.. _spreedly:

Spreedly Update
================

Spreedly is adding Enhanced Security around their payment method tokenisation. This API endpoint supports this functionality by providing the metadata that the integrator needs to pass to Spreedly.

.. contents:: Topics

Endpoints
---------

Get Spreedly iFrame Params
~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. http:get:: payment/spreedlyIframeParams.json

   Obtains parameters required to support Spreedly Authenticated Tokenization.
   This API call should be made before any and every Spreedly tokenization and its values should not be retained or reused. 
   
   This is not needed when using a previously retained :http:jsonentity:`SavedSpreedlyTokenPaymentMethod` -- only when tokenizing a payment for one-time use, or when creating a new saved token. The values returned from this endpoint should be piped directly into `Spreedly as documented <https://developer.spreedly.com/docs/iframe-api-lifecycle#init>`_. 

   The following authentication methods are allowed for this endpoint:

   * :ref:`b2b_auth`
   * :ref:`oauth_auth`
   * :ref:`anonymous_auth`

   :query Integer merchantId: *(required)* Paytronix-assigned merchant ID to perform the operation in.

|
|
|

.. http:response:: success

   :jsonparam String result: *(required)*  ``success``
   :jsonparam String certificateToken: *(required)*  Token associated with Spreedly certificate used to generate signature 
   :jsonparam String environmentKey: *(required)*  Spreedly environment key 
   :jsonparam String nonce: *(required)*  Unique value used to generate signature
   :jsonparam String signature: *(required)*  Signature generated by Paytronix for Spreedly tokenization
   :jsonparam String timestamp: *(required)* Timestamp used to generate signature

.. http:response:: failure

   :jsonparam String result: *(required)*  ``failure``
   :jsonparam String errorCode: *(required)*  The error code of the failure.
   :jsonparam String errorMessage: *(required)*  The (human readable) error message of the failure.


Paytronix may enable or disable enhanced security for tokenization in our sandbox environments before the deprecation date for testing purposes. When not enabled, Spreedly will ignore these additional fields sent during tokenization (ie. Spreedly will not throw an error unless enhanced security is turned on). 


Errors
------

When attempting to tokenize payment with Spreedly and the following error is returned, it means that the enhanced security has not been correctly implemented and/or the values passed in are invalid.

Note that this is a Spreedly error and is subject to change. See 
`Spreedly Response Codes <https://docs.spreedly.com/reference/api/v1/#response-codes>`_ for details.

Spreedly Error:

.. code:: javascript

   {"errors": [
        {
            "key": "errors.invalid_enhanced_authentication_params",
            "message": "Missing or invalid required parameters for enhanced iframe security."
        }
    ]}