post https://api-uat.payments.paynow.afterpaytouch.dev/v1/payments
Use this API to do an immediate payment using saved card token
Request an immediate transfer of nominated funds using card-token.
Requires Revenue Assurance & Risk Assessment.
This interface could only be accessed by the merchant host. All other access will be blocked. IP whitelisting will ensure only traffic from the merchant backend could access this endpoint.
The interface provided is an HTTP POST request and JSON response.
HTTP Request
POST https://<env>/v1/payments
Request headers
| Parameter | Mandatory | Description |
|---|---|---|
| Content-Type | yes | application/json |
| Accept | yes | application/json |
| Authorization | yes | Bearer Access-admin-oauth-token (Refer Authentication) |
| User-Agent | yes | All requests must include information about the Merchant,Platform, Channel and Service. For example Merchant/ABC; Platform/Digital; MerchantId/ABC123; Channel/msite; CountryCode/AU; System Information/Java/8.3; Service/Unlock |
| Request-Id | yes | unique identifier for payment request provided by Merchant |
Request body
| Name | Type | Mandatory | Description | Comment |
|---|---|---|---|---|
| token | string | yes | The unique identifier representing the customer's payment card; 'card token' | Mandatory for card payments |
| amount | number | yes | The value of the funds to be debited from the payment card | |
| currency | string | yes | The currency in which the transaction is to occur | |
| risk | Risk | yes | Information to enable risk assessment process. | Refer Risk Object |
| cvc | string | no | The Card Verification Code (aka Card Verification Value (CVV) or Card Security Code (CSC)) is a security measure for card not present transactions to reduce fraud. | Mandatory when Customer initiated with card payments |
| initiator | string | yes | indicates whether this transaction is initiated by customer or merchant | E.g. Merchant/Customer |
| requestor | string | yes | Who requested the payment | phone number, employee number etc. |
Sample Example
curl -v -X POST https://<env>/v1/payments \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "Authorization: Bearer eyJraWQiOiJManp0Z0RCQ1BlVmhBZU1sQnkrYlNTSjQrN1BxTXRxd1F2UStVbW9VVGRrPSIsImFsZyI6IlJTMjU2In0" \
-H "Request-Id: 84567324156665656565656565656511" \
-H "User-Agent: Merchant/DCE; Platform/SAP; MerchantId/ABC123; Channel/sms; CountryCode/AU System Information/Java/8.3; Service/Recharge"\
-d '{
"token": "6966af4975984c30ae2e2c18985bc21c",
"amount": 100.5,
"currency": "AUD",
"risk": {...},
"cvc": "123",
"initiator": "Customer",
"requestor": "6140222333"
}'
Response body
A successful request returns the 201 Created status code and a JSON response body.
| Name | Type | Mandatory | Description | Comment |
|---|---|---|---|---|
| id | string | yes | Uniquely identifies each payment. This is generated by the APT and is included in the response | |
| receiptId | string | no | identifier for payment | |
| token | string | no | The unique identifier representing the customer's payment card | Mandatory for card payments |
| amount | number | yes | The value of the funds to be transferred from the payment card | |
| currency | string | no | The currency in which the transaction is to occur | |
| cvc | string | no | The Card Verification Code (aka Card Verification Value (CVV) or Card Security Code (CSC)) is a security measure for card not present transactions to reduce fraud. | Mandatory when Customer initiated with card payments |
| initiator | string | yes | indicates whether this transaction is initiated by customer or merchant | E.g. Merchant/Customer |
| requestor | string | yes | Who requested the payment | phone number, employee number etc. |
Status: 200 OK
{
"id": "13e753e2e4a4b2f692b573e5fbe98b7b5523586a",
"receiptId": "342344",
"token": "6966af4975984c30ae2e2c18985bc21c",
"amount": 100.5,
"currency": "AUD",
"initiator": "Customer",
"requestor": "6140222333",
}