Card Payment (OTP/3DS)

POST /api/v1_0/cards/payment/:transaction_id/pay/card-otp

Submit an encrypted card payment for a registered transaction. Card data must be encrypted with the RSA public key from the Get Public Key endpoint.

Building `encryptedCardData`

Create a JSON object:

{
  "PN": "4111111111111111",
  "SC": "123",
  "DT": "12/30",
  "ID": "{{transaction_id}}",
  "TX": 1234567890
}

Encrypt with RSA/PKCS#1 using the public key and encode to Base64.

3DS Handling

If the response has redirectType: "FORM", the redirectText contains a Base64-encoded HTML form that must be rendered in the payer's browser for 3DS authentication. After the cardholder completes the challenge, retry this endpoint with threeDsConfirmed: true and the same encryptedCardData.

DCC (Dynamic Currency Conversion)

If the cardholder uses a foreign card and the merchant has DCC enabled, the response may have redirectType: "DCC_OFFER" with a dccOffer object. Display the original and converted amounts to the cardholder, then retry this endpoint with dccDecision: "accept" (pay in card currency) or dccDecision: "reject" (pay in shop currency) and the same encryptedCardData. Standard 3DS may still follow the DCC decision.

Request

Responses

Payment result

Card Payment (OTP/3DS)

/api/v1_0/cards/payment/:transaction_id/pay/card-otp

Building encryptedCardData​

3DS Handling​

DCC (Dynamic Currency Conversion)​

Request​

Responses​

Building `encryptedCardData`

3DS Handling

DCC (Dynamic Currency Conversion)

Request

Responses