Authorization
Process
Description:
- Merchant calls this API to authorize the transaction that was authenticated in the Authentication step.
- Customer's funds are held and frozen in their account (5–7 days).
- API should only be called after completing the Authentication step.
- If Capture is not called during the hold period, the funds will automatically reverse.
- Incremental Authorization is used when increasing the hold amount of an already authorized transaction.
API Information
Method: POST
Request
(Parameters sent by merchant)
Main Parameters Table
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | request_id | String(100) | ✅ | Unique request ID from Merchant to Baokim |
| 2 | request_time | String(20) | ✅ | Request send time. Format: YYYY-MM-DD H:i:s |
| 3 | merchant_code | String(50) | ✅ | Unique merchant identifier |
| 4 | order_code | String(50) | ✅ | Baokim order code returned from the Authentication step |
| 5 | authorize_type | Number | ✅ | Authorization type: 1-Authorize / 2-Incremental Authorize |
| 6 | authorize_amount | Number | ✅ | Authorization amount. If authorize_type = 2, this is the amount to increase |
| 7 | card | Object | ✅ | Card information (card_data or card_token) |
| 8 | extend | Object | ❌ | Extended data (billing) |
| 9 | description | String(255) | ❌ | Authorization transaction description |
Card Information
(Choose 1 of 2)
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | card_data | String(255) | ❌ | Card encrypted with AES-256-CBC. Required if card_token is null |
| 2 | card_token | String(255) | ❌ | Card token. Required if card_data is null |
Card_data Information Before Encryption
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | card_number | String(20) | ✅ | Card number |
| 2 | card_name | String(255) | ✅ | Cardholder name |
| 3 | card_month | String(2) | ✅ | Card expiry month |
| 4 | card_year | String(4) | ✅ | Card expiry year |
| 5 | card_cvv | String(3) | ✅ | Card security code |
Extend Information
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | billing | Object | ❌ | Payer information |
Billing Information
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | firstname | String(255) | ❌ | Payer first name |
| 2 | lastname | String(255) | ❌ | Payer last name |
| 3 | address | String(500) | ❌ | Address |
| 4 | city | String(50) | ❌ | City. Example: HANOI |
| 5 | state | String(255) | ❌ | State / Province |
| 6 | country | String(2) | ❌ | Country, ISO2 code. Example: VN |
| 7 | String(255) | ❌ | Payer email | |
| 8 | phone | String(10) | ❌ | Phone number |
| 9 | postal_code | String(6) | ❌ | Postal code (example: 100000) |
Example Request
{
"request_id": "MERCHANT050015588AXE014",
"request_time": "2020-08-11 14:41:00",
"merchant_code": "MERCHANT",
"order_code": "VLAD_1753867524",
"authorize_type": 1,
"authorize_amount": 1000000,
"card": {
"card_data": "yeAhZHfP6cWkLCL28svcXv2F9ntN3I1xBFGJG17JfxERkg8913ZxV",
"card_token": null
},
"extend": {
"billing": {
"firstname": "A",
"lastname": "NGUYEN VAN",
"address": "313 Truong Chinh, Dong Da",
"city": "HANOI",
"state": null,
"country": "VN",
"email": "[email protected]",
"phone": "0394899999",
"postal_code": "10000"
}
},
"description": "description GD authorize"
}
Response
(Parameters returned by Baokim)
Main Parameters Table
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | code | Number(3) | ✅ | Baokim error code |
| 2 | message | String(200) | ✅ | Baokim error message |
| 3 | data | Object | ✅ | Data returned |
Data Information
| No. | Field Name | Data Type | Required | Description |
|---|---|---|---|---|
| 1 | order_code | Number | ✅ | Baokim order code |
| 2 | auth_code | String(50) | ✅ | Authorization code returned by partner bank |
| 3 | authorize_status | Number | ✅ | Status: 0-Pending / 1-Authorized / 2-Fail |
| 4 | status | Number | ✅ | Overall transaction status of Baokim |
| 5 | authorize_amount | Number | ✅ | Authorization amount |
| 6 | total_amount | Number | ✅ | Total authorized amount |
| 7 | token | String(500) | ❌ | Card token returned after customer completes 3DS authentication successfully if save_token = 1 in Authentication step |
Example Response
{
"code": 0,
"message": "Success",
"data": {
"order_code": "VLAD_1753867524",
"auth_code": "AUTH456789",
"authorize_status": 1,
"status": 1,
"authorize_amount": 100000,
"total_amount": 10100000,
"token": "BC151dsTTmdrSpRapya3rKYJmtu2Ue6e"
}
}
Error Code
| Error Code | Description |
|---|---|
| 100 | Success |
| 11 | Failed |
| 101 | Baokim system error |
| 104 | OAuth authentication error |
| 105 | Signature authentication error |
| 301 | Order not found by order_code |
| 302 | Card issue (does not exist, expired) |
| 303 | Card declined |
| 304 | Insufficient card balance |
| 305 | User cancelled transaction |
| 306 | Incorrect OTP |
| 308 | Transaction has not completed Authentication |
| 309 | Transaction has not completed Authorization |
| 310 | Transaction already reversed, cannot capture |
| 311 | Transaction already captured, cannot reverse |
| 313 | Bank-side processing error |
| 422 | Validation error: RequestId invalid |
| 422 | Validation error: RequestTime invalid |
| 422 | Validation error: PartnerCode invalid |
| 422 | Card_data invalid |
| 422 | Amount invalid |