Initiating The Payment
Own Form integration type is suitable for merchants with PCI SAQ D-Merchant to know more about the Hosted Payment Page PCI DSS merchant requirements, please check this article .
In this manual, we will walk you through how to initiate a payment request via this integration type. You will be introduced to the required parameters that need to be passed to initiate the request, along with all the possible optional parameters as well. We highly recommend that you and your team check the "Payment Workflow" manual first to understand the business/logic this integration type relay on.
The Endpoint and Related Postman Collectionβ
In this tutorial, we will rely on the PayTabs Hosted Payment Page API Endpoint, mentioned on PayTabs API endpoints postman collection, which you can access from PayTabs Postman APIs Collection. The endpoint will need to be accessed with a POST request on the below-mentioned URL
| POST | {{domain}}/payment/request |
|---|
Be Aware Of
Please note that not using the proper endpoint URL {domain} will lead to authentication issues within your responses. To find the your proper domain you can read ourWhat is my (Region)/(endpoint URL)?tutorial article.
- KSA
- UAE
- Egypt
- Oman
- Jordan
- Kuwait
- Global
https://secure.paytabs.sa/payment/request
https://secure.paytabs.com/payment/request
https://secure-egypt.paytabs.com/payment/request
https://secure-oman.paytabs.com/payment/request
https://secure-jordan.paytabs.com/payment/request
https://secure-kuwait.paytabs.com/payment/request
https://secure-global.paytabs.com/payment/request
Request Parametersβ
To initiate a payment request using this integration type, there are minimum required parameters that need to be passed with valid information. The specification of these required parameters is clarified below:
- The Minimum Required Parameters
- The Available Optional Parameters
| Parameter | Data Type | Min | Max | Required |
|---|---|---|---|---|
| INT | Accept only valid profile number. | β | |
| The merchant Profile ID you can get from your PayTabs dashboard. For more information please check our How to get your account information from PT2 Dashboard? solution article. To know more about this parameter please click here. | ||||
| ||||
| STRING | Valid string from this enum list: sale auth void release capture refund register | β | |
| The identification of the type of the transaction. To know more about these types please check our What is the "tran_type" (transaction type)? solution article. To know more about this parameter please click here. | ||||
| ||||
| STRING | Valid string from this list ecom recurring moto | β | |
| The identification of the category/class this transaction will follow, such as eCommerce, Recurring, etc. To know more about these types please check our What is the "tran_class" (transaction class)? solution article. To know more about this parameter please click here. | ||||
| ||||
| STRING | 1 | 64 | β |
| Indicates the cart/order id at the merchant end, to easily relate the PayTabs transaction to. To know more about this parameter please click here. | ||||
| ||||
| STRING | 1 | 128 | β |
| Indicates the cart/order description at the merchant end, to easily relate the PayTabs transaction to. To know more about this parameter please click here. | ||||
| ||||
| STRING | 1 | 128 | β |
| Indicates the transaction currency, which the customer will be charged with. To know more about this parameter please click here. | ||||
| ||||
| DECIMAL | 0.01 | 9999999999.99 | β |
| Indicates the amount of the transaction the customer is about to be charged. Both min and max values are subjected to the merchant transaction limits. To know more about this parameter please click here. | ||||
| ||||
| OBJECT | β | ||
| Indicates the customer details for this payment. If provided, the payment page will be prefilled with the provided data. To know more about this parameter please click here. | ||||
| ||||
| Nested Parameter | Data Type | Min | Max | Required |
| STRING | 3 | 128 | β |
| STRING | N/A | N/A | β |
| STRING | N/A | N/A | β |
| STRING | 3 | 128 | β |
| STRING | 3 | 128 | β |
| STRING | 2 | 2 | β |
| STRING | N/A | N/A | β |
| STRING | N/A | N/A | β |
| OBJECT | Accept only valid card details. | β | |
card_details is one of the mandatory parameters exclusively for the Own-Form that the request should have, which indicates the card details. | ||||
| ||||
| Nested Parameter | Data Type | Min | Max | Required |
| STRING | 16 | N/A | β |
| Indicates the bank card number. | ||||
| STRING | N/A | N/A | β |
| Indicates to Card Verification Value/Code mainly located on the back of your credit/debit card on the right side of the white signature strip. | ||||
| INTEGER | N/A | N/A | β |
| Indicates to Bank Card expiry month. | ||||
| INTEGER | N/A | N/A | β |
| Indicates to Bank Card expiry year. | ||||
| Parameter | Data Type | Min | Max | Required |
|---|---|---|---|---|
| STRING | N/A | 255 Characters (Valid URL) | β |
| The return URL is the URL that PayTabs will redirect the customer to after he finishes the payment process (whether it's authenticated or not). It will redirect the customer with a POST response that is sent with the client/cardholder redirection through his browser containing the basic transaction information once the payment process ends (whether the customer cancels, paid, or failed to pay). It depends on the customer's actions, which means if the customer closes the browser right after the payment without waiting to be redirected back to your system, you will not receive this response. What is the Return URL vs the Callback URL? To know more about this parameter please click here. | ||||
| ||||
| STRING | N/A | 255 Characters (Valid URL) | β |
| The callback response is a server-to-server POST response that is sent (to a pre-defined HTTPS URL) with the full detailed transaction information once the payment process has ended (whether the customer cancels, paid, or failed to pay). It does not depend on the customer's actions; the response will be sent anyway. What is the Return URL vs the Callback URL? To know more about this parameter please click here. | ||||
| ||||
| BOOLEAN | β | ||
| Indicates whether to hide shipping and billing information or not from the payment page. Note: The customer details are still required and must be passed in case any of the details are missing or passed with invalid values; the hide_shipping option will be ignored, and the cardholder will be required to enter any of the missing details on the payment page. To know more about this parameter please click here. | ||||
| ||||
| OBJECT | β | ||
| Indicates the customer shipping details for this payment. If provided, the payment page will be prefilled with the provided data.. | ||||
| ||||
| Nested Parameter | Data Type | Min | Max | Required |
| STRING | 3 | 128 | β |
| STRING | N/A | N/A | β |
| STRING | N/A | N/A | β |
| STRING | 3 | 128 | β |
| STRING | 3 | 128 | β |
| STRING | 2 | 2 | β |
| STRING | N/A | N/A | β |
| STRING | N/A | N/A | β |
| STRING | Either en or ar | β | |
| Indicates the payment page displaying language. To know more about this parameter please click here. | ||||
| ||||
| OBJECT | β | ||
| For more customizations, you can pass to the Transaction API request your own "user-defined fields" up to 9 fields, and accordingly, you would receive those fields in the callback response. To know more about this parameter please click here. | ||||
| ||||
| Nested Parameter | Data Type | Min | Max | Required |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | Pass one of the following list:
| β | |
| The tokenization format the generated token should follow. Hosted Payment Page APIs | Token Based Transactions . To know more about this parameter please click here. | ||||
| ||||
| BOOLEAN | β | ||
| For showing the βsave this cardβ option on the payment page. To know more about this parameter please click here. | ||||
| ||||
| STRING | Pass one or more of the following list: click here | β | |
| To know more about this parameter please click here. | ||||
| ||||
| STRING | β | ||
| To know more about this parameter please click here. | ||||
| ||||
| STRING | β | ||
| Indicates the Transaction Reference on the PayTabs side check details on [Response Parameters | tran_ref] | ||||
| ||||
| OBJECT | β | ||
| To provide more customization on token, and modify it if you don't like to use the default one | ||||
| ||||
| Nested Parameter | Data Type | Min | Max | Required |
| STRING | N/A | N/A | β |
| it shows if the token will be used in monthly subscription or will be used in unscheduled time, or subscription but not fixed time | ||||
| STRING | N/A | N/A | β |
| This is a response parameter that would specifics the payment frequency plan depending on how it's configured by the merchant. | ||||
| DECIMAL | 1 | 9999999999.99 | β |
| indicates the minimum amount per transaction using the token created, it will be declined if the amount is less than this limit | ||||
| DECIMAL | 1 | 100 | β |
| indicates the maximum amount per transaction using the token created, it will be declined if the amount is greater than this limit | ||||
| INT | 1 | 999 | β |
| indicates the payment iteration/cycle number among it's valid/configured maximum rounds/counts it should be. Note that this value is validated on the processor/bank side, PayTabs has no upper hand to validate the credibility of such information. | ||||
| INT | 1 | 999 | β |
| indicates the maximum payments integration/cycles number. Note that this value is validated on the processor/bank side, PayTabs has no upper hand to validate the credibility of such information. | ||||
| DATE | N/A | N/A | β |
| indicates the date of starting using the token, the token cannot be used before this date | ||||
| DATE | N/A | N/A | β |
| Indicates the expiry date of the token | ||||
| STRING | β | ||
| this field detect shows which channel of integration/dashboard makes this transaction, this field will be returned in the IPN, callback and query transaction | ||||
| ||||
| OBJECT | β | ||
| This object will contain 3Ds details of the card | ||||
| ||||
| Nested Parameter | Data Type | Min | Max | Required |
| INT | N/A | N/A | β |
| This parameter indicates the agreement description which you can use to distinguish your agreements and you can also use it as a title for your agreement. | ||||
| STRING | N/A | N/A | β |
| #TODO# | ||||
| STRING | N/A | N/A | β |
| #TODO# | ||||
| STRING | N/A | N/A | β |
| #TODO# | ||||
| STRING | N/A | N/A | β |
| #TODO# | ||||
| STRING | N/A | N/A | β |
| CAVV is a cryptographic value generated during a 3D Secure transaction (e.g., Visa Secure, Mastercard Identity Check, AMEX SafeKey). It proves that authentication was performed by the cardholder. | ||||
| STRING | N/A | N/A | β |
| UCAF is a security field used to pass authentication data between merchants, payment processors, and card issuers. | ||||
| STRING | N/A | N/A | β |
| This parameter shares 3Ds version which vary from card to another | ||||
| STRING | β | ||
| Trace code (trace) is the parameter that Indicates the code that PayTabs can trace this response with | ||||
| ||||
| STRING | β | ||
| Trace code (trace) is the parameter that Indicates the code that PayTabs can trace this response with | ||||
| ||||
| INT | β | ||
| This parameter is a status code, that shows the code of the error and will be followed with message field that clarify the error | ||||
| ||||
| STRING | β | ||
This parameter is showing error message which is always shown after code parameter shown in the response | ||||
| ||||
| STRING | β | ||
| Indicates the same as Transaction Reference on the PayTabs side check details on [Response Parameters | tran_ref], but it's used for forsa refund transactions | ||||
| ||||
| STRING | β | ||
| it transaction reference related to forsa provider( payment method, it's differs from paytabs reference | ||||
| ||||
| STRING | β | ||
| Indicates the same as Transaction Reference on the PayTabs side check details on [Response Parameters | tran_ref], but it's in the response of the refund of forsa #TODO#ADDFORSA ENDOINTHERE# | ||||
| ||||
| DECIMAL | 0.01 | 99999999.99 | β |
| indicate the refunded amount from the normal detected transaction, means that you may partial refund not full | ||||
| ||||
| #boolean | β | ||
| boolean field indicates if the refund is done or not | ||||
| ||||
| OBJECT | β | ||
| Indicates the form of payment information in detail. | ||||
| ||||
| Nested Parameter | Data Type | Min | Max | Required |
| STRING | N/A | N/A | β |
| The type of payment method used (e.g., 'Visa', 'Mastercard', 'ApplePay', 'Amex', etc). | ||||
| STRING | N/A | N/A | β |
| Specifies whether the card is a 'Credit' or 'Debit' card. For all payments other than bank cards, this parameter will not be present. | ||||
| STRING | N/A | N/A | β |
| The card network or brand (e.g., 'Visa', 'Mastercard', 'Amex'). For all payments other than bank cards, this parameter will be empty. | ||||
| STRING | N/A | N/A | β |
| A masked representation of the card number for security purposes. For all payments other than bank cards, this parameter will shows the payment method name. | ||||
| INT | N/A | N/A | β |
| The expiration month of the card (1-12). For all payments other than bank cards, this parameter will not be present. | ||||
| INT | N/A | N/A | β |
| The expiration year of the card (e.g., 2027). For all payments other than bank cards, this parameter will not be present. | ||||
| STRING | N/A | N/A | β |
| The two-letter country code (ISO 3166-1 alpha-2) of the payment method issuer (e.g., 'SA' for Saudi Arabia). | ||||
| STRING | N/A | N/A | β |
| The name of the financial institution that issued the card, or funded the installment plan (for example, 'Valu', 'Arab National Bank', etc) | ||||
| STRING | β | ||
| Indicates whether a URL link of the payment page or the 3D Secure, where the customer need to redirect to complete the payment process. | ||||
| ||||
Request & Response Payload Samplesβ
The below sample request payload will show you how you can pass the above-mentioned parameters, which are needed to be passed with valid values to perform a request.
- Required Parameter sample Payloads
- Optional Parameter Sample Payloads
The below sample request payload will show you how you can pass the above-mentioned parameters, which are needed to be passed with valid values to perform a request.
- Sample Request Payload
- Sample Response Payload
{
"profile_id": "9876543",
"tran_type": "sale",
"tran_class": "ecom",
"cart_id": "CART#1001",
"cart_currency": "SAR",
"cart_amount": 500,
"cart_description": "Description of the items/services",
"customer_details":
{
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "CAI",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"card_details":
{
"pan": "4111111111111111",
"cvv": "123",
"expiry_month": 12,
"expiry_year": 2023
}
}
Once the managed form request is validated and initiated, you will receive the following response, There are two scenarios that would change the workflow, as shown below:
- Via Non-3DSecure Cards
- Via 3DSecured Cards
If the card does NOT require 3DSecure authentication from the cardholder and issuer side, You will receive a response like the following:
{
"tran_ref": "TST2233401397769",
"tran_type": "Sale",
"cart_id": "CART#1001",
"cart_description": "Description of the items/services",
"cart_currency": "SAR",
"cart_amount": "500.00",
"tran_currency": "SAR",
"tran_total": "500.00",
"return": "none",
"customer_details":
{
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "C",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"payment_result":
{
"response_status": "A",
"response_code": "G17534",
"response_message": "Authorised",
"transaction_time": "2022-11-30T14:12:14Z"
},
"payment_info":
{
"payment_method": "Visa",
"card_type": "Credit",
"card_scheme": "Visa",
"payment_description": "4111 11## #### 1111",
"expiryMonth": 12,
"expiryYear": 2023
},
"serviceId": 8,
"profileId": 81784,
"merchantId": 31237,
"trace": "PMNT0403.638764BE.000037CC"
}
You can notice that the payment is already made, A transaction has been created, and you are already receiving the payment results, unlike the following scenario, since the issuer required no 3DSecure, the transaction had been created.
If the card does require the 3DSecure authentication from the cardholder and issuer side, You will receive a response like the following:
{
"tran_ref": "TST2233401397780",
"tran_type": "Sale",
"cart_id": "CART#1001",
"cart_description": "Description of the items/services",
"cart_currency": "SAR",
"cart_amount": "500.00",
"tran_currency": "SAR",
"tran_total": "500.00",
"return": "none",
"redirect_url": "https://secure.paytabs.sa/payment/page/5974A26182E411E56CCD5245D4EBC0787AF379E9E450E3D8B8E555CF/redirect",
"customer_details": {
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "C",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"payment_info": {
"payment_method": "Visa",
"card_type": "Credit",
"card_scheme": "Visa",
"payment_description": "4000 00## #### 0002",
"expiryMonth": 12,
"expiryYear": 2022
},
"serviceId": 8,
"profileId": 81784,
"merchantId": 31237,
"trace": "PMNT0404.63876778.00003813"
}
Regarding Own Form | Payment Workflow, by initiating the payment, and if the card is 3DSecured, you will receive the redirect URL (redirect_url) within the response. Use this URL to redirect your client browser to the issuer 3DSecure page.
Once the cardholder authenticates using the card (E.G., via OTP), the customer will be redirected back to the return page if it had been set or to the PayTabs default transaction result page if no return page was set. To check more about this, you can navigate to the return URL parameter manual.
Once the Own form request is validated and initiated, you will receive the following response, There are two scenarios that would change the workflow, as shown below:
- Sample Request Payload
- Sample Response Payload
{
"profile_id": "987654",
"tran_type": "sale",
"tran_class": "ecom",
"cart_id": "CART#1001",
"cart_currency": "SAR",
"cart_amount": 500,
"cart_description": "Description of the items/services",
"customer_details":
{
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "CAI",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"shipping_details": {
"name": "FirstName LastName",
"email": "[email protected]",
"phone": "971555555555",
"street1": "street2",
"city": "dubai",
"state": "dubai",
"country": "AE",
"zip": "54321"
},
"card_details": {
"pan": "4111111111111111",
"cvv": "123",
"expiry_month": 12,
"expiry_year": 2023
},
"user_defined": {
"udf1": "UDF1 Test",
"udf2": "UDF2 Test",
"udf3": "UDF3 Test",
"udf4": "UDF4 Test",
"udf5": "UDF5 Test",
"udf6": "UDF6 Test",
"udf7": "UDF7 Test",
"udf8": "UDF8 Test",
"udf9": "UDF9 Test"
},
"return": "** Valid return URL **"
"callback":"** Valid callback URL **",
"tokenise": 2,
}
- Via Non-3DSecure Cards
- Via 3DSecured Cards
If the card does NOT require 3DSecure authentication from the cardholder and issuer side, You will receive a response like the following:
{
"tran_ref": "TST2433801966216",
"tran_type": "Sale",
"cart_id": "CART#1001",
"cart_currency": "SAR",
"cart_amount": 500,
"cart_description": "Description of the items/services",
"tran_currency": "SAR",
"tran_total": "500",
"return": "** Valid Return URL **",
"customer_details":
{
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "CAI",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"shipping_details": {
"name": "FirstName LastName",
"email": "[email protected]",
"phone": "971555555555",
"street1": "street2",
"city": "dubai",
"state": "dubai",
"country": "AE",
"zip": "54321"
},
"card_details": {
"pan": "4111111111111111",
"cvv": "123",
"expiry_month": 12,
"expiry_year": 2023
},
"payment_result": {
"response_status": "A",
"response_code": "184345",
"response_message": "Authorised",
"acquirer_message": "00:Approved",
"acquirer_rrn": "433812184345",
"transaction_time": "2024-12-03T12:29:52Z"
},
"payment_info": {
"payment_method": "MasterCard",
"card_type": "Credit",
"card_scheme": "MasterCard",
"payment_description": "5500 00## #### 5559",
"expiryMonth": 12,
"expiryYear": 2026
},
"serviceId": 15,
"token": "2C4654BD67A3E436C6BE90FA67847CBE",
"profileId": ****50,
"merchantId": **464,
"trace": "PMNT0402.674EF9B7.000DAFF6"
}
You can notice that the payment is already made, A transaction has been created, and you are already receiving the payment results, unlike the following scenario, since the issuer required no 3DSecure, the transaction had been created.
If the card does require the 3DSecure authentication from the cardholder and issuer side, You will receive a response like the following:
{
"tran_ref": "TST2433801966233",
"tran_type": "Sale",
"cart_id": "CART#1001",
"cart_description": "Description of the items/services",
"cart_currency": "SAR",
"cart_amount": "500.00",
"tran_currency": "SAR",
"tran_total": "500.00",
"return": "** Valid Return URL **",
"redirect_url": "https://secure.paytabs.sa/payment/page/5DBD3BA582E5CAABEC5B517D8C49E7486550540A11AE9AA7F65428DC/redirect",
"customer_details": {
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "C",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"shipping_details": {
"name": "FirstName LastName",
"email": "[email protected]",
"phone": "971555555555",
"street1": "street2",
"city": "dubai",
"state": "DU",
"country": "AE"
},
"payment_info": {
"payment_method": "Visa",
"card_type": "Credit",
"card_scheme": "Visa",
"payment_description": "4111 11## #### 1111",
"expiryMonth": 12,
"expiryYear": 2026
},
"serviceId": 15,
"profileId": ***150,
"merchantId": **464,
"trace": "PMNT0402.674EFEBC.000DBA66"
}
Regarding OWN | Payment Workflow, by initiating the payment, and if the card is 3DSecured, you will receive the redirect URL (redirect_url) within the response. Use this URL to redirect your client browser to the issuer 3DSecure page.
Once the cardholder authenticates using the card (E.G., via OTP), the customer will be redirected back to the return page if it had been set or to the PayTabs default transaction result page if no return page was set. To check more about this, you can navigate to the return URL parameter manual.
Expected Payment Flow Behaviorβ
You will collect the customer's card details through your own form, making sure to follow the correctSpecificationssection and include the necessary request payload same as the sample codes mentioned in the samples section above.
- Card Authentication Check
- If the card is not 3D Secure (3DS), the payment will proceed immediately without any further redirects.
- If the card is 3D Secure, the payment request will include a, redirect URL, in the response, as the following
"redirect_url": "https://secure.paytabs.com/payment/page/599458B182E5B6B********************B4818688", - Redirect to 3DS Authentication (If Applicable):
- If the response includes a redirect URL, this means the card is 3D Secure, and the customer will be redirected to their issuerβs 3DS/OTP page to complete the authentication process
- Return to Merchant's Page
- After completing the authentication, the customer will be redirected back to your return URL, where they will see the result of the payment attempt
Finally, you will be able to see his transaction on your merchant dashboard, whether it's accepted/authorized or not.
