Token expiry functionality

This functionality forms part of the direct integration process.

With direct integration, the WPG response to the merchant’s order request contains a URL. Part of this URL is a tokenID, which is unique per payment.

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE paymentService PUBLIC"-//WorldPay//DTD WorldPay PaymentService v1//EN"

"http://dtd.worldpay.com/paymentService_v1.dtd">

<reply>

<reference id="REFERENCE">https://payments-test.worldpay.com/?tokenId=79b90112-ea0e-4b9a-b20f-394a276a6ac9</reference>

</orderStatus>

</reply>

</paymentService>

The token (and therefore the URL that contains the token) is valid by default for 300 seconds. The token can be consumed only once and subsequent attempts to consume the token will cause an error. So if the shopper is sent the same URL twice, the second attempt produces an error message.

The only exceptions to this are Boleto Bancário and Konbini/Pay-Easy. For Boleto Bancário, the token is valid for 60,000 seconds and for Konbini/Pay-Easy it is valid for 50,000 seconds. For both these exceptions the token can be re-used an infinite number of times within this period.

This functionality is useful because:

It enables you the merchant to email the URL to the shopper. This is not possible for other payment methods because the URL expires in five minutes

The shopper can click on the URL any number of times, but complete the payment only once. This means that the shopper can follow the shopper journey, but decide to complete the payment later by clicking on the same URL again

To make use of this functionality, please contact your Worldpay customer support representative or relationship manager (RM).

Guide feedback? Email us at: guides@worldpay.com
© Worldpay 2018. All rights reserved.