Besides Alipay and WeChat, our Mobile SDK can be used for in-app purchases using Credit Cards. The advantage of using our SDK is that the credit card details never reach your server, simplifying to a minimum the PCI requirements you must meet.
The interaction flow is described next:
- Upon order initiation form the customer
- Your server asks our server for a temporary API Key at entry point api/authorization/apikey:
Request Model:
POST https://securetest.smart2pay.com/v1/authorization/apikey Authorization: Basic MzAyMDE6aEo1Um9iWXg5cjdGZk53Q3ZIWTlMWEhxcXIrRkV6cmM3YUp2UVFrNEdhejFtZzdSeXk=
- Our server responds with a temporary API Key:
Response:
HTTP/1.1 201 Created Content-Type: application/json; charset=utf-8 { "ApiKey": { "Value": "MzAwMDc6M2FkODVhYzctNjhlNS00MTA2LTliNjctNTg3MmM1ZmI2ZDNiLTYzMzA=", "Created": "20181206141407", "LifeTime": 30, "AccessCounterLimit": 10, "Status": { "ID": 2, "Info": "Success", "Reasons": [] } } }
- The temporary API Key must be passed to the app.
- From the app you collect the credit cards details from which you build a CardAuthenticationRequest object, together with the temporary API key obtained in the previous step. Set callback functions to handle Success and Failure cases.
CardAuthenticationRequest cardAuthenticationRequest = new CardAuthenticationRequest("Basic " + apiKey, true); HashMap
card = new HashMap (); card.put("HolderName", ((EditText)findViewById(R.id.e_cardholder_name)).getText().toString()); card.put("Number", ((EditText)findViewById(R.id.e_cc_number)).getText().toString()); card.put("ExpirationMonth", ((EditText)findViewById(R.id.e_exp_month)).getText().toString()); card.put("ExpirationYear", ((EditText)findViewById(R.id.e_exp_year)).getText().toString()); card.put("SecurityCode", ((EditText)findViewById(R.id.e_cvv)).getText().toString()); cardAuthenticationRequest.setRequestBody(CCAuthenticateRequestBodyBuilder.getBody(card)); cardAuthenticationRequest.setCallback((new CardAuthenticationRequest.Callback() { public void onSuccess(@NonNull final String creditCardToken) { // Authorization was successful! // Send it to your server and initiate a transactions via REST API: https://docs-apm.nuvei.com/category/direct-card-processing/one-click-payment/ Log.d("TokenForCreditCard", creditCardToken); runOnUiThread(new Runnable() { @Override public void run() { displayDebugInfo("Credit Card Token:" + creditCardToken); } }); } public void onFailure() { Log.w(TAG,"Card Authentication request failed."); runOnUiThread(new Runnable() { @Override public void run() { displayDebugInfo("Card Authentication request failed."); } }); } })); cardAuthenticationRequest.enqueue(); - Our SDK calls our server with these details.
- The server responds with a token to our SDK.
- Our SDK passed the token back to your APP via the callback function setup in step 5.
- The order can now be submitted from the app to your server together with the token
- A credit card transaction using token is now initiated from your server. For more details go to: Recurring Card Payments section. You can store the token on your server for subsequent purchases.
- Our server responds to your server with the Authorization result. Upon a successful result you can release the goods or services.
- You pass the payment result to the app.