Dibs Payment Window

- Parameters

The DIBS payment window requires as minimum the following parameters to function. Parameters marked [parameter] are optional. Parameters are sent, e.g., as hidden fields in a form. The parameter names are shown in camel-case to improve legibility. But when posted to the DIBS Payment Window, their casing will be ignored. In regards to the predefined values (ioTypes, payType, distributionType) you should the casing as described in the parameter list. See examples below .

The DIBS Payment Window is "started" as followed. Information concerning the purchase is sent to DIBS (via HTTP POST). The POST URL is:

https://sat1.dibspayment.com/dibspaymentwindow/entrypoint

Mandatory input parameters:

Parameter	Type	Description
merchant	long	Shop identification. The Merchant number appears in the e-mail received from DIBS during registration with DIBS or on your contract. Your merchant number can also be retreived by contacting your respective DIBS support department below. Denmark Norway Sweden
amount	long - Minimum value of 1- maximum value 1715000000	The smallest unit of an amount, eg. cent for EUR , øre for Danish crowns, Example: 1,00 EUR = 100 or 1,50 EUR =150
orderId	String. Max 50 characters. Reg-ex format ^[a-zA-Z0-9\._-\|]+$	The shop’s order number for this particular puchase. It can be seen later when payment is captured, and will in some instances appear on the customer’s bank statement (both numerals and letters may be used).
currency	string. 3 digits or 3 letters	Currency specification as indicated in ISO4217 where the EUR is no. 978. Either the numeric or alphabetic code is accepted. Also see our list of currencies.
acceptReturnUrl	string. max 1024 characters	The URL of the page to be displayed if the purchase is approved. Typically a page within the merchant's shop site. The parameters are returned to this URL using POST. HTTPS is not mandatory but it is highly recommended. Note: The URL cannot be an IP-address

Optional input parameters:

Parameter	Type	Description
[cancelreturnurl]	string. max 1024 characters. Format is validated by java's java.net.URL class.	The URL of the page to be displayed if the customer cancels the payment. Typically a page within the merchant's shop site. The parameters are returned to this URL using POST. HTTPS is not mandatory but it is highly recommended.
[callbackUrl]	String. Max length 1024. Format is validated by java's java.net.URL class.	An asynchronous server-to-server call which tells the shop’s server the status payment. Can be used for many purposes, the most important of these being the ability to register the order in your own system without depending on the customer’s browser hitting a specific page of the shop. The parameters are returned to this URL using POST. HTTPS is not mandatory but it is highly recommended. Only the following ports are allowed: 80 (HTTP) 443 (HTTPS) 20080
[language]	string.	Contains the code of the language and locale to be used in DIBS Payment Window (default is "en_US"). Supported language codes are: en_US - English (US) en_GB - English (GB) da_DK - Danish sv_SE - Swedish nb_NO - Norwegian (Bokmål) Shorthand codes are also accepted ie. "en", "da", "sv" and "nb" will be interpreted as "en_US", "da_DK", "sv_SE" and "nb_NO" respectively. These codes are not case sensitive and we also allow the use of hyphen (-) instead of underscore (_). The default is used if this parameter is omitted or if the language code given does not match any of the above codes.
[addFee]	integer. Only the value 1 is allowed. Any other value will yield an error message from DIBS. Only the value 1 is allowed	If set to 1, the charge due to the transaction will automatically be calculated and affixed.. E.g This will add the fee needed to ensure the merchant gets the full amount. The calculated fee and the total amount is shown to the end user in the payment window.
[payType]	String. A comma separated list of payment type short names. Reg-ex format:	A list of payment types. Only the ones specified in this parameter will be shown to the customer and only these payment types will be accepted. If not set or invalid, then all payment types are shown. This list must be in upper case and comma separated with no spaces in between. Example: VISA,MC. A complete list of paytypes is listed here. Three group paytype parameters have been created to make it easier to show all payment types for each category; ALL_CARDS, ALL_NETBANKS and ALL_INVOICES
[capturenow]	integer. Only the value 1 is allowed.	Function to automatically capture the transaction upon a successful authorization.
[billingFirstName]	string	Customer's billing first name.
[billingLastName]	string	Customer's billing last name.
[billingAddress]	string	Customer's billing street address. If acquirer doesn't support getAddress but requires user to enter some billing address information, this parameter can be used to prepopulate values on IW 1st page/or set values on merchant's/legacy system's side. If acquirer returns appropriate value in getAddress/placeOrder - value from acquirer will override value sent in this parameter.
[billingAddress2]	string	Customer's billing street address (continued).
[billingPostCode]	string	Customer's billing postal code
[billingPostalPlace]	string	Customer's billing postal place (city, town, etc).
[billingEmail]	String. Max 128 characters	Customer's email address. Can be passed along to the acquirer if applicable. Note: That this parameter is mandatory when using the polish wire transfer service Przelewy24. Example: <input type="hidden" name="billingEmail" value="my@email.com"/>
[billingMobile]	String. Max 1024 characters	Customer's mobile number. Can be passed along to the acquirer if applicable.
[shippingFirstName]	string	Customer's first name.
[shippingLastName]	string	Customer's last name.
[shippingAddress]	string	Customer's shipping street address. If acquirer supports delivery to address specified by merchant (different from registered on acquirer), this parameter should be used.
[shippingAddress2]	string	Customer's shipping street address (continued).
[shippingPostCode]	string	Customer's shipping postal code.
[shippingPostalPlace]	string	Customer's shipping postal place (town, city, etc.).
[test]	integer. Only the value 1 is allowed	This field is used when tests are being conducted on the shop If set to 1 - a test purchase will be done to the shop. When this field is declared, the transaction is not dispatched to the card issuer, but is instead handled by the DIBS test module. See also Step 5 of the 10 Step Guide for more information. Should the test system be used at a later date, this will be activated at DIBS (contact DIBS support for reactivating the test mode of your shop).
[MAC]	String. Max 64 hexadecimal characters, which fits a SHA-256 code.	This parameter contains a Message Authentication Code. The following rules apply: A parameter name may not occur more than once in the request. The message on which the merchant has to do the MAC key calculation, is a concatenation of all key/value parameters sorted ASCIIbetically (In ASCII order, with uppercase and lowercase letters grouped separately) by parameter name, and separated by an ampersand. E.g.: amount=12300&currency=208. As mentioned at the beginning of this document, parameter names may only contain the characters " a-zA-Z0-9_". We perform an HMAC with SHA-256. We use UTF-8 encoding when calculating the HMAC Extraneous merchant parameters must start with "s_", parameters that are not part of the official parameters and does not start with "s_" are ignored and discarded. We will calculate the MAC if it is passed along. If the "force check" has been set in the DIBS administration it is considered mandatory. See example here. HMAC calculation tool.
[account]	String. A comma separated list of payment type short names. Reg-ex format: " ^[a-zA-Z0-9(),_-]+$"	If multiple departments utilize the company’s acquirer agreement with the acquirer, it may prove practical to keep the transactions separate at DIBS. An ”account number” may be inserted in this field, so as to separate transactions at DIBS.

NOTE: Shops are allowed to send their own parameters to the DIBS Payment Window, which will be returned in the response. However, the names of all such extraneous parameters must begin with "s_" and only contain the characters "a-zA-Z0-9_". All parameters unknown to us and not pre-fixed with "s_" will be discarded at the entry-point and not added to the MAC-calculation or returned to the acceptreturnUrl.

Form examples:

Simple FORM (Minimum):

Recommended basic form:

Extended form optimized for invoices: