In this chapter we explore how to integrate the mobile SDK with a fully custom backend server. It is recommended that you also read through the chapters covering the example Merchant Backend API and gain an understanding of how the SDK works with that as backend.
Basic Backend Requirements
To support the SDK, your backend must be capable of at least creating a payment
order. If you wish to use consumer identification, it
must also be able to start an identification
session. In addition to these, your backend should
serve the appropriate html documents at urls used for the
paymentUrl; the content of these html documents will be
discussed below, but it is noteworthy that they are different for payments from
Android applications and those from iOS applications. Further, the urls used for
as paymentUrl on iOS should be configured as universal links for your iOS
application.
Android Configuration
To bind the SDK to your custom backend, you must create a subclass of
com.swedbankpay.mobilesdk.Configuration. This must be a Kotlin class. If you
cannot use Kotlin, you can use the compatibility class
com.swedbankpay.mobilesdk.ConfigurationCompat.
Your subclass must provide implementations of postPaymentorders and
postConsumers. These methods are named after the corresponding Swedbank
Pay APIs they are intended to be forwarded to. If you do not intend to use
consumer identification, you can have your postConsumers implementation throw
an exception.
The methods will be called with the arguments you give to the PaymentFragment.
Therefore, the meaning of consumer, paymentOrder, and userData is up to
you. If the consumer was identified before creating the paymentOrder, the
consumer reference will be passed in the consumerProfileRef argument of
postPaymentorders. The exact implementation of these methods is outside the
scope of this document.
You must return a ViewPaymentOrderInfo and optionally also a
ViewConsumerIdentificationInfo object respectively; please refer to their
class documentation on how to populate them from your backend responses. Any
exception you throw from these methods will in turn be reported from the
PaymentViewModel. Whether a given exception is treated as a retryable
condition is controlled by the shouldRetryAfter<Operation>Exception methods;
by default they only consider IllegalStateException as fatal. Please refer to
the Configuration documentation on all the features.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
class MyConfiguration : Configuration() {
override suspend fun postPaymentorders(
context: Context,
paymentOrder: PaymentOrder?,
userData: Any?,
consumerProfileRef: String?
): ViewPaymentOrderInfo {
val viewPaymentOrder = post("https://example.com/pay/android")
return ViewPaymentOrderInfo(
viewPaymentLink = "https://example.com/",
viewPaymentOrder = viewPaymentOrder,
completeUrl = "https://example.com/complete",
cancelUrl = "https://example.com/cancel",
paymentUrl = "https://example.com/payment/android",
termsOfServiceUrl = "https://example.com/tos",
isV3 = true
)
}
override suspend fun postConsumers(
context: Context,
consumer: Consumer?,
userData: Any?
): ViewConsumerIdentificationInfo {
val viewConsumerIdentification = post("https://example.com/identify")
return ViewConsumerIdentificationInfo(
webViewBaseUrl = "https://example.com/",
viewConsumerIdentification = viewConsumerIdentification
)
// Or throw Exception() if not using consumer identification
}
}
iOS Configuration
On iOS you must conform to the SwedbankPaySDKConfiguration protocol. Just like
on Android, you must provide implementations for the postPaymentorders and
postConsumers methods. The consumer, paymentOrder, and userData
arguments to those methods will be the values you initialize your
SwedbankPaySDKController with, and their meaning is up to you. The
postPaymentorders method will optionally receive a consumerProfileRef
argument, if the consumer was identified before creating the payment order.
The methods are asynchronous, and the result is reported by calling the
completion callback with the result. Successful results have payloads of
SwedbankPaySDK.ViewPaymentOrderInfo and
SwedbankPaySDK.ViewConsumerIdentificationInfo, respectively; please refer to
the type documentation on how to populate those types. If you do not intend to
use consumer identification, your postConsumers should callback should be
called with a failing result of SwedbankPayConfigurationError.notImplemented.
The other errors of any failure result you report will be propagated back to
your app in the paymentFailed(error:) delegate method. You must call the
completion callback exactly once, multiple calls are a programming error.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
struct MyConfiguration : SwedbankPaySDKConfiguration {
func postPaymentorders(paymentOrder: SwedbankPaySDK.PaymentOrder?,
userData: Any?,
consumerProfileRef: String?,
options: SwedbankPaySDK.VersionOptions,
completion: @escaping (Result<SwedbankPaySDK.ViewPaymentOrderInfo, Error>) -> Void) {
post(URL(string: "https://example.com/pay/ios")!) { result in
do {
let viewPaymentorder = try result.get()
let info = SwedbankPaySDK.ViewPaymentOrderInfo(isV3: true,
webViewBaseURL: URL(string: "https://example.com/"),
viewPaymentLink: viewPaymentorder,
completeUrl: URL(string: "https://example.com/complete")!,
cancelUrl: URL(string: "https://example.com/cancel"),
paymentUrl: URL(string: "https://example.com/payment/ios"),
termsOfServiceUrl: URL(string: "https://example.com/tos"))
completion(.success(info))
} catch {
completion(.failure(error))
}
}
}
func postConsumers(consumer: SwedbankPaySDK.Consumer?,
userData: Any?,
completion: @escaping (Result<SwedbankPaySDK.ViewConsumerIdentificationInfo, Error>) -> Void) {
post(URL(string: "https://example.com/identify")!) { result in
do {
let viewConsumerIdentification = try result.get()
let info = SwedbankPaySDK.ViewConsumerIdentificationInfo(webViewBaseURL: URL(string: "https://example.com/"),
viewConsumerIdentification: viewConsumerIdentification)
completion(.success(info))
} catch let error {
completion(.failure(error))
}
}
// Or completion(.failure(SwedbankPayConfigurationError.notImplemented)) if not using consumer identification
}
}
Backend
The code examples allude to a run-of-the-mill https API, but you can of course handle the communication in any way you see fit. The important part is that your backend must then communicate with the Swedbank Pay API using your secret token, and perform the requested operation.
POST Consumers
The “POST consumers” operation is simple, you must make a request to POST
/psp/consumers with a payload of your choosing, and you must get the
view-consumer-identification link back to the SDK.
Consumer SDK Request
SDK Request
1
2
POST /identify HTTP/1.1
Host: example.com
Consumer SDK Response
SDK Response
1
2
3
4
HTTP/1.1 200 OK
Content-Type: text/plain
https://ecom.externalintegration.payex.com/consumers/core/scripts/client/px.consumer.client.js?token=5a17c24e-d459-4567-bbad-aa0f17a76119
Consumer Swedbank Pay Request
Swedbank Pay Request
1
2
3
4
5
6
7
8
9
10
POST /psp/consumers HTTP/1.1
Host: api.externalintegration.payex.com
Authorization: Bearer <AccessToken>
Content-Type: application/json
{
"operation": "initiate-consumer-session",
"language": "sv-SE",
"shippingAddressRestrictedToCountryCodes" : ["NO", "SE", "DK"]
}
Consumer Swedbank Pay Response
Swedbank Pay Response
1
2
3
4
5
6
7
8
9
10
11
12
13
HTTP/1.1 200 OK
Content-Type: application/json
{
"operations": [
{
"method": "GET",
"rel": "view-consumer-identification",
"href": "https://ecom.externalintegration.payex.com/consumers/core/scripts/client/px.consumer.client.js?token=5a17c24e-d459-4567-bbad-aa0f17a76119",
"contentType": "application/javascript"
}
]
}
This is, of course, an over-simplified protocol for documentation purposes.
POST Payment Orders
The “POST paymentorders” is a bit more complicated, as it needs to tie in with
paymentUrl handling. Also, the full set of payment order urls must be made
available to the app. In this simple example we use static urls for all of
those, but in a real application you will want to create at least some of them
dynamically, and will therefore need to incorporate them to your protocol.
Payment Order SDK Request
SDK Request
1
2
POST /pay/android HTTP/1.1
Host: example.com
Payment Order SDK Response
SDK Response
1
2
3
4
HTTP/1.1 200 OK
Content-Type: text/plain
https://ecom.externalintegration.payex.com/paymentmenu/core/scripts/client/px.paymentmenu.client.js?token=5a17c24e-d459-4567-bbad-aa0f17a76119&culture=sv-SE
Payment Order Swedbank Pay Request
Swedbank Pay Request
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
POST /psp/paymentorders HTTP/1.1
Host: api.externalintegration.payex.com
Authorization: Bearer <AccessToken>
Content-Type: application/json
{
"paymentorder": {
"urls": {
"hostUrls": ["https://example.com/"],
"completeUrl": "https://example.com/complete",
"cancelUrl": "https://example.com/cancel",
"paymentUrl": "https://example.com/payment/android"
}
}
}
Payment Order Swedbank Pay Response
Swedbank Pay Response
1
2
3
4
5
6
7
8
9
10
11
12
13
HTTP/1.1 201 Created
Content-Type: application/json
{
"operations": [
{
"href": "https://ecom.externalintegration.payex.com/paymentmenu/core/scripts/client/px.paymentmenu.client.js?token=5a17c24e-d459-4567-bbad-aa0f17a76119&culture=sv-SE&_tc_tid=30f2168171e142d38bcd4af2c3721959",
"rel": "view-paymentorder",
"method": "GET",
"contentType": "application/javascript"
}
]
}
Payment URL
As discussed in previous chapters, in some situations the paymentUrl of a
payment will be opened in the browser. When this happens, we need a way of
returning the flow to the mobile application. We need to take a slightly
different approach depending on the client platform.
Android
The SDK has an Intent Filter for the
com.swedbankpay.mobilesdk.VIEW_PAYMENTORDER action. When it receives this
action, if the Intent uri is equal to the paymentUrl of an ongoing payment (as
reported by ViewPaymentOrderInfo), it will reload the payment menu of that
payment. Therefore, if the paymentUrl is opened in the browser, that page must
start an activity with such an Intent. This can be done by navigating to an
intent scheme url. Note that the rules for following
intent-scheme navigations can sometimes cause redirects to those url not to
work. To work around this, the paymentUrl must serve a proper html page, which
attempts to immediately redirect to the intent-scheme url, but also has a link
the user can tap on.
Refer to the intent scheme url documentation on how to form one. You should always include the package name so that your intent is not mistakenly routed to the wrong app.
Request
1
2
GET /payment/android HTTP/1.1
Host: example.com
Response
1
2
3
4
5
6
7
8
9
10
11
12
HTTP/1.1 200 OK
Content-Type: text/html
<html>
<head>
<title>Swedbank Pay Payment</title>
<meta http-equiv="refresh" content="0;url=intent://example.com/payment/android#Intent;scheme=https;action=com.swedbankpay.mobilesdk.VIEW_PAYMENTORDER;package=com.example.app;end;">
</head>
<body>
<a href="intent://example.com/payment/android#Intent;scheme=https;action=com.swedbankpay.mobilesdk.VIEW_PAYMENTORDER;package=com.example.app;end;">Back to app</a>
</body>
</html>
iOS
Switching apps on iOS is always done by opening a URL. urls. It is preferred to
use a Universal Link URL. Your app and backend must be configured such that the
paymentUrl used on iOS payments is registered as a universal link to your app.
Then, on iOS 13.4 or later, in most cases when the paymentUrl is navigated to,
it will be immediately given to your app to handle. However, Universal Links are
not entirely reliable, in particular if you wish to support iOS earlier than
13.4, and we must still not get stuck if the paymentUrl is opened in the
browser instead.
Now, the most straightforward way of escaping this situation is to define a
custom url scheme for your app, and do something similar to the Android
solution, involving that scheme. If you plan to support only iOS 13.4 and up,
where the situation is rather unlikely to occur, this can be sufficient. Doing
this on earlier versions is likely to end up suboptimal, though, as doing this
will cause an unsightly confirmation dialog to be shown before the app is
actually launched. As the situation where paymentUrl is opened in the browser
is actually quite likely to occur on iOS earlier than 13.4, this means you are
more or less subjecting all users on those systems to sub-par user experience.
To provide a workaround to the confirmation popup, we devise a system that
allows the user to retrigger the navigation to paymentUrl in such a way as to
maximize the likelihood that the system will let the app handle it. As one of
the criteria is that the navigation must be to a domain different to the current
one, the paymentUrl itsef will always redirect to a page on a different
domain. That page is then able to link back to the paymentUrl and have that
navigation be routed to the app. You could host this “trampoline” page yourself,
but Swedbank Pay has a generic one available for use. The trampoline page takes
three arguments, target, which should be set to your paymentUrl, language,
which supports all the Checkout languages, and app, you app name that will be
shown on the page.
On iOS any URL the app is opened with is delivered to the
UIApplicationDelegate by either the
application(_:continue:restorationHandler:) method (for universal links) or
application(_:open:options:). To let the SDK respond appropriately, you need
to call SwedbankPaySDK.continue(userActivity:) or SwedbankPaySDK.open(url:)
from those methods, respectively.
Request
1
2
GET /payment/ios HTTP/1.1
Host: example.com
Response
1
2
HTTP/1.1 301 Moved Permanently
Location: https://ecom.stage.payex.com/externalresourcehost/trampoline?target=https%3A%2F%2Fexample.com%2Fpayment%2Fios%3Ffallback%3Dtrue&language=en-US&app=Example%20App
The trampoline url will, in turn, serve an html page:
Request
1
2
GET /externalresourcehost/trampoline?target=https%3A%2F%2Fexample.com%2Fpayment%2Fios%3Ffallback%3Dtrue&language=en-US&app=Example%20App HTTP/1.1
Host: ecom.stage.payex.com
Response
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
HTTP/1.1 200 OK
Content-Type: text/html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Swedbank Pay Redirect</title>
<link rel="icon" type="image/png" href="/externalresourcehost/content/images/favicon.png">
<link rel="stylesheet" href="/externalresourcehost/content/css/style.css">
</head>
<body>
<div class="trampoline-container" onclick="redirect()">
<img alt="Swedbank Pay Logo" src="/externalresourcehost/content/images/swedbank-pay-logo-vertical.png" />
<span class="trampoline-text">
<a>Back to Example App</a>
</span>
</div>
<script>
function redirect() { window.location.href = decodeURLComponent("https%3A%2F%2Fexample.com%2Fpayment%2Fios%3Ffallback%3Dtrue"); };
</script>
</body>
</html>
The page links back to https://example.com/payment/ios?fallback=true. Notice
the additional parameter. This is, indeed, part of the target parameter, and
under the control of your backend. The purpose of this is to allow for one final
escape hatch, in case the universal link mechanism fails to work. If this url is
yet again opened in the browser, the backend responds with a redirect to to a
custom-scheme url. (This should only happen if your universal links
configuration is broken, or if iOS has somehow failed to load the Apple
App-Site Association file.)
Request
1
2
GET /payment/ios?fallback=true HTTP/1.1
Host: example.com
Response
1
2
HTTP/1.1 301 Moved Permanently
Location: com.example.app://example.com/payment/ios?fallback=true
From the app perspective, in our example, the url the app is opened with will be
one these three: https://example.com/payment/ios,
https://example.com/payment/ios?fallback=true, or
com.example.app://example.com/payment/ios?fallback=true. When any of these is
passed to the SDK from your UIApplicationDelegate, the SDK will then call into
your Configuration to check if it matches the paymentUrl
(https://example.com/payment/ios in this example). This can be customized, but
by default it will allow the scheme to change and for additional query
parameters to be added to the url, so this example would work with the default
configuration.
Apple App-Site Association
As the iOS paymentUrl needs to be a universal link, the backend will also need
an Apple App-Site Association file. This must be served at
/.well-known/apple-app-site-association, and it must associate any url used as
a paymentUrl with the app.
Request
1
2
GET /.well-known/apple-app-site-association HTTP/1.1
Host: example.com
Response
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
HTTP/1.1 200 OK
Content-Type: application/json
{
"applinks": {
"apps": [],
"details": [
{
"appID": "ABCDE12345.com.example.app",
"paths": [ "/payment/ios" ],
"appIDs": [ "ABCDE12345.com.example.app" ],
"components": [
{ "/": "/payment/ios" }
]
}
]
}
}
Note that the AASA file must be served over https, otherwise iOS will not load
it. This example AASA file contains both old-style and new-style values for
maximum compatibility. You may not need the old-style values in your
implementation, depending on your situation.
Updating The Payment Order
The SDK includes a facility for updating a payment order after is has been created. The Merchant Backend Configuration uses this to allow setting the method of an instrument mode payment, but your custom Configuration can use it for whatever purpose you need.
Android
First, implement updatePaymentOrder in your Configuration subclass. This
method returns the same data type as postPaymentorders, and when it does, the
PaymentFragment reloads the payment menu according to the new data. The
paymentOrder and userData arguments are what you set for the
PaymentFragment, the viewPaymentOrderInfo argument is the current
ViewPaymentOrderInfo (as returned from a previous call to this method, or, if
this is the first update, the original postPaymentorders call). The
updateInfo argument will be the value you call
PaymentViewModel.updatePaymentOrder with, its meaning is therefore defined by
you.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
class MyConfiguration : Configuration() {
override suspend fun updatePaymentOrder(
context: Context,
paymentOrder: PaymentOrder?,
userData: Any?,
viewPaymentOrderInfo: ViewPaymentOrderInfo,
updateInfo: Any?
): ViewPaymentOrderInfo {
val viewPaymentOrder = post("https://example.com/payment/android/frobnicate")
return ViewPaymentOrderInfo(
viewPaymentLink = "https://example.com/",
viewPaymentOrder = viewPaymentOrder,
completeUrl = "https://example.com/complete",
cancelUrl = "https://example.com/cancel",
paymentUrl = "https://example.com/payment/android",
termsOfServiceUrl = "https://example.com/tos",
isV3 = true
)
}
}
To trigger an update, call updatePaymentOrder on the PaymentViewModel of the
active payment. The argument of that call will be passed to your
Configuration.updatePaymentOrder as the updateInfo argument.
1
activity.paymentViewModel.updatePaymentOrder("frob")
iOS
Implement updatePaymentOrder in your configuration. Rather like the Android
method, this method takes a callback of the same type as postPaymentorders,
and when that callback is invoked with a Success result, the
SwedbankPaySDKController reloads the payment menu according to the new data.
Unlike postPaymentorders, this method must also return a request handle, which
can be used to cancel the request if needed. If the request is cancelled, the
completion callback should not be called.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
func updatePaymentOrder(paymentOrder: SwedbankPaySDK.PaymentOrder?,
options: SwedbankPaySDK.VersionOptions,
userData: Any?,
viewPaymentOrderInfo: SwedbankPaySDK.ViewPaymentOrderInfo,
updateInfo: Any,
completion: @escaping (Result<SwedbankPaySDK.ViewPaymentOrderInfo, Error>) -> Void) -> SwedbankPaySDKRequest? {
var request = post(URL(string: "https://example.com/payment/ios/frobnicate")!) { result in
do {
let viewPaymentorder = try result.get()
let info = SwedbankPaySDK.ViewPaymentOrderInfo(isV3: true,
webViewBaseURL: URL(string: "https://example.com/"),
viewPaymentLink: viewPaymentorder,
completeUrl: URL(string: "https://example.com/complete")!,
cancelUrl: URL(string: "https://example.com/cancel"),
paymentUrl: URL(string: "https://example.com/payment/ios"),
termsOfServiceUrl: URL(string: "https://example.com/tos"))
completion(.success(info))
} catch NetworkError.cancelled {
// no callback
} catch {
completion(.failure(error))
}
}
return request
}
To trigger an update, call updatePaymentOrder on the
SwedbankPaySDKController. The argument will be passed to your configuration in
the updateInfo argument.
1
2
3
swedbankPayController.updatePaymentOrder(
updateInfo: "frob"
)
Backend
The backend implementation makes any needed calls to Swedbank Pay, and returns
whatever your implementation expects. It is recommended to always use the
view-paymentorder link from the update response, in case the update has caused
a change to that url.
Request
1
2
POST /payment/android/frobnicate HTTP/1.1
Host: example.com
Response
1
2
3
4
HTTP/1.1 200 OK
Content-Type: text/plain
https://ecom.externalintegration.payex.com/paymentmenu/core/scripts/client/px.paymentmenu.client.js?token=5a17c24e-d459-4567-bbad-aa0f17a76119&culture=sv-SE
Errors
Any exception you throw from your Configuration will be made available in
PaymentViewModel.exception or SwedbankPaySDKDelegate.paymentFailed(error:).
You are therefore fully in control of the model you wish to use to report
errors. We recommend adopting the Problem Details for HTTP APIs
convention for reporting errors from your backend. At the moment of writing, the
Android SDK also contains a utility for parsing RFC 7807
messages to help with this.
iOS Payment Menu Redirect Handling
In many cases the payment menu will need to navigate to a different web page as
part of the payment process. Unfortunately, testing has shown that not all such
pages are happy about being opened in a WKWebView. To mitigate this, the SDK
contains a list of pages we know to work, and any others will be opened in
Safari (or whatever browser the user has set as default in recent iOS). If you
wish, you can customize this behavior by overriding
decidePolicyForPaymentMenuRedirect in your configuration. Note that you can
also modify this behavior by the webRedirectBehavior property of
SwedbankPaySDKController.
1
2
3
4
5
6
7
struct MyConfiguration : SwedbankPaySDKConfiguration {
func decidePolicyForPaymentMenuRedirect(navigationAction: WKNavigationAction,
completion: @escaping (SwedbankPaySDK.PaymentMenuRedirectPolicy) -> Void) {
// we like to live dangerously, allow everything
completion(.openInWebView)
}
}
iOS Payment URL Matching
The iOS paymentUrl universal-link/custom-scheme contraption makes it so that
your app must be able to accept some variations in the urls. The default
behavior is to allow for a different scheme and additional query parameters. If
these are not good for your app, you can override the
url(_:matchesPaymentUrl:) method in your configuration. If you wish to simply
specify the allowed custom scheme, you can conform to
SwedbankPaySDKConfigurationWithCallbackScheme instead.
1
2
3
4
5
6
7
struct MyConfiguration : SwedbankPaySDKConfiguration {
func url(_ url: URL, matchesPaymentUrl paymentUrl: URL) -> Bool {
// We trust universal links enough
// so we do not need the custom-scheme fallback
return url == paymentUrl
}
}
1
2
3
struct MyConfiguration : SwedbankPaySDKConfigurationWithCallbackScheme {
let callbackScheme = "com.example.app"
}