MerchantPaymentGateway Configuration — MPGS

Generated page — source of truth is schema/mpgs.yaml and templates/mpgs-uat.j2. Do not edit this file directly.


What is a MerchantPaymentGateway?

When you configure a merchant in MGMT, you are not configuring one payment gateway connection. You are configuring an array of gateway connections, one per payment method and processing role. Each entry in this array is a merchantPaymentGateway (MPG) record.

This distinction matters because different payment types route differently:

If you configure only one MPG entry, only one payment type works. A correctly provisioned MPGS merchant has five MPG entries. Provisioning fewer is not a partial configuration — it is a broken one.


MPGS MPG Array — Overview

The MPGS provisioning template (templates/mpgs-uat.j2) defines exactly five MPG entries. Each is identified by its paymentMethod (PM slot) and defaultFlag.

Entry PM Role defaultFlag Purpose
1 0 Bank Card 1 Synchronous card-present processing
2 1 Token (sync) 1 Token MOTO — synchronous entry point
3 1 Token (async) 0 Token MOTO — asynchronous entry point
4 4 Ecom Widget 1 Hosted payment page (HPP) — no host credentials
5 4 Ecom Processing 0 Back-end ecommerce transaction processing

The defaultFlag tells the system which entry to use when a terminal does not specify a channel. defaultFlag: 1 is the primary entry; defaultFlag: 0 is the secondary entry activated by async terminal configuration.


Entry 1 — PM0 Bank Card (Card Present)

Card-present transactions route through the MPGS sync channel. This entry uses host credentials directly — the gateway authenticates against MPGS using the API key and password configured here.

Why this entry exists: Card-present payments are synchronous by nature. The terminal holds the card until the response arrives. This MPG entry tells MGMT which MPGS host to call, which channel to route through, and what credentials to use.

Field MGMT Field Required Sample (UAT) Notes
gatewayId gatewayId Required Tp2 Fixed value — identifies MPGS integration adapter
channelId channelId Required 20189 MGMT channel for sync card-present routing
host_url extData1 Required https://ap-gateway.mastercard.com MPGS host endpoint
host_key extData2 Required <secret> MPGS API key — supply via secrets manager
host_password extData3 Required <secret> MPGS API password — supply via secrets manager
processMode processMode Required 3 Fixed value
defaultFlag defaultFlag Required 1 Primary entry

Secret fields: host_key and host_password must never be committed to source control. Supply via your secrets manager at provisioning time.


Entries 2 and 3 — PM1 Token (Sync + Async)

Token MOTO requires two MPG entries for PM1, not one. This is the most commonly misunderstood aspect of MPGS provisioning.

Why two entries?

MGMT routes a token transaction based on the asyncFlag set on the terminal config. When asyncFlag=0, MGMT selects the MPG entry with defaultFlag=1 (sync). When asyncFlag=1, MGMT selects the MPG entry with defaultFlag=0 (async).

A terminal configured for async processing (asyncFlag=1 in terminalConfig) needs the async MPG entry to exist. If it does not exist, that terminal cannot process token transactions. The two entries use different channels — the sync channel for immediate responses and the async channel for deferred processing.

Both entries use the same host credentials. The difference is the channelId and defaultFlag.

Entry 2 — Token Sync (defaultFlag=1)

Field MGMT Field Required Sample (UAT) Notes
gatewayId gatewayId Required Tp2
channelId channelId Required 20189 Sync channel — same as PM0
host_url extData1 Required https://ap-gateway.mastercard.com
host_key extData2 Required <secret>
host_password extData3 Required <secret>
defaultFlag defaultFlag Required 1 Primary (sync) entry

Entry 3 — Token Async (defaultFlag=0)

Field MGMT Field Required Sample (UAT) Notes
gatewayId gatewayId Required Tp2
channelId channelId Required 20188 Async channel — different from sync
host_url extData1 Required https://ap-gateway.mastercard.com
host_key extData2 Required <secret>
host_password extData3 Required <secret>
defaultFlag defaultFlag Required 0 Secondary (async) entry

Relationship to Terminal Config: The asyncFlag on each terminalConfig row determines which MPG entry is used for that terminal. See Terminal Configuration for how asyncFlag maps to these entries.


Entry 4 — PM4 Ecom Widget (Hosted Payment Page)

The ecom widget entry handles the payment form — the hosted page that the customer sees when entering card details. This entry routes the browser session to the MPGS hosted payment page.

Why no host credentials here? The hosted payment page is served directly by MPGS. Astral does not handle card data at this layer. The channelId tells MGMT which MPGS instance to route the browser to, but credentials are not required — MPGS authenticates the session independently using the merchant account embedded in the HPP configuration.

This is different from ecom processing (Entry 5), which authenticates with host credentials to submit the transaction after the customer completes the payment form.

Field MGMT Field Required Sample (UAT) Notes
gatewayId gatewayId Required Tp2
channelId channelId Required 20336 Ecom widget channel — different from processing channels
tpduName tpduName Required All Routing identifier for HPP traffic
defaultFlag defaultFlag Required 1 Primary ecom entry

No extData credentials on this entry — this is correct and expected. The absence of host_url, host_key, and host_password is intentional, not an omission.


Entry 5 — PM4 Ecom Processing (Transaction Back-End)

The ecom processing entry handles the transaction submission after the customer completes the hosted payment page. This entry calls MPGS directly with host credentials to authorise, capture, or refund the transaction.

This entry also carries the card BIN range routing table (extData10). This tells MPGS how to classify card networks by BIN prefix — which ranges are Visa, Mastercard, Amex, Discover, Diners, JCB. Transactions outside the configured ranges may fail routing.

Field MGMT Field Required Sample (UAT) Notes
gatewayId gatewayId Required Tp2
channelId channelId Required 20188 Async channel — same as Token async
tpduName tpduName Required CreditCard Routes credit card transactions
tpduValue tpduValue Required CC
host_url extData1 Required https://ap-gateway.mastercard.com MPGS host
host_key extData2 Required <secret> MPGS API key
host_password extData3 Required <secret> MPGS API password
cardholder_name extData9 Conditional mandatory Cardholder name capture rule
card_range_routing extData10 Conditional (see below) BIN range routing table
defaultFlag defaultFlag Required 0 Secondary ecom entry (async)

Card BIN Range Routing (extData10)

The default BIN range table from schema/mpgs.yaml:

40-45,visa|2221-2720,mastercard|51-55,mastercard|34-34,amex|37-37,amex|
60-649,discover|30-39,diners|3528-3589,jcb

Format: {start_bin}-{end_bin},{scheme} entries separated by |. Transactions are matched against this table to determine the card network. This value should be confirmed with the MPGS integration owner before use in production.


Common Gateway Field

One field applies identically to all five MPG entries.

Field MGMT Field Value Notes
gatewayId gatewayId Tp2 Identifies the MPGS integration adapter in MGMT. Fixed value — do not change.

Channel ID Summary (UAT)

The three channel IDs used across the five MPG entries:

Channel UAT ID Used By
Sync channel 20189 PM0 Bank Card, PM1 Token Sync
Async channel 20188 PM1 Token Async, PM4 Ecom Processing
Ecom widget channel 20336 PM4 Ecom Widget

UNCONFIRMED — UAT only. These channel IDs are extracted from values/mpgs-uat.yaml. SIT and PROD channel IDs are not available in this repository. See Open Item OI-003.


Provisioning Checklist

Before submitting the MPG configuration, verify:


Open Items

# Item Impact
OI-003 Channel IDs are UAT only — SIT and PROD not in repository Cannot document SIT/PROD channel values
OI-016 extData7: 1m on merchant object — retention period format and allowed values unconfirmed MGMT field meaning unclear

See Also