Order processing

Processing an order using a federated payment service is a multistep process that begins in the payment step of a checkout.

Commerce Connect helps facilitate implementation of a merchant website that accepts federated payments by providing a framework for communication between the merchant website and a federated payment service. This framework contains two methods implemented by the PaymentServiceProvider class, and their corresponding Sitecore pipelines:

Commerce Connect does not provide any processors that implement the actual interaction with any commercial payment providers. It is the responsibility of the merchant website or the commercial payment provider to provide these implementations. In addition to the federated service provider implementation of these pipelines, client side JavaScript code is required by the merchant website to respond to events raised by the payment service provider. The following diagram outlines the interaction between the client, the Commerce web service, and the federated payment service:

In the first set of interactions with the customer client browser, the merchant website calls the GetPaymentServiceUrl method of the PaymentServiceProvider class. As part of this request, the merchant website can also provide customer information (such as payment address, supported card types, preferred currency, and so on) so that the customer does not need to reenter it when interacting with the federated payment service. The result of this request is the URL to the payment acceptance page of the federated payment service. This URL is then used as the source of an iframe on the merchant website's payment page.

In the next step, the customer enters payment information in the iframe that hosts the federated payment service's payment acceptance page. Iframes are isolated components that restrict communications between the main page and the hosted content. In this situation, use of an iframe in this step ensures that the merchant website never has access to the customer's payment information, such as card number, CVV, and so on. Instead, all of this information goes directly to the federated payment service, where it can be securely stored.

If errors occur when authorizing the customer payment information, a cross page event is raised that contains the error details (invalid CVV, insufficient funds, and so on). If the payment information is successfully validated, a cross page event is raised that contains a one-time, one-merchant authorization code that can be used to process the payment. You can capture and interpret these events in JavaScript code in the client web browser.

Next, the authorization code captured by the JavaScript is sent back to the merchant website. The merchant website then uses the GetPaymentServiceActionResult of the PaymentServiceProvider to verify the authorization code. This serves two purposes:

Once the customer confirms the order, it is the responsibility of the merchant website to save the payment authorization code and associate it with the order placed. This authorization code is required to capture the customer payment once the order is ready to be fulfilled. This is the last step in the order. When the order is fulfilled, the payment authorization code can then be used to finalize the customer payment with the federated payment service. Once the federated payment service confirms that the authorization code is still valid and the customer has sufficient funds, the order can be finalized.