Learn the payment flow for a one-click checkout integration where the customer makes a single payment, and you save the customer's card for future payments.

1. Create the checkout in the payment gateway

Perform a POST request to the payment gateway to create a checkout, with the payment type, amount, currency, and required attributes.

Here is an example request to create a checkout for a one-click checkout for the initial payment.

curl https://eu-test.oppwa.com/v1/checkouts \
-H "Accept: application/json" \
-H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
-d "entityId={channelId}" \
-d "amount=20.01" \
-d "currency=EUR" \
-d "paymentType=DB" \
-d "integrity=true" \
-d "merchantTransactionId=P124" \
-d "billing.street1=Calle Principal 123" \
-d "billing.city=Barcelona" \
-d "billing.country=ES" \
-d "billing.postcode=08123" \
-d "standingInstruction.type=UNSCHEDULED" \
-d "standingInstruction.mode=INITIAL" \
-d "standingInstruction.source=CIT" \
-d "createRegistration=true" \
-d "customer.email=js@example.com" \
-d "customer.ip=2001:8a0:7f4b:1b00:dd4e:2bf6:1fb8:56af" \
-d "customer.givenName=John" \
-d "customer.surname=Smith" \
-d "customer.phone=34667666666" \
-d "customer.merchantCustomerId=CUST01" \
-d "threeDSecure.challengeIndicator=04" \
-d "customParameters[CRMCustomerID]=CUST01" \
-d "customParameters[OrderID]=OC-00100" \
-d "customParameters[PaymentType]=OneClickCheckout" \
-d "customParameters[3DS2_enrolled]=true" \
-d "customParameters[3DS2_flow]=challenge" \
-d "testMode=EXTERNAL" \
-H "Authorization: Bearer {auth_token}"

Replace the example values with your values and replace the {channelId} and {auth_token} with your API credentials.

Here are some notes about the parameters in this request

Parameters	Notes
paymentType	Can be `DB` ("debit"), `PA` ("preauthorization"), or `CD` ("credit"). For `PA`, use the back-office API to capture the payment.
merchantTransactionId	We recommend that you provide a unique identifier for each transaction.
billing address	The billing address is required if you use 3DS verification; otherwise, it is recommended.
standingInstruction.type	Set to `UNSCHEDULED`to specify that recurring payments do not have a schedule.
standingInstruction.mode	Set to `INITIAL`to specify the first payment where you are saving a card
standingInstruction.source	Set to `CIT`to specify a customer-initiated transaction.
createRegistration	Set to `true`to save the customer's card for future payments.
customer details	We recommend you supply customer details, including a unique identifier for each customer.
threeDSecure.challengeIndicator	The recommended value is `04`. This means that 3DS is mandated in your region, and it tells the issuer to define the challenge type.
customParameters	We recommend adding custom parameters to uniquely identify the customer, order, and purchase type. The custom data you send in these parameters will be returned in the payment response. You can use these parameters to pair and match information from the payment gateway with your business systems. You can create an unlimited number of unique and properly-named custom parameters.

When you are testing your integration, you can use the following parameters.

Parameters	Notes
customParameters[3DS2_enrolled][3DS2_enrolled]	This parameter is for the test environment only. Set to `true` for any card to specify that the card is enrolled in 3DS. Or, instead of the 3DS test parameters, you can use 3DS test cards.
customParameters[3DS2_flow][3DS2_flow]	This parameter is for the test environment only. Set to `challenge` to force a 3DS challenge, or `frictionless`. Or, instead of the 3DS test parameters, you can use 3DS test cards.
testMode	This parameter is for the test environment only. Set to `INTERNAL` to process the transaction in the gateway only. Set to `EXTERNAL` to send the transaction to the acquirer's test environment.

For more details of 3DS testing, see the gateway 3DS testing guide

For full details of all the parameters, see Checkout request attributes.

Test in the gateway playground

You can test this request in the gateway playground at Gateway documentation for COPYandPAY integration.

Here is some example request data in the gateway playground format.

entityId={channelId}
amount=20.01
currency=EUR
paymentType=DB
integrity=true
merchantTransactionId=P124
billing.street1=Ave. Diagonal 611
billing.city=Barcelona
billing.country=ES
billing.postcode=08028
standingInstruction.type=UNSCHEDULED
standingInstruction.mode=INITIAL
standingInstruction.source=CIT
createRegistration=true
customer.email=js@example.com
customer.ip=2001:8a0:7f4b:1b00:dd4e:2bf6:1fb8:56af
customer.givenName=John
customer.surname=Smith
customer.phone=34667666666
customer.merchantCustomerId=CUST01
threeDSecure.challengeIndicator=04
customParameters[CRMCustomerID]=CUST01
customParameters[OrderID]=OC-00100
customParameters[PaymentType]=OneClickCheckout
customParameters[3DS_enrolled]=true
customParameters[3DS2_flow]=challenge
testMode=EXTERNAL

Example response

Your successful request will receive a JSON response.

For example:

{
  "result":{
    "code":"000.200.100",
    "description":"successfully created checkout"
  },
  "buildNumber":"d7f3057c29b9a26d5151336767387bb393720d7e@2024-10-14 09:16:49 +0000",
  "timestamp":"2024-10-15 14:58:46+0000",
  "ndc":"702B930F656317E0D29A22D195F75A59.uat01-vm-tx03",
  "id":"702B930F656317E0D29A22D195F75A59.uat01-vm-tx03",
  "integrity":"sha384-KnYRC1jbE3C9SMGbJ5eU2Gx+AM9PCaApfqS6lk8MpPlvk9jIii4PFu297dPu4wcy"
}

From this response, you will need the value of the id and integrity for the next step.

2. Create the payment form on your web page

To create the payment form on your web page, add the following lines of JavaScript and HTML and enter the following variables.

This script gets the checkout from the payment gateway. Replace the {checkoutId} with the value of the id and replace {integrity} with the value of integrity from the response in Step 1. Replace anonymous with the address of your website that loads the COPYandPAY checkout.

<script 
        src="https://eu-test.oppwa.com/v1/paymentWidgets.js?checkoutId={checkoutId}"
        integrity="{integrity}"
        crossorigin="anonymous">
</script>

This HTML displays the checkout. The shopperResultUrl is a page on your site where the customer should be redirected after payment processing.

<form action="{shopperResultUrl}" class="paymentWidgets" data-brands="VISA MASTER"></form>

For example, a checkout script could look like this.

<script src="https://eu-test.oppwa.com/v1/paymentWidgets.js?checkoutId=702B930F656317E0D29A22D195F75A59.uat01-vm-tx03"
        integrity="sha384-KnYRC1jbE3C9SMGbJ5eU2Gx+AM9PCaApfqS6lk8MpPlvk9jIii4PFu297dPu4wcy"
        crossorigin="https://example.com">
</script>

For example, your checkout HTML could look as follows.

<form action="https://myshop.example.com/paid" class="paymentWidgets" data-brands="VISA MASTER"></form>

You can use the same checkout ID multiple times to retrieve a valid payment form. If a customer does
not finish the payment and then reloads the page or uses the browser's back button, you do not need to create a new checkout, but these actions can generate multiple transactions in the system. For example, there can be one or more failed and one successful transaction from the same checkout ID.

The checkout expires in 30 minutes, and after it expires, you must send a new request to create a checkout and use the new checkoutId to create the payment form again.

👍
Customise the payment widget
To customise the payment widget to match the look of your own site, see this customisation guide and the advanced options guide.
You can also add extra fields to this form, for example, to obtain the customer details during checkout.
To display some sample customisations, go to demo checkouts. You can obtain the code for the demo checkouts at Demo checkouts on GitHub.

The payment widget for the first payment is the same as for a single payment. When the customer makes another payment, the payment widget displays the customer's saved cards.

3. Get the payment status from the checkout in the gateway

When the payment has been processed, CardCorp will redirect the customer to your shopperResultUrl.

To get the status of the payment, make a GET request to the payment link of your checkout in the gateway, as follows. You can display the payment status on the shopper result page.

curl -G https://eu-test.oppwa.com/v1/checkouts/{id}/payment \
-d "entityId=8ac7a4ca73522ba8017353bdfb9b0639" \
-H "Authorization: Bearer {auth_token}"

Replace the {id}and the {auth_token} with your values.

Here is an example of the JSON response to a status request for a successful initial payment. From here, you can get the card registrationIdto create the one-click checkout that displays the customer's card for convenience.

{
  "id":"8ac7a4a1913510db0191363e7df14def",
  "registrationId":"8ac7a4a19131906a0191328abe166a34",
  "processingEntityId":{channelId},
  "paymentType":"DB",
  "paymentBrand":"MASTER",
  "amount":"20.01",
  "currency":"EUR",
  "descriptor":"2420.3740.9311 ECOMChannel",
  "merchantTransactionId":"P124",
  "recurringType":"INITIAL",
  "result":{
    "cvvResponse":"U",
    "code":"000.100.112",
    "description":"Request successfully processed in 'Merchant in Connector Test Mode'"
  },
  "resultDetails":{
    "ExtendedDescription":"Approved",
    "usedChallengeIndicator":"04",
    "clearingInstituteName":"SecureTrading Omnipay Demo",
    "ConnectorTxID1":"781795||true|UMCC632812   ||0808|434| ||RECURRING|80||false|true|false|812|",
    "connectorId":"422103781795",
    "ConnectorTxID3":"422103781795|00|||1||0808151051|||||||||||||Berlin|",
    "ConnectorTxID2":"778946||8ac7a0b39131d7470191328aef4e0399",
    "AcquirerResponse":"00",
    "reconciliationId":"2420.3740.9311",
    "CardholderInitiatedTransactionID":"MCC6328120808",
    "SchemeResponseCode":"00"
  },
  "card":{
    "bin":"520000",
    "binCountry":"MY",
    "last4Digits":"0049",
    "holder":"John Smith",
    "expiryMonth":"02",
    "expiryYear":"2027",
    "issuer":{
      "bank":"PUBLIC BANK BERHAD",
      "website":"HTTPS://WWW.PBEBANK.COM/",
      "phone":"1-800-22-5555"
    },
    "type":"CREDIT",
    "level":"STANDARD",
    "country":"MY",
    "maxPanLength":"16",
    "binType":"PERSONAL",
    "regulatedFlag":"N"
  },
  "customer":{
    "givenName":"John",
    "surname":"Smith",
    "merchantCustomerId":"CUST01",
    "phone":"34667666666",
    "email":"js@example.com",
    "ip":"2001:8a0:7f4b:1b00:dd4e:2bf6:1fb8:56af"
  },
  "billing":{
    "street1":"Ave. Diagonal 611",
    "city":"Barcelona",
    "postcode":"08028",
    "country":"ES"
  },
  "threeDSecure":{
    "eci":"02",
    "version":"2.2.0",
    "dsTransactionId":"05e27c29-84d9-4f2c-a2fc-0a64c35fd9ad",
    "challengeMandatedIndicator":"N",
    "transactionStatusReason":"17",
    "acsTransactionId":"6699c3c6-36eb-4116-a080-8a6c2ec8995d",
    "cardHolderInfo":"",
    "authType":"01",
    "flow":"challenge",
    "authenticationTimestamp":"202408081510",
    "authenticationStatus":"Y"
  },
  "customParameters":{
    "StandingInstructionAPI":"true",
    "3DS_enrolled":"true",
    "SHOPPER_EndToEndIdentity":"ff31aff9535347018e3b6bb3c2aa835e7278bbc2272f87dda7a540a7941311c2",
    "CTPE_DESCRIPTOR_TEMPLATE":"",
    "StoredCredentialType":"CIT",
    "PaymentType":"OneClickCheckout",
    "CRMCustomerID":"CUST01",
    "3DS2_flow":"challenge",
    "StandingInstruction":"UNSCHEDULED",
    "OrderID":"OC-00100"
  },
  "risk":{
    "score":"0"
  },
  "buildNumber":"174903ec91870d5654938dd40f55da3b35036b23@2024-08-08 12:50:27 +0000",
  "timestamp":"2024-08-08 15:10:51+0000",
  "ndc":"EF5B7653617281760FFDBE08F15F55E4.uat01-vm-tx01",
  "standingInstruction":{
    "source":"CIT",
    "type":"UNSCHEDULED",
    "mode":"INITIAL",
    "initialTransactionId":"MCC6328120808"
  },
  "source":"OPPUI",
  "paymentMethod":"CC",
  "shortId":"2420.3740.9311"
}

To interpret the payment response, see Transaction results.

To collect a repeated payment with the one-click checkout, you will need the card registrationId of each of the cards saved by the customer.

There is a request limit for payment status calls, after which the gateway will reduce your access to the endpoint with throttling. You can send two (2) GET payment requests per minute for each checkout ID.

When you get the payment response status, compare the returned values with the expected values for the following fields: ID(s), amount, currency, brand and type.

After a payment response status is successful, you cannot use the checkout identifier again. So if you need to get the status, use the Transaction Reports endpoint with the payment id. You will also need the id to manage payments with the Backoffice API. See Backoffice API operations.

4. Create a one-click checkout to collect a repeated payment

After you have saved the customer's card, you can create the one-click checkout using the card registration ID from their initial transaction. This will display the customer's card so they can use it again or let them enter a new card.

Perform a POST request to the payment gateway to create a one-click checkout for a repeated payment.

curl https://eu-test.oppwa.com/v1/checkouts \
-H "Accept: application/json" \
-H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" \
-d "entityId={channelId}" \
-d "amount=20.02" \
-d "currency=EUR" \
-d "paymentType=DB" \
-d "integrity=true" \
-d "merchantTransactionId=P125" \
-d "standingInstruction.type=UNSCHEDULED" \
-d "standingInstruction.mode=REPEATED" \
-d "standingInstruction.source=CIT" \
-d "registrations[0].id={registrationId0}" \
-d "registrations[1].id={registrationId1}" \
-d "customer.ip=2001:8a0:7f4b:1b00:dd4e:2bf6:1fb8:56af" \
-d "customParameters[CRMCustomerID]=CUST01" \
-d "customParameters[OrderID]=OC-00100" \
-d "customParameters[PaymentType]=OneClickCheckout" \
-d "testMode=EXTERNAL" \
-H "Authorization: Bearer {auth_token}"

Replace the example values with your values and replace the {channelId} and {auth_token} with your API credentials. Also, replace registrationId0, registrationId1 and so on, for each of the customer's cards.

Here are some notes about the parameters in this request.

Parameters	Notes
paymentType	Can be `DB` ("debit") or `PA` ("preauthorization"). For `PA`, use the back-office API to capture the payment.
merchantTransactionId	We recommend that you provide a unique identifier for each transaction.
standingInstruction.type	Set to `UNSCHEDULED`to specify that recurring payments do not have a schedule.
standingInstruction.mode	Set to `REPEATED`to specify a repeated payment using a saved card
standingInstruction.source	Set to `CIT`to specify a customer-initiated transaction.
registrationId0 registrationId1	Use the value of the `registrationId` that you obtained from the results of the initial payment. If the customer has saved more than one card, there may be more than one registration ID. The customer can use the saved card or enter new card details.
customer details	We recommend you supply the customer's IP address.
customParameters	We recommend you supply custom parameters to identify the customer, order, and purchase type.

When you are testing your integration, you can use the following parameters.

Parameters	Notes
testMode	This parameter is for the test environment only. Set to `EXTERNAL` to send the transaction to the acquirer's test environment. Set to `INTERNAL`to process the transaction in the gateway only.

For full details of all the parameters, see Checkout request attributes.

Test repeated request in the payment gateway

You can test this request in the gateway playground at Gateway documentation for COPYandPAY integration.

Here is some example request data in the gateway playground format.

entityId={channelId}
amount=20.02
currency=EUR
paymentType=DB
integrity=true
merchantTransactionId=P125
standingInstruction.type=UNSCHEDULED
standingInstruction.mode=REPEATED
standingInstruction.source=CIT
registrations[0].id={registrationId}
customer.ip=2001:8a0:7f4b:1b00:dd4e:2bf6:1fb8:56af
customParameters[CRMCustomerID]=CUST01
customParameters[OrderID]=OC-00100
customParameters[PaymentType]=OneClickCheckout
testMode=EXTERNAL

Response details

Your successful request will receive a JSON response with a checkout id and integrity as in step 1 above when you created the checkout for the initial payment.

5. Display the one-click checkout

Use the checkout id and integrity to create a checkout on your web page, as in step 2 above. This checkout will display the customer's registered cards for them to select, or they can enter a new card.

Here is an example of a customised payment widget for a one-click checkout when the customer makes a repeated payment.

Basic styling of payment iframe for one-click checkout repeated payment

6. Get the result of the repeated payment

Get the result of the payment from the checkout in the gateway with the same kind of request as in step 3 above but using the ID of the one-click checkout.

View the full technical integration guide

The gateway Integration Guide provides a comprehensive playground with code samples in all major programming languages.

Questions? - Visit our website and chat to our payment experts to learn more about integrating our COPYandPAY iFrame checkout.