Create Token
Applicable to: Create Token through YabandPay Hosted Payment Page
The YabandPay Form Hosted Payment Page (HPP) is a ready-to-use payment page fully maintained by YabandPay. It enables eCommerce merchants to securely accept payments by hosting sensitive PCI data on YabandPay systems. The form can be embedded in the merchant’s checkout flow as an iframe or as a redirect page.
When the payment user completes a standard credit card transaction and agrees to authorization on the YabandPay-hosted payment page, YabandPay converts the cardholder's sensitive data into a random string (i.e., Token) to de-identify the information. With the Token, the following payments can be initiated:
The user can complete payment with one click on the checkout page without needing to enter credit card details.
The merchant can use this Token to execute recurring payments or subscription fees.
[!TIP|style:flat] Usage Process
Activate Token. Contact your account manager to enable the Token payment feature.
User Authorization. When enabling Quick Payment (Token Payment) for consumers, you are obligated to clearly inform and obtain authorization from users to avoid potential disputes.
Obtain Token. To obtain a Token, first initiate a standard credit card transaction. YabandPay will return a payment URL. After the user completes payment and agrees to authorization through that URL, YabandPay will asynchronously return the Token with the parameter
payment_token_object.Initiate Token Payment. Include the Token in the
payment_token_objectvariable. If the Token verification is successful, YabandPay will execute the Token payment. If Token verification fails, YabandPay will return an error message. In this case, it is recommended to reinitiate a standard credit card transaction to obtain a new Token and then retry the payment.
API URL:https://mapi.yabandpay.com/Payments
Method:POST
POST data type:Json
| Parameter | Type | Description | Required |
|---|---|---|---|
| user | String | the UID of cashier account | Required |
| sign | String | signature | Required |
| method | String | v3.CreateCardPayments | Required |
| time | Long | timestamp | Required |
- Parameter
| Parameter | Type | Description | Required |
|---|---|---|---|
| pay_method | String | online | Required |
| sub_pay_method | String | Cards HPP | Required |
| operation | String | 10.Create Token only; 11.Token for sales; 12.Token for authorisation | Required |
| order_id | String | order id from Merchant | Required |
| 3ds_initiate | String | 01. Enable 3DS verification; 02. Disable 3DS verification | Required |
| amount | String | format in cents: € 24.99 should be 24.99. If operation is 10, set amount=0 | Required |
| currency | String | ISO 4217, For example EUR, CHF | Required |
| description | String | order description | Required |
| form_type | String | The returned URL type, default is 01. 01.completed, 02.iframe | Optional |
| demo | String | custom field | Optional |
| timeout | String | value 0 means 1440 minutes | Required |
| redirect_url | String | the redirect URL after payment is completed | Required |
| notify_url | String | asynchronous notification url | Required |
| request_id | String | The request ID must be unique. It is recommended to use a combination of at least 24 digits and letters. | Required |
Signature:
Lexicographical sequence and URL key-value format new string
"3ds_initiate=01&amount=1¤cy=EUR&description=test&form_type=01&method=v3.CreateCardPayments¬ify_url=https://www.yabandpay.com/notify&operation=11&order_id=1725875388&pay_method=online&payment_token_object=&request_id=dxktqiedfpkswnripi631ppg6fl2uoym&sub_pay_method=Cards HPP Token&time=1725875388&timeout=0&user=016683"
Use stringA and secret_key to get stringSign
Get Signature:
"a13c6fb9574aa4fbeaf9d068012e21a6c6f85f7fb371f325145b3050c1f940fa"
Example Request:
{
"user": "016683",
"sign": "a13c6fb9574aa4fbeaf9d068012e21a6c6f85f7fb371f325145b3050c1f940fa",
"method": "v3.CreateCardPayments",
"time": 1725875388,
"data": {
"description": "test",
"3ds_initiate": "01",
"timeout": "0",
"pay_method": "online",
"sub_pay_method": "Cards HPP",
"operation": "11",
"form_type": "01",
"order_id": 1725875388,
"amount": "0.1",
"currency": "EUR",
"notify_url": "https://www.yabandpay.com/notify",
"request_id": "dxktqiedfpkswnripi631ppg6fl2uoym"
}
}
Example Response:
{
"status": true,
"code": "200",
"data": {
"order_id": "1725875388",
"trade_id": "2b2aa1af-6e97-4c01-8c52-86200bf66c82",
"amount": "0.1",
"currency": "EUR",
"settlement_amount": "0.1",
"settlement_currency": "EUR",
"exchange_rate": "1",
"url": "https://pay.yabandpay.com/pay_method/Y3JlZGl0Y2FyZA==/MmIyYWExYWYtNmU5Ny00YzAxLThjNTItODYyMDBiZjY2Yzgy",
"state": "processing"
},
"message": "",
"response_id": "202409091749500451314672"
}
More Information:
Return results:
On a successful API call, the response will be
"status": true.On a failed API call, the response will be
"status": false.
You need to redirect to the returned url. After the user enters their card information and completes the payment at this url, they will be redirected back to the redirect_url.
We strongly recommend using both Order Query and Asynchronous Notification simultaneously to synchronize and update payment status, ensuring real-time accuracy of payment information.
Return Token:
After the user agrees to authorization and successfully completes the payment, YabandPay will return the
payment_token_objectthrough asynchronous notification.If the user does not agree to authorization or fails to complete the payment, the
payment_token_objectwill not be returned in the asynchronous notification.
Result/Error codes:
| Status | Code | Message |
|---|---|---|
| true | 200 | |
| fales | -1000 | Internal error |
| fales | -403 | The signature Error |
| fales | -2001 | The user not exist |
| fales | -3001 | Required field is missing |
| fales | -4118 | Incorrect request ID |
| fales | -4120 | No operational permissions |