2024
link October
- Planned: change in the error response format for the
/api/charges/{id}/complete
query:
{
"errors": {
"charge": [
"is not completable"
]
}
}
{
"errors": [
{
"code": "card:blank",
"message": "Card can't be blank",
"param": "card",
"type": "card_error"
}
]
}
2023
link October
- Changes to the gateway’s SSL configuration:
- SANDBOX: removal of the DH and DHE cipher suite in TLSv1.2, addition of new ones.
- PRODUCTION: removed ciphers suites with CBC.
- No changes in TLSv1.3 ciphers.
- INFO: Ciphers DH/DHE on production gateway will be removed after Q1 2024.
link July
- Chapter describing integration with Fast Bank Transfers was introduced.
link June
- Release of new versions of scripts iFrame 2.0 (https://js.espago.com/iframe-2.0.js) and JS 1.3 (https://js.espago.com/espago-1.3.js), with improved appearance, acceptance of 2 digits year.
- Added path https://js.espago.com/iframe.js for iFrame script, always pointing to the latest version of Espago iFrame (previously iframe-1.0.js, currently iframe-2.0.js).
- Chapter describing integration with BLIK payments. was introduced.
link March
- Chapter describing Google Pay integration was introduced.
link January
- Introduction of categorizing response codes for credit card payments.
2022
link October
- Disabling verification 3D-Secure v1 by Visa and MasterCard, stay EMVCo 3D-Secure v2. On the side of Merchant there is no need to make any changes to the integration.
- Changes in behavior of test cards in “Sandbox” - all cards required 3DS verification in one time payment and with
cof=storing
(also card4242 4242 4242 4242
)
link July
- In the API query response with incorrect content (e.g. missing mandatory parameter value or bad format), the
code
parameter was added to theerrors
object. It includes a field name and a validation result. - API v2 is removed.
link February
- changes in the Espago Subscriptions behaviour - in the case of an unsuccessful card authorization attempt during the subscription: if the received
issuer_response_code
message belongs to “do not repeat” category, the subscription stops. To start a new subscription with the same Client Profile, updating with a new card and strong customer authentication are necessary. Alternatevely, please create a new Client Profile, perform strong customer authentication and start new subscription.
link January
- In the card charge request (
/api/charges/
): removedskip_3ds
parameter due to non-compliance with PSD2 regulations
2021
link May
- Disactivation Aktualizacji danych karty klienta tylko gdy karta jest zautoryzowana, because of incompatibility with PSD2.
- Disactivation Instantly authorize client feature, because of incompatibility with PSD2.
link April
- Supplementing the documentation and SQL file with rejection codes
1A
and65
(related to the lack of SCA / 3D-Secure), andB ##
codes (Espago rejection of payments that are known to be unsuccessful)
link January
- Disabling protocol TLSv1.1 in production Espago gateway (currently supported: TLSv1.2 and TLSv1.3).
2020
link November
- Enabling 3-D Secure version 2 (EMV 3-D Secure) on some Merchant’s accounts.
Using in payment status
state=tds_redirected
during whole 3-D Secure (both v2 or v1) authentication. Until now, such state was presented only in transaction object in this time.Adding
sca_payment
to client profile properties (exists when there was used parametercof=storing
in initiated payment or payment using client profile or updating client).Adding a payment for the amount of “0” PLN/EUR/etc, used to authenticate the client with SCA and save the card details, without charging him (or withdrawing this payment). ** NOTE ** Amount of 0 is available only with Elavon acquirer.
link January
- Integration with SIX/SaferPay - adding new payment channel to Espago gateway (according to Merchant agreement:
channel=six_cc
).
2019
link October
Changes in issuer response codes related to 3D-Secure:
E3 - 3D-Secure error in bank.
E4 (new) - 3D-Secure authentication failed.
E5 (new) - Other 3D-Secure error.
Creating new documentation https://start.espago.com
Old documentation (https://developers.espago.com) remains available.
link August
Adding Card on file parameter (cof = storing, recurring, instalment, unscheduled and other) for payments related to saving card data or made payment using card data saved in client profile:
- Parameter “cof=storing” added to payment enables creating of client profile (no need to additional request for client create).
- For backward compability, from August 2019 by default all payments with parameter “recurring=true” have automatically set “cof=recurring” in Espago (Merchant can overwrite this parameter with other cof values).
Change of guidelines related to 3D-Secure verification (changes related to PSD2 and preparation for 3D-Secure v2.0.0)
- each single payment should be made with 3D-Secure,
- each subscription should be started or preceded by a payment with 3D-Secure,
- each payment made using client profile (in subscription, one-click or on-demand payment) should have COF parameter.
link May
22 may 2019: Adding in production env (secure) changes in lenght of ID parameters. Changes are applied only to newly created objects.
- Changing the initial characters in the parameter transaction ID from “tn_” to “tr_”. The transaction ID will be still 12 characters long (tr_xxxxxxxxx). https://developers.espago.com/v3#320
- Increasing of lenght from 18 to 20 characters of every (without transactions) new ID parameters:
- Payment ID (pay_xxxxxxxxxxxxxxxx)
- Client ID (cli_xxxxxxxxxxxxxxxx)
- Token ID and Token-cvv ID
- Plan ID and subscription ID
- Invoice ID and invoice item ID (elements of subscriptions)
- Increasing from 12 to 14 lenght of parameter Service ID.
link April
Adding in test env (sandbox) changes, which will be applied in production gateway in 21 may 2019 (described in “May 2019” section). Changes will be applied only to newly created objects.
Adding issuer_response_code=15 (in language PL and EN) to SQL file in “Download” section.
2018
link October
- Adding two-factor authentication in the Seller’s panel.
- Adding back-requests during the refund of payment.
link August
Implementation of Safekey AMEX (3D-Secure on American Express cards).
Adding a payment refund option to the web panel.
Adding functions in payment request:
1.language per transactions (parameter locale)
2.email addres to sent email notifications (parameter email)
3.forcing to not send email, even if customer profile has email address (parameter skip_email)
link July
- Adding possibility to accepting using China Union Pay cards (UP/CUP).
link February
- Disabling protocol TLSv1.0 in production Espago gateway.
2017
link August
- Adding Espago Secure Page for creating/updating client profile.
link May
- Updating descriptions of issuer response codes: adding R0, R1, 68, and updating most comments in languages PL, EN and FR. New format of SQL file.
link January
- Introducing Espago iFrame - new, improved soluton for creating token/getting credit card data/creating payments on Seller’s website.
2016
link December
- Adding options skip 3D-Secure function.
- Espago iframe added.
link November
- Double card authorization added.
link September
- Adding API function, to get information about customer’s card: country and bank.
- Improvements in web panel.
- Update footer in mail notifications: adding link to FAQ and seller contact data (this data can be set in web panel).
link August
- Added the fields’ separator “|” in the method of calculating the checksum. The update applies to MasterPass and payment page. The old way of calculating the checksum will be valid until the first quarter of 2017.
link July
- Release Espago JS in version 1.2: https://js.espago.com/espago-1.2.js The use of new script (in place of old 1.1) doesn’t requiere additional changes on Seller website. New script contain several improvements, and add function to create CVV tokens.
link May
- Adding parameter payment_id in back requests when payment is done according to subscription.
- Adding new states of rejected payments according to 3D-Secure rejections and errors. Parameter reject_reason “3ds_not_authorized”, parameter issuer_response_code “E3”.
- Minor updates in description of codes 12 and 62.
link April
- Adding possibility for creating subscription with delayed start.
link March
- Adding protection: escaping six special charactes with accordance with recommendation of OWASP. in all text parameters (description, first_name, last_name, etc.).
link February
- Added the possibility to set the redirect URL for the payment - parameter positive_url and negative_url.
2015
link November
- Adding possibility to redirect customer to secure payment website on Espago gateway.
- Updating description of “issuer_response_code”: 00, 05, 57 in documentation and in sql/xml files.
- Adding new possible payment states: “tds_redirected”, “resigned”.
Changes in SSL/HTTPS requirements
Raising the requirements for connection to the test gateway https://sandbox.espago.com: limiting accepted protocols to TLSv1.2 and TLSv1.1 (excluding TLSv1.0) and raising the requirements for used ssl ciphers (disabling few ciphers which use CBC).
HTTPS configuration currently available in a test environment will be implemented gradually in production gateway, starting from February 2016.
link September
- Adding posssibility to make multiple, partial refund.
- Implementation function for adding CVV to payment made on demand/repeated.
link June
- Further expansion of functions related to payments Espago in module Przelewy24.
link May
- Launch of DCC (Dynamic Currency Conversion) service.
- Changes in allowed payment status in APIv3.0, adding: dcc_decision, tds_status.
- Adding description of new “issuer_response_code”: 91, 92, 95, 98 in documentation.
- Changes in SSL/HTTPS configration, disable supporting weak ciphers.
link April
- Enabling MasterPass service.
link March
- Adding to documentation description of two new error codes “issuer_response_code”: 62 and 75.
link February
- Publishing API v3.0. Old version APIv2.0 can still be used, but most of new functions (described abowe) will be implemented only in APIv3.0.
- Enabling 3D-Secure options.
2014
link December
- Publishing new version of Espago API documentation and moving it to new subdomain.
link November
- Disabling support of SSLv3 for incoming request (API) and outgoing (back_requests).