Get Token(card Direct method)
Applicable to: Merchants and institutions holding PCI DSS certification
Through this API call, a complete payment process is completed (3DS verification is mandatory).YabandPay converts cardholders' sensitive data into a random string (i.e., Token) to remove identity information. The following payments can be initiated using the Token:
The user can complete payment with one click on the checkout page without needing to enter credit card details.
The merchant can use this Token to execute recurring payments or subscription fees.
[!TIP|style:flat] Usage Process
Activate Token. Contact your account manager to enable the Token payment feature.
User Authorization. When enabling Quick Payment (Token Payment) for consumers, you are obligated to clearly inform and obtain authorization from users to avoid potential disputes.
Obtain Token. To obtain a Token, first initiate a standard credit card transaction. YabandPay will return a payment URL. After the user completes payment and agrees to authorization through that URL, YabandPay will asynchronously return the Token with the parameter
payment_token_object.Initiate Token Payment. Include the Token in the
payment_token_objectvariable. If the Token verification is successful, YabandPay will execute the Token payment. If Token verification fails, YabandPay will return an error message. In this case, it is recommended to reinitiate a standard credit card transaction to obtain a new Token and then retry the payment.
API URL:https://mapi.yabandpay.com/Payments
Method:POST
POST data type:Json
| 参数 | 类型 | 描述 | 是否必填 |
|---|---|---|---|
| user | String | 收银员账号的UID | 必填 |
| sign | String | 签名 | 必填 |
| method | String | v3.CreateCardPayments | 必填 |
| time | Long | 时间戳 | 必填 |
- 参数
| Parameter | Type | Description | 是否必填 |
|---|---|---|---|
| pay_method | String | online | 必填 |
| sub_pay_method | String | Card | 必填 |
| operation | String | 10.Create Token only; 11.Token for sales; 12.Token for authorisation | 必填 |
| order_id | String | 商户的订单ID | 必填 |
| token_type | String | CIT,MIT | 必填 |
| 3ds_initiate | String | 3ds设置。 01. 必须开启3ds验证; | 必填 |
| cardinfo | String | 卡信息 | cardinfo的值作为string处理(cardinfo内的字段不用加入排序) |
| cardinfo.card_holder | string | 持卡人姓名 | 必填 |
| cardinfo.emial | string | 持卡人email | 必填 |
| cardinfo.card_number | string | 卡号 | 必填 |
| cardinfo.expiration_month | string | 卡有效期月MM | 必填 |
| cardinfo.expiration_year | string | 卡有效期年YYYY | 必填 |
| cardinfo.cvc | string | CVC(任何形式存储CVC均违反PCI DSS规定) | 必填 |
| amount | String | 金额数字。例如 € 24.99 应该写成24.99。如果operation为10,请设置amount=0 | 必填 |
| currency | String | 货币代码,ISO 4217,例如EUR,CHF | 必填 |
| description | String | 订单描述 | 必填 |
| form_type | String | 返回的url类型,默认01。 01.completed, 02.iframe | 选填 |
| demo | String | 自定义字段 | 选填 |
| timeout | String | 过期时间单位分钟(0-1440) | 必填 |
| redirect_url | String | 支付完成后跳转地址 | 选填 |
| notify_url | String | 支付完成后异步通知地址 | 必填 |
| request_id | String | 请求id需保持唯一,建议24以上位数字+字母 | 必填 |
签名示例:
拼接为URL方式并排序后的字符串
"3ds_initiate=01&amount=0.1&cardinfo={"card_holder":"John Smith","emial":"JohnSmith@gmail.com","card_number":"4356789012345670","expiration_month":"01","expiration_year":"2023","cvc":"123"}¤cy=EUR&description=test&method=v3.CreateCardPayments¬ify_url=https://www.yabandpay.com/notify&operation=11&order_id=1756878556&pay_method=online&redirect_url=https://www.yabandpay.com/redirect_url&request_id=a7z1lox4l6z6mdx1udgn5gtezasze1x0&sca_exemption=LowValue&sub_pay_method=Card&time=1756878556&timeout=0&user=016683"
得到的 stringA 使用 secret_key做签名
得到的签名如下:
"89f7ab3caea19d5240f578bd2439da7205a5d6122ec34bc5ec0bf6872a449bf6"
提交示例:
{
"user": "016683",
"sign": "89f7ab3caea19d5240f578bd2439da7205a5d6122ec34bc5ec0bf6872a449bf6",
"method": "v3.CreateCardPayments",
"time": 1756878556,
"data": {
"description": "test",
"3ds_initiate": "01",
"timeout": "0",
"pay_method": "online",
"sub_pay_method": "Card",
"operation": "11",
"order_id": 1756878556,
"cardinfo": "{\"card_holder\":\"John Smith\",\"emial\":\"JohnSmith@gmail.com\",\"card_number\":\"4356789012345670\",\"expiration_month\":\"01\",\"expiration_year\":\"2023\",\"cvc\":\"123\"}",
"sca_exemption": "LowValue",
"amount": "0.1",
"currency": "EUR",
"redirect_url": "https://www.yabandpay.com/redirect_url",
"notify_url": "https://www.yabandpay.com/notify",
"request_id": "a7z1lox4l6z6mdx1udgn5gtezasze1x0"
}
}
返回示例:
{
"status": true,
"code": "200",
"data": {
"order_id": "1725875388",
"trade_id": "2b2aa1af-6e97-4c01-8c52-86200bf66c82",
"amount": "0.1",
"currency": "EUR",
"url": "https://pay.yabandpay.com/pay_method/Y3JlZGl0Y2FyZA==/MmIyYWExYWYtNmU5Ny00YzAxLThjNTItODYyMDBiZjY2Yzgy",
"state": "processing"
},
"message": "",
"response_id": "202409091749500451314672"
}
更多信息:
MIT & CIT :
MIT= Merchant Initiated subsequent transactions.由商户发起的Token扣款。
CIT= Cardholder Initiated Subsequent transactions.有用户参与的Token支付。 请在开通支付时候沟通好需要MIT还是CIT模式,做相应配置的开通
返回支付结果:
若调用成功,则返回
"status": true若调用失败,则返回
"status": false
您需要跳转返回的url。用户在此url输入卡号信息并完成支付后,会同步跳转回redirect_url。我们强烈建议同时使用订单查询和异步通知来同步和更新支付状态,以确保支付信息的实时准确性。
返回Token:
当用户同意授权并支付成功以后,YabandPay将通过异步通知返回
payment_token_object;如果用户不同意授权或未完成支付,在异步通知中不将返回
payment_token_object。
3DS低价值豁免:
在下列限额范围内的交易可被认定为低价值交易。当订单金额小于或等于以下金额时,经过批准可适用交易代码 02(低价值豁免)。
| # | 货币 | 金额 |
|---|---|---|
| 1 | EUR | 30 |
| 2 | DKK | 225 |
| 3 | GBP | 27 |
| 4 | SEK | 310 |
| 5 | ISK | 5000 |
| 6 | NOK | 325 |
| 7 | CHF | 32 |
| 8 | PLN | 135 |
| 9 | USD | 36 |
返回代码:
| Status | Code | Message |
|---|---|---|
| true | 200 | |
| false | -1000 | Internal error |
| false | -403 | The signature Error |
| false | -2001 | The user not exist |
| false | -3001 | Required field is missing |
| false | -4118 | Incorrect request ID |
| false | -4120 | No operational permissions |