There are many ways you can implement the integration. Here is a set of good and proved practises from experience to ensure smooth, optimal and high quality integration.
Always set the payment type. Depending on whether you plan to do one-off payments or set up a recurring payment system, it is a good idea to set payment_type parameter accordingly in
Set up retial logic for your recurring payments. If you set up recurring payment system with our API it is a good idea to set up a retrial logic in case a charge should fail. Contact your Account Manager for more guidance on how it should be done.
If user has entered incorrect PIN, ask it again. Often of times end user will enter the PIN code incorrectly. Evaluate the input and if PIN code is invalid, just direct user to try again.
Set a waiting delay for the callbacks. Usually we send a callback after the payment in milliseconds but it may happen rarely that the waiting time may be longer. Please set the waiting time of the callbacks for up to 10 seconds before you decide or timeout the request.
Separate test payments from live ones. In order to keep test payments and live payments nice and clear you should keep in mind to keep them apart. This can be done by either making different Fortumo accounts(one for test and one for production) or setting up different callback URL-s so your backend can process sandbox and live callbacks accordingly.
Set up reporting on your side. It is a good idea to set up a reporting system on your end to get a good overview of the traffic. This can be done by using our Reporting API and/or saving the callback data in your DB. Proper reporting helps you to monitor traffic and discover potential fraud.
Explicit information in payment interface. Since the payment frontend is implemented on your side, make sure that price and the service you provide is very explicit in order to respect the regulations. This is important to get your service approved by the operator.
Service name should be alphanumeric and short. The item_description parameter name should be alphanumeric, short and stated clearly.
Make sure you whitelist only our IP-s for your callback URL-s and that they are publicly accessable. Keep in mind that callback URL must be HTTPS and it is recommended that the domain name would not hold any sensitive information.