post https://api-uat.payments.paynow.afterpaytouch.dev/v1/cards/details
Use this API to get the card details of a stored card token
Get the card details for the card token stored in the Afterpay backend.
This interface could only be accessed by the Merchant host. All other access will be blocked. IP whitelisting will ensure only traffic from Merchant could access this endpoint.
The interface provided is an HTTP Get Request and JSON response
HTTP Request
POST https://<env>/v1/cards/details
Request body
| Name | Type | Mandatory | Description | Comment |
|---|---|---|---|---|
| token | string | yes | The unique identifier for the customer's payment card stored in Afterpay side referred to as card token | |
| risk | Risk | yes | Information to enable risk assessment process. | Refer Risk Object |
| requestor | string | yes | Who requested the card details | phone number, employee number etc. |
Request headers
| Parameter | Mandatory | Description |
|---|---|---|
| Content-Type | yes | application/json |
| Accept | yes | application/json |
| Authorization | yes | Bearer Access-admin-oauth-token (Refer Authentication) |
| User-Agent | yes | All requests must include information about the Afterpay Merchant, Platform, Channel and Service. For example `Merchant/ABC; Platform/Digital; MerchantId/ABC123; Channel/sms; CountryCode/AU; System Information/Java/8.3; Service/Activation |
| Request-Id | yes | unique identifier for card details request provided by the merchant |
Sample Example
curl -v -X POST https://<env>/v1/cards/details \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer eryJghjhkhkhkjhjkhWErtyuuj" \
-H "User-Agent: Merchant/ABC; Platform/Digital; MerchantId/ABC123; Channel/sms; CountryCode/AU System Information/Java/8.3; Service/Recharge"\
-H "Request-Id: 8456732415666565656565656565656" \
-d '{
"token": "6966af4975984c30ae2e2c18985bc21c"
"risk": {...},
"requestor": "61402223333"
}'
Response body
| Name | Type | Mandatory | Description | Comment |
|---|---|---|---|---|
| id | string | yes | Uniquely identifies each transaction. This is generated by the APT and is included in the response | |
| receiptId | string | yes | Identifier for card details request generated by Afterpay | |
| last4Digits | string | no | The last 4 digits of the payment card may be used for visual identification of the payment card | It could be the last 4, 3 or 2 digits depending on what is stored in the Afterpay system due to PCI compliance – eg.,'1254', '324', '65' |
| cardBrand | string | no | The scheme issuing the card e.g. Visa, Mastercard, American Express | |
| cardType | string | no | Indicates the payment card type and whether it is associated with a credit or debit account | |
| cardSubType | string | no | Indicates the non-standardised, marketing sub-classification of the card | |
| issuingBank | string | no | The name of the institution issuing the payment card | |
| country | string | no | The country in which the card was issued | ISO 3166-1 alpha-2 |
| requestor | string | no | Who requested the card details | phone number, employee number etc. |
Sample Example
Status: 200 OK
{
"id": "13e753e2e4a4b2f692b573e5fbe98b7b5523586a",
"receiptId": "32432",
"last4Digits": "1111",
"creditLimit": 123,
"cardBrand": "VISA",
"cardType": "DEBIT",
"cardSubType": "pre-paid giftcard",
"issuingBank": "Commonwealth Bank of Australia",
"country":"AU"
}