This tutorial will guide you through taking payment with a new payment method (credit card or bank account). You must use our JavaScript library for tokenizing the payment method details and submitting a payment. By using our library, you are reducing the scope of Payment Card Industry Data Security Standard (PCI DSS) compliance in your code (but not eliminating PCI DSS scope).

Overview

The flow is as follows:

  1. Generate a new short lived access_token via the API.
  2. Submit payment details and the access_token via the JavaScript library to generate a new payment_token.
  3. Submit the payment_token in the final checkout call.

Step 1: Generate short lived access_token

This step generates an access_token that is scoped only for generating a payment_token for the given cart_id. This access_token is only valid for use via the JavaScript library and cannot be used to make other API calls, so it is safe to render in the browser.

To generate the access_token, use the same API call /v3/partners/oauth2/token that grants access to the API. An additional tokenize scope is required and the scope value is the cart_id that contains the items that need to be paid.

This example uses the same cart_id with a value of ‘aa46bcf4-b65a-4a37-bed9-5dcb4674d0a3’.

curl -XPOST {base_url}/v3/partners/oauth2/token \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-F "grant_type=client_credentials" \
-F "client_id=daxko_api_user" \
-F "client_secret=d9a2652cf96d734661c10d5ff2f8061f" \
-F "scope=client:9999 tokenize:aa46bcf4-b65a-4a37-bed9-5dcb4674d0a3"

Response:

{
  "access_token":"MiOiJhcGlfaGFuLXRydXN0ZWQiLCJzdWIiOiJhcGlfaGF..",
  "token_type":"bearer",
  "expires_in":3600
}

Step 2: Tokenize

Reference this library on your page:

<script src="/js/payments-1.0.0.js"></script>

Take the access_token from the previous call and pass it to the JavaScript method. This access_token is only valid for 60 minutes before another one needs to be requested.

Your rendered payment page should include JavaScript code like the following examples:

Credit Card Example

DaxkoPayments.credit_card.createToken({
  card_holder_name: "John Doe", // or jQuery selectors
  number: 4111111111111111,
  exp_month: 12,
  exp_year: 2018,
  address_line_1: "123 Wall Street",
  address_zip: "12345",
  access_token: "MiOiJhcGlfaGFuLXRydXN0ZWQiLCJzdWIiOiJhcGlfaGF.."
}, function(err, data) {
  if (err)
    $("#result").html("Errors: " + JSON.stringify(err))
  else
    $("#payment_token").val(data.payment_token)
})

Bank Account Example

DaxkoPayments.bankAccount.createToken({
  account_holder_name: "John Doe", // or jQuery selectors
  account_type: "checking",
  account_number: 123123,
  routing_number: 123456789,
  access_token: "MiOiJhcGlfaGFuLXRydXN0ZWQiLCJzdWIiOiJhcGlfaGF.."
}, function(err, data) {
  if (err)
    $("#result").html("Error: " + JSON.stringify(err))
  else
    $("#payment_token").val(data.payment_token)
})

The JavaScript callback will return either an error or a payment_token per the example above. You can safely pass this value from the browser to your server.

Step 3: Checkout

Now use the payment_token value in the final Checkout (program registration) or Checkout (membership) server to server API call.

POST /v3/carts/aa46bcf4-b65a-4a37-bed9-5dcb4674d0a3/checkout
{
  ...
  "payment_info": [
    {
      "payment_method_amount": 250,
      "billing_method": {
        "id": "PT3raaMpFPXEsmVexb5JOF3Zpff2TmtENJ_yZkLTudSrY",
        "save": true
      }
      ...
    }
  ]
}

All payment tokens for the `cart_id` are invalidated after checkout is successful.

Comments