Deep Linking

Overview

• Deep link feature allows a third-party (in further text referred to as a Developer) to use a predefined URL to open up the pre-installed Cardknox mobile application in order to process a transaction.

• The Developer provides a number of required query parameters alongside any optional query parameters.

• The Cardknox app will use xRedirectURL with the required parameter to deliver the results of the processed transaction back to the caller. Results are provided as query parameters, appended onto the value provided by the xRedirectURL parameter. This is a GET request.

2. Glossary

A list of phrases, words, and synonyms that appear in this document; along with their meaning

Cardknox API

Refers to the Cardknox Transaction API, which can be found at https://kb.cardknox.com/api.

Command

A combination of a Payment type and a Transaction type, delimited by a semicolon. For example, cc:sale denotes a Credit Card Payment type and a sale transaction type.

Payment type

A type of payment, such as Credit Card (further abbreviated as “cc”), Check (further abbreviated as “check”). More payment types can be found on the Cardknox API site.

Transaction type

A type of transaction; such as Sale, AuthOnly, Capture etc. More transaction types can be found on the Cardknox API site.

3. Getting Started

Bare minimum, to integrate a mobile application capable of reacting to deep links with a website, is that the website should implement the logic that does the following:

1. Checks whether the application is installed on the mobile device or not.

2. If it’s not installed, the user is taken to the respective app store (AppStore for iOS or Google Play Store for Android).

3. if the software is installed, the target application is started.

Points 2 and 3 differ in the URLs that need to be invoked in order to achieve the described result (take the user to an app store or open the target application). Mobile browsers don’t offer an out-of-the-box API to detect if an application is installed on the device or not. As such, point 1 is the responsibility of the Developer to implement. This document assumes that the Cardknox app is preinstalled on a mobile device during the integration.

The Cardknox mobile app can be installed here:

a) Android: https://play.google.com/store/apps/details?id=com.gateway.cardknox.android

b) iOS: https://apps.apple.com/us/app/cardknox-payments/id1358857120

4. Deep Link Activation and Flow

The Cardknox app predefined URL is:

dck://app.cardknox.com/transaction

A Developer can use the predefined URL to open the Cardknox app in 2 ways:

1. Manually, by navigating to a predefined URL through a browser on a mobile device.

2. By having a website with an HTML element that can handle URLs and specifying the predefined URL on that HTML element.

Android only - adb tool can be used to deep link into the app with the following code:

adb shell am start -a android.intent.action.VIEW -d "dck://portal.cardknox.com/cardknoxdeeplink" com.gateway.cardknox.android

A developer is required to pass in a couple of required parameters. These required parameters are first URL decoded and then validated by the application. Optionally, a number of optional parameters can be passed in in order to prefil the transaction process form:

dck://app.cardknox.com/transaction?xAmount=1.0&xKey=CardknoxSupport_Test&xRedirectURL=https://www.test.com/&xCommand=cc:sale

Example URL with all the required parameters and no optional parameters

4.1 Validation

Validation is performed on the required and optional arguments. A failing required parameters validation results in an error screen displaying which one of the required arguments is missing or is invalid.

Optional arguments are also validated, but the application will not present an error screen describing which optional parameter failed the validation. For example, the app expects the xCVV optional parameter to be an int. The app will read a query parameter named xCVV and try to convert its value to an int. Passing a double might break the conversion to an int, in which case 0 is used as the int default value.

Validation is done in 3 steps, where each step yields a different user interface:

1. The xRedirectURL is invalid - User is presented with a UI that indicates that the xRedirectURL is missing or the provided value is not a valid URL.

2. At least one of the required parameters is invalid - User is presented with a UI that indicates which parameter failed validation.

3. All required parameters are valid - User is presented with a UI to process a transaction.

https://www.test.com/?xError=Required+parameter%3a+xKey&xResult=E&xStatus=Error

Response URL invoked by the app when only the xRedirectURL required parameter is supplied.

https://www.test.com/?xError=Required+parameter%3a+xAmount&xResult=E&xStatus=Error

Response URL invoked by the app when the xRedirectURL and xKey required parameters are supplied. Note that supplying the xCommandparameter here will not make the app validate the xCommand parameter as it’s being validated after xAmount.

https://www.test.com/?xError=Required+parameter%3a+xCommand&xResult=E&xStatus=Error

Response URL invoked by the app when the xRedirectURL, xKey and xAmount required parameters are supplied.

4.2 Processing interface type options

Cardknox app supports two user interfaces for transaction processing - one form interface (further abbreviated as “keyed screen”) and one card reader interface (further abbreviated as “swipe screen”).

Keyed screen allows processing with a card number, expiration date, cvv and other card specific information.

Swipe screen allows bluetooth pairing to a physical VP3300 card reader device, and transaction processing with card reader data readings; either with a card swipe (MSR / magnetic stripe cards) or by using the card with a chip (EMV card). The EMV card can be either tapped onto (“contactless”) or inserted into (“contact”) the VP3300 reader.

The app supports two optional query parameters to control which one, or both, of the two interfaces will be available once the app is invoked with a deep link:

• EnableDeviceInsertSwipeTap

  • controls the availability of the swipe screen

  • value type: boolean

  • possible values: true, false

  • example: EnableDeviceInsertSwipeTap=true

• EnableKeyedEntry - controls the availability of the keyed screen

  • controls the availability of the keyed screen

  • value type: boolean

  • possible values: true, false

  • example: EnableKeyedEntry=true

When the parameter values are not parseable to an expected value type, the app treats the parameter as not being provided at all

Presence of query parameters in the deep link URL and their value controls which user interfaces should be presented, as per the following mapping:

Mapping between the presence and value of EnableDeviceInsertSwipeTap and EnableKeyedEntry query parameters. Note that “-” symbol means “the parameter was not present in the URL”. Symbol “x” means that the UI is available.

When both keyed and swipe user interfaces are available, each one contains an UI element to navigate to the other interface

4.3 Transaction Processing

The user interface provides a button to process a transaction. The required parameters on the UI are the card number, expiration date, and the amount. The amount parameter is passed in through the URL. Expiration date defaults to the current month in the current year. The card number has to be typed in or provided as an optional argument with the xCardNum query parameter.

After the transaction is processed, two things can happen:

1. Transaction is approved - User will see a summary of the processed transaction. User has an option to click “Done” or “Signature.” Clicking on the “Done” button opens the mobile device browser with the URL specified by the xRedirectURL parameter. Transaction details are converted into key/value pairs and appended as a query string onto the xRedirectURL value. This is a GET request.

2. Transaction resulted in an error - User will not see the processed transaction summary. User will see the error message about what went wrong in a popup. User has an option to send the response back to xRedirectURL by clicking on any of the 2 Send buttons.

https://www.test.com/?xResult=A&xStatus=Approved&xError=&xErrorCode=00000&xRefNum=441701775&xExp=0421&xDate=4%2f7%2f2021+8%3a04%3a58+AM&xAuthCode=382480&xBatch=6913571&xAvsResultCode=NNN&xAvsResult=Address%3a+No+Match+%26+5+Digit+Zip%3a+No+Match&xCvvResultCode=&xCvvResult=No+CVV+data+available&xAuthAmount=1.30&xToken=7848qp7h1qp7q8p199062qnh4h9mq2q7&xMaskedCardNumber=4xxxxxxxxxxx1111&xCardType=Visa

A successful transaction URL encoded response sent to the xRedirectURL

https://www.test.com/?xResult=E&xStatus=Error&xError=Duplicate+Transaction&xErrorCode=01332&xRefNum=441702196&xExp=0421&xDate=4%2f7%2f2021+8%3a07%3a18+AM&xAuthCode=000000&xBatch=&xAvsResultCode=&xAvsResult=Unmapped+AVS+response&xCvvResultCode=&xCvvResult=No+CVV+data+available&xDuplicateAuthCode=382480&xDuplicateRefnum=441701775&xMaskedCardNumber=4xxxxxxxxxxx1111&xCardType=Visa

A erroneous transaction URL encoded response sent to the xRedirectURL

After the app sends the response back to the caller (by opening up the xRedirectURL in the mobile browser), the app’s UI is replaced with a full screen image displaying the Cardknox logo:

4.4 Process Cancellation

When the user taps Cancel in the application, a DeepLink cancellation is processed.

5. Required Parameters

6. Optional parameters