Payment plug-in specification

Review the following overview of the payment plug-in specification to better understand how we can use payment plug-ins.

Version: 1.0

Purpose: This specification accompanies the Java API information for the IBM Payment plug-in. This information provides an overview of payment plug-ins and the payment plug-in specification.

Target audience and skill requirements: The target audience for this information is application developers for payment service providers, e-commerce solutions, or external payment systems.

Related information: This payment plug-in API specification is intended to be used with the following API information: com.ibm.commerce.payments.plugin.

Features:: The payment plug-in specification has the following features:

* Denotes that plug-ins are provided in WebSphere Commerce to support these methods. If you write our own plug-in, we must follow this specification.

Organization of this specification: This specification includes a list of terminology that is used and the specification details that supplement the API information. This specification also includes examples of the plug-in deployment descriptor and related XSD file, and diagrams that help illustrate important concepts. It also contains information about error handling and security considerations.

The following topics are included in this specification:


Terminology used in this specification


Specification description


Plug-in deployment descriptor

A plug-in deployment descriptor enables a plug-in to integrate with WebSphere Commerce. It is an XML file that contains information about a plug-in and describes to the Payment plug-in controller how the plug-in is to be deployed. A plug-in deployment descriptor contains common properties used by the Payment plug-in controller during system initialization to start and send requests to the plug-in. It is used by the WebSphere Commerce installation and configuration programs to enable the payment plug-in within the Payment plug-in controller and the WebSphere Commerce instance.

The plug-in deployment descriptor describes the specific configuration requirements that must be resolved in order for the plug-in to work correctly. The descriptor must contain the plug-in home interface name.

Plug-in deployment descriptors are named PluginDeployment.xml and reside in the deployed instance's EAR directory in WebSphere Application Server.

A plug-in deployment descriptor must exist for every plug-in, and can be used to define more properties specific to a particular plug-in. A Plug-in deployment descriptor XSD and PluginDeployment.xml are included in this specification.


Understanding the plug-in interfaces

For more information about these interfaces, see the related API information.


Understanding the plug-in classes

The properties file for messages is in the following directory:


Payment plug-in error handling

The payment plug-in specification identifies a set of predefined exceptions. If a plug-in does not implement a particular method, the plug-in should throw the exception FunctionNotSupportedException. If more exceptions need to be added for a plug-in, the exception PluginException should be extended. However, the Payment plug-in controller will not be able to process these exceptions in any particular way. Although all exceptions are caught, plug-in-specific errors cannot be handled properly. For example, a FinancialException informs the Payment plug-in controller that some financial error occurred and the Payment plug-in controller can act by informing other software layers, such as the Payment rules engine. However, if an ABCException occurs, it is wrapped as a generic plug-in exception.

Exceptions that are thrown by a plug-in should contain as much contextual information as possible to allow convenient error handling and problem determination. Information can include the result codes from the payment back-end system, and container reference to the payment instruction, payment, and credit. Exception hierarchy of payment is independent of ECException. The root exception for payment is BaseException, which extends from Exception. There are two exceptions of BaseException:

For each kind of PluginException, there is a corresponding type of EDPException. For example, com.ibm.commerce.payments.plugin.InvalidDataException is a PluginException, and com.ibm.commerce.edp.api.InvalidDataException is its corresponding EDPException.

For exceptional situations, throw PluginException (or exception) in your payment plug-in.

Note: We can define our own exceptions as needed, but these exceptions must extend from PluginException. The behavior is the same as a PluginException.


Security considerations for payment plug-ins

Payment plug-ins are responsible for the security of the communication with their payment back-end systems. Since payment information is sensitive data, the plug-ins encrypt all data that is sent over network connections. The Payment plug-in controller does not provide encryption services for this type of communication with the payment back-end system.

All sensitive data in a PaymentInstruction container is encrypted by the Payment plug-in controller when they are persistent in the PPCEXTDATA table.

If the plug-in persists sensitive data in the file system or by using databases, encrypt the sensitive data. The Payment plug-in controller does not provide encryption services for this persistence.

If you use Java EE or EJB access control, the plug-in documentation that you produce must clearly identify the required user roles and permissions to use the plug-in implementation. This documentation is needed so that we can deploy the plug-in.

Transient sensitive data, for example, Card Validation Code, is passed to the plug-in as the extended data of the current payment instruction. We can retrieve the data in your plug-in and pass it to the back-end payment system if necessary. Avoid persisting or removing any of the transient sensitive data in the plug-in. The Payments plug-in controller is responsible for removing transient sensitive data and for preventing the data from being persisted in the database.


Related concepts
Financial transactions
Payment plug-ins


Related tasks
Processing multiple shipments with a single approval
Configure synchronized payment reversals