Guides

Charging a Credit Card without iFrame

Charing a credit card using the API

Suggest Edits

🚧

Utilizing this API requires your organization's adherence to PCI compliance obligations. However, employing our iFrame solution alleviates any need for PCI compliance with your software.

For iFrame documentation

Our Credit Card API handles secure storage, tokenisation, and charging of credit and debit cards.

Pay Advantage is PCI level 1 compliant and so you can be assured that we take a world class approach to securing and storing all financial information that goes through our system.

You will need to be responsible for how you handle this information in your own system but when we can we will give guidelines around what you should and shouldn't store. If you want to learn more about PCI compliance and how to keep your business and systems secure, you can read more here.

To use the Credit Card charging API refer to the Payment Authorisation API

Storing/Tokenising a Credit Card

Credit cards can be stored and used later for Batch Debiting and individual payments. They must always be stored against an existing customer. You should never store the credit card number (unless hashed) and in no instance should the CVN ever be saved.

Once you submit this request, the response will include a customer payment code, which serves as a key for accessing tokenised card details for processing payments and retrieving information through GET requests. You can securely store this code as it exclusively provides hashed details. In certain cases during the tokenisation process, the CVN may be utilized for card verification before being securely discarded.

View Test Credit Cards that can be used in Sandbox to safely test your API without using real card details.

const url = 'https://api.test.payadvantage.com.au/v3/payment_authorizations';

const options = {
  method: 'POST',
  headers: {accept: 'application/json', 'content-type': 'application/json'},
  body: JSON.stringify({
    customer: {code: 'ABC123'},
    creditCard: {cardNumber: '4631770080000000', expiryMonth: 10, expiryYear: 2025},
    onchargeFees: true,
    amount: 0,
    description: 'Golf Clubs',
    externalID: 'PAYMENT001',
    cvn: '000',
    performCapture: false
  })
};

fetch('https://api.test.payadvantage.com.au/v3/payment_authorizations', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

Charge a Stored/Tokenised Card

This method is used for attempting to charge a previously stored card and gets the response immediately. You will have to tokenise a card before it can be charged. This is so that we can ensure the best possible security is being used to protect both you and your customers data.

A successful response (STATUS 201) does not indicate that a payment was successful, it just means that charge was attempted. To determine a payments outcome you will need to check the ChargeStatus and Payment details in the response body for either "approved", "declined", or "undetermined". In the unusual event of receiving an "undetermined" response, you have two options to ascertain the payment's status. First, you can monitor the webhook to discover whether the payment ultimately fails or successfully settles within the next day. Alternatively, you can opt to query the charge again to determine its status, which will eventually be clarified as either "failed" or "approved." If you choose the querying method, we recommend checking the status at intervals of every 15 minutes, as significant changes typically do not occur within shorter timeframes. Do not attempt to re-charge this card until a definitive response has been received.

If the payment isn't successful or the charge declines you will be returned a fail code and reason in the response body under the Payment parameter. These are explained in more detail in our Enum Values & Fail Codes section here.

Below is an example of how to attempt to charge a card. The tokenised code is used in the request method and the body contains details of the payment. You can use ExternalID to attach a value from your system to the charge attempt. This can then be used when searching for charge attempts later on.

const url = 'https://api.test.payadvantage.com.au/v3/payment_authorizations';

const options = {
  method: 'POST',
  headers: {accept: 'application/json', 'content-type': 'application/json'},
  body: JSON.stringify({
    customer: {code: 'ABC123'},
    customerPaymentAccount: {code: 'ZXY987'},
    onchargeFees: true,
    amount: 10,
    description: 'Golf Clubs',
    externalID: 'PAYMENT001',
    performCapture: true
  })
};

fetch('https://api.test.payadvantage.com.au/v3/payment_authorizations', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

Authorise a Payment (Places a hold on the card)

Capture a payment from an existing Authorisation

If a payment was Authorised 

const url = 'https://api.test.payadvantage.com.au/v3/payment_authorizations/{code}';

const options = {
  method: 'PATCH',
  headers: {accept: 'application/json', 'content-type': 'application/json'}
};

fetch(url, options)
  .then(res => res.json())
  .then(json => console.log(json))
  .catch(err => console.error('error:' + err));

Updated 6 months ago