Samsung Pay

The paymentCredential is the output result of startInAppPay() or startInAppPayWithCustomSheet() API method. Refer to the SDK’s PaymentManager.TransactionInfoListener.onSuccess or PaymentManager.CustomSheetTransactionInfoListener.onSuccess in the SDK-API Reference (Javadoc) for additional specifications.

public void onSuccess(PaymentInfo response, String paymentCredential, Bundle extraPaymentData) {
    // You will receive the payloads shown below in paymentCredential parameter
}

The output paymentCredential structure varies depending on the PG you’re using and the integration model (direct, indirect) with Samsung.

Payment Gateway using direct model (e.g. First Data, Adyen, CYBS)
{
"billing_address":{"city":"BillingCity","country":"USA","state_province":"CA","street":"BillingAddr1","zip_postal_code":"123456"},
"card_last4digits":"1122",
"3DS":{"data":"eyJhbGciOiJSU0ExXzUiLCJraWQiOiJCak91a1h2aFV4WU5wOFIwVGs2Y25OaCtZWWFqZXhIeHRVZ0VFdHlhYy9NPSIsInR5cCI6IkpPU0UiLCJjaGFubmVsU2VjdXJpdHlDb250ZXh0IjoiUlNBX1BLSSIsImVuYyI6IkExMjhHQ00ifQ.Fg2OOUvHdGKkIVyBa2S5KtUrPWUeujKZEyxz7n6kALhQahszv3P5JaBaOJ-RoKcznFjDg3qierzjktU7zXST9gwv4Oclahpfdw64w0X6TtAxeYJiIVkJUG-edXXTWaJeyeIkgC68wEhF1CltSqG4zLWi6upVCAywdPpBN0Hl0C5WcF5Az4WABYtV_Fda5aHGuyPnE70kEQRTWdlacW9MzEJx2Xth7Msd9OHoulR8LUQ-7gha17jHoOBwgMoQ9q0hAoCNm0LjWiuhKoRyyu-Njulnbkk8FZus_AIuMgdv2YN9ygFqIlMculb0VWuF0YeKX6IsgAxi0ZQhLiUsJkCZ_w.AuZZxoG46lnrtk3Q.QE2llwS30VzH-ZduuE8b045CnfRm2p-RjZGBnZcHELS3v26N64cFg1AV5mtP5f-fSwbJ3ntP5x4V1NK8FmdY0uSPxzeMfvl5badGAC7w9FrXt6X5xV1Fqu6-q-ZkbxcB9bYgownt983BcKOE1bd5djxFBOdLrc4j68ikDjc5M3LEBDx6hV0aQzKmilCH-JeVL3AwQyKBny4Vj7m3Fizw7u1PRLI2ZfWUkXDfS4Vwv3bPm4QUDEMVnHXJ.qTYmdmn4ne93juljNmWkJg","type":"S","version":"100"},
"merchant_ref":"MerchantId",
"method":"3DS",
"recurring_payment":false
}
Sample paymentCredential JSON output (using JWE-only)
You can decrypt the above 3DS data block using merchant’s private key.
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA4LZYjQR+dqd/XLEOXct9jwTJXHD2PTJke9djtMIjKi0h2Oc2GHoW4uJHHY/1jvFt2+zCnjTOXuVLp+76/DWA3bCwFRj+fPP6x5KKYlPb+dJDYo1TTumltNqCWymJB3u7jBC+xR4vKfRzqjxkE7xhN/SBb82uE8c3sMzVKYnUJi+KHsvN9nr7yReYKrQYxw9z6bPuuEJI7+wImdWWdfMDPetV2wGgQWHq8rnf+98S0NFe1gh+9axuzfZRYyRh+DT5jyq228l4L9nkQEOen8iBJ28xY+3G9hT9KSXJDQGGHml/yFCca+duSo/8ab8ljbHBjgnnO/cO9dMGmPp9/crQmwIDAQABAoIBAHFhL96/FLvzmVyAbXo/0TNXO+4rhOKtyWt+6uzqQ2nlabuNiQm3mFKTz0QIPeMIx+B+XlgK1tGkqf6qovKcYE/69W0/ti//vlnyA2bHXyd2ws123X/MffJ5iepLU7t139Q1Irw8lZl6oN2VKP2YQAlGkgSCZ8HM87l+MFOMGoHE6scqn95+FKQztrKzNZMTRRGVLnkkVZ4Ncogq4X5bD2Wutj/mSWjV9bQf62j++UqDWCp3+LkPkrwlvTLBWZ0WgpDVRtBtdZMsEnz5oTAwRroDSe9UaaE9DOAlf1CY6xQ3e1YaZ92WXZ5AX/nG5unqb1I9iBpe2jR5X7UC1/twfHkCgYEA8PVlfnPSc8+vAfy0YjgAEash3U+wmA6+kKnonU+zzHmvrwbqwOXy11ag4rmA7Hnaofct4KNhSV+Zsn3doN/mqu5j9FfwezIyLifePTLXug7DtRsmAw9nbDshR6Y2foHqCFcEL1+vFc+rURvTMXndVq8ZGjaPKikcusUe11oOv50CgYEA7r1T9FFxmAlSs4CsxcD/DB4Nhud1qtKNgHDVB8GnFp3ZGS3AWta+S3tqFr8APx4cRdVKris12ZYW3yI7RS7hU+PMg8b9mXbhPmHxWCb3TgTrlqX1aVriwHaWvOOk60hmyftShtvwqYRckMeUBBy86U4/F3O8QpMB7shvO+h8h5cCgYABcAVd/sTnqfqKUX6mA12EvXejQWF1VskuRcU8gwg4lRVGPw1Rf022mS62i5LIVmXGh5n/eBoRfP+GwBd9aTiQFoIEKC4oHgGMovJBfTcqRgJG51WPuRzN2YB2U/iJQq8pw5Mj0TdTMvz7q+XTqr12Ue8dZ+vsvXgNaTWo5UGnRQKBgQCmYdhiy2fpV4YFh8XhRDH71e4DeMgutvLa8sfk0feK8ZNd0t7d8A9LN8Wl+JNJaci2eoHDhGXRMKLb+1VnT9bFylq79DDFhW5RNZ0nnHB6NT+jDCJOvIKPM5a2KcjEGP9aAQdw6VN+MLr6Q71KaGTYDCo4Q/aORznvmky7ablwHQKBgHdxL4bE6+EGwy4CMnmbRvzs3/++qjrn0NsxQ7UkZ6zF3xWPK22fmcwaAIDY9SPreFWJKUo+CFVGFUAEUC8l6afmDJaHnRiBnvWbqI8N6p8q6E9Pf21sysaGodq4BGOOUdtdmEgsbfMJ82knAG9o7GqFsEUSB2hpqU6qZHABcdEF
-----END RSA PRIVATE KEY-----
Sample private key
The decrypted output should look similar to this:

{
"amount":"1000",
"currency_code":"USD",
"utc":"1490266732173",
"eci_indicator":"5",
"tokenPAN":"1234567890123456",
"tokenPanExpiration":"0420",
"cryptogram":"AK+zkbPMCORcABCD3AGRAoACFA=="
}

Processing the payload
Depending on the structure of the payment processing API provided by your PG, your merchant app can either:
- Pass the entire paymentCredential output directly to PG, or
- Extract and pass only the “3DS” part to the PG.
Consult your PG documentation for specific guidance.
The 3DS portion of the paymentCredential has the actual token and cryptogram encrypted in accordance with the specification provided by Samsung (See Samsung In-App Payment Framework HLD v2.x)

Payment Gateway using indirect model (e.g. Stripe)
The paymentCredential is the PG’s token reference ID with status.

{
"reference":"tok_18rje5E6SzUi23f2mEFAkeP7",
"status":"AUTHORIZED"
}

Sample paymentCredential JSON output
In the case of Stripe, your merchant app should be able to pass this token object directly to Charge or other appropriate payment processing APIs provided.