Token Payment
Applicable to: Initiating Token Payment - Credit Card
The YabandPay Form Hosted Payment Page (HPP) is a ready-to-use payment page fully maintained by YabandPay. It enables eCommerce merchants to securely accept payments by hosting sensitive PCI data on YabandPay systems. The form can be embedded in the merchant’s checkout flow as an iframe or as a redirect page.
When the payment user completes a standard credit card transaction and agrees to authorization on the YabandPay-hosted payment page, YabandPay converts the cardholder's sensitive data into a random string (i.e., Token) to de-identify the information. With the Token, the following payments can be initiated:
The user can complete payment with one click on the checkout page without needing to enter credit card details.
The merchant can use this Token to execute recurring payments or subscription fees.
[!TIP|style:flat] Usage Process
Activate Token. Contact your account manager to enable the Token payment feature.
User Authorization. When enabling Quick Payment (Token Payment) for consumers, you are obligated to clearly inform and obtain authorization from users to avoid potential disputes.
Obtain Token. To obtain a Token, first initiate a standard credit card transaction. YabandPay will return a payment URL. After the user completes payment and agrees to authorization through that URL, YabandPay will asynchronously return the Token with the parameter
payment_token_object.Initiate Token Payment. Include the Token in the
payment_token_objectvariable. If the Token verification is successful, YabandPay will execute the Token payment. If Token verification fails, YabandPay will return an error message. In this case, it is recommended to reinitiate a standard credit card transaction to obtain a new Token and then retry the payment.
API URL:https://mapi.yabandpay.com/Payments
Method:POST
POST data type:Json
| Parameter | Type | Description | Required |
|---|---|---|---|
| user | String | the UID of cashier account | Required |
| sign | String | signature | Required |
| method | String | v3.CreateCardPayments | Required |
| time | Long | timestamp | Required |
- Parameter
| Parameter | Type | Description | Required |
|---|---|---|---|
| pay_method | String | online | Required |
| sub_pay_method | String | Token | Required |
| operation | String | 11.Token for sales 12.Token for authorisation; | Required |
| order_id | String | order id from Merchant | Required |
| amount | String | format in cents: € 24.99 should be 24.99 | Required |
| currency | String | ISO 4217, For example EUR, CHF | Required |
| description | String | order description | Required |
| demo | String | custom field | Optional |
| timeout | String | value 0 means 1440 minutes | Required |
| notify_url | String | asynchronous notification url | Required |
| request_id | String | The request ID must be unique. It is recommended to use a combination of at least 24 digits and letters. | Required |
Signature:
Lexicographical sequence and URL key-value format new string
"3ds_initiate=01&amount=1¤cy=EUR&description=test&method=v3.CreateCardPayments¬ify_url=https://www.yabandpay.com/notify&operation=11&order_id=1725875388&pay_method=online&payment_token_object=&request_id=dxktqiedfpkswnripi631ppg6fl2uoym&sub_pay_method=Cards HPP Token&time=1725875388&timeout=0&user=016683"
Use stringA and secret_key to get stringSign
Get Signature:
"e0b025e3cb5e3dbd6bb662a82f95ca55ad2045947670098208396cb6d3e4e8d8"
Example Request:
{
"user": "016683",
"sign": "e0b025e3cb5e3dbd6bb662a82f95ca55ad2045947670098208396cb6d3e4e8d8",
"method": "v3.CreateCardPayments",
"time": 1725875543,
"data": {
"description": "test",
"timeout": "0",
"pay_method": "online",
"sub_pay_method": "Token",
"operation": "11",
"order_id": 1725875543,
"amount": "1",
"currency": "EUR",
"payment_token_object": "VnXaRabcsedfsSlPFZXavcsdfasdEFDd",
"notify_url": "https://www.yabandpay.com/notify",
"request_id": "hjf5lv32i40lh7oh86j6az98tnscwv37"
}
}
Example Response:
{
"status": true,
"code": "200",
"data": {
"order_id": "1725875543",
"trade_id": "109bb0e9-e1fb-49cb-c537-ec944f33c388",
"amount": "1.00",
"currency": "EUR",
"settlement_amount": "1.00",
"settlement_currency": "EUR",
"exchange_rate": "1",
"state": "paid"
},
"message": "",
"response_id": "202409091752241912726578"
}
More Information:
Return results:
On a successful API call, the response will be
"status": true.On a failed API call, the response will be
"status": false. In the case of receiving anInvalid Token, it is recommended to re-call the HPP Token to obtain a new Token.
You need to redirect to the returned url. After the user enters their card information and completes the payment at this url, they will be redirected back to the redirect_url.
We strongly recommend using both Order Query and Asynchronous Notification simultaneously to synchronize and update payment status, ensuring real-time accuracy of payment information.
If the order status state is paid, the payment is successful. If the order status state is authorized, the authorisation is successful.
Result/Error codes:
| Status | Code | Message |
|---|---|---|
| true | 200 | |
| fales | -1000 | Internal error |
| fales | -403 | The signature Error |
| fales | -2001 | The user not exist |
| fales | -3001 | Required field is missing |
| fales | -4118 | Incorrect request ID |
| fales | -4119 | Invalid Token |
| fales | -4120 | No operational permissions |