Merge pull request #2504 from SwedbankPay/release/5.3.5

Release 5.3.5 (master)

Gemfile

@@ -14,7 +14,7 @@ group :jekyll_plugins do
   gem 'kramdown', '>= 2.3'
   gem 'kramdown-plantuml', '>= 1.3'
   gem 'rouge', '>= 4.0.1'
-  gem 'swedbank-pay-design-guide-jekyll-theme', '2.3.2'
+  gem 'swedbank-pay-design-guide-jekyll-theme', '2.3.4.1'
 end
 
 group :test do

Gemfile.lock

@@ -85,7 +85,7 @@ GEM
       gemoji (>= 3, < 5)
       html-pipeline (~> 2.2)
       jekyll (>= 3.0, < 5.0)
-    json (2.9.1)
+    json (2.10.1)
     kramdown (2.5.1)
       rexml (>= 3.3.9)
     kramdown-parser-gfm (1.1.0)
@@ -96,6 +96,7 @@ GEM
       kramdown-parser-gfm (~> 1.1)
       open3 (~> 0.1)
     language_server-protocol (3.17.0.4)
+    lint_roller (1.1.0)
     liquid (4.0.4)
     listen (3.9.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
@@ -110,7 +111,7 @@ GEM
       racc (~> 1.4)
     open3 (0.1.2)
     parallel (1.26.3)
-    parser (3.3.7.0)
+    parser (3.3.7.1)
       ast (~> 2.4.1)
       racc
     pathutil (0.16.2)
@@ -138,9 +139,10 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.0)
-    rubocop (1.71.2)
+    rubocop (1.72.2)
       json (~> 2.3)
-      language_server-protocol (>= 3.17.0)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
       parallel (~> 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
@@ -150,8 +152,9 @@ GEM
       unicode-display_width (>= 2.4.0, < 4.0)
     rubocop-ast (1.38.0)
       parser (>= 3.3.1.0)
-    rubocop-rake (0.6.0)
-      rubocop (~> 1.0)
+    rubocop-rake (0.7.1)
+      lint_roller (~> 1.1)
+      rubocop (>= 1.72.1)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     safe_yaml (1.0.5)
@@ -166,7 +169,7 @@ GEM
     sass-listen (4.0.0)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
-    swedbank-pay-design-guide-jekyll-theme (2.3.2)
+    swedbank-pay-design-guide-jekyll-theme (2.3.4.1)
       awesome_print
       faraday (>= 1.0.1, < 3)
       jekyll (>= 3.7, < 5.0)
@@ -209,7 +212,7 @@ DEPENDENCIES
   rspec (>= 3)
   rubocop (>= 1)
   rubocop-rake (>= 0.6)
-  swedbank-pay-design-guide-jekyll-theme (= 2.3.2)
+  swedbank-pay-design-guide-jekyll-theme (= 2.3.4.1)
 
 RUBY VERSION
    ruby 2.7.2p137

_includes/callback.md

@@ -69,11 +69,110 @@ the `paymentOrderId`.
 The callbacks are currently sent from either `51.107.183.58` or `91.132.170.1`
 in both the test and production environment.
 
-Starting from March 12th 2025, callbacks will be sent from one of the IP
-addresses in this interval, and we strongly advise you to whitelist them as soon
-as possible:
+{% include alert.html type="warning" icon="warning" body="Starting from March
+12th 2025, callbacks will be sent from one of the IP addresses in this interval,
+and we strongly advise you to whitelist them as soon as possible:
 
-`20.91.170.120–127` (`20.91.170.120/29`)
+`20.91.170.120–127` (`20.91.170.120/29`)." %}
+
+#### FAQ – Change of IP Addresses for Callbacks
+
+{% capture acc-1 %}
+{: .p .pl-3 .pr-3  }
+We will be updating the IP addresses from which callbacks for eCommerce payments
+are sent. This change will affect the external integration for both test and
+production environments.
+
+{: .p .pl-3 .pr-3  }
+The current IP addresses are `91.132.170.1` and `51.107.183.58`. The new IP range
+will be `20.91.170.120 – 127`, with the prefix (`20.91.170.120/29`).
+{% endcapture %}
+{% include accordion-table.html content=acc-1 header_expand_text='What is changing?' header_collapse_text='What is changing?' header_expand_css='font-weight-normal' %}
+{% capture acc-2 %}
+
+*   Update your firewall rules to allow incoming traffic from the new IP
+  addresses.
+
+*   Ensure these changes are made by March 12th, 2025, to avoid potential
+disruptions in the callback functionality.
+{% endcapture %}
+{% include accordion-table.html content=acc-2 header_expand_text='What do you need to do?' header_collapse_text='What do you need to do?' header_expand_css='font-weight-normal' %}
+{% capture acc-3 %}
+*   Date: March 12, 2025
+
+*   Time: 12:00 CET – 13:00 CET
+
+*   Grace period: See further details below.
+{% endcapture %}
+{% include accordion-table.html content=acc-3 header_expand_text='When will the change take place?' header_collapse_text='When will the change take place?' header_expand_css='font-weight-normal' %}
+{% capture acc-4 %}
+{: .p .pl-3 .pr-3  }
+We need to update and deploy new outbound IP addresses from our Azure Cloud
+environment. To ensure uninterrupted communication between our system and your
+systems, all merchants and partners must update their firewalls with the new IP
+range and prefix.
+
+{: .p .pl-3 .pr-3  }
+This applies to all merchants, regardless of integration method. No technical
+code changes are required, but firewall adjustments must be made in your
+infrastructure, typically handled by your IT or infrastructure providers.
+{% endcapture %}
+{% include accordion-table.html content=acc-4 header_expand_text='Why are we making this change?' header_collapse_text='Why are we making this change?' header_expand_css='font-weight-normal' %}
+{% capture acc-5 %}
+{: .p .pl-3 .pr-3  }
+By migrating callbacks to the Azure Cloud, we are enhancing our ability to scale
+and manage traffic dynamically.
+
+{: .p .pl-3 .pr-3  }
+This means:
+
+*   Improved operational stability – We can handle more concurrent callback
+requests without performance degradation.
+
+*   Faster recovery from technical issues or incidents – We can automatically
+redirect traffic in case of disruptions.
+
+*   Better monitoring and proactive issue resolution – We now have more tools to
+detect and address issues in real-time.
+{% endcapture %}
+{% include accordion-table.html content=acc-5 header_expand_text='How will this change affect the stability of callbacks?' header_collapse_text='How will this change affect the stability of callbacks?' header_expand_css='font-weight-normal' %}
+{% capture acc-6 %}
+{: .p .pl-3 .pr-3  }
+We understand that some merchants may not complete the update before March 12.
+Therefore, we will continue to run callbacks from the current solution during a
+grace period.
+
+{: .p .pl-3 .pr-3  }
+However, it is important to migrate as soon as possible, as we will gradually
+phase out the old solution to reduce system maintenance and complexity.
+
+{: .p .pl-3 .pr-3  }
+We will:
+
+*   Closely monitor traffic to ensure stable callbacks from the Azure Cloud.
+
+*   Actively monitor merchants and partners to ensure a smooth transition.
+{% endcapture %}
+{% include accordion-table.html content=acc-6 header_expand_text='What happens if we don’t make the change in time?' header_collapse_text='What happens if we don’t make the change in time?' header_expand_css='font-weight-normal' %}
+{% capture acc-7 %}
+{: .p .pl-3 .pr-3  }
+We recommend that merchants allow both the old and new IP addresses during the
+transition period. This ensures stable callback functionality, even if network
+issues arise during the migration.
+{% endcapture %}
+{% include accordion-table.html content=acc-7 header_expand_text='Recommendations during the grace period' header_collapse_text='Recommendations during the grace period' header_expand_css='font-weight-normal' %}
+{% capture acc-8 %}
+{: .p .pl-3 .pr-3  }
+Merchants must implement IP blocking (IP allowlisting). FQDN (domain name
+blocking) is not supported in this case, as we use fixed IP addresses.
+{% endcapture %}
+{% include accordion-table.html content=acc-8 header_expand_text='Do we need to implement IP blocking or FQDN blocking in our firewall?' header_collapse_text='Do we need to implement IP blocking or FQDN blocking in our firewall?' header_expand_css='font-weight-normal' %}
+{% capture acc-9 %}
+{: .p .pl-3 .pr-3  }
+If you have any questions or need support during implementation, please contact
+your TOM/TAM or our support team.
+{% endcapture %}
+{% include accordion-table.html content=acc-9 header_expand_text='Who can we contact for assistance?' header_collapse_text='Who can we contact for assistance?' header_expand_css='font-weight-normal' %}
 
 ## Callback Example
 

_includes/instrument-mode.md

@@ -109,12 +109,25 @@ Content-Type: application/json;version=3.x/2.0      // Version optional for 3.0
             "productCategory": "A123",
             "orderReference": "or-123456",
             "subsite": "MySubsite", {% if documentation_section contains "checkout-v3" %}
-            "siteId": "MySiteId", {% endif %}
+            "siteId": "MySiteId" {% endif %}
         },
         "payer": {
-            "requireConsumerInfo": true,
             "digitalProducts": false,
-            "shippingAddressRestrictedToCountryCodes": [ "NO", "US" ]
+            "firstName": "Leia",
+            "lastName": "Ahlström",
+            "email": "[email protected]",
+            "msisdn": "+46787654321",
+            "payerReference": "AB1234",
+            "shippingAddress": {
+                "firstName": "firstname/companyname",
+                "lastName": "lastname",
+                "email": "[email protected]",
+                "msisdn": "+46759123456",
+                "streetAddress": "string",
+                "coAddress": "string",
+                "city": "Solna",
+                "zipCode": "17674",
+                "countryCode": "SE"
         },
         "orderItems": [
             {

_includes/one-click-payments.md

@@ -395,7 +395,9 @@ deletes a specific token.
   and supply them with the relevant transaction reference or payment token." %}
 
 If you want to delete tokens by `payerReference`, the request and response
-should look like this:
+should look like the below. You should retrieve the tokens by performing a `GET`
+towards the payerReference below before doing the `PATCH`, to make sure you have
+the correct token input.
 
 ## Delete Payment Token Request
 
@@ -427,18 +429,27 @@ Content-Type: application/json; charset=utf-8; version=3.x/2.0
 api-supported-versions: 3.x/2.0{% endcapture %}
 
 {% capture response_content %}{
-  "payerOwnedTokens": {
-        "id": "/psp/paymentorders/payerownedtokens/{payerReference}",
-        "payerReference": "{payerReference}",
+    "payerOwnedTokens": {
+        "id": "/psp/paymentorders/payerownedtokens/123456",
+        "payerReference": "123456",
         "tokens": [
             {
                 "tokenType": "Payment",
-                "token": "{paymentToken}",
+                "token": "7fc5e705-d2c4-4c8b-8ff7-d40c355d6916",
                 "instrument": "CreditCard",
-                "instrumentDisplayName": "492500******0004",
-                "correlationId": "e2f06785-805d-4605-bf40-426a725d313d",
+                "instrumentDisplayName": "522661******3406",
                 "instrumentParameters": {
-                    "expiryDate": "12/2020",
+                    "expiryDate": "12/2033",
+                    "cardBrand": "MasterCard"
+                }
+            },
+            {
+                "tokenType": "Payment",
+                "token": "ddd3ddf7-58ab-43f2-8d72-3a1899f33252",
+                "instrument": "CreditCard",
+                "instrumentDisplayName": "476173******0416",
+                "instrumentParameters": {
+                    "expiryDate": "12/2033",
                     "cardBrand": "Visa"
                 }
             }

checkout-v3/release-notes.md

@@ -8,6 +8,20 @@ menu_order: 7
 release_notes: true
 ---
 
+## 19 February 2025
+
+### Version 5.3.5
+
+A short and sweet one this time, with two important additions.
+
+To help make the upcoming switch of IP addresses for callbacks as easy as
+possible, we have gathered your most likely questions in a
+[FAQ section][callback-faq]. Stop by to see if possible uncertainties have been
+addressed!
+
+[Pay SoftPos][softpos] is going live this week, and that calls for a proper
+introduction. Head over to the brand new section to read about it!
+
 ## 6 February 2025
 
 ### Version 5.3.4
@@ -1309,3 +1323,5 @@ more convenient for both the integration and the payer.
 [wcag]: https://www.swedbankpay.com/information/wcag
 [callback-ip]: /checkout-v3/features/payment-operations/callback/#callback-ip-addresses
 [availability]: /checkout-v3/#availability
+[callback-faq]: /checkout-v3/features/payment-operations/callback/#faq--change-of-ip-addresses-for-callbacks
+[softpos]: /pax-terminal/softpos/

pax-terminal/Nexo-Retailer/index.md

@@ -4,6 +4,7 @@ permalink: /:path/
 title: Swedbank Pay nexo Retailer v3.1
 description: |
     Use the nexo Retailer integration if you are unable to use .NET or Java SDK. This interface requires a greater effort for both users and Swedbank Pay.
+menu_order: 2000
 ---
 The interface is based on nexo Retailer version 3.1 and uses XML message formats over HTTP/TCP.
 For reference it may be a good idea to download the nexo specifications from `www.nexo-standards.org`, but the essentials will be described here.

pax-terminal/softpos.md

@@ -0,0 +1,76 @@
+---
+title: Pay SoftPos
+permalink: /:path/softpos/
+description: |
+ An introduction to Pay SoftPos
+menu_order: 2500
+---
+
+Pay SoftPos allows a merchant to turn a commercial off-the-shelf mobile phone
+into a contactless payment terminal without requiring additional dedicated
+hardware. For merchants this offers mobile payment terminals at a different
+price point than existing mobile hardware terminals for EMV transactions.
+
+It also allows merchants to utilize other mobile devices they already have and
+use, decreasing the number of devices to carry around and offering a standalone
+or more integrated experience.
+
+## The User Experience
+
+The merchant installs the Pay SoftPos app on a mobile phone and presents the
+device and application to the payer. The payer taps the payment device and
+details of the EMV transaction are exchanged between the payment device and the
+Pay SoftPos app through the phone's built-in NFC reader.
+
+If a PIN is needed the application presents a PIN pad to the payer, who enters
+the PIN and confirms. Shortly after the outcome of the processing is presented.
+
+## Transactional Flow
+
+The details from the transaction are sent to the backend, which in turn
+processes the information and relays it to a payment processor or acquirer,
+which eventually communicates with the payer's card issuer.
+
+Besides processing payments, the backend also manages the terminals and
+continuously attempts to attest that the Pay SoftPos application, or the
+platform it runs on, is eligible and not compromised.
+
+## Stand-Alone Or Integrated
+
+The mobile application can run as a standalone application where the merchant
+enters an amount and completes a payment. It can also be integrated through APIs
+with another Android Point of Sales (POS) application on the same device or a
+POS system, that runs on a different platform and/or device, such as a Windows
+powered computer. The primary use case is typically to activate the app with a
+pre-entered amount.
+
+This will require the AppSwitch SDK, which needs to be embedded in the Point of
+Sales (POS) app.
+
+The features available are shown in the table below, and you can access the full
+set of APIs by [contacting a sales representative][contact].
+
+For both standalone and integrated scenarios, it is only the Pay SoftPos app
+that is within the PCI-DSS certification scope. This makes it simpler for
+customers to complete the integration.
+
+The Pay SoftPos app is delivered via Google Play Store. Mobile device management
+systems can orchestrate the installation on individual devices.
+
+{:.table .table-striped}
+| Feature                  | Stand-Alone  | AppSwitch            |
+| :----------------------- | :----------- | :------------------- |
+| Payment                  | Yes          | Yes                  |
+| Payment loyalty / change amount  | No   | Yes                  |
+| Refund                   | Yes, in app  | Yes                  |
+| Cancellation             | Yes, in app  | Yes                  |
+| Store card details for e-commerce | No  | Yes                  |
+| Configuration            | No           | Yes                  |
+| Get transaction list     | Yes, in app  | Yes                  |
+| Get store list           | No           | Yes                  |
+| End of Day report        | Yes, in app  | Yes (data)           |
+| On device switching      | 1-way        | 2-way                |
+| Off device switching, external POS | No          | No          |
+| Integration method     | URL link to app | Embedded library in Android POS |
+
+[contact]: mailto:[email protected]