Web Service API

The Web Service API is an Application Programming Interface which allows you to connect your application with the Fiserv Gateway. In this way, your application is able to submit payment transactions without any user interference.

📘

Please note:

If you store or process cardholder data within your own application, you must ensure that your system components are compliant with the Data Security Standard of the Payment Card Industry (PCI DSS). Depending on your transaction volume, an assessment by a Qualified Security Assessor may be mandatory to declare your compliance status.

From a technical point of view, this API is a Web Service offering one remote operation for performing transactions. The three core advantages of this design can be summarized as follows:

• Platform independence: Communicating with the Web Service API means that your application must only be capable of sending and receiving SOAP messages. There are no requirements tied to a specific platform, since the Web Service technology builds on a set of open standards. In short, you are free to choose any technology you want (e.g. J2EE, . PHP, ASP, etc.) for making your application capable of communicating with the Web Service API.

• Easy integration: Communicating with a Web Service is simple – your application has to build a SOAP request message encoding your transaction, send it via HTTPS to the Web Service and wait for a SOAP response message which contains your transaction’s status report. Since SOAP and HTTP are designed to be lightweight protocols, building requests and responses becomes a straightforward task. Furthermore, you rarely have to do this manually, since there are plenty of libraries available in almost every technology. In general, building a SOAP request and handling the response is reduced to a few lines of code.

• Security: All communication between your application and the Web Service API is TLS-encrypted. This is established by your application holding a client certificate which identifies it uniquely at the Web Service. In the same way, the Gateway holds a server certificate which your application may check for making sure that it speaks to our Web Service API. Finally, your application has to do a basic authentication (user name / password) before being allowed to communicate with the Web Service. In this way, the users who are authorised to communicate with the Gateway are identified. These two security mechanisms guarantee that the transaction data sent to Fiserv both stays private and is identified as transaction data that your application has committed and belongs to no one else.

While this represents just a short summary of the Web Service API’s features, the focus of this guide lies on integrating the Fiserv Gateway functionality into your application. A detailed description, explaining how this is done step by step, is presented in this guide.