SDK Programming Guide
  • 3.3.6 paymentCredential Sample
  • The paymentCredential is the output result of startInAppPay() or startInAppPayWithCustomSheet() API method. Refer to the SDK’s PaymentManager.TransactionInfoListener.onSuccess or PaymentManager.CustomSheetTransactionInfoListener.onSuccess in the SDK-API Reference (Javadoc) for additional specifications.
  • public void onSuccess(PaymentInfo response, String paymentCredential, Bundle extraPaymentData) {
        // You will receive the payloads shown below in paymentCredential parameter
    } 
    
  • The output paymentCredential structure varies depending on the PG you’re using and the integration model (direct, indirect) with Samsung.
  • Payment Gateway using direct model (e.g. First Data, Adyen, CYBS)
  • {
    "billing_address":{"city":"BillingCity","country":"USA","state_province":"CA","street":"BillingAddr1","zip_postal_code":"123456"},
    "card_last4digits":"1122",
    "3DS":{"data":"eyJhbGciOiJSU0ExXzUiLCJraWQiOiJCak91a1h2aFV4WU5wOFIwVGs2Y25OaCtZWWFqZXhIeHRVZ0VFdHlhYy9NPSIsInR5cCI6IkpPU0UiLCJjaGFubmVsU2VjdXJpdHlDb250ZXh0IjoiUlNBX1BLSSIsImVuYyI6IkExMjhHQ00ifQ.Fg2OOUvHdGKkIVyBa2S5KtUrPWUeujKZEyxz7n6kALhQahszv3P5JaBaOJ-RoKcznFjDg3qierzjktU7zXST9gwv4Oclahpfdw64w0X6TtAxeYJiIVkJUG-edXXTWaJeyeIkgC68wEhF1CltSqG4zLWi6upVCAywdPpBN0Hl0C5WcF5Az4WABYtV_Fda5aHGuyPnE70kEQRTWdlacW9MzEJx2Xth7Msd9OHoulR8LUQ-7gha17jHoOBwgMoQ9q0hAoCNm0LjWiuhKoRyyu-Njulnbkk8FZus_AIuMgdv2YN9ygFqIlMculb0VWuF0YeKX6IsgAxi0ZQhLiUsJkCZ_w.AuZZxoG46lnrtk3Q.QE2llwS30VzH-ZduuE8b045CnfRm2p-RjZGBnZcHELS3v26N64cFg1AV5mtP5f-fSwbJ3ntP5x4V1NK8FmdY0uSPxzeMfvl5badGAC7w9FrXt6X5xV1Fqu6-q-ZkbxcB9bYgownt983BcKOE1bd5djxFBOdLrc4j68ikDjc5M3LEBDx6hV0aQzKmilCH-JeVL3AwQyKBny4Vj7m3Fizw7u1PRLI2ZfWUkXDfS4Vwv3bPm4QUDEMVnHXJ.qTYmdmn4ne93juljNmWkJg","type":"S","version":"100"},
    "merchant_ref":"MerchantId",
    "method":"3DS",
    "recurring_payment":false
    }
  • Sample paymentCredential JSON output (using JWE-only)

  • You can decrypt the above 3DS data block using merchant’s private key.
  • -----BEGIN RSA PRIVATE KEY-----
    MIIEowIBAAKCAQEA4LZYjQR+dqd/XLEOXct9jwTJXHD2PTJke9djtMIjKi0h2Oc2GHoW4uJHHY/1jvFt2+zCnjTOXuVLp+76/DWA3bCwFRj+fPP6x5KKYlPb+dJDYo1TTumltNqCWymJB3u7jBC+xR4vKfRzqjxkE7xhN/SBb82uE8c3sMzVKYnUJi+KHsvN9nr7yReYKrQYxw9z6bPuuEJI7+wImdWWdfMDPetV2wGgQWHq8rnf+98S0NFe1gh+9axuzfZRYyRh+DT5jyq228l4L9nkQEOen8iBJ28xY+3G9hT9KSXJDQGGHml/yFCca+duSo/8ab8ljbHBjgnnO/cO9dMGmPp9/crQmwIDAQABAoIBAHFhL96/FLvzmVyAbXo/0TNXO+4rhOKtyWt+6uzqQ2nlabuNiQm3mFKTz0QIPeMIx+B+XlgK1tGkqf6qovKcYE/69W0/ti//vlnyA2bHXyd2ws123X/MffJ5iepLU7t139Q1Irw8lZl6oN2VKP2YQAlGkgSCZ8HM87l+MFOMGoHE6scqn95+FKQztrKzNZMTRRGVLnkkVZ4Ncogq4X5bD2Wutj/mSWjV9bQf62j++UqDWCp3+LkPkrwlvTLBWZ0WgpDVRtBtdZMsEnz5oTAwRroDSe9UaaE9DOAlf1CY6xQ3e1YaZ92WXZ5AX/nG5unqb1I9iBpe2jR5X7UC1/twfHkCgYEA8PVlfnPSc8+vAfy0YjgAEash3U+wmA6+kKnonU+zzHmvrwbqwOXy11ag4rmA7Hnaofct4KNhSV+Zsn3doN/mqu5j9FfwezIyLifePTLXug7DtRsmAw9nbDshR6Y2foHqCFcEL1+vFc+rURvTMXndVq8ZGjaPKikcusUe11oOv50CgYEA7r1T9FFxmAlSs4CsxcD/DB4Nhud1qtKNgHDVB8GnFp3ZGS3AWta+S3tqFr8APx4cRdVKris12ZYW3yI7RS7hU+PMg8b9mXbhPmHxWCb3TgTrlqX1aVriwHaWvOOk60hmyftShtvwqYRckMeUBBy86U4/F3O8QpMB7shvO+h8h5cCgYABcAVd/sTnqfqKUX6mA12EvXejQWF1VskuRcU8gwg4lRVGPw1Rf022mS62i5LIVmXGh5n/eBoRfP+GwBd9aTiQFoIEKC4oHgGMovJBfTcqRgJG51WPuRzN2YB2U/iJQq8pw5Mj0TdTMvz7q+XTqr12Ue8dZ+vsvXgNaTWo5UGnRQKBgQCmYdhiy2fpV4YFh8XhRDH71e4DeMgutvLa8sfk0feK8ZNd0t7d8A9LN8Wl+JNJaci2eoHDhGXRMKLb+1VnT9bFylq79DDFhW5RNZ0nnHB6NT+jDCJOvIKPM5a2KcjEGP9aAQdw6VN+MLr6Q71KaGTYDCo4Q/aORznvmky7ablwHQKBgHdxL4bE6+EGwy4CMnmbRvzs3/++qjrn0NsxQ7UkZ6zF3xWPK22fmcwaAIDY9SPreFWJKUo+CFVGFUAEUC8l6afmDJaHnRiBnvWbqI8N6p8q6E9Pf21sysaGodq4BGOOUdtdmEgsbfMJ82knAG9o7GqFsEUSB2hpqU6qZHABcdEF
    -----END RSA PRIVATE KEY-----
  • Sample private key

  • The decrypted output should look similar to this:
  • {
    "amount":"1000",
    "currency_code":"USD",
    "utc":"1490266732173",
    "eci_indicator":"5",
    "tokenPAN":"1234567890123456",
    "tokenPanExpiration":"0420",
    "cryptogram":"AK+zkbPMCORcABCD3AGRAoACFA=="
    }
    
  • Processing the payload
  • Depending on the structure of the payment processing API provided by your PG, your merchant app can either:
    • Pass the entire paymentCredential output directly to PG, or
    • Extract and pass only the “3DS” part to the PG.
  • Consult your PG documentation for specific guidance.
  • The 3DS portion of the paymentCredential has the actual token and cryptogram encrypted in accordance with the specification provided by Samsung (See Samsung In-App Payment Framework HLD v2.x)
  • Payment Gateway using indirect model (e.g. Stripe)
  • The paymentCredential is the PG’s token reference ID with status.
  • {
    "reference":"tok_18rje5E6SzUi23f2mEFAkeP7",
    "status":"AUTHORIZED"
    }
    
  • Sample paymentCredential JSON output

  • In the case of Stripe, your merchant app should be able to pass this token object directly to Charge or other appropriate payment processing APIs provided.