Strex preauth

For subscription services in Norway, Strex requires that a double opt-in is performed using a mechanism provided by Strex themselves.

The easiest way to implement this from a customer point of view is to provide some special values in the ReferenceID parameter (available with most APIs) on messages with pricegroup > 0 (i.e. on billing messages) and belonging to a subscription service, which will make the ViaNett platform handle the preauth routines automatically.

For subscriptions, the preauthauto value will mostly be sufficient.
For single transacations, SellSms needs to be used.

Here are the available values:
ReferenceID Description
preauth A preauthorization procedure will always be triggered automatically on messages with this referenceid value, regardless of whether a prior preauthorization has been performed, the resulting token will be saved in the ViaNett platform and automatically used on subsequent transactions with referenceid value preauthauto or preauthcached.
preauthauto If end-user is not preauthorized, a preauthorization procedure will be triggered automatically, the resulting token will be saved in the ViaNett platform and automatically used on subsequent transactions with referenceid preauthauto. Should the preauthorization token expire or be invalidated, it will NOT be automatically renewed (a renewal should instead be triggered by using the referenceid preauth).
preauthcached If end-user is already preauthorized, the saved token will be used to process the transaction. If end-user does not have a stored preauth token, messages will be rejected with error "NoToken"
preauthiftoken If end-user is already preauthorized, the saved token will be used to process the transaction. If end-user does not have a stored preauth token, messages will be sent without a provided token.
preauthtoken;xxxxx The sell request will be performed using the specified token after the semicolon. If the token is not rejected by Strex, the token will be saved in the ViaNett platform and automatically used on subsequent transactions with referenceid preauthauto or preauthcached.
preauthotp;xxxx;yyyyyyyyyyy A preauthorization validation procedure will be triggered automatically using the OTP and OTP trans id (xxxx = OTP, yyyyyyyyyyy = OTP trans id), which if successful will generate a preauthorization token, which will be saved in the ViaNett platform and automatically used on subsequent transactions with referenceid preauthauto or preauthcached.
SellSms Used for single transactions only. An SMS will be triggered automatically asking the user to confirm the purchase by responding with OK. The user has to respond with OK within 60 seconds.

Additional methods for handling the preauthorization requirements (such as generating one-time passwords and/or triggering the preauthorization process at a different point in the message flow) are available from https://smsc.vianett.no/V3/Custom/StrexWebService.asmx:

strexGenerateOtp

Generates an SMS from Strex containing a One Time Password that the end user needs to input to a merchant interface.

Request:

Parameter Description
campaign Set to 0 for default campaign, or specify the campaign the service is configured on (used to identify the correct Strex merchant) 
shortCode Specify the short code the service is used for and configured on (used to identify the correct Strex merchant and as a sender address if senderText is blank)
destination The MSISDN on international format (47xxxxxxxx)
message SMS text defined by merchant to be added to the beginning of the SMS message. If not set in request, a default message will be sent.
senderText The sender address. If left blank, the value in shortCode will be used instead.
recurring Set to true if the OTP is used to opt-in to a recurring payment, or false if used for a single payment only
timeout Validity period for OTP. Defined in seconds. Minimum 1, max 86400 (24 hours). If not set in request, default value of 300 (5 min) will be used.

Response:

Parameter Description
ok True if successful request 
errorCode See errorcode list
strexResult Native Strex error code
strexResultDesc Native Strex error description
strexTransId Transaction ID, must be specified in optTransId along with the 4-digit code (provided by the end-user) in StrexPreAuthorization or in the "preauthotp;xxxx;yyyyyyyyyyy" or "sellotp;xxxx;yyyyyyyyyyy" reference ID on a billing MT.

strexHasCachedAuthorizationToken

Checks if the end-user already has a cached preauthorization token stored in the ViaNett platform, and retrieves the token as well as an indication of whether the token has been invalidated by Strex (e.g. due to change of MSISDN owner).

Request:

Parameter Description
campaign Set to 0 for default campaign, or specify the campaign the service is configured on (used to identify the correct Strex merchant)
shortCode Specify the short code the service is used for and configured on (used to identify the correct Strex merchant)
destination The MSISDN on international format (47xxxxxxxx)

Response:

Parameter Description
ok True if successful request
errorCode See errorcode list
hasCachedToken True if there is a cached token stored on the ViaNett platform
isInvalidatedToken True if the stored token has been invalidated by Strex (e.g. due to change of MSISDN ownership).
strexAuthorizationToken The token that has been stored in the ViaNett platform.

strexPreAuthorization

Creates a preauth token for a recurring charge, either from the OTP generated in advance by StrexGenerateOtp, or by an SMS or USSD dialogue on the end-user handset.

Request:

Parameter Description
campaign Set to 0 for default campaign, or specify the campaign the service is configured on (used to identify the correct Strex merchant)
shortCode Specify the short code the service is used for and configured on (used to identify the correct Strex merchant)
destination The MSISDN on international format (47xxxxxxxx)
strexSecurityLevel 1 or "none" (not allowed)
2 or "Confirmation"
3 or "PIN" (not in use)


Security level overrides OTP setting in strexConfirmChannel
strexConfirmChannel SMS: End User confirms preAuth request by replying "OK" or "yes" on an SMS. Only allowed for security_level = 2. This is default.
USSD: End User confirms preAuth request by replying "OK" or "yes" in the USSD application on the handset. Allowed for security_level 2 and 3.
OTP: End User confirms the preAuth by OTP. OTP value must be provided in otpCode parameter and StrexTransId from StrexGenerateOtp in otpTransId.
otpCode If strexConfirmChannel is OTP, the OTP value (from end-user) is provided here, if not leave blank.
otpTransId If strexConfirmChannel is OTP, the StrexTransId value from StrexGenerateOtp is provided here, if not leave blank.

Response:

Parameter Description
ok True if successful request 
errorCode See errorcode list
strexResult Native Strex error code
strexResultDesc Native Strex error description
strexAuthorizationToken If OK is true, preauth token from successful preauth (this is automatically stored in the ViaNett platform and used if billing MTs are sent with referenceIDs preauthauto and preauthcached, and may also be explicitly specified using referenceid preauthtoken;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

strexGetUserInfo

Returns information about an End Users registration status on the Strex Payment Service and the latest registered terminal type (handset OS).

Request:

Parameter Description
campaign Set to 0 for default campaign, or specify the campaign the service is configured on (used to identify the correct Strex merchant)
shortCode Specify the short code the service is used for and configured on (used to identify the correct Strex merchant)
destination The MSISDN on international format (47xxxxxxxx)

Response:

Parameter Description
ok  True if successful request 
errorCode See errorcode list
strexResult Native Strex error code
strexResultDesc Native Strex error description
validity 0 = not registered
1 = Registered, but not valid for licensed purchase.
2 = Valid for licensed purchase
3 = MNO billing barred
terminalType Result is "Android" or "iPhone OS" or returns handset model

strexSelfRegisterV3

Triggers a Strex registering process for end-users who have not registered at strex.no and are thus not allowed to be charged for certain types of services.

Request:

Parameter Description
campaign Set to 0 for default campaign, or specify the campaign the service is configured on (used to identify the correct Strex merchant)
shortCode Specify the short code the service is used for and configured on (used to identify the correct Strex merchant)
destination The MSISDN on international format (47xxxxxxxx)

smsText SMS text to be added in the registration SMS.
campaignCode Optional, the campaign code will be stored on the user profile of the registered End User for statistical purposes. Example "SX1"

Response:

Parameter Description
ok True if successful request 
errorCode See errorcode list
strexResult Native Strex error code