RDP Direct APIs

Overview

Description and Requirements

Red Dot Payment (RDP)’s Direct API (DAPI) allows a non ‘3-D Secure’ transaction to be made through server to server communication. A non ‘3-D Secure’ transaction will cause there is no requirements to redirect cardholder to their issuing bank’s OTP page.

Some requirements for Direct API (DAPI):

• For this ‘Direct API’ (DAPI), RDP server will be only allowing connection via TLS 1.2 or above.
• For transaction request in ‘card mode’, merchant must comply with payment security standard industry, such as PCI-DSS (Payment Card Industry – Data Security Standard).

Direct API (DAPI) Process Flow

It consists of several steps, as per below:

1. 1. Merchant prepares their transaction request in JSON format.
   2. Merchant sends the corresponding transaction request to RDP’s service end-point by allocating the JSON-formatted transaction-request inside the BODY of its HTTP.
   3. Merchant should wait for a direct response from RDP payment gateway.
   4. RDP payment gateway will then establish a secure connection to particular or specific bank or acquirer; and process the transaction accordingly.
   5. RDP will return the result of transaction in a JSON-formatted response.

to determine

1. Merchant should use the result from RDP their next business process and as a record of all history transactions.
2. Result can also be retrieved via Query Phase (Query Result Handling)
3. Result can also be retrieved via Notification result (Push Notification Result)

Fig 3-1. DAPI process flow.