BBVA Gateway Guide

BBVA (formerly CatalunyaCaixa, via Redsys) fact sheet

Additional Notes	SHA256 Authentication
Merchants with BBVA can use Spreedly via the Redsys direct API. Contact us or your BBVA account manager if you have any questions. If you receive error “SIS0252 ERROR: El comercio no permite el envío de tarjeta” the merchant should contact their BBVA account manager. The merchant needs a configuration change in their merchant account to work with Spreedly.	Redsys deprecated SHA1 signature authentication on November 23, 2015. Spreedly has upgraded the Redsys gateway to use SHA256.

Adding a BBVA gateway

To add a BBVA gateway:

curl https://core.spreedly.com/v1/gateways.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<gateway>
        <gateway_type>redsys</gateway_type>
        <merchant_id>merchantid</merchant_id>
        <terminal>terminal</terminal>
        <secret_key>secretkey</secret_key>
      </gateway>'

<gateway>
  <token>W5J8YiU1Rtl9HnHT8TYOQlJtbVT</token>
  <gateway_type>redsys</gateway_type>
  <name>BBVA (formerly CatalunyaCaixa, via Redsys)</name>
  <description nil="true"/>
  <merchant_profile_key nil="true"/>
  <merchant_id>merchantid</merchant_id>
  <terminal>terminal</terminal>
  <signature_algorithm nil="true"/>
  <characteristics>
    <supports_purchase type="boolean">true</supports_purchase>
    <supports_authorize type="boolean">true</supports_authorize>
    <supports_capture type="boolean">true</supports_capture>
    <supports_credit type="boolean">true</supports_credit>
    <supports_general_credit type="boolean">false</supports_general_credit>
    <supports_void type="boolean">true</supports_void>
    <supports_adjust type="boolean">false</supports_adjust>
    <supports_verify type="boolean">true</supports_verify>
    <supports_reference_purchase type="boolean">false</supports_reference_purchase>
    <supports_purchase_via_preauthorization type="boolean">false</supports_purchase_via_preauthorization>
    <supports_offsite_purchase type="boolean">false</supports_offsite_purchase>
    <supports_offsite_authorize type="boolean">false</supports_offsite_authorize>
    <supports_3dsecure_purchase type="boolean">true</supports_3dsecure_purchase>
    <supports_3dsecure_authorize type="boolean">true</supports_3dsecure_authorize>
    <supports_3dsecure_2_mpi_purchase type="boolean">true</supports_3dsecure_2_mpi_purchase>
    <supports_3dsecure_2_mpi_authorize type="boolean">true</supports_3dsecure_2_mpi_authorize>
    <supports_store type="boolean">false</supports_store>
    <supports_remove type="boolean">false</supports_remove>
    <supports_fraud_review type="boolean">false</supports_fraud_review>
    <supports_network_tokenization type="boolean">false</supports_network_tokenization>
    <supports_populate_mit_fields type="boolean">false</supports_populate_mit_fields>
    <supports_3dsecure_2_purchase type="boolean">true</supports_3dsecure_2_purchase>
    <supports_3dsecure_2_authorize type="boolean">true</supports_3dsecure_2_authorize>
  </characteristics>
  <credentials>
    <credential>
      <name>merchant_id</name>
      <value>merchantid</value>
    </credential>
    <credential>
      <name>terminal</name>
      <value>terminal</value>
    </credential>
    <credential>
      <name>signature_algorithm</name>
      <value nil="true"/>
    </credential>
  </credentials>
  <gateway_settings>
  </gateway_settings>
  <gateway_specific_fields>
    <gateway_specific_field>user_agent</gateway_specific_field>
    <gateway_specific_field>accept_header</gateway_specific_field>
    <gateway_specific_field>authentication_method</gateway_specific_field>
    <gateway_specific_field>authentication_type</gateway_specific_field>
    <gateway_specific_field>authentication_flow</gateway_specific_field>
    <gateway_specific_field>sca_exemption</gateway_specific_field>
    <gateway_specific_field>use_webservice_endpoint</gateway_specific_field>
  </gateway_specific_fields>
  <payment_methods>
    <payment_method>credit_card</payment_method>
  </payment_methods>
  <state>retained</state>
  <redacted type="boolean">false</redacted>
  <sandbox type="boolean">false</sandbox>
  <created_at type="dateTime">2021-08-31T19:25:45Z</created_at>
  <updated_at type="dateTime">2021-08-31T19:25:45Z</updated_at>
</gateway>

Stored credential regulations

For Redsys, sending stored credential fields can be done using Spreedly’s first class support. Sending stored credential data is simple. For any Authorize or Purchase request, you need to include two fields which tell Spreedly a little bit more about the nature of the transaction:

stored_credential_initiator
stored_credential_reason_type

Learn more about how Spreedly enables use of stored credentials by reviewing our Stored Credentials guide.

MIT exemptions

To utilize MIT Exemptions on Redsys, a Network Transaction ID is required to be associated with the payment method’s Stored Credentials. This Network Transaction ID is recorded on a payment method after performing a successful cardholder-initiated intial 3DS authentication at Redsys.

Please note that payment methods that performed a successful initial 3DS authentication at Redsys before March 22, 2021 may not have a Network Transaction ID recorded. Please perform another CIT 3DS authentication with that payment method to properly record it.

To request an MIT exemption for that payment method on a subsequent transaction, you must set the sca_exemption gateway specific field to the value MIT, and the following Stored Credential values.

stored_credential_initiator: 'merchant'
stored_credential_reason_type: 'recurring'

This will automatically pass the Network Transaction ID recorded on the payment method as a reference for the exemption.

Third-party 3DS2 auth data

Spreedly will automatically handle the field mapping for sending third-party 3DS2 authentication data to Redsys. For more information about how to use this feature, see the 3DS2 Third-party Authentication Guide. Spreedly fields map to the relevant Redsys fields as described in the following table. Please see Redsys’s third-party 3DS2 documentation on DS_MERCHANT_MPIEXTERNAL for detailed descriptions of each of these fields and when to use them.

Please note that there are three 3DS2 authentication fields that Redsys may require but which are not currently handled by the standard set defined below. These must be sent as gateway specific fields rather than in the three_ds object:

authentication_method maps to authenticacionMethod
authentication_type maps to authenticacionType
authentication_flow maps to authenticacionFlow

Spreedly field	Redsys field
`ecommerce_indicator`	`Eci`
`three_ds_server_trans_id`	`threeDSServerTransID`
`ds_transaction_id`	`dsTransID`
`cavv`	`authenticacionValue`
`three_ds_version`	`protocolVersion`

Gateway specific fields

Spreedly supports the following gateway specific fields when transacting with a BBVA (via Redsys) gateway:

user_agent
accept_header
use_webservice_endpoint

Both user_agent and accept_header are required when completing a 3DS1 transaction.

use_webservice_endpoint may be set to true to force a transaction to be sent to the Webservice endpoint (https://sis.redsys.es/sis/services/SerClsWSEntradaV2) instead of the Operaciones endpoint, if you know this is necessary.

curl https://core.spreedly.com/v1/gateways/LlkjmEk0xNkcWrNixXa1fvNoTP4/purchase.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<transaction>
        <payment_method_token>56wyNnSmuA6CWYP7w0MiYCVIbW6</payment_method_token>
        <amount>100</amount>
        <currency_code>USD</currency_code>
        <gateway_specific_fields>
          <redsys>
            <user_agent>Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008052912 Firefox/3.0</user_agent>
            <accept_header>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</accept_header>
          </redsys>
        </gateway_specific_fields>
      </transaction>'

<transaction>
  <on_test_gateway type="boolean">true</on_test_gateway>
  <created_at type="dateTime">2021-08-31T19:25:45Z</created_at>
  <updated_at type="dateTime">2021-08-31T19:25:45Z</updated_at>
  <succeeded type="boolean">true</succeeded>
  <state>succeeded</state>
  <token>CAJRWhjh7dHgQurmP27xtKKEWFl</token>
  <transaction_type>Purchase</transaction_type>
  <order_id nil="true"/>
  <ip nil="true"/>
  <description nil="true"/>
  <email nil="true"/>
  <merchant_name_descriptor nil="true"/>
  <merchant_location_descriptor nil="true"/>
  <merchant_profile_key nil="true"/>
  <gateway_specific_fields>
    <redsys>
      <user_agent>Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) Gecko/2008052912 Firefox/3.0</user_agent>
      <accept_header>text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8</accept_header>
    </redsys>
  </gateway_specific_fields>
  <gateway_specific_response_fields>
  </gateway_specific_response_fields>
  <gateway_transaction_id>46</gateway_transaction_id>
  <gateway_latency_ms type="integer">2</gateway_latency_ms>
  <stored_credential_initiator nil="true"/>
  <stored_credential_reason_type nil="true"/>
  <populate_mit_fields type="boolean">false</populate_mit_fields>
  <warning nil="true"/>
  <application_id nil="true"/>
  <amount type="integer">100</amount>
  <currency_code>USD</currency_code>
  <retain_on_success type="boolean">false</retain_on_success>
  <payment_method_added type="boolean">false</payment_method_added>
  <smart_routed type="boolean">false</smart_routed>
  <message key="messages.transaction_succeeded">Succeeded!</message>
  <gateway_token>T11bJAANtTWnxl36GYjKWvbNK0g</gateway_token>
  <gateway_type>test</gateway_type>
  <shipping_address>
    <name>Newfirst Newlast</name>
    <address1 nil="true"/>
    <address2 nil="true"/>
    <city nil="true"/>
    <state nil="true"/>
    <zip nil="true"/>
    <country nil="true"/>
    <phone_number nil="true"/>
  </shipping_address>
  <response>
    <success type="boolean">true</success>
    <message>Successful purchase</message>
    <avs_code nil="true"/>
    <avs_message nil="true"/>
    <cvv_code nil="true"/>
    <cvv_message nil="true"/>
    <pending type="boolean">false</pending>
    <result_unknown type="boolean">false</result_unknown>
    <error_code nil="true"/>
    <error_detail nil="true"/>
    <cancelled type="boolean">false</cancelled>
    <fraud_review nil="true"/>
    <created_at type="dateTime">2021-08-31T19:25:45Z</created_at>
    <updated_at type="dateTime">2021-08-31T19:25:45Z</updated_at>
  </response>
  <api_urls>
  </api_urls>
  <payment_method>
    <token>1rpKvP8zOUhj4Y9EDrIoIYQzzD5</token>
    <created_at type="dateTime">2017-06-26T17:04:38Z</created_at>
    <updated_at type="dateTime">2021-08-30T18:18:43Z</updated_at>
    <email>[email protected]</email>
    <data>
      <my_payment_method_identifier>448</my_payment_method_identifier>
      <extra_stuff>
        <some_other_things>Can be anything really</some_other_things>
      </extra_stuff>
    </data>
    <storage_state>retained</storage_state>
    <test type="boolean">true</test>
    <metadata>
      <key>string value</key>
    </metadata>
    <callback_url nil="true"/>
    <last_four_digits>1111</last_four_digits>
    <first_six_digits>411111</first_six_digits>
    <card_type>visa</card_type>
    <first_name>Newfirst</first_name>
    <last_name>Newlast</last_name>
    <month type="integer">3</month>
    <year type="integer">2032</year>
    <address1 nil="true"/>
    <address2 nil="true"/>
    <city nil="true"/>
    <state nil="true"/>
    <zip nil="true"/>
    <country nil="true"/>
    <phone_number nil="true"/>
    <company nil="true"/>
    <full_name>Newfirst Newlast</full_name>
    <eligible_for_card_updater type="boolean">true</eligible_for_card_updater>
    <shipping_address1 nil="true"/>
    <shipping_address2 nil="true"/>
    <shipping_city nil="true"/>
    <shipping_state nil="true"/>
    <shipping_zip nil="true"/>
    <shipping_country nil="true"/>
    <shipping_phone_number nil="true"/>
    <payment_method_type>credit_card</payment_method_type>
    <errors>
    </errors>
    <verification_value></verification_value>
    <number>XXXX-XXXX-XXXX-1111</number>
    <fingerprint>e3cef43464fc832f6e04f187df25af497994</fingerprint>
  </payment_method>
  <attempt_3dsecure type="boolean">false</attempt_3dsecure>
</transaction>

Gateway specific response fields

A response from a BBVA (via Redsys) gateway may contain a ds_response_int.

You can find this information in gateway_specific_response_fields. For example, a transaction could have something like this:

<transaction>
  <token>LgpTNGjsWQs9DwdxcbreUVz0R8p</token>
  <transaction_type>Purchase</transaction_type>
  <gateway_specific_response_fields>
     <redsys>
       <ds_response_int>00</ds_response_int>
     </redsys>
  </gateway_specific_response_fields>
</transaction>

To request any gateway_specific_fields or gateway_specific_response_fields, please contact Support with your request and the gateway documentation for the fields of interest.