nexi Xpay Back Office User Guide

XPAY BACK-OFFICE USER MANUAL
for Merchant

Xpay Back Office

Review

Introduction

XPay system provides merchants with a secure, multi-channel platform for e-commerce, Pay by link Plus and M.O.TO. (Mail order – Telephone order) sales, enabling them to accept and manage payments easily and securely.
The Back Office Portal is a comprehensive and functional tool for configuring the services offered by the XPay Payment Gateway. The URL to access the production environment is:
https://xpaydashboard.nexigroup.com/login
An e-mail will be sent by Nexi (XPay) to the merchant including the reference to the merchant Back Office portal (URL) and directions on how to access the portal itself and change password at first log-in.
This email could also include reference to the XPay CEE developer portal: https://developer.nexigroup.com/xpaycee/en-EU/docs/.
This document provides instructions on how to use the Back Office for the various users. It contains a functional description of the Interface and is divided into the following sections:

• language
• instructions on how to access the Back Office
• Back Office structure
• detailed descriptions of each functionality

Language

The Back Office is available in English.

Access

For the first access to the Back Office, Nexi will send a welcome e-mail with access instructions and a link to reset the password.
The link is valid for 24 hours, after which it will be necessary to reset the password from the portal login page.
The e-mail indicated during contract subscription will be registered as an Admin profile. Then, the Admin has the possibility to create both other users and other Admins.
3.1 Profiles
Users with access to the Back Office will be identified through their credentials and linked to a specific profile with a set of functionalities:

Admin: this profile can:

• view orders/transactions
• do captures/refunds on operations
• do M.O.T.O. transactions (if enabled, as a merchant should have signed only for MOTO service)
• create Pay by Link Plus(if enabled, as a merchant should have signed only for Pay by Link Plus service)
• create/manage users
• generate API keys
• configure terminal

Operator: can do what the Admin profile does, except:

• create/manage users
• generate API keys
• configure terminal

Reporter: can do what the Operator profile does except:

• do captures/refunds on operations
• do M.O.T.O. transactions
• create Pay by Link Plus

In a nutshell:

Main functionalities

| Admin| Operator|

Reporter

---|---|---|---
View orders/transactions| X| X| X
Do capture/ refund/ void on operations| X| X| –
Do M.O.T.O. transactions| X| X| –
Create Pay by Link Plus| X| X| –
Create/manage users| X| –| –
Generate API keys| X| –| –
Configure terminal| X| –| –

Features not available to the various profiles will not be displayed or clickable.
3.2 Login
A pre-login page is shown and by clicking on ‘Login’ in the upper right corner, it takes you to the login interface.To access the portal, simply enter Username (e-mail address that has been declared during the  onboarding for the first access or the one defined in the Backoffice) and password as in the imagebelow: 3.3 Retrieve credentials
To retrieve the password, you need to perform the following steps:

1. Click the ‘Forgot your credentials?’ link on the Login Page
2. Enter the email address you sign up with
3. Click on ‘I’m not a robot’ and confirm

An email will be sent to reset the password. Once changed, you can login to the portal using the new password from next time.
The password must have the following characteristics:

• Max password length: 20
• Min password length: 8
• Password history of last 5
• Password age: 90 days

The password must contain at least one occurrence for three out of four of the following categories:

• ABCDEFGHIJKLMNOPQRSTUVWXYZ
• abcdefghijklmnopqrstuvwxyz
• 0123456789
• *~!@#$^()-_=+[]{}|;:,. <>/?'”`**

It is possible to make five login tries by entering the wrong password. After 5 incorrect login requests, the service is suspended for 3 hours (authentication is not allowed). If the password has expired, you will be redirected to the change password page when  logging in.
3.4 Logout
The Logout Function allows you to log out of the Back Office.
From the main page, the choice in the top right-hand corner must be selected as detailed below:  For shared PC/workstations it is recommended to logout to leave the Back Office. The session ends automatically after 5 minutes.

Back Office structure

The Back Office allows authorized users to perform various functionalities, which are displayed in a horizontal menu, as in the image below.
Depending on the User’s profile, a different list of Functions will appear. Once the choice has been made, a specific drop-down menu appears for some functionalities. The toolbar will show the following sections:

• Home
• Orders
• Settings
• Services
  • Pay by Link Plus
  • M.O.T.O.
• Profile (Change password)

Functionalities

The following chapter provides a description of the features made available by the portal.
Some sections are only visible and clickable from specific profiles (refer to paragraph 3).

Menu

| Sub-menu|

Description

---|---|---
Orders| –| It allows the search of all orders, either via filters or in list form, and to view the details for each order.
Settings| –| It contains 3 sections:
·  Terminals Configuration, to customize the terminal configurations.
·  Users: settings and information associated with a user. From this section, the Admin can also create new users.
· API Keys: shows the list of API keys and allows the admin to create new ones.
Services| Pay by Link Plus| It allows the Merchants to provide a link to their customers (e.g. in an email invoice). Through the link the customers are redirected to a webpage where they can securely make the payment with their preferred payment method.
Services| M.O.T.O.| It is intended for merchants who need to handle telephone or mail transactions via Back Office.
Profile| Change Password| It shows the user’s email address and the user type (e. g. Admin).
It also allows the user to change the password.

5.1 Orders
5.1.1 Orders List
This is the highest-level view of the orders list. A research function is available to check the status of generated payment requests in real time. It is possible to filter the search results based on the fields displayed.

The page presents a series of fields that the user can fill in:

Field

| Type|

Description

---|---|---
Date – from| dd/mm/yyyy| Retrieve orders created from this time.
The field must be valorized from the calendar that appears by selecting the field.
The search can be carried out in a range of 1 month, going back up to 13 months.
Date – to| dd/mm/yyyy| Retrieve orders up to this time.
The field must be valorized from the calendar that appears by selecting the field.
Order ID| Max 27crt alpha numeric| Merchant order id, unique in the merchant domain.
Custom Field| Max 255crt alpha numeric| Additional order description.
Amount Type| Combo box| It can be:
– Order amount
– Authorized amount
– Captured amount
Amount– minimum| Numeric| Minimum value in the range within which to search for the order. This field is related to the amount type specified.
Amount  – maximum| Numeric| Maximum value in the range within which to search for the order. This field is related to the amount type specified.
Status| Combo box| It can be:
– To capture
– Captured

It is also possible to reset filters by clicking on the “clear filters” button, as in the image below.

Once the Search button is clicked, the system will display all orders that match the selected criteria.

The following are the details available for each order:

• Date in which the order has been created
• Order ID
• Order Amount
• Authorized Amount
• Captured Amount, shows up-to-date information on the actions that have been performed on the order
• Description, descriptive field inserted by the merchant (different from the following “custom field”)
• Custom Fields

By default, all orders are shown in chronological order, from most recent to oldest.
For each of these fields it is possible to sort them in ascending or descending order.

The list may consist of up to 20 highlights per page; if there are more, the user can load more through the button at the end of the page.

If no order matches the Search criteria entered in the Search fields, a chart without any results will be displayed. Order Summary
From the list of orders, by selecting the lens, it is possible to view the following details per order:

• Order summary
• Custom Fields
• Customer Info
• Shipping Address
• Billing Address

In the section Order Summary – Operations, there are details available for each order.

Field

|

Description

---|---
Channel| It can be:
· ECOMMERCE   –    cardholder    initiated    operation through an online channel
· BACKOFFICE – merchant initiated operation. It includes post operations and MIT
Date| Operation Time
Type| It indicates the purpose of the request:
·   Authorization1 – any authorization with explicit capture
· Capture – a captured authorization or an implicit captured payment
· Void – reversal of an authorization
· Refund – refund of a captured amount
· Cancel – the rollback of a capture
---|---
Amount| Operation amount in the payment currency
Payment Instrument| PAN
Status| Transaction output:
· AUTHORIZED – Payment authorized
· EXECUTED   –    Payment    confirmed,    verification successfully executed
· DECLINED – Declined by the Issuer during the authorization phase
· DENIED_BY_RISK – Negative outcome of the transaction risk analysis
· THREEDS_VALIDATED – 3DS authentication OK or 3DS skipped (non-secure payment)
· THREEDS_FAILED – cancellation or authentication failure during 3DS
· PENDING – Payment ongoing. Follow up notifications are expected
· CANCELED – Canceled by the cardholder
· VOIDED – Online reversal of the full authorized amount
· REFUNDED – Full or partial amount refunded
· FAILED – Payment failed due to technical reasons
Action| It can be:
· Capture
· Refund
· Void
Details| Clicking on the lens it’s possible to view the details of the operation

Through the field ‘Action’ it is possible to perform action on orders, depending on the Status (see the table below).

Operation Type

| Operation Result- Status|

Actions allowed

---|---|---
Authorization| Authorized| ·  Capture
· Void
Authorization| Executed| Refund
Authorization| Declined| No actions allowed
Authorization| Pending| No actions allowed
Authorization| Denied_by_risk| No actions allowed
Authorization| Threeds_validated| No actions allowed
Authorization| Threeds_failed| No actions allowed
Authorization| Failed| No actions allowed
Capture| Executed| Refund2
Capture| Failed| No actions allowed
Refund| Refunded| No actions allowed
Refund| Voided| No actions allowed
Refund| Failed| No actions allowed
Cancel| Canceled| No actions allowed

The operation type ‘pre-authorization’ will be shown as an ‘authorization’ but it’s correcty managed as pre-authorization.
If the status operation is ‘authorized’, clicking on ‘Action’ a set of possible actions will be shown. If the status operation is ‘declined’, no action can be performed.

Clicking on the lens ‘Details’ it’s possible to view the details of the operation:

1. Summary , the following data are displayed:
2. Terminal ID
3. Order
4. OID – Omnichannel ID
5. Channel
6. Operation Type
7. Status
8. Date
9. Payment Method
10. Payment Instrument
11. End to End ID – It is defined by the schemes to uniquely identify the Required for schemes reconciliation purposes.
12. Operation Amount
13. Security Warnings , notify to the merchant that create the orders that some field could not be compliant with schemes security.
14. Additional info , contains further information about operations (such as: Masked Pan / Authorization Code / Card Country / 3DS / Rrn / Message Reason Code / Schema TID / Status).

5.1.2.1. CAPTURE
It allows you to request the payment schemes to account for the defined amount, i.e. to arrange for the crediting of the purchase order amount to the merchant (with the simultaneous debiting, to the consumer, of the current account linked to the card used).
This action can be performed on “Authorized orders”. According to scheme rules:

• “PAY” (final amount) transaction must be captured until 7 days from authorization, after that it will be voided
• “PREAUTH” (estimated amount, for explicit captures) transaction must be captured until 30 days from authorization

Once the order is selected, click on “Capture”, the amount to be accounted for is entered – in the field “operation amount”. Please consider:

• Min Amount:1
• Max Amount: authorized Amount – captured Amount
• Default Amount: max Amount/ authorized Amount – captured Amount

In this way it is possible to capture the payment totally, indicating the full amount, or partially, indicating the amount to be accounted for. After confirmation it will no longer be available to capture the order; if the amount captured is partial to the initial amount, a second capture with the rest of the authorized amount is not possible.
5.1.2.2. REFUND OF CAPTURED AMOUNT
It is possible to make a full or partial refund of an order meaning full or partial re-credit to the consumer of the refunded amount. An executed operation can be refunded; on a refunded amount no further operation by the merchant is possible.
It is possible to make several partial refunds up to the total captured amount of the payment and until 13 months.
Once the order is selected, click on “Refund” and fill in the “transaction amount” field with the amount to be accounted for. Please consider:

• Min Amount:1
• Max Amount: captured Amount
• Default Amount: max Amount/ captured Amount

It is not possible to enter an amount greater than the residual captured amount. An error message with the correct range will be displayed in this case. 5.1.2.3. VOID OF AUTHORIZED AMOUNT
It is possible to make a request to reverse the entire amount of an authorization, in the same day (before clearing), that will free up the card holder plafond on his card.
When visualizing the order details, by clicking the action “Void” a popup let you confirm your choice. Please consider:

• Min Amount: authorized Amount
• Max Amount: authorized Amount
• Default Amount: max Amount/ authorized Amount

5.1.3 Custom Fields
This section shows the custom fields set by the merchant during the order creation.     

5.1.4. Customer info
This section contains information related to the customer of that order:

• Name
• Email
• Mobile phone
• Business phone

5.1.5. Shipping Address
This section contains the information related to shipping address of that order.

• Name
• Street
• Additional info
• City
• Postal code
• Province
• Country

5.1.6. Billing Address
This section contains the information related to billing address of that order.

• Name
• Street
• Additional info
• City
• Postal code
• Province
• Country

5.2 Settings
5.2.1 Terminals configuration
The user can see the list of terminals associated to the merchant created in onboarding phase.

The following are the details available for each terminal:

Field

|

Description

---|---
Terminal ID| Unique Terminal identifier that made the authorization request
Payment notifications| It can be:
– DISABLED
– ENABLED
The payment notification can be set at terminal level and sent to a Merchant user email, indicated if enabled, in the next field.
Email| Merchant email on which receive notifications. Only one email can be set.
Customer payment notifications| It can be:
– DISABLED
–  ENABLED
Select whether you want to have the customer receive an email notification in case of payment confirmation.
Confirmation type| Configure the terminal’s default accounting mode:
– Automatic: implicit confirmation of operations
–  Manual: explicit confirmation of operations
– Deferred: automatic confirmation of transactions after the indicated number of days, maximum 4

When an Admin User accesses the terminal configuration page, he sees the updated situation of that terminal regardless of who edited it.
The Admin User is created at merchant level and has visibility over all terminals belonging to that merchant.
These settings can be changed by clicking on ‘EDIT’.
The following page will be displayed:   

Once the configurations have been modified, click on ‘SAVE’ to save the changes. A confirmation page is displayed.

5.2.2. Users
The Admin profile can see the list of users configured to access the Back Office. Each user is displayed with:

• User ID – unique identifier of the user
• Name
• Role – Admin, Operator or Reported
• State – Activated or Deactivated

On an activated user, the Admin can block or Edit the selected one.

On a deactivated user, the Admin can unblock or edit it.

If the Admin clicks on block /unblock, the following confirmation page is displayed.

If the Admin clicks on edit, it can change the name and the role of the selected user and Save. The Admin can also create a new User by clicking on the appropriate button and entering the following data: Name, Role – Admin, Operator or Reported, and username (e-mail).
It is not possible to create two users with the same e-mail.

5.2.3. API Keys
The Admin profile can see the list of API keys and create a new API key.
An API key is the authentication mechanism that allow the merchant to integrate XPay APIs for the different integration options.
The page shows the list that may consist of up to 30 highlights per page. From the list of the API Keys, it is possible to view the following details:

• ID
• Terminal ID
• Expiring Date – suggested date by XPay on which execute the renew of the API Keys on system

On a single record it is possible to:

• See the API key, by clicking “Show” – It remains visible for a limited time
• Once shown, copy the API Key, by clicking “Copy”
• Delete the API Key, by clicking on the basket icon

At the top right there is a ‘CREATE’ button for the creation of a new API Key. To create a new API Key, you have to choose a terminal ID and then click on ‘Confirm’.

Once confirmed, a confirmation page is displayed. 5.3 Services
In addition to complying with the profiling rules to operate the specific functionalities, terminals must be enabled below for the functionalities described. For example, the Pay By Link Plus section will only be visible if there is at least one terminal of that merchant enabled for this service.
5.3.1 Pay by Link Plus
This solution allows to create payment links, which merchant can send via email or via the most famous messaging systems to customers.
The payment link can be generated both from the gateway Back Office, through the appropriate panel, and through a dedicated API, in case there is the need to integrate this service into a management system.
If there is only one Pay by Link-enabled terminal available, the page shows “Create a payment request” with two already filled fields, Terminal ID and Order ID.
If there is more than one Pay by Link-enabled terminal available, you will need to select the terminal for which you want to proceed via drop-down list.
The field Order ID is set by default by the system but can be modified by the merchant. This way allows to make a single payment by filling in the request fields with:

Field

|

Description

---|---
Amount| Transaction amount.
It cannot be modified by the customer receiving the link.
Expiring date| Latest date after which the link is no longer available. Defines the duration of the payment link within which the customer can make the payment. After this date, a new link must be created. (Max 90 days)
Name| Customer Name. Optional
E-mail| Customer E-mail. Optional
Description| Order description. This text will appear on the customer’s checkout page.
Optional

The  merchant  has  the  option  to  enter  additional  information,  divided into  3  sections:

Other info (optional), with the following fields:

• Customer ID – This code can help to identify the customer in other sections of the Back Office, uniquely
• Language – If you leave the field empty, the page automatically adapts to the language of the user’s browser, otherwise the defined language will be Supported languages are: ITA, ENG, SPA, FRE, JPN, POR, DEU, ARA, RUS,ZHO.
• The language selected enables the customer to view the payment page in the specified language. In any case, the customer has the option of changing the language on the payment page and choosing the desired Custom field – This text will not be displayed on the customer’s payment page but will be visible in the order details within the Back Office
• Country Code
• Mobile number
• Home number
• Office number

Shipping address (optional), with the following fields:

• Name
• Street
• City
• Postal Code
• Province
• Country
• Additional Information

Billing address (optional), with the following fields:

• Name
• Street
• City
• Postal Code
• Province
• County
• Additional information

It’s possible to set same fields of shipping data.

By clicking on “Confirm”, the link is generated and ready to be copied or to be sent by e-mail or other sharing channels to the customer. The choices available are: Copy, e-mail, Whatsapp, Telegram.

Below is an example of a hosted payment page (HPP) that is shown to the customer: Once the customer has entered all the required data, a summary page is shown where he/she can confirm the payment: 5.3.2. O.T.O.
The merchant has the option of handling phone and/or mail orders with XPay (M.O.T.O. – Mail Order, Telephone Order).
For this solution, the Back Office framework is the same as before, except for the following difference: this type of sale requires the merchant to make the payment with credit card information received from the buyer.
After selecting “M.O.T.O.” menu, the following page appears, where the merchant must enter:

• Amount (euro)
• Credit card information:
  • PAN
  • expiring date
  • security /CVV
  • name of cardholder (optional)
• Cardholder’s e-mail address (optional).
• Description (optional)

The merchant can click on “Confirm” or enter additional information. Other info (optional), with the following fields:

• Costumer ID
• Custom field
• Country code
• Mobile number
• Home number
• Office number

Shipping address (optional), with the following fields:

• Name
• Street
• City
• Postal Code
• Province
• Country
• Additional Information

Billing address (optional), with the following fields:

• Name
• Street
• City
• Postal Code
• Province
• County
• Additional information

It’s possible to set same fields of shipping data.

By clicking on “Confirm”, the MOTO transaction is sent to Authorization. 5.4. Profile
It’s possible to click on the button to display information on the logged-in user.A page with name, e-mail and masked password is shown and from this section you can change your password.It’s necessary to follow the process described, enter your current password, new password and re- enter it again.

References

• XPay CEE Start Page | XPay CEE | Nexi group developer portal
• Error during processing.
• Dashboard XPay

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Download this manual  >>