Tokenized Embedded Payments
Introduction
Explore an extra layer of functionality with our optional feature designed to securely store your customers' cards. With this feature, you receive a unique token for each card, providing an added layer of convenience for your users. For each customer, MyFatoorah effortlessly retrieves the masked card number along with the corresponding token for all saved cards. Now, you can seamlessly showcase saved cards separate from MyFatoorah's Embedded Payment. Enhance the user experience by displaying masked card numbers while ensuring secure payment transactions through the associated card tokens.
Availability
In order to enable this feature, you need to contact your account manager.
Tokenized Embedded Payments
You do not need to be PCI DSS certified to use this feature.
How it works:
How to save the token?
You need to call InitiateSession Endpoint to get the SessionId and CountryCode to be used in your configuration to display the Card View. You need to do this for each payment separately. SessionId is valid for only one payment.
In the request to InitiateSession to save the token for the card that the customer will enter, you need to pass the value of SaveToken to be true and a unique CustomerIdentifier for each of the customers. If you send the value of SaveToken as false or don't send it all, it will work as in the normal flow of the embedded payment without tokenizing the card.
The endpoint on Swagger is InitiateSession
{
"CustomerIdentifier": "Tokenized",
"SaveToken": true
}
{
"IsSuccess": true,
"Message": "Initiated Successfully!",
"ValidationErrors": null,
"Data": {
"SessionId": "eb4b5a89-41e7-475d-9d52-101952440cf7",
"CountryCode": "KWT",
"CustomerTokens": []
}
}
CustomerIdentifier
It is mandatory to specify a CustomerIdentifier when the value of SaveToken is true. Each customer should have a unique CustomerIdentifier.
The next steps for the first payments will be the same as in Card Embedded Payments
How to make payments using the token?
1- Call InitiateSession using the same CustomerIdentifier
Initiate a session by calling the InitiateSession API with the same CustomerIdentifier. The response will include a unique SessionId and tokenized cards associated with that CustomerIdentifier. Each card's details, such as the Masked Card, Token, and Card Brand, will be provided.
{
"CustomerIdentifier": "Tokenized",
"SaveToken": true
}
{
"IsSuccess": true,
"Message": "Initiated Successfully!",
"ValidationErrors": null,
"Data": {
"SessionId": "56d62a79-f631-443c-ab5d-838180ca867e",
"CountryCode": "KWT",
"CustomerTokens": [
{
"Token": "Token0505121807676252",
"CardNumber": "450875xxxxxx1019",
"CardBrand": "Visa",
"Is3DSVerified": true
},
{
"Token": "Token0505121807676151",
"CardNumber": "545454xxxxxx5454",
"CardBrand": "Master",
"Is3DSVerified": true
}
]
}
}
2- Display the Card View and the Tokenized Cards
Utilize the masked card numbers from the response to present the saved cards to your customers. Enable them to choose from the list of saved cards. Once a customer selects a card, prompt them to enter the CVV for the chosen card.
3- Collect Customer's CVV Using MyFatoorah Component
This step involves utilizing the MyFatoorah JavaScript component to securely collect the customer's CVV. By leveraging this component, the CVV is managed directly by MyFatoorah, ensuring secure handling and eliminating the need for you application to be PCI DSS certified for this process.
Steps:
1- Include the Javascript library:
Choose the test or the live library according to your working environment. Please note that this is the same JavaScript for the embedded payment.
// Test Environment
<script src="https://demo.myfatoorah.com/payment/v1/session.js"></script>
// Live Environment For Kuwait, UAE, Bahrain, Jordan, and Oman.
<script src="https://portal.myfatoorah.com/payment/v1/session.js"></script>
// Live Environment For Saudi Arabia
<script src="https://sa.myfatoorah.com/payment/v1/session.js"></script>
// Live Environment For Qatar
<script src="https://qa.myfatoorah.com/payment/v1/session.js"></script>
// Live Environment For Egypt
<script src="https://eg.myfatoorah.com/payment/v1/session.js"></script>
2- Define a div element
You need to define a div element with a unique id attribute. The CVV component will be displayed inside this div after passing the div id to the configuration variable.
<div id="cvv-component"></div>
3- Configure the CVV Component
Create a configuration variable for the CVV component and include in it the countryCode, currencyCode, sessionId, containerId and callback
var configCvvView = {
countryCode: countryCode,
currencyCode: currencyCode,
sessionId: sessionId,
containerId: "cvv-component",
callback: proceedCvv, //MyFatoorah triggers this function after the CVV is submitted to MyFatoorah
}
myfatoorah.initCvv(configCvvView);
function proceedCvv(response) {
if (response.isSuccess) {
//Pass the SessionId to your backend to call ExecutePayment
console.log("proceedCvv response >>\n" + JSON.stringify(response));
} else {
console.error("proceedCvv Error >> " + JSON.stringify(response));
}
}
This will cause make the CVV component load so that the customer can enter their CVV in the view.
Common Parameters
If you initialized the Embedded Payment before initializing the CVV component, you don't need to send the common parameters again to the CVV configuration variable and vice versa.
For example:
var config = { sessionId: sessionId, countryCode: countryCode, currencyCode: currencyCode, amount: amount, callback: payment, containerId: "unified-session", paymentOptions: ["GooglePay", "ApplePay", "STCPay", "Card"], supportedNetworks: ["visa", "masterCard", "mada", "amex"], language: "en" }; var configCvvView = { containerId: "cvv-component", callback: proceedCvv, } /* The values of sessionId, countryCode, currencyCode and language will be taken from config because myfatoorah.init(config) was called before myfatoorah.initCvv(configCvvView) */ myfatoorah.init(config); myfatoorah.initCvv(configCvvView);
var config = { amount: amount, callback: payment, containerId: "unified-session", paymentOptions: ["GooglePay", "ApplePay", "STCPay", "Card"], supportedNetworks: ["visa", "masterCard", "mada", "amex"], }; var configCvvView = { sessionId: sessionId, countryCode: countryCode, currencyCode: currencyCode, containerId: "cvv-component", callback: proceedCvv, language: "en" } /* The values of sessionId, countryCode, currencyCode and language will be taken from configCvvView because myfatoorah.initCvv(configCvvView) was called before myfatoorah.init(config) */ myfatoorah.initCvv(configCvvView); myfatoorah.init(config);
4- Handle the submit button
After that, you need to handle your submit button to call myfatoorah.submitCvv() using the token of the card that the customer chose to pay with.
<button onclick="submitCvv()">Submit CVV</button>
<script>
function submitCvv() {
myfatoorah.submitCvv("Token0505121807676252")
//Pass the token of the card the customer chose to pay with.
}
</script>
After you get the SessionId from the submit() function, send it to your backend to proceed with the next step.
CVV Component Customization
For more customizations of the CVV component, please check the sample code.
4- Call ExecutePayment using the SessionId
Upon getting the SessionId from the front end, proceed to call the ExecutePayment endpoint, utilizing the SessionId exclusively (not the PaymentMethodId). Subsequently, redirect the customer to the PaymentUrl provided in the response, facilitating the entry of the OTP challenge for enhanced security.
{
"SessionId":"56d62a79-f631-443c-ab5d-838180ca867e",
"InvoiceValue":10
}
{
"IsSuccess": true,
"Message": "Invoice Created Successfully!",
"ValidationErrors": null,
"Data": {
"InvoiceId": 3033576,
"IsDirectPayment": false,
"PaymentURL": "https://demo.MyFatoorah.com/En/KWT/PayInvoice/MpgsAuthentication?paymentId=07073033576178636873&sessionId=SESSION0002237514833L20329328M1",
"CustomerReference": "",
"UserDefinedField": null,
"RecurringId": ""
}
}
Updated 12 days ago