TrustPay
en
  • en
  • zh
    TrustPay
    en
    • en
    • zh
    • Integration Guide
    • Risk Control – Merchant Integration
    • Enums
    • v3
      • c16
        • Payin Order Create(Counter)
      • Balance
        POST
      • Payin
        POST
      • Payment Callback
        POST
      • Order Query
        POST
      • Risk Confirmation
        POST
      • Card Direct Payin
        POST
    • v2
      • Payout(INR)
        POST

    Risk Control – Merchant Integration

    1. Overview#

    To enhance payment security, the banking channel has added a risk control confirmation step to the payment process. When a user submits payment information, the payment system calls the merchant’s configured risk control API, allowing the merchant to decide whether to approve the transaction.
    What the merchant must do:
    1.
    Configure the Risk Control API URL (via the admin dashboard or by contacting technical support).
    2.
    Implement the Risk Control API to receive payment system requests and return a decision.

    2. Payment Flow#

    2.1 Full Payment Flow#

    2.2 Key Time Points#

    T0: Merchant creates order and obtains payment link
    T1: User accesses link and enters payment info
    T2: User submits payment → Bank channel calls confirmation API
    T3: Payment system calls merchant risk control API (merchant makes decision here)
    T4: Payment process continues or terminates based on decision

    3. Merchant Requirements#

    3.1 Configure Risk Control API URL#

    Option 1: Configure via Admin Dashboard
    Log in to the merchant admin dashboard
    Go to the merchant configuration page
    Set the bank channel risk control API URL
    Option 2: Contact Technical Support
    Provide your merchant ID and risk control API URL
    Technical support will configure it in the database
    Configuration Fields:
    merchant_id: Merchant ID
    risk_control_url: Full HTTPS URL of the risk control API
    Example:
    merchant_id: 10001
risk_control_url: https://merchant.example.com/api/risk-control

    3.2 Implement the Risk Control API#

    The merchant must implement an HTTP POST endpoint to receive risk control requests and return a decision.

    3.2.1 API Specification#

    Request Method: POST
    Request Header:
    Content-Type: application/json
    Request Body:
    {
  "orderId": "ORD202401011234567890",
  "cardPrefix": "123456",
  "cardSuffix": "7890",
  "cardHolderName": "John Doe"
}
    Field Description:
    FieldTypeRequiredDescription
    orderIdstringYesOrder ID (same as orderId used when creating the order)
    cardPrefixstringYesFirst 6 digits of the card number
    cardSuffixstringYesLast 4 digits of the card number
    cardHolderNamestringYesName of the cardholder
    Response Specification:
    Allow Payment
    HTTP Status: 200 OK
    Response Body: "allow" (plain text)
    Deny Payment
    HTTP Status: 403 Forbidden
    Response Body: "deny" (plain text)
    Notes:
    The API must respond within 5 seconds; otherwise, payment will be automatically denied.
    The response body must be plain text ("allow" or "deny") — do not return JSON.

    4. Request/Response Examples#

    4.1 Example — Allow Payment#

    Request:
    Response:
    HTTP/1.1 200 OK
Content-Type: text/plain

allow

    4.2 Example — Deny Payment#

    Request:
    Response:
    HTTP/1.1 403 Forbidden
Content-Type: text/plain

deny
    Modified at 2025-11-15 00:59:39
    Previous
    Integration Guide
    Next
    Enums
    Built with