post https://api-uat.payments.paynow.afterpaytouch.dev/v1/cards/public-verification
Use this API to verify customer card details and store the card (payment token) or save it temporarily; The payment token saved could be retrieved using Retrieve Token API
This interface is called by the client application to submit credit card details directly to the Afterpay Mobility Host, removing the need for merchants to store or transmit credit card information. This endpoint is public and could be accessed by the client. This API will allow the payment token to be saved temporarily
Submit the card details and the payment token details can be obtained using Retrieve Token API
The interface provided is an HTTP POST Request and JSON response.
HTTP Request
POST https://<env>/v1/cards/public-verification
Request body
| Name | Type | Mandatory | Description | Comment |
|---|---|---|---|---|
| cardHolderName | string | yes | The name as printed on the card. | |
| pan | string | yes | The primary account number (PAN) or card number of the payment card. | 14 to 16 digits |
| expiryMonth | integer(2) | yes | The 1 to 2 digit number indicating the month in which the payment card expires. | 1 to 12 |
| expiryYear | integer(4) | yes | The 2 to 4 digit number (prefix with 0) indicating the year in which the payment card expires. | 2 to 4 digits |
| cvc | string | yes | The Card Verification Code (aka Card Verification Value (CVV) or Card Security Code (CSC)) is a security measure for card not present transactions to reduce fraud. | 3 digit for MC/Visa, 4 digit for Amex |
| risk | Risk | yes | Information to enable risk assessment process. | Refer Risk Object |
| requestor | string | yes | Who requested the card verification | phone number, employee number etc. |
Request headers
| Parameter | Mandatory | Description |
|---|---|---|
| Content-Type | yes | application/json |
| Accept | yes | application/json |
| Authorization | yes | Bearer Access-card-oauth-token (Refer Authentication) |
| User-Agent | yes | All requests must include information about the Merchant, Platform, Channel and Service. For example Merchant/ABC; Platform/Digital; MerchantId/ABC123; Channel/app; CountryCode/AU; System Information/Java/8.3; Service/Activation |
| Request-Id | yes | unique identifier for card verification request provided by the merchant |
| temporary-token | no | Boolean- true/false ; default value:false; if true saves card temporarily for 4 hours and deleted afterwards. |
Sample Example
curl -v -X POST https://<env>/v1/cards/verification \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer c92b326fff28aba21821349c3ef411e"\
-H "User-Agent: Merchant/ABC; Platform/Digital; MerchantId/ABC123; Channel/sms; CountryCode/AU System Information/Java/8.3; Service/Shop"\
-H "Request-Id: 8456732415666565656565656565656" \
-H "temporary-token: true" \
-d '{
"cardHolderName": "John Smith",
"pan": "42**************",
"expiryMonth": 6,
"expiryYear": 2020,
"cvc": "123",
"risk": {...},
"requestor": "61402223333"
}'
Response body
| Name | Type | Mandatory | Description | Comment |
|---|---|---|---|---|
| id | string | yes | Uniquely identifies each verification. This is generated by the APT and is included in the response | |
| receiptId | string | yes | identifier for card verification and tokenisation |
Sample Example
Status: 200 OK
{
"id": "13e753e2e4a4b2f692b573e5fbe98b7b5523586a",
"receiptId": "32432"
}