Mobile SDK – Cards

Besides Alipay and WeChat, our Mobile SDK can be used for in-app purchases using Credit Cards. The advantage of using our SDK is that the credit card details never reach your server, simplifying to a minimum the PCI requirements you must meet.

The interaction flow is described next:

  1. Upon order initiation form the customer
  2. Your server asks our server for a temporary API Key at entry point api/authorization/apikey:

    Request Model:

    Authorization: Basic MzAyMDE6aEo1Um9iWXg5cjdGZk53Q3ZIWTlMWEhxcXIrRkV6cmM3YUp2UVFrNEdhejFtZzdSeXk=
  3. Our server responds with a temporary API Key:


    HTTP/1.1 201 Created
    Content-Type: application/json; charset=utf-8
      "ApiKey": {
        "Value": "MzAwMDc6M2FkODVhYzctNjhlNS00MTA2LTliNjctNTg3MmM1ZmI2ZDNiLTYzMzA=",
        "Created": "20181206141407",
        "LifeTime": 30,
        "AccessCounterLimit": 10,
        "Status": {
          "ID": 2,
          "Info": "Success",
          "Reasons": []
  4. The temporary API Key must be passed to the app.
  5. From the app you collect the credit cards details from which you build a CardAuthenticationRequest object, together with the temporary API key obtained in the previous step. Set callback functions to handle Success and Failure cases.
    CardAuthenticationRequest cardAuthenticationRequest = new CardAuthenticationRequest("Basic " + apiKey, true);
    HashMap card = new HashMap();
    card.put("HolderName", ((EditText)findViewById(;
    card.put("Number", ((EditText)findViewById(;
    card.put("ExpirationMonth", ((EditText)findViewById(;
    card.put("ExpirationYear", ((EditText)findViewById(;
    card.put("SecurityCode", ((EditText)findViewById(;
    cardAuthenticationRequest.setCallback((new CardAuthenticationRequest.Callback() {
        public void onSuccess(@NonNull final String creditCardToken) {
            // Authorization was successful!
            // Send it to your server and initiate a transactions via REST API:
            Log.d("TokenForCreditCard", creditCardToken);
            runOnUiThread(new Runnable() {
                public void run() {
                    displayDebugInfo("Credit Card Token:" + creditCardToken);
        public void onFailure() {
            Log.w(TAG,"Card Authentication request failed.");
            runOnUiThread(new Runnable() {
                public void run() {
                    displayDebugInfo("Card Authentication request failed.");
  6. Our SDK calls our server with these details.
  7. The server responds with a token to our SDK.
  8. Our SDK passed the token back to your APP via the callback function setup in step 5.
  9. The order can now be submitted from the app to your server together with the token
  10. A credit card transaction using token is now initiated from your server. For more details go to: Recurring Card Payments section. You can store the token on your server for subsequent purchases.
  11. Our server responds to your server with the Authorization result. Upon a successful result you can release the goods or services.
  12. You pass the payment result to the app.