Card Verification & Tokenisation

This interface is called by the client application to submit credit card details directly to the Afterpay Mobility Host, removing the need for merchants to store or transmit credit card information. This endpoint is public and could be accessed by the client.

Submit the card details and receive verified card details and the payment token which could be used for payments later

The interface provided is an HTTP POST Request and JSON response.

HTTP Request

POST https://<env>/v1/cards/verification

Request body

Name	Type	Mandatory	Description	Comment
cardHolderName	string	yes	The name as printed on the card.
pan	string	yes	The primary account number (PAN) or card number of the payment card.	14 to 16 digits
expiryMonth	integer(2)	yes	The 1 to 2 digit number indicating the month in which the payment card expires.	1 to 12
expiryYear	integer(4)	yes	The 2 to 4 digit number (prefix with 0) indicating the year in which the payment card expires.	2 to 4 digits
cvc	string	yes	The Card Verification Code (aka Card Verification Value (CVV) or Card Security Code (CSC)) is a security measure for card not present transactions to reduce fraud.	3 digit for MC/Visa, 4 digit for Amex
risk	Risk	yes	Information to enable risk assessment process.	Refer Risk Object
requestor	string	yes	Who requested the card verification	phone number, employee number etc.

Request headers

Parameter	Mandatory	Description
Content-Type	yes	application/json
Accept	yes	application/json
Authorization	yes	Bearer Access-card-oauth-token (Refer Authentication)
User-Agent	yes	All requests must include information about the Merchant, Platform, Channel and Service. For example `Merchant/ABC; Platform/Digital; MerchantId/ABC123; Channel/app; CountryCode/AU; System Information/Java/8.3; Service/Activation`
Request-Id	yes	unique identifier for card verification request provided by the merchant

Sample Example

curl -v -X POST https://<env>/v1/cards/verification \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer c92b326fff28aba21821349c3ef411e"\
-H "User-Agent: Merchant/ABC; Platform/Digital; MerchantId/ABC123; Channel/sms; CountryCode/AU System Information/Java/8.3; Service/Shop"\
-H "Request-Id: 8456732415666565656565656565656" \
-d '{
  "cardHolderName": "John Smith",
  "pan": "42**************",
  "expiryMonth": 6,
  "expiryYear": 2020,
  "cvc": "123",
  "risk": {...},
  "requestor": "61402223333"
}'

Response body

Name	Type	Mandatory	Description	Comment
id	string	yes	Uniquely identifies each verification. This is generated by the APT and is included in the response
receiptId	string	yes	identifier for card verification and tokenisation
token	string	no	The unique identifier of the customer's payment card to be used for payments; referred to as payment token
last4Digits	string	no	The last 4 digits of the payment card; could be used for visual identification of the payment card
creditLimit	number	no
cardBrand	string	no	The scheme issuing the card e.g. Visa, Mastercard, American Express
cardType	string	no	Indicates the payment card type and whether it is associated with a credit or debit account
cardSubType	string	no	Indicates the non-standardised, marketing sub-classification of the card
issuingBank	string	no	The name of the institution issuing the payment card
country	string	yes	The country in which the card was issued	ISO 3166-1 alpha-2

Sample Example

Status: 200 OK

{
  "id": "13e753e2e4a4b2f692b573e5fbe98b7b5523586a",
  "receiptId": "32432" 
  "token": "6966af4975984c30ae2e2c18985bc21c",
  "last4Digits": "1111",
  "creditLimit": 123,
  "cardBrand": "VISA",
  "cardType": "DEBIT",
  "cardSubType": "pre-paid giftcard",
  "issuingBank": "Commonwealth Bank of Australia",
  "country":"AU"
}