Extension Gift Card Flows
This document provides a detailed explanation of the extension gift card gateway flows, including the purpose of the flow, the services involved, and the description of each field in the requests and responses.
All requests are sent with x-akinon-api-version: v1. The microservice must validate this header and respond accordingly.
Example configuration:
{
"resource_url": "https://gift-card-service.example.com",
"config": {
"auth": {
"username": "<basic-auth-username>",
"password": "<basic-auth-password>"
}
}
}Purpose of the Flow
The Extension Gift Card Gateway Flow is designed to integrate with third-party gift card providers. Instead of communicating directly with each provider, Commerce communicates through a standardised interface — the GiftCardExtensionClient — which the provider must implement. This flow is particularly useful for:
Provider Abstraction: Allowing each provider to handle its own gift card logic without changes to Commerce.
OTP Support: Supporting providers that require OTP verification before a purchase can be completed.
Idempotent Refunds: Ensuring safe retry behaviour for refund operations.
The following configuration parameters are shared during integration:
resource_url
Base URL of the provider API
username
Username for basic authentication
password
Password for basic authentication
Common Request Headers
All requests include the following headers:
Authorization
Basic [BASE64_encoded(username:password)]
Mandatory
x-akinon-api-version
Always v1
Mandatory
x-akinon-request-id
Unique UUID4 identifier for each request
Mandatory
Content-Type
Always application/json
Mandatory
Timeouts
Connect
5s
Read
60s
Success Criteria
All endpoints treat any HTTP response other than 200 as a failure. The purchase endpoint has additional success criteria described in its section.
Common Request Fields
Every request body includes the following base fields:
version
String
Yes
Always "v1"
guid
String
Yes
Unique request identifier
check-balance (POST)
Queries card balance and card details by card number. For providers that require OTP, this step initiates the OTP flow.
URL:
Request Body Structure
version
String
Yes
Always "v1"
guid
String
Yes
Unique request identifier
cardNumber
String
Yes
Raw card number
Request Body Example
Request Body (typescript interface)
Response Body Structure
cardNumberMasked
String
Yes
Masked card number (e.g. ****1234)
purchaseToken
String | null
Conditional
Must be returned here for non-OTP flows. For OTP flows, may be returned in the verify-otp response instead
balance
String | null
Conditional
Card balance with 2 decimal places (e.g. "250.00"). May be null in OTP flows; in that case balance is expected in verify-otp
currency
String | null
Conditional
ISO 4217 currency code (e.g. "TRY"). If returned, must match the order currency; mismatches cause the transaction to be rejected
expirationDate
String | null
No
Card expiration date
otpRequired
Boolean
Yes
Whether OTP verification is required. If true, otpRef is mandatory; missing otpRef causes an error
otpRef
String | null
Conditional
Required when otpRequired=true. Used in verify-otp and send-otp requests
maskedPhone
String | null
Conditional
Masked phone number to which the OTP was sent. Expected when otpRequired=true
expiresIn
Number | null
No
OTP validity duration in seconds
Response Body Example
Response Body (typescript interface)
send-otp (POST)
Resends the OTP code for an existing OTP reference. Commerce applies a cooldown between consecutive requests; the provider may also enforce its own throttling.
URL:
Request Body Structure
version
String
Yes
Always "v1"
guid
String
Yes
Unique request identifier
otpRef
String
Yes
OTP reference code obtained from the check-balance response
Request Body Example
Request Body (typescript interface)
Response Body Structure
otpRef
String
Yes
OTP reference code. May be the same value or a renewed reference
maskedPhone
String
Yes
Masked phone number to which the OTP was sent
expiresIn
Number
No
New OTP validity duration in seconds
Response Body Example
Response Body (typescript interface)
verify-otp (POST)
Verifies the OTP code entered by the user. Returns purchaseToken on success. Even when HTTP 200 is returned, the operation is considered failed if verified=false.
URL:
Request Body Structure
version
String
Yes
Always "v1"
guid
String
Yes
Unique request identifier
otpRef
String
Yes
OTP reference code obtained from check-balance or send-otp
otpCode
String
Yes
OTP code entered by the user
Request Body Example
Request Body (typescript interface)
Response Body Structure
verified
Boolean
Yes
Verification result. If false even on HTTP 200, the operation is treated as failed
purchaseToken
String
Yes
Token to be used in the subsequent purchase request
balance
String | null
Conditional
Current card balance (2 decimal places). Required here if balance was not returned in check-balance
currency
String | null
Conditional
ISO 4217. Required if balance is present
Response Body Example
Response Body (typescript interface)
purchase (POST)
Charges payment from the card. If multiple gift cards are applied, a separate request is sent for each card. If any card fails, previously successful charges are automatically voided.
Reservations with amount=0 are excluded from purchase requests.
Success criteria: HTTP 200 AND status="RESOLVED" AND subStatus="RESOLVED" must all be satisfied.
URL:
Request Body Structure
version
String
Yes
Always "v1"
guid
String
Yes
Unique request identifier
purchaseToken
String
Yes
Token obtained from check-balance or verify-otp
amount
String
Yes
Charge amount with 2 decimal places (e.g. "100.00")
currency
String
Yes
ISO 4217, uppercase (e.g. "TRY")
orderNumber
String
Yes
Commerce order number
Request Body Example
Request Body (typescript interface)
Response Body Structure
status
String
Yes
Transaction status. See values table below
subStatus
String
Yes
Transaction sub-status. See values table below
transactionId
String
Yes
Unique transaction ID assigned by the provider. If empty or missing, Commerce uses a UUID4 fallback, which may affect void flow
status Values
RESOLVED
Transaction successful
REJECTED
Transaction rejected
subStatus Values
RESOLVED
Transaction successful
PROCESSING_ERROR
Provider-side error during the transaction
RISKY
Transaction flagged as risky
Response Body Example
Response Body (typescript interface)
void (POST)
Reverses a purchase transaction. If the order has not yet been created at the time of the void, orderNumber may be sent as null. Commerce suppresses void errors and does not halt the flow; however, the provider is still expected to return a successful response.
URL:
Request Body Structure
version
String
Yes
Always "v1"
guid
String
Yes
Unique request identifier
orderNumber
String | null
No
Commerce order number. May be null if the order has not yet been created
transactionId
String
Yes
ID of the purchase transaction to cancel
Request Body Example
Request Body (typescript interface)
Response Body Structure
transactionId
String
Yes
Unique ID for the void transaction. If empty or missing, Commerce uses a UUID4 fallback
Response Body Example
Response Body (typescript interface)
refund (POST)
Issues a partial or full refund.
URL:
Request Body Structure
version
String
Yes
Always "v1"
guid
String
Yes
Unique request identifier
orderNumber
String
Yes
Commerce order number
transactionId
String
Yes
ID of the purchase transaction to refund
amount
String
Yes
Refund amount with 2 decimal places (e.g. "50.00")
currency
String
Yes
ISO 4217, uppercase (e.g. "TRY")
Request Body Example
Request Body (typescript interface)
Response Body (raw 200)
history (POST)
Returns the full transaction history for a given order.
URL:
Request Body Structure
version
String
Yes
Always "v1"
guid
String
Yes
Unique request identifier
orderNumber
String
Yes
Commerce order number
Request Body Example
Request Body (typescript interface)
Response Body Structure
orderNumber
String
Yes
Commerce order number
status
String
Yes
Overall order status
subStatus
String
Yes
Overall order sub-status
paymentTransactionHistory
Array
Yes
Transaction list. The key must be paymentTransactionHistory, not transactions
paymentTransactionHistory Item Fields
transactionId
String
Yes
Transaction ID
type
String
Yes
Transaction type: PURCHASE, VOID, REFUND
amount
String
Yes
Transaction amount with 2 decimal places
currency
String
Yes
ISO 4217
statusCode
String
Yes
Transaction status code
subStatusCode
String
Yes
Transaction sub-status code
timestamp
String (ISO 8601)
Yes
Transaction timestamp
Response Body Example
Response Body (typescript interface)
Typical Flows
Non-OTP Provider
OTP Provider
send-otpis optional; it is used when the user needs the OTP resent.
Payment Reversal
Refund
Response Body For Errors (ALL)
All endpoints return errors in the following format. The first element of the errors array is used as the user-facing message.
Response Body (raw 4xx/5xx json)
Response Body (raw 4xx/5xx typescript interface)
Changelog
Version 1.0.0
Added
Initial implementation of the Extension Gift Card Gateway
check-balanceendpoint for card balance queries and OTP flow initiationsend-otpendpoint for resending OTP codesverify-otpendpoint for OTP verificationpurchaseendpoint for charging gift cardsvoidendpoint for cancelling purchase transactionsrefundendpoint for partial and full refundshistoryendpoint for order transaction historyHTTP Basic Auth support
x-akinon-request-idandx-akinon-api-versionheaders on all requests
Last updated
Was this helpful?