Guides
Start typing to search…

One-click checkout

Add the CardCorp iframe checkout to your website

Learn the payment flow for a one-click checkout integration where the customer makes a single payment, and you save the customer's card for future payments.

1. Create the checkout in the payment gateway

Perform a POST request to the payment gateway to create a checkout, with the payment type, amount, currency, and required attributes.

Here is an example request to create a checkout for a one-click checkout for the initial payment.

curl https://eu-test.oppwa.com/v1/checkouts \
-H "Accept: application/json" \
-H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
-d "entityId={channelId}" \
-d "amount=20.01" \
-d "currency=EUR" \
-d "paymentType=DB" \
-d "integrity=true" \
-d "merchantTransactionId=P124" \
-d "billing.street1=Calle Principal 123" \
-d "billing.city=Barcelona" \
-d "billing.country=ES" \
-d "billing.postcode=08123" \
-d "standingInstruction.type=UNSCHEDULED" \
-d "standingInstruction.mode=INITIAL" \
-d "standingInstruction.source=CIT" \
-d "createRegistration=true" \
-d "[email protected]" \
-d "customer.ip=2001:8a0:7f4b:1b00:dd4e:2bf6:1fb8:56af" \
-d "customer.givenName=John" \
-d "customer.surname=Smith" \
-d "customer.phone=34667666666" \
-d "customer.merchantCustomerId=CUST01" \
-d "threeDSecure.challengeIndicator=04" \
-d "customParameters[CRMCustomerID]=CUST01" \
-d "customParameters[OrderID]=OC-00100" \
-d "customParameters[PaymentType]=OneClickCheckout" \
-d "customParameters[3DS2_enrolled]=true" \
-d "customParameters[3DS2_flow]=challenge" \
-d "testMode=EXTERNAL" \
-H "Authorization: Bearer {auth_token}"

Replace the example values with your values and replace the {channelId} and {auth_token} with your API credentials.

Here are some notes about the parameters in this request

ParametersNotes
paymentTypeCan be DB ("debit"), PA ("preauthorization"), or CD ("credit"). For PA, use the back-office API to capture the payment.
merchantTransactionIdWe recommend that you provide a unique identifier for each transaction.
billing addressThe billing address is required if you use 3DS verification; otherwise, it is recommended.
standingInstruction.typeSet to UNSCHEDULEDto specify that recurring payments do not have a schedule.
standingInstruction.modeSet to INITIALto specify the first payment where you are saving a card
standingInstruction.sourceSet to CITto specify a customer-initiated transaction.
createRegistrationSet to trueto save the customer's card for future payments.
customer detailsWe recommend you supply customer details, including a unique identifier for each customer.
threeDSecure.challengeIndicatorThe recommended value is 04. This means that 3DS is mandated in your region, and it tells the issuer to define the challenge type.
customParametersWe recommend adding custom parameters to uniquely identify the customer, order, and purchase type. The custom data you send in these parameters will be returned in the payment response. You can use these parameters to pair and match information from the payment gateway with your business systems. You can create an unlimited number of unique and properly-named custom parameters.

When you are testing your integration, you can use the following parameters.

ParametersNotes
customParameters[3DS2_enrolled][3DS2_enrolled]This parameter is for the test environment only. Set to true for any card to specify that the card is enrolled in 3DS. Or, instead of the 3DS test parameters, you can use 3DS test cards.
customParameters[3DS2_flow][3DS2_flow]This parameter is for the test environment only. Set to challenge to force a 3DS challenge, or frictionless. Or, instead of the 3DS test parameters, you can use 3DS test cards.
testModeThis parameter is for the test environment only. Set to INTERNAL to process the transaction in the gateway only. Set to EXTERNAL to send the transaction to the acquirer's test environment.

For more details of 3DS testing, see the gateway 3DS testing guide

For full details of all the parameters, see Checkout request attributes.

Your successful request will receive a JSON response.

Response Example:

{
  "result":{
    "code":"000.200.100",
    "description":"successfully created checkout"
  },
  "buildNumber":"d7f3057c29b9a26d5151336767387bb393720d7e@2024-10-14 09:16:49 +0000",
  "timestamp":"2024-10-15 14:58:46+0000",
  "ndc":"702B930F656317E0D29A22D195F75A59.uat01-vm-tx03",
  "id":"702B930F656317E0D29A22D195F75A59.uat01-vm-tx03",
  "integrity":"sha384-KnYRC1jbE3C9SMGbJ5eU2Gx+AM9PCaApfqS6lk8MpPlvk9jIii4PFu297dPu4wcy"
}

From this response, you will need the value of the id and integrity for the next step.

2. Create the payment form on your web page

To create the payment form on your web page, add the following lines of JavaScript and HTML and enter the following variables.

  1. This script gets the checkout from the payment gateway. Replace the {checkoutId} with the value of the id and replace {integrity} with the value of integrity from the response in Step 1. Replace anonymous with the address of your website that loads the COPYandPAY checkout.
<script 
        src="https://eu-test.oppwa.com/v1/paymentWidgets.js?checkoutId={checkoutId}"
        integrity="{integrity}"
        crossorigin="anonymous">
</script>
  1. This HTML displays the checkout. The shopperResultUrl is a page on your site where the customer should be redirected after payment processing.
<form action="{shopperResultUrl}" class="paymentWidgets" data-brands="VISA MASTER"></form>

For example, a checkout script could look like this.

<script src="https://eu-test.oppwa.com/v1/paymentWidgets.js?checkoutId=702B930F656317E0D29A22D195F75A59.uat01-vm-tx03"
        integrity="sha384-KnYRC1jbE3C9SMGbJ5eU2Gx+AM9PCaApfqS6lk8MpPlvk9jIii4PFu297dPu4wcy"
        crossorigin="https://example.com">
</script>

For example, your checkout HTML could look as follows.

<form action="https://myshop.example.com/paid" class="paymentWidgets" data-brands="VISA MASTER"></form>

You can use the same checkout ID multiple times to retrieve a valid payment form. If a customer does
not finish the payment and then reloads the page or uses the browser's back button, you do not need to create a new checkout, but these actions can generate multiple transactions in the system. For example, there can be one or more failed and one successful transaction from the same checkout ID.

The checkout expires in 30 minutes, and after it expires, you must send a new request to create a checkout and use the new checkoutId to create the payment form again.

👍

Customise the payment widget

To customise the payment widget to match the look of your own site, see this customisation guide and the advanced options guide.

You can also add extra fields to this form, for example, to obtain the customer details during checkout.

To display some sample customisations, go to demo checkouts. You can obtain the code for the demo checkouts at Demo checkouts on GitHub.


The payment widget for the first payment is the same as for a single payment. When the customer makes another payment, the payment widget displays the customer's saved cards.

3. Get the payment status from the checkout in the gateway

When the payment has been processed, CardCorp will redirect the customer to your shopperResultUrl.

To get the status of the payment, make a GET request to the payment link of your checkout in the gateway, as follows. You can display the payment status on the shopper result page.

curl -G https://eu-test.oppwa.com/v1/checkouts/{id}/payment \
-d "entityId=8ac7a4ca73522ba8017353bdfb9b0639" \
-H "Authorization: Bearer {auth_token}"

Replace the {id}and the {auth_token} with your values.

Here is an example of the JSON response to a status request for a successful initial payment. From here, you can get the card registrationIdto create the one-click checkout that displays the customer's card for convenience.

{
  "id":"8ac7a4a1913510db0191363e7df14def",
  "registrationId":"8ac7a4a19131906a0191328abe166a34",
  "processingEntityId":{channelId},
  "paymentType":"DB",
  "paymentBrand":"MASTER",
  "amount":"20.01",
  "currency":"EUR",
  "descriptor":"2420.3740.9311 ECOMChannel",
  "merchantTransactionId":"P124",
  "recurringType":"INITIAL",
  "result":{
    "cvvResponse":"U",
    "code":"000.100.112",
    "description":"Request successfully processed in 'Merchant in Connector Test Mode'"
  },
  "resultDetails":{
    "ExtendedDescription":"Approved",
    "usedChallengeIndicator":"04",
    "clearingInstituteName":"SecureTrading Omnipay Demo",
    "ConnectorTxID1":"781795||true|UMCC632812   ||0808|434| ||RECURRING|80||false|true|false|812|",
    "connectorId":"422103781795",
    "ConnectorTxID3":"422103781795|00|||1||0808151051|||||||||||||Berlin|",
    "ConnectorTxID2":"778946||8ac7a0b39131d7470191328aef4e0399",
    "AcquirerResponse":"00",
    "reconciliationId":"2420.3740.9311",
    "CardholderInitiatedTransactionID":"MCC6328120808",
    "SchemeResponseCode":"00"
  },
  "card":{
    "bin":"520000",
    "binCountry":"MY",
    "last4Digits":"0049",
    "holder":"John Smith",
    "expiryMonth":"02",
    "expiryYear":"2027",
    "issuer":{
      "bank":"PUBLIC BANK BERHAD",
      "website":"HTTPS://WWW.PBEBANK.COM/",
      "phone":"1-800-22-5555"
    },
    "type":"CREDIT",
    "level":"STANDARD",
    "country":"MY",
    "maxPanLength":"16",
    "binType":"PERSONAL",
    "regulatedFlag":"N"
  },
  "customer":{
    "givenName":"John",
    "surname":"Smith",
    "merchantCustomerId":"CUST01",
    "phone":"34667666666",
    "email":"[email protected]",
    "ip":"2001:8a0:7f4b:1b00:dd4e:2bf6:1fb8:56af"
  },
  "billing":{
    "street1":"Ave. Diagonal 611",
    "city":"Barcelona",
    "postcode":"08028",
    "country":"ES"
  },
  "threeDSecure":{
    "eci":"02",
    "version":"2.2.0",
    "dsTransactionId":"05e27c29-84d9-4f2c-a2fc-0a64c35fd9ad",
    "challengeMandatedIndicator":"N",
    "transactionStatusReason":"17",
    "acsTransactionId":"6699c3c6-36eb-4116-a080-8a6c2ec8995d",
    "cardHolderInfo":"",
    "authType":"01",
    "flow":"challenge",
    "authenticationTimestamp":"202408081510",
    "authenticationStatus":"Y"
  },
  "customParameters":{
    "StandingInstructionAPI":"true",
    "3DS_enrolled":"true",
    "SHOPPER_EndToEndIdentity":"ff31aff9535347018e3b6bb3c2aa835e7278bbc2272f87dda7a540a7941311c2",
    "CTPE_DESCRIPTOR_TEMPLATE":"",
    "StoredCredentialType":"CIT",
    "PaymentType":"OneClickCheckout",
    "CRMCustomerID":"CUST01",
    "3DS2_flow":"challenge",
    "StandingInstruction":"UNSCHEDULED",
    "OrderID":"OC-00100"
  },
  "risk":{
    "score":"0"
  },
  "buildNumber":"174903ec91870d5654938dd40f55da3b35036b23@2024-08-08 12:50:27 +0000",
  "timestamp":"2024-08-08 15:10:51+0000",
  "ndc":"EF5B7653617281760FFDBE08F15F55E4.uat01-vm-tx01",
  "standingInstruction":{
    "source":"CIT",
    "type":"UNSCHEDULED",
    "mode":"INITIAL",
    "initialTransactionId":"MCC6328120808"
  },
  "source":"OPPUI",
  "paymentMethod":"CC",
  "shortId":"2420.3740.9311"
}

To interpret the payment response, see Transaction results.

To collect a repeated payment with the one-click checkout, you will need the card registrationId of each of the cards saved by the customer.

There is a request limit for payment status calls, after which the gateway will reduce your access to the endpoint with throttling. You can send two (2) GET payment requests per minute for each checkout ID.

When you get the payment response status, compare the returned values with the expected values for the following fields: ID(s), amount, currency, brand and type.

After a payment response status is successful, you cannot use the checkout identifier again. So if you need to get the status, use the Transaction Reports endpoint with the payment id. You will also need the id to manage payments with the Backoffice API. See Backoffice API operations.

4. Create a one-click checkout to collect a repeated payment

After you have saved the customer's card, you can create the one-click checkout using the card registration ID from their initial transaction. This will display the customer's card so they can use it again or let them enter a new card.

Perform a POST request to the payment gateway to create a one-click checkout for a repeated payment.

curl https://eu-test.oppwa.com/v1/checkouts \
-H "Accept: application/json" \
-H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
-d "entityId={channelId}" \
-d "amount=20.02" \
-d "currency=EUR" \
-d "paymentType=DB" \
-d "integrity=true" \
-d "merchantTransactionId=P125" \
-d "standingInstruction.type=UNSCHEDULED" \
-d "standingInstruction.mode=REPEATED" \
-d "standingInstruction.source=CIT" \
-d "registrations[0].id={registrationId0}" \
-d "registrations[1].id={registrationId1}" \
-d "customer.ip=2001:8a0:7f4b:1b00:dd4e:2bf6:1fb8:56af" \
-d "customParameters[CRMCustomerID]=CUST01" \
-d "customParameters[OrderID]=OC-00100" \
-d "customParameters[PaymentType]=OneClickCheckout" \
-d "testMode=EXTERNAL" \
-H "Authorization: Bearer {auth_token}"

Replace the example values with your values and replace the {channelId} and {auth_token} with your API credentials. Also, replace registrationId0, registrationId1 and so on, for each of the customer's cards.

Here are some notes about the parameters in this request.

Parameters

Notes

paymentType

Can be DB ("debit") or PA ("preauthorization"). For PA, use the back-office API to capture the payment.

merchantTransactionId

We recommend that you provide a unique identifier for each transaction.

standingInstruction.type

Set to UNSCHEDULEDto specify that recurring payments do not have a schedule.

standingInstruction.mode

Set to REPEATEDto specify a repeated payment using a saved card

standingInstruction.source

Set to CITto specify a customer-initiated transaction.

registrationId0
registrationId1

Use the value of the registrationId that you obtained from the results of the initial payment. If the customer has saved more than one card, there may be more than one registration ID. The customer can use the saved card or enter new card details.

customer details

We recommend you supply the customer's IP address.

customParameters

We recommend you supply custom parameters to identify the customer, order, and purchase type.

When you are testing your integration, you can use the following parameters.

ParametersNotes
testModeThis parameter is for the test environment only. Set to EXTERNAL to send the transaction to the acquirer's test environment. Set to INTERNALto process the transaction in the gateway only.

For full details of all the parameters, see Checkout request attributes.

Your successful request will receive a JSON response with a checkout id and integrity as in step 1 above when you created the checkout for the initial payment.

5. Display the one-click checkout

Use the checkout id and integrity to create a checkout on your web page, as in step 2 above. This checkout will display the customer's registered cards for them to select, or they can enter a new card.

Here is an example of a customised payment widget for a one-click checkout when the customer makes a repeated payment.

Basic styling of payment iframe for one-click checkout repeated payment

Basic styling of payment iframe for one-click checkout repeated payment

6. Get the result of the repeated payment

Get the result of the payment from the checkout in the gateway with the same kind of request as in step 3 above but using the ID of the one-click checkout.

View the full technical integration guide

The integration guide provides a comprehensive playground with code samples in all major programming languages.

Integration Guide. For request data you can use in the playground, see Gateway playground request data for COPYandPAY.

Questions? - Sign up on our website and talk to our payment experts to learn more about integrating our iFrame checkout.