account.
- Disputed transaction: The cardholder has already disputed the transaction.
In these cases, the advisable action for the cardholder is to reach out to their card issuer directly to resolve the issue.
Order tracking
To follow order actions within Solidgate HUB , you can utilize two primary approaches: the Event log and API logs.
The Event log tracks user actions within HUB. It helps identify who executed specific actions on orders.
How to use:
- Navigate to Account settings and select Event log
- Search using Entity ID:
- Obtain the Entity ID from the order link in HUB
- Filter options:
- You can filter the logs by User email , Entity name , Created at from , and Created at to
API logs are essential for verifying API requests related to order actions like settling, voiding, or refunding.
How to use:
- Navigate to Developers and select API logs
- Search and filter:
- Use the filters provided, such as Status , Method , Host , IP address , Created at , etc., to refine your search
- Detailed view:
- Click on a specific log entry to view detailed information, includes the Status , Method , Path , Host , IP address , and the Date (UTC)
- Request and response bodies:
- Expand the Request body and Response body sections to see the JSON payloads sent and received, which provide detailed information, such as order_id , amount , currency , recurring_token , and more
These tools are essential for maintaining transparency, troubleshooting issues, and ensuring accountability within your team.