To use our Installment Service, you first need to get it enabled on your account. To do this, contact your Global Payments account manager.
For more information on our Installment Service, see our Overview.
Retrieve installment plans
Installment Service endpoints:
Here, we use the GetEligiblePlans request to retrieve the eligible plans that match the Issuer’s criteria for the transaction.
curl https://api.sandbox.globalpay-ecommerce.com/installments/plans/match
-H "Content-type: application/json"
-H "Authorization: sha256hash ff90a189d9ba5a23eec8578ddffba350fbd701faaba7428c59b65ca2c83e1bdd"
-X POST
-d '{
"partner": "GPECOM",
"provider": "VIS",
"merchant_id": "MerchantId",
"account_id": "accountId",
"card": {
"number": "4263970000005262"
},
"amount": "1000",
"currency": "CAD",
"channel": "ECOM",
"request_timestamp": "2023-01-01T12:00:00.000Z",
"filter": {
"enabled": true,
"max_term_months_merchant_funded": 24,
"plan_type": "MERCHANT_FUNDED"
"amount_threshold": 1000
}
}'
Confirm selected plan
Send the plan details in the Authorization request to confirm the selected installment plan by the user. After the cardholder selects an installment plan, the merchant should provide installment plan details in the Auth and Receipt-in requests under the optional XML tag.
For the full Authorization request, see Authorization in the API Reference.
Installment Service Confirm Selected Plans endpoints:
<installment>
<provider>VIS</provider>
<planid>3fa85f64-5717-4562-b3fc-2c963f66afa6</planid>
<tcversion>2</tcversion>
<tclang>eng</tclang>
</installment>
Error codes
The following table contains errors that are specific to the Installment Service. For the full list of errors, see Messages & Errors.
| Error No. | Integration Type | Description |
|---|---|---|
| 205 | API/HPP | Comms Error - Installment connection error. |
| 508 | API | Installment is not allowed for this account. |
| 508 | API | Installment is not allowed for this acquirer. |
| 508 | API | Installment is not supported for this transaction. |
| 508 | API | Can't settle for more than 105% of that which you authorized. |
| 508 | API | You may only settle up to 105% of the original amount. |
| 508 | API | Can't settle a settled transaction for Installment. |
| 508 | API | Invalid data for installment request. |
| 508 | API | Can't void a rebate for Installment. |
| 512 | API | You may only refund up to 105% of the original amount. |
Generate hash
Follow the steps in this section to build the request security hash, concatenate the specified fields and hash them using the SHA-256 algorithm, concatenate the hashed string with your Shared Secret, hash it again, and add the resulted string to the request.
In addition to SHA-256, you can also generate your hash using SHA-1. The resulting hash should be placed in the <sha256hash> tag instead of the <sha1hash> tag. For more information, contact our support team at ecomsupport@globalpay.com.
Build the Request hash
1. Using the SHA-256 algorithm, hash a string made up of the request values
The blueprint of the hash for this request is shown below:
"request_timestamp.merchant_id.cardnumber"
Based on the request above, our initial string will be:
"2019-04-26T10:16:10.154248.MerchantId.4263970000005262"
2. Concatenate the hashed string with your Shared Secret
After step 1, you'll have a string like:
f6d5f2950c49e85bee09119d50de7ca76243de9c4f4ca340175b563162868e2e
You'll need to concatenate this with your Shared Secret. For example:
"f6d5f2950c49e85bee09119d50de7ca76243de9c4f4ca340175b563162868e2e.Po8lRRT67a"
3. SHA-256 hash the concatenated string
Our final string that we add to the request should be a hash using the SHA-256 algorithm of your concatenated string. For example:
8f2436777317085a3442286315f69532592222fc4e325b69559559179ce6120c
Check hash
Follow the steps in this section to build the response security hash, concatenate the specified fields and hash them using the SHA-256 algorithm, concatenate the hashed string with your Shared Secret, hash it again, and add the resulted string to the request.
1. Create a SHA-256 hash string made up of response values
The blueprint of the hash for the response is shown below:
"timestamp.merchantid.orderid.result.message.pasref.authcode"
So, based on the above example, the initial string to check the hash of the response will be:
"20200204155942.Merchant ID.N6qsk4kYRZihmPrTXWYS6g.00.[ test system ] Authorised.14631546336115597.12345"
2. Concatenate the hashed string with your Shared Secret
After step 1, you'll have a string like:
f4c954b5196e73883edcf1d74e5722ced0914dea852c52a07fbe1b4b04c8ca6b
You'll need to concatenate this with your Shared Secret:
"f4c954b5196e73883edcf1d74e5722ced0914dea852c52a07fbe1b4b04c8ca6b.Po8lRRT67a"
3. SHA-256 hash the concatenated string and compare
Our final string that we add to the request should be a hash using the SHA-256 algorithm of your concatenated string. For example:
f18178e6bf4d1bf17269fbd8a244fbd43be60c1d9b868bf00e06307b6d76d9be
Global Payments creates the hash in the same way on our side and sends it back. To confirm that a response hasn't been tampered with, compare what you've generated with what was returned in the sha256hash element.