ASP.NET Web API Help Page

Introduction

This Payments API supports the Fiserv PaymentJS flow for card tokenization and payment. The typical sequence is: call AuthorizeSession to obtain a client token and public key; load the PaymentJS SDK and tokenize the card on the client; Fiserv POSTs the tokenization result to the Webhook endpoint; the client then calls ProcessTokenizedPayment to complete or continue the payment (including 3D Secure when required).

For 3D Secure: ThreeDSNotification receives the method form callback from Fiserv's ACS; ThreeDSComplete handles the challenge completion redirect (cRes). The TermUrl query uses MAC parameter termMac (legacy t); the method notification URL uses methodMac (legacy m; legacy sessions may still use bookingId and bookingHash on TermUrl until retired). If the ACS method notification is slow, the server sends EXPECTED_BUT_NOT_RECEIVED to Fiserv automatically while the client polls ProcessTokenizedPayment (see MethodNotReceivedTimeoutSeconds in fiserv.config)â€”there is no separate notify endpoint. ProcessTokenizedPayment has many possible response shapes (errors, still processing, already approved, 3DS challenge or method form, approved, failed, status). The API detail page for ProcessTokenizedPayment includes an "Additional information" section with the full list of response shapes.

PaymentJS

PaymentJS API: Fiserv card tokenization and payment flow. Typical flow: call AuthorizeSession to obtain a client token and public key; the client uses PaymentJS to tokenize the card; Fiserv POSTs the result to Webhook; the client then calls ProcessTokenizedPayment to complete or continue the payment (including 3D Secure). 3DS endpoints: ThreeDSNotification (method form callback), ThreeDSComplete (challenge redirect with cRes; TermUrl query uses MAC termMac or legacy t, or legacy bookingId/bookingHash). Method-not-received timeout is handled server-side in ProcessTokenizedPayment.

API	Description
POST api/PaymentJS/AuthorizeSession	Obtains a client token and public key for PaymentJS card tokenization. Delegates to (bounded per-order lock, async Fiserv call).
POST api/PaymentJS/AbandonSession	No documentation available.
POST api/PaymentJS/ThreeDSComplete?transactionId={transactionId}&termMac={termMac}&t={t}&bookingId={bookingId}&bookingHash={bookingHash}	3D Secure challenge completion (ACS POST with cRes in form body). Query uses transactionId plus Term MAC termMac (legacy t) or legacy booking parameters.
POST api/PaymentJS/ProcessTokenizedPayment	No documentation available.

ApplePay

Apple Pay on the Web wallet payment endpoints.

API	Description
GET api/ApplePay/Config?bookingId={bookingId}&bookingHash={bookingHash}	No documentation available.
POST api/ApplePay/ValidateMerchant	Validates the merchant with Apple (Payment Processing Certificate). Body: { "validationUrl": "..." }.
POST api/ApplePay/ProcessPayment	No documentation available.

GooglePay

Google Pay wallet payment endpoints. ProcessPayment processes the encrypted token from the Google Pay API; Config returns client configuration for the Google Pay button.

API	Description
GET api/GooglePay/Config?bookingId={bookingId}&bookingHash={bookingHash}	Returns Google Pay configuration for the client for a validated booking. Requires query parameters bookingId and bookingHash (same as ProcessPayment). Merchant display name is resolved per order (dynamic merchant name); not from fiserv.config. Live: fiserv.config (via Configuration.Current). Test: FISERV_*_TEST database settings.
POST api/GooglePay/ProcessPayment	Processes a Google Pay payment. Validates booking, resolves order, sends token to Fiserv, and returns result (success, 3DS, or declined).

Status

Endpoints for retrieving system status and configuration information. Refactored to use service layer with dependency injection.

API	Description
GET api/Status	Returns current system status including booking availability, call center hours, and maintenance warnings.