For subscription services in Norway, Strex requires that a double opt-in is performed using a mechanism provided by Strex themselves.
The easiest way to implement this from a customer point of view is to provide some special values in the ReferenceID parameter (available with most APIs) on messages with pricegroup > 0 (i.e. on billing messages) and belonging to a subscription service, which will make the ViaNett platform handle the preauth routines automatically. The preauthauto value will mostly be sufficient.
Here are the available values:
| ReferenceID |
Description |
| preauth |
A preauthorization procedure will always be triggered automatically on messages with this referenceid value, regardless of whether a prior preauthorization has been performed, the resulting token will be saved in the ViaNett platform and automatically used on subsequent transactions with referenceid value preauthauto or preauthcached. |
| preauthauto
|
If end-user is not preauthorized, a preauthorization procedure will be triggered automatically, the resulting token will be saved in the ViaNett platform and automatically used on subsequent transactions with referenceid preauthauto. Should the preauthorization token expire or be invalidated, it will NOT be automatically renewed (a renewal should instead be triggered by using the referenceid preauth). |
| preauthcached |
If end-user is already preauthorized, the saved token will be used to process the transaction. If end-user does not have a stored preauth token, messages will be rejected with error "NoToken" |
| preauthiftoken |
If end-user is already preauthorized, the saved token will be used to process the transaction. If end-user does not have a stored preauth token, messages will be sent without a provided token. |
| preauthtoken;xxxxx |
The sell request will be performed using the specified token after the semicolon. If the token is not rejected by Strex, the token will be saved in the ViaNett platform and automatically used on subsequent transactions with referenceid preauthauto or preauthcached. |
| preauthotp;xxxx;yyyyyyyyyyy |
A preauthorization validation procedure will be triggered automatically using the OTP and OTP trans id (xxxx = OTP, yyyyyyyyyyy = OTP trans id), which if successful will generate a preauthorization token, which will be saved in the ViaNett platform and automatically used on subsequent transactions with referenceid preauthauto or preauthcached. |
Additional methods for handling the preauthorization requirements (such as generating one-time passwords and/or triggering the preauthorization process at a different point in the message flow) are available from https://smsc.vianett.no/V3/Custom/StrexWebService.asmx:
strexGenerateOtp
Generates an SMS from Strex containing a One Time Password that the end user needs to input to a merchant interface.
Request:
| Parameter |
Description |
| campaign |
Set to 0 for default campaign, or specify the campaign the service is configured on (used to identify the correct Strex merchant) |
| shortCode |
Specify the short code the service is used for and configured on (used to identify the correct Strex merchant and as a sender address if senderText is blank) |
| destination |
The MSISDN on international format (47xxxxxxxx) |
| message |
SMS text defined by merchant to be added to the beginning of the SMS message. If not set in request, a default message will be sent. |
| senderText |
The sender address. If left blank, the value in shortCode will be used instead. |
| recurring |
Set to true if the OTP is used to opt-in to a recurring payment, or false if used for a single payment only |
| timeout |
Validity period for OTP. Defined in seconds. Minimum 1, max 86400 (24 hours). If not set in request, default value of 300 (5 min) will be used. |
Response:
| Parameter |
Description |
| ok |
True if successful request |
| errorCode |
See errorcode list |
| strexResult |
Native Strex error code |
| strexResultDesc |
Native Strex error description |
| strexTransId |
Transaction ID, must be specified in optTransId along with the 4-digit code (provided by the end-user) in StrexPreAuthorization or in the "preauthotp;xxxx;yyyyyyyyyyy" or "sellotp;xxxx;yyyyyyyyyyy" reference ID on a billing MT. |
strexHasCachedAuthorizationToken
Checks if the end-user already has a cached preauthorization token stored in the ViaNett platform, and retrieves the token as well as an indication of whether the token has been invalidated by Strex (e.g. due to change of MSISDN owner).
Request:
| Parameter |
Description |
| campaign |
Set to 0 for default campaign, or specify the campaign the service is configured on (used to identify the correct Strex merchant) |
| shortCode |
Specify the short code the service is used for and configured on (used to identify the correct Strex merchant) |
| destination |
The MSISDN on international format (47xxxxxxxx) |
Response:
| Parameter |
Description |
| ok |
True if successful request |
| errorCode |
See errorcode list |
| hasCachedToken |
True if there is a cached token stored on the ViaNett platform |
| isInvalidatedToken |
True if the stored token has been invalidated by Strex (e.g. due to change of MSISDN ownership). |
| strexAuthorizationToken |
The token that has been stored in the ViaNett platform. |
strexPreAuthorization
Creates a preauth token for a recurring charge, either from the OTP generated in advance by StrexGenerateOtp, or by an SMS or USSD dialogue on the end-user handset.
Request:
| Parameter |
Description |
| campaign |
Set to 0 for default campaign, or specify the campaign the service is configured on (used to identify the correct Strex merchant) |
| shortCode |
Specify the short code the service is used for and configured on (used to identify the correct Strex merchant) |
| destination |
The MSISDN on international format (47xxxxxxxx) |
| strexSecurityLevel |
1 or "none" (not allowed)
2 or "Confirmation"
3 or "PIN" (not in use)
Security level overrides OTP setting in strexConfirmChannel |
| strexConfirmChannel |
SMS: End User confirms preAuth request by replying "OK" or "yes" on an SMS. Only allowed for security_level = 2. This is default.
USSD: End User confirms preAuth request by replying "OK" or "yes" in the USSD application on the handset. Allowed for security_level 2 and 3.
OTP: End User confirms the preAuth by OTP. OTP value must be provided in otpCode parameter and StrexTransId from StrexGenerateOtp in otpTransId. |
| otpCode |
If strexConfirmChannel is OTP, the OTP value (from end-user) is provided here, if not leave blank. |
| otpTransId |
If strexConfirmChannel is OTP, the StrexTransId value from StrexGenerateOtp is provided here, if not leave blank. |
Response:
| Parameter |
Description |
| ok |
True if successful request |
| errorCode |
See errorcode list |
| strexResult |
Native Strex error code |
| strexResultDesc |
Native Strex error description |
| strexAuthorizationToken |
If OK is true, preauth token from successful preauth (this is automatically stored in the ViaNett platform and used if billing MTs are sent with referenceIDs preauthauto and preauthcached, and may also be explicitly specified using referenceid preauthtoken;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
strexGetUserInfo
Returns information about an End Users registration status on the Strex Payment Service and the latest registered terminal type (handset OS).
Request:
| Parameter |
Description |
| campaign |
Set to 0 for default campaign, or specify the campaign the service is configured on (used to identify the correct Strex merchant) |
| shortCode |
Specify the short code the service is used for and configured on (used to identify the correct Strex merchant) |
| destination |
The MSISDN on international format (47xxxxxxxx) |
Response:
| Parameter |
Description |
| ok |
True if successful request |
| errorCode |
See errorcode list |
| strexResult |
Native Strex error code |
| strexResultDesc |
Native Strex error description |
| validity |
0 = not registered
1 = Registered, but not valid for licensed purchase.
2 = Valid for licensed purchase
3 = MNO billing barred |
| terminalType |
Result is "Android" or "iPhone OS" or returns handset model |
strexSelfRegisterV3
Triggers a Strex registering process for end-users who have not registered at strex.no and are thus not allowed to be charged for certain types of services.
Request:
| Parameter |
Description |
| campaign |
Set to 0 for default campaign, or specify the campaign the service is configured on (used to identify the correct Strex merchant) |
| shortCode |
Specify the short code the service is used for and configured on (used to identify the correct Strex merchant) |
| destination |
The MSISDN on international format (47xxxxxxxx)
|
| smsText |
SMS text to be added in the registration SMS. |
| campaignCode |
Optional, the campaign code will be stored on the user profile of the registered End User for statistical purposes. Example "SX1" |
Response:
| Parameter |
Description |
| ok |
True if successful request |
| errorCode |
See errorcode list |
| strexResult |
Native Strex error code |