PayWay's Card on File (CoF) allow Card holder (Visa/Master card/ UPI) to authorize merchant to store their Cards token which can be used for future payments without having customer to enter card details. Using the Saved token, transactions can be initiated by consumers or the merchants ( for scheduled or recurring payments) depends of business needs.
Merchant will only see the tokenized (encrypted) details of the cards while the real cards details are securely stored at PayWay payment gateway.
Use this api to request PayWay save card web page where customer can safely enter the card details and authorize linking the card for future payments.
TESTING URL:
https://checkout-sandbox.payway.com.kh/api/payment-gateway/v1/cof/initial
PRODUCTION URL:
https://checkout.payway.com.kh/api/payment-gateway/v1/cof/initial
| # | Field name | Data type | Remark | Example |
|---|---|---|---|---|
| 1 |
merchant_id
mandatory | String [20] | Mobile or Application ID | onlinesshop24 |
| 2 |
ctid
mandatory | String | Consumer token ID | |
| 3 |
return_param
mandatory | String | Will be included no pushback notification | |
| 4 |
firstname
mandatory | String | Customers First name | |
| 5 |
lastname
mandatory | String | Customers Last name | |
| 6 | String | |||
| 7 | phone | String | ||
| 8 | return_url | String | Convert URL to base64 string base64_encode(‘domain.com’) | d3d3LnBheChoduTeriS5jb20ua2gLCdxdW |
| 9 | continue_add_card_success_url | String | useful for redirecting customer to specific pager after add card | |
|
hash
mandatory | Text |
Encrypt "merchant_id+ctid+ return_param, key" with hash_hmac sha512
after that convert the output using Base64. Eg. in php
|
{
"merchant_id":"onlinesshop24",
"ctid":"00002894",
"firstname":"Fristname",
"lastname":"Customer Last name",
"email":"[email protected]",
"phone":"0965965965",
"return_url":" d3d3LnBheChoduTeriS5jb20ua2gLCdxdW",
"continue_success_url":" www.staticmerchanturl.com/Success",
"hash":"K3nd/2Z4g45Paoqx06QA3UQeHRC2Ts37zjudG7DqyyU2Cq0cvOFMYqwtEsXkaEmNOSiFh6Y+IHRdwnA2WA/M/Qg==",
}
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="PayWay">
<title>PayWay Add Card Sample</title>
<link href="http://demo.payway.com.kh/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="https://payway-staging.ababank.com/checkout-popup.html?
file=css"/>
<style type="text/css">
/* Your css style*/
</style>
</head>
<body>
<div class="container">
<a href="#" id="add_card_button" class="btn btn-primary add-to-card">Add New Card</a>
</div>
<!-- The Modal -->
<div id="aba_main_modal" class="aba-modal">
<!-- Modal content -->
<div class="aba-modal-content add-card">
<form method="POST" target="aba_webservice" action="https://payway-staging.ababank.com/en
/api/request/add-card/" id="aba_merchant_add_card">
<input type="hidden" name="firstname" value="Samnang"/>
<input type="hidden" name="lastname" value="Sok"/>
<input type="hidden" name="phone" value="0123456789"/>
<input type="hidden" name="email" value="[email protected]"/>
<input type="hidden" name="ctid" value="239acf04eace99ea1590857c7066acf260e"/>
<input type="hidden" name="merchant_id" value="###"/>
<input type="hidden" name="return_param" value="rp-1582083583"/>
<input type="hidden" name="hash" value="###"/>
</form>
</div>
</div>
</body>
</html>
PayWay will respond with a save card web page which you can render in an iFrame, so customer can securely enter card details on the PayWay add Card page and Merchants will never have to touch the Card details.
{
'tran_id' => string,
'ctid' => string,
'payment_status' => string,
'card_status'
{
'status' => string,
'pwt' => string,
'mask_pan' => string,
'card_type' => string,
}
}
Merchant can initiate payment with the saved card token using the CREATE TRANSACTION - PURCHASE API and passing ctid and pwt along with all mandatory parameters.
Testing url:
https://checkout-sandbox.payway.com.kh/api/payment-gateway/v1/payments/purchase
Production url:
https://checkout.payway.com.kh/api/payment-gateway/v1/payments/purchase
{
"req_time":"20210123234559",
"merchant_id":"onlinesshop24",
"tran_id":"00002894",
"firstname":"Fristname",
"lastname":"Customer Last name",
"email":"[email protected]",
"phone":"0965965965",
"amount":5000,
"ctid":"lalsa6asd5",
"pwt":"096asrqew5965rqwe96asf_agg5/kolppptoooo",
"type":"purcahse",
"items":"W3snbmFtZSc6J3Rlc3QnLCdxdWFudGl0eSc6JzEnLCdwcmljZSc6JzEuMDAnfV0=",
"currency":"KHR",
"continue_success_url":" www.staticmerchanturl.com/Success",
"return_deeplink":,
"custom_fields":"{"Purcahse order ref":"Po-MX9901", "Customfield2":"value for custom field"}",
"return_params":"500 Characters notes included here to be returned on pushback notification after transaction is successful. ",
"hash":"K3nd/2Z4g45Paoqx06QA3UQeHRC2Ts37zjudG7DqyyU2Cq0cvOFMYqwtEsXkaEmNOSiFh6Y+IHRdwnA2WA/M/Qg==",
}
Upon successful payment with the saved token PayWay will pushback the payment status with the Transaction id.
{
"tran_id":"1632300046",
"apv":"000011",
"status":0
}
Use this APIs to allow customer to be able to delete the linked Card token.
TESTING URL:
https://checkout-sandbox.payway.com.kh/api/payment-gateway/v1/cof/remove
PRODUCTION URL:
https://checkout.payway.com.kh/api/payment-gateway/v1/cof/remove
| # | Field name | Data type | Remark | Example |
|---|---|---|---|---|
| 1 |
merchant_id
mandatory | String [20] | Mobile or Application ID | onlinesshop24 |
| 2 |
ctid
mandatory | String | Consumer token ID | |
| 3 |
pwt
mandatory | String | PayWay token | |
| 4 |
hash
mandatory | String | Base64 encode of hash hmac sha512 encryption merchant_id + ctid + pwt with public_key. |
{
"merchant_id":"onlinesshop24",
"ctid":"lalsa6asd5",
"pwt":"lalsa6asd5",
"hash":"K3nd/2Z4g45Paoqx06QA3UQeHRC2Ts37zjudG7DqyyU2Cq0cvOFMYqwtEsXkaEmNOSiFh6Y+IHRdwnA2WA/M/Qg==",
}
{
status: string,
description: string
}
Use this API to allow customer to save the card token while making purchase, This API will respond with PayWay checkout webpage which you can render in iFrame, this PayWay checkout page will have toggle button to save the card, upon transactions success PayWay will return two push notification.
TESTING URL:
https://checkout-sandbox.payway.com.kh/api/payment-gateway/v1/payments/purchase
PRODUCTION URL:
https://checkout.payway.com.kh/api/payment-gateway/v1/payments/purchase
Use same CREATE TRANSACTION - PURCHASE API with additional parameter ‘ctid’ to receive the saved card token.
{
"req_time":"20210123234559",
"merchant_id":"onlinesshop24",
"ctid":"lalsa6asd5",
"tran_id":"00002894",
"firstname":"Fristname",
"lastname":" Customer Last name",
"email":"[email protected]",
"phone":"0965965965",
"amount":5000,
"type":"purcahse",
"payment_option":"abapay",
"items":"W3snbmFtZSc6J3Rlc3QnLCdxdWFudGl0eSc6JzEnLCdwcmljZSc6JzEuMDAnfV0=",
"currency":"KHR",
"continue_success_url":" www.staticmerchanturl.com/Success",
"return_deeplink":,
"custom_fields":"{"Purcahse order ref":"Po-MX9901", "Customfield2":"value for custom field"}",
"return_params":"500 Characters notes included here to be returned on pushback notification",
"hash":"K3nd/2Z4g45Paoqx06QA3UQeHRC2Ts37zjudG7DqyyU2Cq0cvOFMYqwtEsXkaEmNOSiFh6Y+IHRdwnA2WA/M/Qg==",
}
PayWay will respond with Checkout page, with a toggle button on it, you can render this webpage in iframe on your webpage or WebView in your native app.
Upon transactions success with Purchase and Save card, PayWay will return two push notification.
See Payment status Pushback Notification – for confirm the payment status of the transaction
{
"tran_id":"1632300046",
"apv":"000011",
"status":0
}
See Add Card Pushback Notification – for pass the card token details if customer chose to link the card.
{
'tran_id' => string,
'ctid' => string,
'payment_status' => string,
'card_status'
{
'status' => string,
'pwt' => string,
'mask_pan' => string,
'card_type' => string,
}
}
General Status descriptions for Card on file feature.