This interface is called by the client application to submit credit card details directly to the Afterpay Mobility Host, removing the need for merchants to store or transmit credit card information. This endpoint is public and could be accessed by the client. This API will allow the payment token to be saved temporarily

Submit the card details and the payment token details can be obtained using Retrieve Token API

The interface provided is an HTTP POST Request and JSON response.

HTTP Request

POST https://<env>/v1/cards/public-verification

Request body

Name	Type	Mandatory	Description	Comment
cardHolderName	string	yes	The name as printed on the card.
pan	string	yes	The primary account number (PAN) or card number of the payment card.	14 to 16 digits
expiryMonth	integer(2)	yes	The 1 to 2 digit number indicating the month in which the payment card expires.	1 to 12
expiryYear	integer(4)	yes	The 2 to 4 digit number (prefix with 0) indicating the year in which the payment card expires.	2 to 4 digits
cvc	string	yes	The Card Verification Code (aka Card Verification Value (CVV) or Card Security Code (CSC)) is a security measure for card not present transactions to reduce fraud.	3 digit for MC/Visa, 4 digit for Amex
risk	Risk	yes	Information to enable risk assessment process.	Refer Risk Object
requestor	string	yes	Who requested the card verification	phone number, employee number etc.

Request headers

Parameter	Mandatory	Description
Content-Type	yes	application/json
Accept	yes	application/json
Authorization	yes	Bearer Access-card-oauth-token (Refer Authentication)
User-Agent	yes	All requests must include information about the Merchant, Platform, Channel and Service. For example `Merchant/ABC; Platform/Digital; MerchantId/ABC123; Channel/app; CountryCode/AU; System Information/Java/8.3; Service/Activation`
Request-Id	yes	unique identifier for card verification request provided by the merchant
temporary-token	no	Boolean- true/false ; default value:false; if true saves card temporarily for 4 hours and deleted afterwards.

Sample Example

curl -v -X POST https://<env>/v1/cards/verification \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer c92b326fff28aba21821349c3ef411e"\
-H "User-Agent: Merchant/ABC; Platform/Digital; MerchantId/ABC123; Channel/sms; CountryCode/AU System Information/Java/8.3; Service/Shop"\
-H "Request-Id: 8456732415666565656565656565656" \
-H "temporary-token: true" \
-d '{
  "cardHolderName": "John Smith",
  "pan": "42**************",
  "expiryMonth": 6,
  "expiryYear": 2020,
  "cvc": "123",
  "risk": {...},
  "requestor": "61402223333"
}'

Response body

Name	Type	Mandatory	Description	Comment
id	string	yes	Uniquely identifies each verification. This is generated by the APT and is included in the response
receiptId	string	yes	identifier for card verification and tokenisation

Sample Example

Status: 200 OK

{
  "id": "13e753e2e4a4b2f692b573e5fbe98b7b5523586a",
  "receiptId": "32432"
}