This tutorial will guide you through taking payment with a new payment method (credit card or bank account). You must use our JavaScript library for tokenizing the payment method details and submitting a payment. By using our library, you are reducing the scope of Payment Card Industry Data Security Standard (PCI DSS) compliance in your code (but not eliminating PCI DSS scope).
Overview
The flow is as follows:
- Generate a new short lived
access_tokenvia the API. - Submit payment details and the
access_tokenvia the JavaScript library to generate a newpayment_token. - Submit the
payment_tokenin the final checkout call.
Step 1: Generate short lived access_token
This step generates an access_token that is scoped only for generating a payment_token for the given cart_id. This access_token is only valid for use via the JavaScript library and cannot be used to make other API calls, so it is safe to render in the browser.
To generate the access_token, use the same API call /v3/partners/oauth2/token that grants access to the API. An additional tokenize scope is required and the scope value is the cart_id that contains the items that need to be paid.
This example uses the same cart_id with a value of ‘aa46bcf4-b65a-4a37-bed9-5dcb4674d0a3’.
curl -XPOST {base_url}/v3/partners/oauth2/token \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-F "grant_type=client_credentials" \
-F "client_id=daxko_api_user" \
-F "client_secret=d9a2652cf96d734661c10d5ff2f8061f" \
-F "scope=client:9999 tokenize:aa46bcf4-b65a-4a37-bed9-5dcb4674d0a3"
Response:
{
"access_token":"MiOiJhcGlfaGFuLXRydXN0ZWQiLCJzdWIiOiJhcGlfaGF..",
"token_type":"bearer",
"expires_in":3600
}
Step 2: Tokenize
Reference this library on your page:
<script src="/js/payments-1.0.0.js"></script>
Take the access_token from the previous call and pass it to the JavaScript method. This access_token is only valid for 60 minutes before another one needs to be requested.
Your rendered payment page should include JavaScript code like the following examples:
Credit Card Example
DaxkoPayments.credit_card.createToken({
card_holder_name: "John Doe", // or jQuery selectors
number: 4111111111111111,
exp_month: 12,
exp_year: 2018,
address_line_1: "123 Wall Street",
address_zip: "12345",
access_token: "MiOiJhcGlfaGFuLXRydXN0ZWQiLCJzdWIiOiJhcGlfaGF.."
}, function(err, data) {
if (err)
$("#result").html("Errors: " + JSON.stringify(err))
else
$("#payment_token").val(data.payment_token)
})
Bank Account Example
DaxkoPayments.bankAccount.createToken({
account_holder_name: "John Doe", // or jQuery selectors
account_type: "checking",
account_number: 123123,
routing_number: 123456789,
access_token: "MiOiJhcGlfaGFuLXRydXN0ZWQiLCJzdWIiOiJhcGlfaGF.."
}, function(err, data) {
if (err)
$("#result").html("Error: " + JSON.stringify(err))
else
$("#payment_token").val(data.payment_token)
})
The JavaScript callback will return either an error or a payment_token per the example above. You can safely pass this value from the browser to your server.
Step 3: Checkout
Now use the payment_token value in the final Checkout (program registration) or Checkout (membership) server to server API call.
POST /v3/carts/aa46bcf4-b65a-4a37-bed9-5dcb4674d0a3/checkout
{
...
"payment_info": [
{
"payment_method_amount": 250,
"billing_method": {
"id": "PT3raaMpFPXEsmVexb5JOF3Zpff2TmtENJ_yZkLTudSrY",
"save": true
}
...
}
]
}
All payment tokens for the `cart_id` are invalidated after checkout is successful.