Hosted FieldsExtend your integration

Save a customer's payment details

View as MarkdownOpen in Claude

When you use Hosted Fields to capture a customer’s payment details, we return a single-use token. You can use the single-use token only once, and it expires 30 minutes after we return it.

If you want to run a sale later or run multiple sales, you need to convert the single-use token into a secure token. You can use the secure token multiple times, and it doesn’t expire.

Before you begin

Make sure you have set up your integration to run a sale.

Headers

To create the header of each POST request, you must include the following parameters:

  • Content-Type: Include application/json as the value for this parameter.
  • Authorization: Include your Bearer token in this parameter.
  • Idempotency-Key: Include a UUID v4 to make the request idempotent.
1-H "Content-Type: application/json"
2-H "Authorization: <Bearer token>"
3-H "Idempotency-Key: <UUID v4>"

Errors

Make sure that your integration can handle errors. If a request is unsuccessful, we return an error that follows the RFC 7807 format. For more information about errors, go to Errors.

Integration steps

  1. Update the JavaScript configuration
  2. Convert the single-use token into a secure token.
  3. (Optional) Run a sale with the secure token.

Step 1. Update the JavaScript configuration

  • In the JavaScript configuration, change the value for the mode parameter from payment to tokenization.
1<script
2  src="https://cdn.uat.payroc.com/js/hosted-fields/hosted-fields-1.7.0.261457.js"
3  integrity="sha384-m1A0nfFYa8sAfpDN0d60o4ztd/aCPC2xDVaOT31Urrmn4xypfHqgHQMayZeIK1PM"
4  crossorigin="anonymous"
5></script>
6
7<script>
8  const cardForm = new Payroc.hostedFields({
9    sessionToken: YOUR_SESSION_TOKEN,
10    mode: "tokenization",
11    fields: {
12      card: {
13        cardholderName: {
14          target: ".card-holder-name",
15          errorTarget: ".card-holder-name-error",
16          placeholder: "Cardholder Name",
17        },
18        cardNumber: {
19          target: ".card-number",
20          errorTarget: ".card-number-error",
21          placeholder: "1234 5678 1234 1211",
22        },
23        cvv: {
24          wrapperTarget: ".card-cvv-wrapper",
25          target: ".card-cvv",
26          errorTarget: ".card-cvv-error",
27          placeholder: "CVV",
28        },
29        expiryDate: {
30          target: ".card-expiry",
31          errorTarget: ".card-expiry-error",
32          placeholder: "MM/YY",
33        },
34        submit: {
35          target: ".submit-button",
36          value: "Submit",
37        },
38      },
39    },
40  });
41  padForm.initialize();
42</script>

Step 2. Convert the single-use token into a secure token

To convert the single-use token into a secure token, send a POST request to our Secure Tokens endpoint.

Request parameters

To create the body of your request, send the single-use token in the source object.

Note: If the single-use token represents card details, you also need to send a value for the mitAgreement parameter.

Request

sourceobjectRequired
Polymorphic object that contains the payment method to tokenize. The value of the type parameter determines which variant you should use: - `ach` - Automated Clearing House (ACH) details - `pad` - Pre-authorized debit (PAD) details - `card` - Payment card details - `singleUseToken` - Single-use token details
secureTokenIdstringOptional1-200 characters
Unique identifier that the merchant created for the secure token that represents the customer's payment details. If the merchant doesn't create a secureTokenId, the gateway generates one and returns it in the response.
operatorstringOptional1-50 characters
Operator who saved the customer's payment details.
mitAgreementenumOptional
Indicates how the merchant can use the customer's card details, as agreed by the customer: - `unscheduled` - Transactions for a fixed or variable amount that are run at a certain pre-defined event. - `recurring` - Transactions for a fixed amount that are run at regular intervals, for example, monthly. Recurring transactions don't have a fixed duration and run until the customer cancels the agreement. - `installment` - Transactions for a fixed amount that are run at regular intervals, for example, monthly. Installment transactions have a fixed duration.
Allowed values:
customerobjectOptional
Object that contains the customer's contact details and address information.
ipAddressobjectOptional
Object that contains the IP address of the device that sent the request.
threeDSecureobjectOptional
Polymorphic object that contains authentication information from 3-D Secure. The value of the type parameter determines which variant you should use: - `gatewayThreeDSecure` - Use our gateway to run a 3-D Secure check. - `thirdPartyThreeDSecure` - Use a third party to run a 3-D Secure check.
customFieldslist of objectsOptional
Array of customField objects.

Example request

POST
/v1/processing-terminals/:processingTerminalId/secure-tokens
1curl -X POST https://api.payroc.com/v1/processing-terminals/1234001/secure-tokens \
2     -H "Idempotency-Key: 8e03978e-40d5-43e8-bc93-6894a57f9324" \
3     -H "Authorization: Bearer <token>" \
4     -H "Content-Type: application/json" \
5     -d '{
6  "source": {
7    "type": "card",
8    "cardDetails": {
9      "entryMethod": "keyed",
10      "keyedData": {
11        "dataFormat": "plainText",
12        "cardNumber": "4539858876047062",
13        "cvv": "234",
14        "expiryDate": "1230"
15      },
16      "cardholderName": "Sarah Hazel Hopper"
17    }
18  },
19  "operator": "Jane",
20  "mitAgreement": "unscheduled",
21  "customer": {
22    "firstName": "Sarah",
23    "lastName": "Hopper",
24    "dateOfBirth": "1990-07-15",
25    "referenceNumber": "Customer-12",
26    "billingAddress": {
27      "address1": "1 Example Ave.",
28      "city": "Chicago",
29      "state": "Illinois",
30      "country": "US",
31      "postalCode": "60056",
32      "address2": "Example Address Line 2",
33      "address3": "Example Address Line 3"
34    },
35    "shippingAddress": {
36      "recipientName": "Sarah Hopper",
37      "address": {
38        "address1": "1 Example Ave.",
39        "city": "Chicago",
40        "state": "Illinois",
41        "country": "US",
42        "postalCode": "60056",
43        "address2": "Example Address Line 2",
44        "address3": "Example Address Line 3"
45      }
46    },
47    "contactMethods": [
48      {
49        "type": "email",
50        "value": "[email protected]"
51      }
52    ],
53    "notificationLanguage": "en"
54  },
55  "ipAddress": {
56    "type": "ipv4",
57    "value": "104.18.24.203"
58  },
59  "customFields": [
60    {
61      "name": "yourCustomField",
62      "value": "abc123"
63    }
64  ]
65}'
Try it

Response fields

If your request is successful, our gateway converts the single-use token into a secure token. Our gateway returns the secure token in the token field. The response also contains the following fields:

Response

secureTokenIdstringRequired0-200 characters
Unique identifier that the merchant created for the secure token that represents the customer's payment details.
processingTerminalIdstringRequired4-50 characters
Unique identifier that we assigned to the terminal.
sourceobjectRequired
Polymorphic object that contains the payment method that we tokenized. The value of the type parameter determines which variant you should use: - `ach` - Automated Clearing House (ACH) details - `pad` - Pre-authorized debit (PAD) details - `card` - Payment card details
tokenstringRequired12-19 characters
Token that the merchant can use in future transactions to represent the customer's payment details. The token: - Begins with the six-digit identification number **296753**. - Contains up to 12 digits. - Contains a single check digit that we calculate using the Luhn algorithm.
statusenumRequired
Outcome of a security check on the status of the customer's payment card or bank account. **Note:** Depending on the merchant's account settings, this feature may be unavailable.
mitAgreementenumOptional
Indicates how the merchant can use the customer's card details, as agreed by the customer: - `unscheduled` - Transactions for a fixed or variable amount that are run at a certain pre-defined event. - `recurring` - Transactions for a fixed amount that are run at regular intervals, for example, monthly. Recurring transactions don't have a fixed duration and run until the customer cancels the agreement. - `installment` - Transactions for a fixed amount that are run at regular intervals, for example, monthly. Installment transactions have a fixed duration.
Allowed values:
customerobjectOptional
Object that contains the customer's contact details and address information.
customFieldslist of objectsOptional
Array of customField objects.

Response example

Response
1{
2  "secureTokenId": "MREF_abc1de23-f4a5-6789-bcd0-12e345678901fa",
3  "processingTerminalId": "1234001",
4  "source": {
5    "type": "card",
6    "cardNumber": "453985******7062",
7    "cardholderName": "Sarah Hazel Hopper",
8    "expiryDate": "1230"
9  },
10  "token": "296753123456",
11  "status": "notValidated",
12  "mitAgreement": "unscheduled",
13  "customer": {
14    "firstName": "Sarah",
15    "lastName": "Hopper",
16    "dateOfBirth": "1990-07-15",
17    "referenceNumber": "Customer-12",
18    "billingAddress": {
19      "address1": "1 Example Ave.",
20      "address2": "Example Address Line 2",
21      "address3": "Example Address Line 3",
22      "city": "Chicago",
23      "state": "Illinois",
24      "country": "US",
25      "postalCode": "60056"
26    },
27    "shippingAddress": {
28      "recipientName": "Sarah Hopper",
29      "address": {
30        "address1": "1 Example Ave.",
31        "address2": "Example Address Line 2",
32        "address3": "Example Address Line 3",
33        "city": "Chicago",
34        "state": "Illinois",
35        "country": "US",
36        "postalCode": "60056"
37      }
38    },
39    "contactMethods": [
40      {
41        "type": "email",
42        "value": "[email protected]"
43      }
44    ],
45    "notificationLanguage": "en"
46  },
47  "customFields": [
48    {
49      "name": "yourCustomField",
50      "value": "abc123"
51    }
52  ]
53}

Step 3. (Optional) Run a sale with the secure token

To run a sale with the secure token, the method that you need to follow depends on whether the secure token represents card details or bank account details.

Use the same methods that you used in Run a Sale, but update the following parameters in the paymentMethod object:

  • type - Change the value to secureToken.
  • token - Include the secure token that you received in Step 2.