Proxy integration - Expedia
Introduction
The PAYCOMET Proxy service with Expedia allows you to tokenize the cards sent in hotel reservations and verify that the card details sent are correct. In order to access this type of integration, you must first have the Expedia API integration (https://developers.expediagroup.com/supply/lodging) for PCI servers), in which the reservation data is sent since the response will include all the data of the selected reservation and will be added and / or will transform those relative to the card.
Types of reservations
The types of reservations that are treated in this integration are those that can be retrieved by hotel identifier (hotel_id), reservation status (status) and requested days (nb_days_in_past).
Example of information contained in a reservation:
<BookingRetrievalRS xmlns="http://www.expediaconnect.com/EQC/BR/2014/01"> <Bookings> <Booking id="619" type="Book" createDateTime="2013-12-12T00:01:00Z" source="A-Hotels.com" status="pending"> <Hotel id="123456"/> <RoomStay roomTypeID="200263232" ratePlanID="201547528A"> <StayDate arrival="2014-01-01" departure="2014-01-02"/> <GuestCount adult="2"/> <PerDayRates currency="USD"> <PerDayRate stayDate="2014-01-01" baseRate="109.99" promoName="ASAP DEAL 50pct"/> </PerDayRates> <Total amountAfterTaxes="124.29" amountOfTaxes="14.30" currency="USD"/> <PaymentCard cardCode="VI" cardNumber="4242424242424242" expireDate="1218" seriesCode="123"> <CardHolder name="John Smith" address="500 Park Avenue" city="New York" stateProv="NY" country="US" postalCode="10022"/> </PaymentCard> </RoomStay> <PrimaryGuest> <Name givenName="John" surname="Smith"/> <Phone countryCode="1" cityAreaCode="425" number="5555555"/> </PrimaryGuest> <SpecialRequest code="1.14">One King Bed</SpecialRequest> <SpecialRequest code="2.1">Non-Smoking</SpecialRequest> <SpecialRequest code="3">Multi-room booking. Primary traveler:Smith, John. 1 of 2 rooms.</SpecialRequest> <SpecialRequest code="4">Adjoining rooms please</SpecialRequest> <SpecialRequest code="5">Hotel Collect Booking Collect Payment From Guest</SpecialRequest> </Booking> <Booking id="301" type="Book" createDateTime="2013-12-12T12:03:00Z" source="Expedia" status="pending"> <Hotel id="654321"/> <RoomStay roomTypeID="200225905" ratePlanID="201297424"> <StayDate arrival="2014-01-26" departure="2014-02-02"/> <GuestCount adult="2"/> <PerDayRates currency="ZAR"> <PerDayRate stayDate="2014-01-26" baseRate="756.58"/> <PerDayRate stayDate="2014-01-27" baseRate="756.58"/> <PerDayRate stayDate="2014-01-28" baseRate="756.58"/> <PerDayRate stayDate="2014-01-29" baseRate="756.58"/> <PerDayRate stayDate="2014-01-30" baseRate="756.58"/> <PerDayRate stayDate="2014-01-31" baseRate="756.58"/> <PerDayRate stayDate="2014-02-01" baseRate="1085.53"/> </PerDayRates> <Total amountAfterTaxes="6412.50" amountOfTaxes="787.49" currency="ZAR"/> <PaymentCard cardCode="MC" cardNumber="***1234" expireDate="1116"> <CardHolder name="Expedia VirtualCard" address="333 108th Avenue NE" city="Bellevue" stateProv="WA" country="US" postalCode="98004"/> </PaymentCard> </RoomStay> <PrimaryGuest> <Name givenName="Jeff" surname="Pirelli"/> <Phone countryCode="44" cityAreaCode="071" number="0123876"/> </PrimaryGuest> <SpecialRequest code="2.1">Non-Smoking</SpecialRequest> <SpecialRequest code="1.13">One Double Bed</SpecialRequest> <SpecialRequest code="5">Bill only nghts bkd by Expedia to cc# @ ck-in gst pays incid</SpecialRequest> <SpecialRequest code="4">NON SMOKING ROOM A ROOM IN THE MOST QUIET AREA PLEASE</SpecialRequest> </Booking> </Bookings> </BookingRetrievalRS>
Tokenization of the card information of a reservation
In the returned response, the card will appear masked, 456789 ****** 1234. The expiration date will be returned as it appears in the reservation and the CVC2 code will be removed and will not arrive. Therefore, the previous reservation, once the card information has been tokenized and without errors in the pre-authorization or in the pre-authorization cancellation, the node & lt; RoomStay & gt; will be as follows:
<RoomStay roomTypeID="200263232" ratePlanID="201547528A"> <StayDate arrival="2014-01-01" departure="2014-01-02"/> <GuestCount adult="2"/> <PerDayRates currency="USD"> <PerDayRate stayDate="2014-01-01" baseRate="109.99" promoName="ASAP DEAL 50pct"/> </PerDayRates> <Total amountAfterTaxes="124.29" amountOfTaxes="14.30" currency="USD"/> <PaymentCard cardCode="VI" cardNumber="4242424242424242" expireDate="1218" seriesCode="123"> <CardHolder name="John Smith" address="500 Park Avenue" city="New York" stateProv="NY" country="US" postalCode="10022"/> </PaymentCard> <iduser>999999999</iduser> <tokenuser>XXXXXXXXXXXXXXX</tokenuser> </RoomStay>
In case of error in preauthorization / cancellation also element ds_error_id
<RoomStay> … <ds_error_id>999999999</ds_error_id> … </RoomStay>
It will also be informed within the RoomStay node, if there is card data, whether the card belongs to the B2B category. & lt; b2b & gt; 1/0 & lt; / b2b & gt;
Endpoint and call data
The script to which the request must be made is:
- https://eclipse.paycomet.com/api/v1/expediaThe type of request that it expects is a post with an 'xml' parameter with the following structure:
<root?> <booking?> <xml?> <request?> <username?>vuestro usuario Expedia</username?> <password?>vuestra password Expedia</password?> <hotel_id?>id del Hotel</hotel_id?> <status?>estados requeridos separados por comas</status?> <nb_days_in_past?>días solicitados</nb_days_in_past?> </request?> </xml?> <url?>URL Expedia a la que se debe realizar la llamada</url?> </booking?> <paytpv?> <ds_merchant_code?>código de comercio en PAYCOMET</ds_merchant_code?> <ds_merchant_terminal?>número de terminal en PAYCOMET</ds_merchant_terminal?> </paytpv?> </root?>
Error response
If an error occurs in the request details or when accessing Expedia, the following response will be sent:
<?xml version="1.0" standalone="yes"??> <reservations?> <fault code="9999-PAYTPV" string="The type of operation requested doesnt exist" /?> </reservations?>
Where 9999 will indicate the observed error code.
Sending API-KEYS
In the new Endpoint, the authentication method has been updated from a restriction by IP to sending a specific header with the API-KEY generated for the product / products in question.
The HTTP header must have the following name:
PAYCOMET-API-TOKEN
The value of the header must be the API-KEY generated through the customer control panel: “Configuration” -> Developers -> “API Keys”.
Once in the API Keys management panel, a new 'API KEY' must be created in the upper right button and assigned a name.
In the next panel, the API KEY must be copied since it will only appear once. For security reasons, it will not be shown again. The permissions of the API KEYS can be assigned to one or more products, and even to all of an account using the selectors:
For the product that is going to be used to present the reservations of the OTA (Online Travel Agency) and where the cards will be tokenized, it will be necessary to assign specific permissions of 'Proxy permission' .
Once the API Keys procedures have been completed, the value generated to the API Key must be sent in the header as an authentication method.
Development environment
This development does not have a sandbox where calls can be made with test data. The calls to the script are all real. To be able to test the integration, what you need to do is create test hotels and reservations on Expedia to verify the entire process.