MASTERPASS MERCHANT ONBOARDING & INTEGRATION GUIDE

(1)

MasterPass™ Merchant Onboarding & Integration Guide

MASTERPASS

™

MERCHANT

ONBOARDING & INTEGRATION GUIDE

VERSION 6.1, AS OF DECEMBER 5, 2014

(2)

Notices

Proprietary Rights

The information contained in this document is proprietary and confidential to MasterCard International Incorporated, one or more of its affiliated entities (collectively “MasterCard”), or both. This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of

MasterCard.

Trademarks

Trademark notices and symbols used in this document reflect the registration status of MasterCard trademarks in the United States. Please consult with the Customer Operations Services team or the MasterCard Law Department for the registration status of particular product, program, or service names outside the United States. All third-party product and service names are trademarks or registered trademarks of their respective owners.

Translation

A translation of any MasterCard manual, bulletin, release, or other MasterCard document into a language other than English is intended solely as a convenience to MasterCard members and other customers. MasterCard provides any translated document to its members and other customers “AS IS” and makes no representations or warranties of any kind with respect to the translated document, including, but not limited to, its accuracy or reliability. In no event shall MasterCard be liable for any damages resulting from members’ and other customers’ reliance on any translated document. The English version of any MasterCard document will take precedence over any translated version in any legal proceeding.

Content Disclaimer

No assurances are given that the information provided herein is error-free. You acknowledge and agree that inaccuracies may be present. The information is provided to you on an "AS IS" basis for use at your own risk. MasterCard will not be responsible for any action you take as a result of this document.

Publication Code

(3)

Document Version Notes

Document

Version Date Updates

6.1 12/01/2014

Updated Connected checkout table (p 9)

Added user flows for Standard, Paired, and Returned Checkout (p 12, 14, 15, 17) Updated information about unpairing (p 17)

Added note not uploading test loyalty card numbers (p 22) Added further information about OAuth (p 30)

Added note about key renewal requirements (p 30) Clarified production deployment instructions (p 37) Added note about new SDK/sample code availability (p 39) Clarified checkout resource URL information (p 46 & 72) Updated ECI Values (p 79)

Added note about liability shift and Advanced Checkout (p 53) Added sandbox JavaScript URL (p 38)

Highlighted WalletID in checkout XML (p 79)

Noted inclusion of JCB as an allowed card type (p 56)

6.0 9/19/2014

Added Lightbox UI experience (p 6)

Added New Checkout experience: Connected checkout details (p 12) Merchant Initialization Service - version V6 (p44, 58)

Shopping Cart Service - version V6 (p43, 62) Checkout version - version V6 (p45, 69) Precheckout Service - version v6 (p 44, 78) Postback Service - version V6 (p46, 90) Updated QA Checklist (p 52)

Lightbox Parameters (p 55)

10/26/2013

3DS “No Authentication” value High resolution image links MasterPass ‘Learn More’ link Checkout version v5 schema and xml

(6)

Overview

This document is intended to orient Merchants and their developers seeking to integrate MasterPass as a checkout option on their website and mobile application.

How does MasterPass work?

MasterPass is a service that enables consumers to store, manage and securely share their payment, shipping and rewards information with the websites and mobile apps they transact with. MasterPass supports checkout on full and mobile websites, as well as in-app purchases on Android™ and iOS™ apps.

MasterPass User Interface

The MasterPass user interface, or Lightbox, floats the MasterPass wallet interface on top of the Merchant’s web page through illuminated overlays, and backgrounds dimmed to 0.7 opacity. This modern method allows a consumer to interact with their MasterPass digital wallet without having to leave the merchant’s page. MasterPass Lightbox is built in a responsive design style allowing it to respond dynamically to the various screen sizes and orientations.

MasterPass supports the following displays:  Standard Lightbox display

 Standard full screen display

Standard “Lightbox Display” (desktop and laptop)

At full screen, where the browser is set to 100% height and width, the overall Lightbox dimensions are 740 pixels (height) by 700 pixels (width). This is inclusive of the Lightbox header and footer. The interior Lightbox dimensions are 590 pixels (height) by 680 pixels (width).

If the height of the browser is reduced so that the entire Lightbox has a height of 740 pixels and the width is maintained, the content container has the following dimensions: 530 pixels (height) by 680 pixels (width). If the browser is set to 100% maximum width, but is less than 530 pixels in height (for the content container), vertical scrolling will appear.

If the browser is set to less than 680 pixels in width the Lightbox layout will change to accommodate small screen formats (i.e. phone, smaller tablets). There is a 320 pixel width threshold for the content container.

Shop on merchant site

Click Buy with

MasterPass at checkout Sign into MasterPass -enabled Wallet Select card, shipping address and loyalty Select shipping method Review and confirm transaction

(7)

Standard Mobile Display (.mobi)

Within the .mobi experience, the header and footer are approximately 70 pixels high except for the iPhone 5/5S, which has a header and footer which are approximately 30 pixels high. The interior content area for mobile devices is content dependent. The initial view of content is based on the overall screen sizes. Content that does not fit within the initial view of content can be accessed by scrolling. There will not be a landscape view for mobile; only portrait will be supported.

(8)

Standard Full Screen Display

Under certain conditions, such as when the consumer’s browser does not support the Lightbox display (older browser), or if the merchant has not yet made coding changes to invoke the Lightbox display, or if the URL requesting the Lightbox display is different from the merchant specified origin URL, then MasterPass will render the wallet experience in full screen. This full screen wallet experience supports all functionality and design as that of the Lightbox display.

(9)

9

MasterPass Checkout Experiences

Overview

MasterPass is introducing new checkout options that offer merchants greater flexibility and control over the MasterPass checkout experience.

Merchant MasterPass Merchant

Experience Merchant identifies consumer Consumer Clicks Signs into Wallet Finalizes Payment Method/ Address Reviews/ Submits Order Confirms Order Receipt/ Thank You Page Standard Checkout Buy with MasterPass X X X X X Connected Checkout X Checkout X X* X

(10)

MasterPass Merchant Standard Checkout process flow

The flows below depict the Standard MasterPass Checkout flow with the Lightbox MasterPass UI. Merchants should use this flow for a non-recognized (guest) user.

Merchant Site/App Display Buy with MasterPass at start of checkout Invoke MasterPass Lightbox UI Merchant Back-End Retrieve credentials - Checkout Identifier, Consumer Key &

Callback URL Get Request Token Use Request Token to call Shopping Cart Service with origin URL Use Request Token and Verifier to retrieve Access Token MasterPass Services MasterPass Lightbox Return Checkout Resource URL, request token and Verifier to site/app Display Sign-in page Consumer Sign-in Select Card/ Shipping Address/Loyalty details Review Your Order Return Request Token and Authorize URL 1 2 3 4 9 10 11 12 5 6 8 7 Capture Checkout Resource URL Request Token and Verifier Return Origin URL 13 14 15 Receive Shopping Cart data Return Access Token Return Payment Method, Loyalty and Shipping Address Retrieve purchase data by sending Access Token to Checkout Resource URL 16 Submit transaction to payment gateway/ acquier 17 Receive postback data 18

Calculate final price based on shipping and taxes and user confirms purchase 19 20 Display purchase confirmation page 21

(11)

Standard Checkout User Flow

Standard Checkout M e rc h a n t M a s te rP a s s C o n s u m e r Get Checkout Request Token Request Token Service Initiate lightbox

Displays log-in and checkout options Consumer log-in and make

card / shipping / rewards selection Return Checkout verifier and Checkout resource URL Display order confirmation Consumer

clicks ‘Buy with MasterPass’

Use checkout request token and origin URL to make shopping cart call

Shopping Cart Service Use checkout access token to get checkout data Checkout Service Postback Service Use checkout verifier and checkout request token to get ‘checkout’ Access Token Access token service

MasterPass Connected Checkout Experience

'Connected Checkout” enables MasterPass merchants to provide a customized checkout experience to their registered consumers across all connected channels. In the connected checkout model, consumers who have paired their wallet with the merchant allow that merchant to retrieve the consumer’s pre-checkout data (shipping, and other wallet information, without the actual card number without the consumer having to log

(12)

in to their wallet. The actual PAN will be provided to the merchant only after the consumer logs in to their wallet (by entering only the wallet password). Data shared in connection with the “Connected Checkout” can only be used to implement checkout and must be deleted immediately following the check-out

experience. No data shared during the “Connected Checkout” experience may be retained after the checkout is completed. Adherence to MasterPass branding requirements is required. (For display of Wallet Partner logo and MasterPass logo near the pre-checkout information).

Connected checkout is supported by 3 components.

Pairing of wallet

The consumer consents to ‘pair’ their wallet account with their account on the merchant side (consumer’s merchant account), by agreeing to Connected Checkout. Pairing can happen during Checkout or outside of checkout on the merchant site/app. Pairing enables the consumers’ MasterPass wallet data to be shared with the merchant during current and/or future visits to merchant app/site. This is accomplished by passing a Long Access token to the merchant. No cardholder data should be retained by the Merchant or Service Provider in between checkouts.

NOTE: Long Access token is a one-time use token. Each time a call using Long Access Token is made, a new Long Access token will be passed back to the merchant. This new Long Access token will then need to be stored, to be used the next time.

Pair with MasterPass Wallet during Checkout

In this experience, a consumer pairs their wallet with a merchant while performing checkout. The pairing process starts when a consumer clicks the ‘Buy with MasterPass’ button on the merchant site. This begins a

(13)

to the merchant during the subsequent checkouts without the consumer having to log in to their wallet. When checkout is completed, the consumer data must be immediately deleted.

Pairing During Checkout User Flow

Pair with MasterPass Wallet during Checkout

M

er

ch

an

t

M

as

te

rP

as

s

Co

ns

um

er

Get Checkout Request Token Request Token Service Initiate lightbox Displays wallet selector, log-in, checkout and pairing consent screens Consumer selects wallet, logs-in, select card/ shipping, and consents to pairing Return pairing verifie & token, Checkout verifier & token

and Checkout resource URL Use pairing verifier and pairing request token to get ‘Long’ Access Token Access token service Display order confirmation and pairing Consumer signs onto merchant site and

Clicks ‘Buy with MasterPass’ Get Pairing Request Token Use checkout request token and origin URL to

make shopping cart call Shopping Cart Service Request Token Service Use checkout access token to get checkout data Checkout Service Postback Service Use checkout verifier and checkout request token to get ‘checkout’ Access Token Access token service

(14)

Pair with MasterPass Wallet outside of a Checkout

In this experience, a consumer pairs their wallet with a merchant while not performing checkout e.g. account management. The pairing process starts when a consumer clicks the ‘Connect with MasterPass’ button on the merchant site. This begins a set of exchanges that will bring the consumer through MasterPass and back out to the merchant again. If the consumer agrees to pair their wallet with the merchant, the

consumer’s pre-checkout data will be available to the merchant during their subsequent checkouts without the consumer having to log in to their wallet. When checkout is completed, the consumer data must be immediately deleted.

(15)

Pair with MasterPass Wallet outside of a Checkout

M

er

ch

an

t

M

as

te

rP

as

s

Co

ns

um

er

Get Request Token Request Token Service Initiate lightbox Display wallet selector and prompts consumer signin Consumer logs in Prompts consumer to pair Consumer consents to pairing Return Verifier and request token

Use verifier and request token to get ‘Long Access Token’ Access token service Display pairing confirmation screen to the consumer Consumer signs onto merchant site and

Clicks ‘Connect with MasterPass’ Call Merchant initialization with Origin url Merchant Initialization Service Store long access token and associate with user account

Return Checkout

Once the consumer has paired their wallet account with merchant account, when the consumer returns to the merchant site/app and logs in to their merchant account, the Merchant submits the token to MasterPass to retrieve the consumer’s up to date wallet information (card details without card number, addresses etc.). The merchant can then present this information to the consumer as part of their own experience, with the ability to streamline/personalize the consumer’s experience during Pre-checkout. Consumers can then checkout easily. The actual PAN will be provided to the merchant only after the consumer logs in to their wallet (by entering the wallet password).

Data shared in connection with the “Return/Connected Checkout” can only be used for the express purposes permitted in the MasterPass Operating Rules and must be removed immediately following the check-out experience. No data shared during the “Return/Connected Checkout” experience may be retained after the checkout is completed.

(16)

Return Checkout User Flow

Return Checkout M er ch an t M as te rP as s C on su m er

Uses long access token to call ‘precheckout’ service Receive Pre-Checkout Data & Precheckout Transaction ID and

new long access token Displays login page Initializes LB Postback service Consumer signs onto merchant site Consumer Logs-in and confirms order Use request token and verifier

to get access token Access token service PreCheckout Service Displays Pre-Checkout data to consumer. Consumer makes card /

shipping address selection and clicks Buy

withMasterPass

Return Verifier, request token & checkout url

Use access token to get checkout data Checkout service Displays Order Confirmation Get Request Token Shopping cart call Shopping Cart Service Request Token Service

(17)

Unpairing

A consumer can ‘unpair’ their pairing consent for the merchant at any time, using MasterPass account management. When this happens the precheckout call from the merchant to MasterPass will be rejected. In such situations, merchant can proceed with standard checkout. The merchant can also request pairing with this consumer again.

(18)

Direct Merchant Onboarding

I. Incorporating MasterPass into your site or app

Enabling checkout with MasterPass on your site or mobile app is straightforward—here is an overview of the required activities.

Activity Actor Steps Environment

1. Merchant Registration & Setup

Merchant Create Merchant account, set shipping profile, rewards and advanced authentication

MasterPass Merchant Portal 2. Add Developer

Accounts to Merchant Profile

Merchant Invite developers to manage integration MasterPass Merchant Portal

3. Developer Registration and Setup

Developer

Create MasterPass Developer account MasterPass Merchant Portal Create Developer Zone account MasterCard

Developer Zone Generate developer’s sandbox and production keys

Review sample code/SDK & design services integration

Merchant Engineering Environment Request access to merchant’s sandbox credentials MasterPass Merchant Portal 4. Review Integration

Project & Approval Merchant Approve and grant access to merchant’s sandbox key

MasterPass Merchant Portal 5. Access Sandbox

Credentials Developer

Use merchant’s sandbox key to test against MasterPass sandbox environment

Merchant Engineering Environment 6. Request Production Credentials

Developer Request access to merchant’s production credentials _{Merchant Portal}MasterPass 7. Review Integration

Project & Approval Merchant

Approve and grant access to merchant’s production key

MasterPass Merchant Portal 8. Production

Migration Developer

Update MasterPass API endpoints, Consumer key, Callback URL and Private Key (p12), if different than Sandbox

Merchant Production Environment

The following accounts will be created during this onboarding process. Use the following table to record the account information for future reference.

Account Type Details Account Info

Merchant Portal - Merchant account

Created by merchant business owner. This id should be used to login at https://masterpass.com/SP/Merchant/Home

Go here to create merchant account, invite developers, create shipping profiles, rewards, approve checkout projects etc.

Userid: __________ Email: ___________

Merchant Portal - Developer Account(s)

Created when a merchant invites a developer. It’s a system generated user id. This id should be used to login at

https://masterpass.com/SP/Merchant/Home

Userid: __________ Email: ___________

(19)

Developer Zone - Developer Account(s)

Created by developer and is used for key exchange. This id should be used to login at https://developer.mastercard.com

Go here to perform key exchange, download Sample Applications, integration guide etc.

Userid: __________ Email: ___________

By the end of the integration, your site or mobile app should be able to:

1. Display “Buy with MasterPass” button at the start of the checkout experience. 2. Display “Connect with MasterPass” button.

3. Invoke and display the MasterPass Lightbox.

4. Relay MasterPass checkout requests to the MasterPass service.

5. Get Precheckout data for consumers that have consented to pair their wallets

6. Receive consumer’s billing, shipping address, and rewards data from MasterPass service. 7. Process card, shipping and rewards information using existing process.

(20)

Direct Merchant Onboarding - Steps

1. Merchant Registration and Setup—Merchant Activity

From the MasterPass Merchant Portal, select the country – language from the dropdown and click the Create an Account button to start the registration process. You will be presented with a modal window, into which you will enter the invitation code. Please reach out to your MasterCard representative to obtain an invitation code that will grant you access and allow you to register within the merchant portal. After entering the invitation code, you will be presented with the option to select the registration type. Select Merchant to continue with the registration process as shown in screen shots below. If you need to register as a Service Provider, please access the Service Provider Integration Guide(s).

Create an Account

Enter Invitation Code

(21)

After the merchant account has been created, select “Shipping Locations” to manage your shipping options. Merchants can have multiple shipping profiles and can also set a preferred shipping profile option.

(22)

Select “Rewards Program” to enter details about your reward/loyalty program. The name of the Reward Program and Logo provided will be displayed to the consumer during checkout. Here are the field details

 Reward Program Name: Unique, Min 1- Max 30 characters, String

 Reward Program ID: Required, Unique, Min 1- Max 10 char, Alphanumeric, Non-Editable  Logo: Required, Logo size 65 x 60 pix

NOTE: ‘Test’ reward or loyalty programs must not be entered, as any programs added will be visible to consumers in Production. Any ‘test’ reward programs uploaded may be deleted by MasterPass Support without prior notice.

(23)

If 3DS is available to your country, you may enable it by completing the Authentication Settings section. If 3DS is not available to you, you will not see the Authentication Settings tab.

Select “Advanced Checkout” on the Authentication Settings page, which means that 3DS will run for all checkout transactions for the appropriate card brand. To enable 3DS for your transactions, you will need to supply the details of your 3DS-enabled Acquirer accounts. To add accounts, click “Manage Accounts” and then click “Add Merchant Acquirer.”

(24)

Provide the details requested for each of your MasterCard, Maestro, and/or Visa accounts. If you enable your account for 3DS, you will have the option to “downgrade” the transaction to Basic Authentication during checkout.

(25)

2. Add Developer Accounts to Merchant Profile—Merchant Activity

The first step in setting up MasterPass for your business is to add the developers who will integrate

MasterPass into your checkout flow. From the landing page, you will add developers to the merchant profile. These developers will handle the technical implementation of MasterPass for your site/app. To get started, click the Start This Step button from the MasterPass Setup page.

(26)

Merchants who have an internal or contracted engineering team should select Internal or Contracted Developer, and provide contact information for each developer he/she wishes to invite.

Please forward this integration guide to each invited developer. Each developer will receive invitation emails from MasterPass, indicating that he/she has been invited to handle the technical integration of MasterPass on-behalf of your company. This integration guide will guide the developer through the integration process.

3. Developer Registration, API Keys, Initiate Development & Request

Approval—Developer Activity

Developers invited to integrate MasterPass on behalf of a merchant will manage their integration activities through two portals:

1. MasterPass Merchant Portal (https://masterpass.com/SP/Merchant/Home) 2. MasterCard Developer Zone (http://developer.mastercard.com)

MasterPass Developer Account

Developers will use the MasterPass Merchant Portal to request, and access merchant-specific integration credentials, which will be used when interacting with the MasterPass web services. After the merchant invites you as a developer, you should have received your MasterPass Developer credentials in two emails from MasterPass. Follow the instructions in the emails to create your developer account.

(27)

MasterCard Developer Zone Account

Developers invited to integrate MasterPass on behalf of a merchant will use MasterCard Developer Zone to view integration documentation and generate developer keys. To create a Developer Zone account, visit

Developer Zone and click Register. After submitting the form, be sure to activate the account using the confirmation email.

Generate MasterCard Developer Zone Developer API Keys

After creating your account, you will need to generate two sets of API keys (one each for the sandbox and production environments). To make keys easy to distinguish, it’s recommended to prefix sandbox keys "SBX_" and production keys with "PRD_".

Create Sandbox Key

(28)

On the My Dashboard page, click My Keys button and then click on Add a Key button.

In order to get an API Key, you need to supply a PEM encoded Certificate Request File. You may use a tool of your choice, such as "openssl" or Java's "keytool" to generate this CSR, or you may use the CSR generation tool on the developer zone portal. Click here to see instructions for using CSR generation tool. Complete the form, select Sandbox for Environment, and click Submit.

(29)

Create Production Key

To create a Production API key, return to My Dashboard and click on My Keys. Then click on Add a Key and make sure you select Production environment. Complete the form and click Submit.

At this point, developers will have Sandbox and Production Key ID. These IDs will be used when submitting a checkout project to the merchant for approval.

Note: Keys expire after 1 year before which they should be renewed by initiating the Developer Zone Key

Renewal process. Notifications at 30, 15 and 1 day prior to key expiration will be sent to the email address

associated with the Developer Zone account. Your integration will stop working if the keys are expired. When the keys expire, the checkout project will not work and the MasterPass transactions will fail. Therefore the keys need to be renewed prior to expiration.

Initiate Development

At this point, developers should begin developing their own implementation. Sample Applications for .NET (C#), Java, PHP and Ruby will be made available for download from Developer Zone. Please contact MasterPass Support if the sample applications are not available in the language you need them in. MasterPass follows the OAuth 1.0a specification. Any merchant or Service Provider integrating with MasterPass must strictly adhere to the OAuth specs for interacting with MasterPass through Open API Gateway. Failure to implement OAuth correctly may impact your integration and transactions with MasterPass.

(30)

https://developer.mastercard.com/portal/display/api/Authentication

Request Access to Merchant’s Sandbox Details

Prior to allowing the developer’s code to interact with the MasterPass service (on-behalf of a merchant) the merchant must approve the checkout project created by the developer. The developer will make two separate approval requests. The first request is to grant the developer access to credentials that will enable his/her code to transact with the MasterPass sandbox environment on-behalf of the merchant. The sandbox environment does not contain real consumer data. The second request is for production

credentials, which will enable real transactions.

Developers will use MasterPass Merchant Portal to request, and access merchant-specific integration credentials, which will be used when interacting with the MasterPass services. The credentials are requested by submitting a checkout project.

To get started, sign into the MasterPass Merchant Portal. Under Manage Development, click Checkout Projects -> Create New Project and complete the New Project creation wizard.

(31)

Select Commerce Channel

Enter Project Name, Project Description

Enter branding elements for the merchant (Merchant Name, Logo), domain-level URL that the MasterPass consumers will be launched from in the sandbox and production environments. Merchant Name will be displayed if no logo is provided. The recommended logo dimensions for a website project are 100x60 pixels; the recommended logo dimensions for a mobile project is 80X30 pixels.

(32)

Enter the sandbox and production Key IDs that were created on MasterCard Developer Zone.

Create Checkout Project Developer Zone – Production Key ID

Developer Zone – Sandbox Key ID

(33)

4. Review Integration Project & Approval/Reject—Merchant Activity

After the Developer submits the request for sandbox credentials, the Merchant will get an email notification. The Merchant will log on to the MasterPass Merchant Portal, review the branding and provide approval.

After clicking Approval Requests on the navigation bar, the user will see a list of open requests. Click View Details.

Merchant must click “View details” of the checkout project to approve it. Please note that the consumer facing UI will be the new MasterPass Lightbox user interface, and the branding shown will be different in the end user experience. The MasterPass interface in this step is illustrative only and not representative of actual end consumer user interface.

(34)

The user will be presented with the option to either Approve or Reject the project. If rejected, a reason must be provided, and the developer will be allowed to modify the entry and resubmit.

5. Access Sandbox Credentials, Complete Development and Test—

Developer Activity

Access Merchant Sandbox details

After approval has been granted by the Merchant, the Developer will receive an email notification that changes have been approved. The Developer will sign into the MasterPass Merchant Portal and will note

(35)

(Please note MasterPass UI is illustrative only and is not representative of actual consumer UI). Make a note of the following values as they will be used in the code to integrate with MasterPass web services:

 Consumer Key (97 characters)  Callback URL

 Checkout Identifier

(36)

6. Request Production Credentials—Developer Activity

Once the application has been tested against sandbox, the developer will request merchant’s production credential. This is done by submitting the checkout project created in Step 3 to the merchant for approval.

7. Approve Production Credential Request—Merchant Activity

After developer submits request for production credentials, merchant will get an email notification. Merchant will log on to MasterPass Merchant Portal, click on Approval Requests and provide approval (similar to step 4).

(37)

8. Deploy application using Production Credentials—Developer Activity

Once the merchant has approved the checkout project, the developer will receive email containing the merchant’s production Consumer Key, production callback URL and the Checkout Identifier.

Prior to production deployment:

- Ensure that you have implemented the MasterPass button on your site or app - Your sandbox implementation passes all items in the QA checklist

To move your code to production, update your code with the MasterPass production endpoint, merchant’s production Consumer Key, production callback URL and the keystore if different than Sandbox. The last step is to deploy your code to production.

You’re all done creating your checkout project!

Note: For more details on the specific configuration parameters, please refer to the FAQ section at https://developer.mastercard.com/portal/display/api/MasterPass+-+Merchant+Checkout+-+FAQs

and look for the question, “What are the various parameters I need, to call MasterPass services and where do I get them from?”

(38)

Integration Process

For a step by step guide through integration and illustration of the various calls to MasterPass, you can download the example of our code available in various languages such as Java, C#, php, and Ruby. You can also access the sample code for correct implementation of signature base string and exchanges with MasterPass.

https://developer.mastercard.com/portal/display/api/MasterPass+-+Merchant+Checkout+-+Sample+Code

Lightbox Integration

Lightbox integration is required to launch MasterPass user interface. In order to invoke the Lightbox, merchants will need to include the following scripts on the page they implementing ‘ Buy with MasterPass’ or ‘Connect with MasterPass’ buttons:

1. https://www.masterpass.com/lightbox/Switch/assets/js/jquery-1.10.2.min.js

It is recommended to pull the jQuery file from the public jQuery repository

https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js 2. MasterPass Script a. Production -https://www.masterpass.com/lightbox/Switch/integration/MasterPass.client.js b. Sandbox - https://sandbox.masterpass.com/lightbox/Switch/integration/MasterPass.client.jswall

Standard Checkout

The following steps are necessary to integrate a standard MasterPass checkout. For further information, click on each step of the process.

1. Request Token Service 2. Shopping Cart Service

3. Merchant Initialization Service (Optional based on Shopping Cart parameters) 4. Invoke MasterPass UI(Lightbox) for checkout

5. Standard Callback method or Redirect to callback URL 6. Access Token Service

7. Retrieve Payment, Shipping Data, Rewards and 3DS Details

8. Authorize Payment through payment processor

9. Postback Service

Invoke MasterPass UI (Lightbox)

Within a script tag the merchant must invoke the checkoutButton method with the required parameters. Here is an example

"requestToken":"insert_request_token_here",

"callbackUrl":"http://www.somemerchant.com/checkoutcomplete.htm", "merchantCheckoutId":"insert_checkout_id_here",

(39)

Required parameters are:

» requestToken- The merchants request token from OpenAPI.

» callbackUrl- A URL to redirect the browser to when checkout is complete. Required unless you use the callback method.

» merchantCheckoutId- The merchant’s unique checkout id.

» allowedCardTypes – Card types accepted by merchant

» accepted by merchant

» version – checkout version (v6)

Lightbox parameter details can be found here.

Standard Checkout Callback

Once a checkout completes, MasterPass will return context to the merchant. This can be done via: a. callback URL or

b. A javascript call back method. If you wish to use the callback method, “failureCallback” and “successCallback” parameters must be set when invoking MasterPass Lightbox UI.

a. Redirect to Merchant Callback URL Example

http://www.somemerchant.com/checkoutcomplete.htm?status=success&checkout_res ource_url=https%3A%2F%2Fstage.api.mastercard.com%2Fmasterpass%2Fv6%2Fcheckou t%2F10189977%3Fwallet%3Dphw&oauth_verifier=6c50838e31b7441e6eafa222938545288 9255b13&oauth_token=d6fa60984308aebb6183d44fb9688fb9dc8332dc

b. Checkout Callback method Example

function onSuccessfulCheckout(data) {

document.getElementById('oauthToken').value=data.oauth_token; document.getElementById('oauthVerifer').value=data.oauth_verifier; document.getElementById('checkoutUrl').value=data.checkout_resource _url;

}

Pairing with MasterPass Wallet without Checkout

Note: For Pairing to occur, the merchant must have a way of identifying consumers on the merchant site prior to requesting pairing

The following steps are necessary to establish a connection to a consumer’s wallet outside of checkout flow. For further information, click on each step of the process.

1. Authenticate user on merchant site

2. Request Token Service 3. Merchant Initialization Service

4. Invoke MasterPass UI(Lightbox) for Pairing

5. Pairing Callback method or Redirect to callback URL 6. Access Token Service

(40)

Invoke MasterPass UI

Consumers can pair their MasterPass wallet with merchant outside of checkout by clicking on “Connect With MasterPass button”. Merchants can display the “Connect with MasterPass” button anywhere on their site except on checkout pages or pages where payment is initiated to enable pairing outside of checkout e.g. Account Management.

Within a script the merchant must invoke the connect method with the required parameters. Here is an example

"pairingRequestToken":"de7647ac630b50f32f5c9addac122614a727ba52f", "callbackUrl":"http://www.somemerchant.com/pairingcomplete.htm", "merchantCheckoutId":"insert_checkout_id_here",

"requestedDataTypes":"[REWARD_PROGRAM, ADDRESS, PROFILE, CARD]", "requestPairing":true,

"version":"v6" });

</script>

» pairingRequestToken- Request token for pairing

» callbackUrl- A URL to redirect the browser to when pairing is complete. Required unless you use the callback method.

» merchantCheckoutId- The merchant’s unique checkout identifier.

» requestedDataTypes- an array of data types the merchant wants paired for. Valid values are CARD, PROFILE, ADDRESS and REWARD_PROGRAM.

» requestPairing- value should be true » version – checkout version (v6) Lightbox parameter details can be found here

Pairing without checkout Callback

Once a pairing flow completes, MasterPass will return context to the merchant. This can be done via a callback URL or a javascript call back method. If you wish to use the callback method, “failureCallback” and “successCallback” parameters must be set when invoking MasterPass lightbox.

Callback Parameter Details

http://www.somemerchant.com/pairingcomplete.htm?status=success&pairing_verif ier=6c50838e31b7441e6eafa2229385452889255b13&pairing_token=886116426bdb8cd83 deed1fbe73df21646016b1f

Pairing Callback method Example

function onSuccessfulPairing(data) {

document.getElementById('pairingToken').value=data.pairing_token; document.getElementById('pairingVerifer').value=data.pairing_verifier; }

(41)

Pairing with MasterPass Wallet during Checkout

The following steps are necessary to establish a connection to a consumer’s wallet during a checkout. For further information, click on each step of the process.

1. Request Token Service* – to get Checkout request token

2. Request Token Service *– to get pairing request token

3. Shopping Cart Service

4. Merchant Initialization Service (Optional based on Shopping Cart parameters) 5. Invoke MasterPass UI for Standard Checkout with Pairing

6. Pairing Callback method or Redirect to callback URL

7. Access Token Service** - to get Checkout access token 8. Access Token Service** - to get long access token

11. Postback Service

*The request token service to get checkout request token and pairing request token is the same service call but needs to be differentiated by the merchant.

**The access token service will be called twice, one for long access token (used to retrieve pre-checkout data) and other to retrieve pre-checkout data for current transaction.

Invoke MasterPass UI for Pairing during Checkout

Within a script tag the merchant must invoke the checkout method with the required parameters. Here is an example

"requestToken":"de4847ac630b50f32f5c9ddac122614a727ba52f",

"callbackUrl":"http://www.somemerchant.com/checkoutcomplete.htm", "pairingRequestToken":"de7647ac630b50f32f5c9addac122614a727ba52f", "requestedDataTypes":"[REWARD_PROGRAM, ADDRESS, PROFILE, CARD]", "merchantCheckoutId":"a4d6x6r6zhak9hvkkkl091hvofxxmat4y",

"allowedCardTypes":["master", "amex", "discover"], "requestPairing":true,

"version":"v6" });

</script>

» requestToken- Request token used to get checkout access token.

» callbackUrl- A URL to redirect the browser to when checkout is complete. Required unless you use the callback method.

» pairingRequestToken – Request token used to get long access token

» requestedDataTypes- an array of data types the merchant wants paired for. Valid values are CARD, PROFILE, ADDRESS and REWARD_PROGRAM. PROFILE and CARD are mandatory.

(42)

» allowedCardTypes – Card types accepted by merchant

» requestPairing- value should be true. » version – checkout version (v6) Lightbox parameter details can be found here

Pairing during Checkout Callback

Once a checkout and pairing completes, MasterPass will return context to the merchant. This can be done via a callback URL or a javascript call back method. If you wish to use the callback method, “failureCallback” and “successCallback” parameters must be set when invoking MasterPass lightbox. Parameter Details Redirect to Merchant Callback URL Example

http://www.somemerchant.com/checkoutcomplete.htm?status=success&checkout_resou rce_url=https%3A%2F%2Fstage.api.mastercard.com%2Fmasterpass%2Fv6%2Fcheckout%2F 10706241%3Fwallet%3Dphw&oauth_verifier=fbe45bcad30299c93765b1fb4b45bab208f8445 8&oauth_token=d9382e34e0721a68a9952110cecdf89517e45498&pairing_verifier=6c5083 8e31b7441e6eafa2229385452889255b13&pairing_token=35b2a0cf87f8160fcb5d24996a12e db7cce4c530

Callback method Example

document.getElementById('oauthToken').value=data.oauth_token; document.getElementById('oauthVerifer').value=data.oauth_verifier; document.getElementById('checkoutUrl').value=data.checkout_resource _url;

document.getElementById('pairingToken').value=data.pairing_token; document.getElementById('pairingVerifer').value=data.pairing_verifi er;

}

Return Checkout (Checkout after Wallet Pairing)

The following steps are necessary to integrate a connected checkout flow. For further information, click on each step of the process.

1. Consumer logs onto Merchant site/app

2. Pre-Checkout Data Service

3. Consumer makes card / shipping address selection and clicks on ‘Buy with MasterPass’ 4. Request Token Service

5. Shopping Cart Service

6. Merchant Initialization Service (Optional based on Shopping Cart parameters) 7. Invoke MasterPass UI for Connected Checkout

8. Callback method or Redirect to callback URL

9. Access Token Service (Checkout)

(43)

Within a script tag the merchant must invoke the checkout method with the required parameters. Here is an example

» requestToken- The merchants request token from OpenAPI.

» callbackUrl- A URL to redirect the browser to when checkout is complete. This URL should match the domain specified when creating the checkout project. Required unless you use the callback method.

» merchantCheckoutId- The merchant’s unique checkout id.

» cardId- The id of the card the user selected.

» shippingId- The id of the shipping address the user selected

» precheckoutTransactionId – Pre checkout transaction ID from precheckout xml

» walletName – Wallet Name from precheckout xml

» consumerwalletId – Consumer Wallet ID id from precheckout xml

» version – checkout version (v6)

Lightbox parameter details can be found here

Connected Checkout Callback

Once a checkout completes, MasterPass will return context to the merchant. This can be done via a callback URL or a javascript call back method. If you wish to use the callback method, “failureCallback” and

“successCallback” parameters must be set when invoking MasterPass lightbox. Here are the examples Redirect to Merchant Callback URL Example

http://www.somemerchant.com/checkoutcomplete.htm?status=success&checkout_resou rce_url=https%3A%2F%2Fstage.api.mastercard.com%2Fmasterpass%2Fv6%2Fcheckout%2F 10706241%3Fwallet%3Dphw&oauth_verifier=fbe45bcad30299c93765b1fb4b45bab208f8445 8&oauth_token=d9382e34e0721a68a9952110cecdf89517e45498

Callback method Example

document.getElementById('oauthToken').value=data.oauth_token; document.getElementById('oauthVerifer').value=data.oauth_verifier; document.getElementById('checkoutUrl').value=data.checkout_resource _url; }

(44)

Service Descriptions:

Request Token Service

This should be executed when a consumer clicks “Buy with MasterPass” button or “Connect with MasterPass” button on your site/app.

For Pairing during checkout, this service will need to be called twice:

 once to exchange for a Long Access Token which is used to retrieve precheckout data and  once to exchange for an Access Token which is used to retrieve checkout data

Request and response parameter details can be found here.

Sandbox and Production Endpoints

https://sandbox.api.mastercard.com/oauth/consumer/v1/request_token

https://api.mastercard.com/oauth/consumer/v1/request_token

Shopping Cart Service

Merchants must call the Shopping Cart service before invoking the MasterPass UI for checkout. This enables shopping cart data to be displayed to users as they proceed through the MasterPass login and checkout.

Shopping cart request has an optional OriginUrl field, if the merchant sets this, it will remove the need to call the merchant initialization service before displaying the Lightbox. Request and response parameter details can be found here.

(45)

https://sandbox.api.mastercard.com/masterpass/v6/shopping-cart

https://api.mastercard.com/masterpass/v6/shopping-cart

Merchant Initialization Service

This service is used to secure Lightbox connections between merchant and MasterPass This service requires a request token (OAuthToken); This service call should be used when shopping cart service is not called e.g. pairing during non-checkout flow.

https://sandbox.api.mastercard.com/masterpass/v6/merchant-initialization https://api.mastercard.com/masterpass/v6/merchant-initialization

Access Token Service

Next step is to exchange a Request token for an Access token from the MasterPass service. For Pairing during checkout, this service will need to be called twice: once for requesting the checkout access token which is used to retrieve checkout data; and one for requesting the long access token which is used to retrieve pre-checkout data. You will use the Request Token (oauth_token) and Verifier (oauth_verifier) from the merchant callback to get an access token. Request and response parameter details can be found here.

https://sandbox.api.mastercard.com/oauth/consumer/v1/access_token https://api.mastercard.com/oauth/consumer/v1/access_token

Pre-Checkout Data Service

MasterPass provides merchants with the ability to request paired consumer’s data (card alias, shipping addresses, loyalty program, and profile information) prior to the actual MasterPass checkout. This gives the merchant the ability to provide the consumer the opportunity to pre-select their checkout options before completing the checkout.

If for any reason the precheckout call gets rejected at MasterPass (merchant requests data that the consumer did not originally consent to, if the pairing has been deleted by the user, if the Long Access token has expired, etc.) the merchant has to request pairing again.

Note: This is not required for standard checkout.

https://sandbox.api.mastercard.com/masterpass/v6/precheckout https://api.mastercard.com/masterpass/v6/precheckout

(46)

Retrieve Payment, Shipping Data, Rewards and 3DS Details

Now you will use the Checkout Resource URL request parameter (checkout_resource_url) received from the callback URL to retrieve consumer’s payment, shipping address, reward and 3DS information from

MasterPass.

The checkout resource url supplied by MasterPass should be decoded and consumed by the merchant as provided by MasterPass. MasterPass may add or delete parameters in future. Example:

Below are two example callback urls with the checkout_resource_url parameter highlighted: 1)

https://AnyMerchant.com/CheckoutCallback?mpstatus=success&checkout_resource_url=https%3A%2F

%2Fapi.mastercard.com%2Fmasterpass%2Fv6%2Fcheckout%2F11318523&oauth_verifier=aa2ff8e8f11

44f45c3b8fdc3d42398913a49e387&oauth_token=b8361ad151af35f71df7b395e083befcaf8192dd

Decoded checkout url:

checkout_resource_url=https://api.mastercard.com/masterpass/v6/checkout/11318523 2)

https://AnyMerchant.com/CheckoutCallback?checkout_resource_url=https%3A%2F%2Fapi.mastercard. com%2Fmasterpass%2Fv6%2Fcheckout%2F11318500&checkoutId=11318500&oauth_verifier=aa2ff8e 8f1144f45c3b8fdc3d42398913a49e387&oauth_token=b8361ad151af35f71df7b395e083befcaf8192dd Decoded checkout url:

checkout_resource_url=https://api.mastercard.com/masterpass/v6/checkout/11318500&checkoutId=11318500 Request and response parameter details can be found here.

Please note that MasterPass performs a CVC/CVV check at card enrollment. However, in accordance with PCI standards, CVC2/CVV2 data is not persisted, and will not be provided to the merchant. As the card data has been validated and securely stored by MasterPass, merchants must not require CVC/CVV entry from a consumer checking out with MasterPass.

Note: In cases where, prior to submitting their order, the cardholder chooses to replace the payment details provided by MasterPass with different, manually entered payment details, Merchants should ask the cardholder to enter CVV2/CVC2/CID as they would in the normal course and should not pass the wallet indicator flag to the acquirer. In this case, the transaction is no longer considered to be a MasterPass transaction. Checkout Postback is still required. It is recommended not to allow consumers to change their card details after returning from MasterPass.

In accordance with MasterCard bulletin Global 550—Identification of PayPass Transactions, a 3-byte wallet Indicator (WID) Flag (WalletID xml element in the checkout xml will be part of the output returned by this request. This value must be passed to your acquiring bank, and will indicate that the customer’s payment details were provided by the MasterPass, rather than being manually entered. You many need to work with your payment provider (acquirer, payment gateway, etc.) to understand how best to handle this data element. In the event, your acquirer has not completed implementation of this bulletin, your transactions will continue to process as-is. Please contact your MasterCard representative to get the bulletin.

(47)

 Dual Message System (Authorization)—Data element (DE) 48 (Additional Data—Private Data), sub element 26 (Wallet Program Data), subfield 1 (Wallet Identifier)

 Dual Message System (Clearing)—PDS 0207 (Wallet Identifier)

 Single Message System—DE 48 (Additional Data), sub element 26 (Wallet Program Data), subfield 1 (Wallet Identifier)

Postback Service

Note: This is a mandatory step.

The final step of a MasterPass transaction is a service call from the merchant to MasterPass,

communicating the result of the transaction (success or failure). Abandoned transactions do not need to be reported. Please note that the <TransactionId> value should be the value from the <TransactionId> element of the Checkout XML returned in the Checkout request.

Request and response parameter details can be found here. The following fields are passed in the postback service call:

 ConsumerKey: Consumer key from checkout project  Currency: Currency for the transaction e.g. USD

 OrderAmount: Transaction Order Amount e.g., 1500 (for $15 transaction amount)  PurchaseDate: Date of Purchase

 ApprovalCode: 6-digit approval code returned by payment API.

 TransactionId: Transaction ID from TransactionId element of the Checkout XML from the retrieve payment, shipping, rewards and 3DS data service call for example, “35201”

 TransactionStatus: Status of transaction. Valid values are o SUCCESS: For approved transaction

o FAILURE: For declined transaction

 PreCheckoutTransactionId: Comes from PrecheckoutTransactionId element of the PrecheckoutData XML. (this is not required for Standard Checkout)

(48)

https://sandbox.api.mastercard.com/masterpass/v6/transaction

https://api.mastercard.com/masterpass/v6/transaction

Android and iOS App Integration

Your Android or iOS application should invoke a backend service to initiate the OAuth authorization. On the native application side, most of the work involves connecting to your backend services.

The basic process is as follows:

1. Perform a POST to ${server}/appToWallet/initialize with the shopping cart data in the POST message a) The server will request the Request Token, pairing, and precheckout data, post the shopping cart

data to MasterPass services and generate the Redirect URL.

b) The server will pass the Redirect URL and the Callback URL back to the mobile application. 2. On a 200 response, save the Callback URL, and use the user Redirect URL to open a Web View 3. Watch the Web View for navigation to the Callback URL.

4. On navigation to the Callback URL,

a) If the query parameter section of the Callback URL only contains the oauth_token, the user did not complete selection in MasterPass. Return the user to the cart view, or wherever your particular requirements dictate.

b) If the query parameter of the Callback URL section contains information, parse out the oauth_token, oauth_verifier, and checkout_resource parameter values, perform a string replacement on the checkout_resource value to replace ‘/’ with ‘.’ and use these to perform a GET

to${server}/appToWallet/checkoutInformation/${oauth_token}/${oauth_verifier}/${checkout_resource} c) Note: Do not send the full PAN to the mobile device. This information should be stored on the server

similarly to the server/browser implementation.

5. On a 200 response, use the returned information to produce a summary view for the user to give final approval to the transaction (pursuant to your specific requirements.)

6. After the consumer completes the transaction, the server should submit postback to MasterPass.

MasterPass Branding

Displaying “Buy with MasterPass” Button and Acceptance Marks

The MasterPass acceptance mark and checkout button image URLs can be found below. To ensure the best consumer experience, the checkout button should be placed at the beginning of the checkout experience, prior to the collection of shipping and billing information.

(49)

To minimize the impact of future branding updates, please use the country specific link to the images on the checkout page rather than downloading them and hosting the images locally. In order to successfully integrate with MasterPass and enable successful checkout by an end-user consumer via the service, the “Buy with MasterPass” checkout button must be integrated on the merchant website and displayed as

noted in the MasterPass Branding Requirements document available on MasterCard developer zone.

The URL naming convention uses the base URL, Language Code (ISO 639-1), Country Code (ISO 3166-and Button as shown below: Base URL/Language/Country/Image File Name

Base URL: https://www.mastercard.com/mc_us/wallet/img/ Note: The list of language/country folders can be found at

https://developer.mastercard.com/portal/display/api/MasterPass+-+Merchant+Checkout+-+FAQs under

the question, “Which countries and locales are currently supported to link 'Buy with MasterPass' images?” Buy with MasterPass button Example:

Below is an example of how a Merchant can include the checkout button. <div class="MasterPassBtnExample">

<a href="/exampleRedirect"> <img

src="https://www.mastercard.com/mc_us/wallet/img/en/US/mcpp_wllt_btn_chk_147x 034px.png" alt="Checkout with MasterPass Button Example" />

</a> </div>

MasterPass Checkout Images

PNG Checkout Buttons

/mcpp_wllt_btn_chk_147x034px.png /mcpp_wllt_btn_chk_160x037px.png /mcpp_wllt_btn_chk_166x038px.png /mcpp_wllt_btn_chk_180x042px.png GIF Checkout Buttons

/mcpp_wllt_btn_chk_147x034px.gif /mcpp_wllt_btn_chk_160x037px.gif /mcpp_wllt_btn_chk_166x038px.gif /mcpp_wllt_btn_chk_180x042px.gif GIF Acceptance Marks

/mp_mc_acc_023px_gif.gif /mp_mc_acc_030px_gif.gif /mp_mc_acc_034px_gif.gif /mp_mc_acc_038px_gif.gif /mp_mc_acc_050px_gif.gif /mp_mc_acc_065px_gif.gif /mp_mc_acc_113px_gif.gif

PNG Checkout Buttons – High Resolution /mcpp_wllt_btn_chk_290x068px.png /mcpp_wllt_btn_chk_317x074px.png /mcpp_wllt_btn_chk_326x076px.png

(50)

/mcpp_wllt_btn_chk_360x084px.png GIF Checkout Buttons – High Resolution /mcpp_wllt_btn_chk_290x068px.gif /mcpp_wllt_btn_chk_317x074px.gif /mcpp_wllt_btn_chk_326x076px.gif /mcpp_wllt_btn_chk_360x084px.gif

GIF Acceptance Marks – High Resolution /mp_acc_046px_gif.gif /mp_acc_060px_gif.gif /mp_acc_068px_gif.gif /mp_acc_076px_gif.gif //mp_acc_100px_gif.gif /mp_acc_130px_gif.gif /mp_acc_226px_gif.gif Here are a few examples US English URL:

https://www.mastercard.com/mc_us/wallet/img/en/US/mcpp_wllt_btn_chk_147x034px.png

Canada French URL:

https://www.mastercard.com/mc_us/wallet/img/fr/CA/mcpp_wllt_btn_chk_147x034px.png

Displaying “Connect with MasterPass” Button

This button is used to initiate Pairing outside of a checkout.

The MasterPass “Connect with MasterPass” button image URLs can be found below.

To minimize the impact of future branding updates, please use the country specific link to the images on the checkout page rather than downloading them and hosting the images locally. In order to successfully integrate with MasterPass and enable successful connection by an end-user consumer via the service, the “Connect with MasterPass” button must be integrated on the merchant website and displayed as noted in

the MasterPass Branding Requirements document available on MasterCard developer zone.

The URL naming convention uses the base URL, Language Code (ISO 639-1), Country Code (ISO 3166-and Button as shown below: Base URL/Language/Country/Image File Name

Base URL: https://www.mastercard.com/mc_us/wallet/img/.

Here are a few examples

US English URL – Connect with MasterPass Button:

https://www.mastercard.com/mc_us/wallet/img/en/US/mp_connect_with_button_126px.png

Canada French URL – Connect with MasterPass Button:

MASTERPASS MERCHANT ONBOARDING & INTEGRATION GUIDE

MASTERPASS

™

MERCHANT

ONBOARDING & INTEGRATION GUIDE

VERSION 6.1, AS OF DECEMBER 5, 2014

Notices

Proprietary Rights

Trademarks

Translation

Content Disclaimer

Publication Code

Table of Contents

Document Version Notes

Overview

How does MasterPass work?

MasterPass User Interface

Standard “Lightbox Display” (desktop and laptop)

Standard Mobile Display (.mobi)

Standard Full Screen Display

MasterPass Checkout Experiences

Overview

MasterPass Merchant Standard Checkout process flow

Standard Checkout User Flow

MasterPass Connected Checkout Experience

Pairing of wallet

Pair with MasterPass Wallet during Checkout

Pairing During Checkout User Flow

M

er

ch

an

t

M

as

te

rP

as

s

Co

ns

um

er

Pair with MasterPass Wallet outside of a Checkout

Pair with MasterPass Wallet outside of a Checkout

M

er

ch

an

t

M

as

te

rP

as

s

Co

ns

um

er

Return Checkout

Return Checkout User Flow

Unpairing

Direct Merchant Onboarding

I.

Incorporating MasterPass into your site or app

Direct Merchant Onboarding - Steps

1. Merchant Registration and Setup—Merchant Activity

2. Add Developer Accounts to Merchant Profile—Merchant Activity

3. Developer Registration, API Keys, Initiate Development & Request

Approval—Developer Activity

4. Review Integration Project & Approval/Reject—Merchant Activity

5. Access Sandbox Credentials, Complete Development and Test—

Developer Activity

6. Request Production Credentials—Developer Activity

7. Approve Production Credential Request—Merchant Activity

8. Deploy application using Production Credentials—Developer Activity

Integration Process

Lightbox Integration

Standard Checkout