Initiating The Payment
Own Form integration type is suitable for merchants with PCI SAQ D-Merchant to know more about the Hosted Payment Page PCI DSS merchant requirements, please check this article .
In this manual, we will walk you through how to initiate a payment request via this integration type. You will be introduced to the required parameters that need to be passed to initiate the request, along with all the possible optional parameters as well. We highly recommend that you and your team check the "Payment Workflow" manual first to understand the business/logic this integration type relay on.
The Endpoint and Related Postman Collectionβ
In this tutorial, we will rely on the PayTabs Hosted Payment Page API Endpoint, mentioned on PayTabs API endpoints postman collection, which you can access from PayTabs Postman APIs Collection. The endpoint will need to be accessed with a POST request on the below-mentioned URL
| POST | {{domain}}/payment/request |
|---|
Please note that not using the proper endpoint URL {domain} will lead to authentication issues within your responses. To find the your proper domain you can read ourWhat is my (Region)/(endpoint URL)?tutorial article.
- KSA
- UAE
- Egypt
- Oman
- Jordan
- Kuwait
- Global
https://secure.paytabs.sa/payment/request
https://secure.paytabs.com/payment/request
https://secure-egypt.paytabs.com/payment/request
https://secure-oman.paytabs.com/payment/request
https://secure-jordan.paytabs.com/payment/request
https://secure-kuwait.paytabs.com/payment/request
https://secure-global.paytabs.com/payment/request
Request Parametersβ
To initiate a payment request using this integration type, there are minimum required parameters that need to be passed with valid information. The specification of these required parameters is clarified below:
- The Minimum Required Parameters
- The Available Optional Parameters
| Parameter | Data Type | Min | Max | Required |
|---|---|---|---|---|
| INT | Accept only valid profile number. | β | |
| The merchant Profile ID you can get from your PayTabs dashboard. For more information please check our How to get your account information from PT2 Dashboard? solution article. To know more about this parameter please click here. | ||||
| ||||
| INT | Valid string from this enum list: sale auth void release capture refund register | β | |
| The identification of the type of the transaction. To know more about these types please check our What is the "tran_type" (transaction type)? solution article. To know more about this parameter please click here. | ||||
| ||||
| STRING | Valid string from this list ecom recurring moto | β | |
| The identification of the category/class this transaction will follow, such as eCommerce, Recurring, etc. To know more about these types please check our What is the "tran_class" (transaction class)? solution article. To know more about this parameter please click here. | ||||
| ||||
| STRING | 1 | 64 | β |
| Indicates the cart/order id at the merchant end, to easily relate the PayTabs transaction to. To know more about this parameter please click here. | ||||
| ||||
| STRING | 1 | 128 | β |
| Indicates the cart/order description at the merchant end, to easily relate the PayTabs transaction to. To know more about this parameter please click here. | ||||
| ||||
| STRING | 1 | 128 | β |
| Indicates the transaction currency, which the customer will be charged with. To know more about this parameter please click here. | ||||
| ||||
| DECIMAL | 0.01 | 9999999999.99 | β |
| Indicates the amount of the transaction the customer is about to be charged. Both min and max values are subjected to the merchant transaction limits. To know more about this parameter please click here. | ||||
| ||||
| Object | β | ||
| Indicates the customer details for this payment. If provided, the payment page will be prefilled with the provided data. To know more about this parameter please click here. | ||||
| ||||
| Nested Parameter | Data Type | Min | Max | Required |
| STRING | 3 | 128 | β |
| STRING | N/A | N/A | β |
| STRING | N/A | N/A | β |
| STRING | 3 | 128 | β |
| STRING | 3 | 128 | β |
| STRING | 2 | 2 | β |
| STRING | N/A | N/A | β |
| STRING | N/A | N/A | β |
| Object | Accept only valid card details. | β | |
card_details is one of the mandatory parameters exclusively for the Own-Form that the request should have, which indicates the card details. | ||||
| ||||
| Nested Parameter | Data Type | Min | Max | Required |
| STRING | 16 | N/A | β |
| Indicates the bank card number. | ||||
| STRING | N/A | N/A | β |
| Indicates to Card Verification Value/Code mainly located on the back of your credit/debit card on the right side of the white signature strip. | ||||
| INTEGER | N/A | N/A | β |
| Indicates to Bank Card expiry month. | ||||
| INTEGER | N/A | N/A | β |
| Indicates to Bank Card expiry year. | ||||
| Parameter | Data Type | Min | Max | Required |
|---|---|---|---|---|
| STRING | N/A | 255 Characters (Valid URL) | β |
| The return URL is the URL that PayTabs will redirect the customer to after he finishes the payment process (whether it's authenticated or not). It will redirect the customer with a POST response that is sent with the client/cardholder redirection through his browser containing the basic transaction information once the payment process ends (whether the customer cancels, paid, or failed to pay). It depends on the customer's actions, which means if the customer closes the browser right after the payment without waiting to be redirected back to your system, you will not receive this response. What is the Return URL vs the Callback URL? To know more about this parameter please click here. | ||||
| ||||
| STRING | N/A | 255 Characters (Valid URL) | β |
| The callback response is a server-to-server POST response that is sent (to a pre-defined HTTPS URL) with the full detailed transaction information once the payment process has ended (whether the customer cancels, paid, or failed to pay). It does not depend on the customer's actions; the response will be sent anyway. What is the Return URL vs the Callback URL? To know more about this parameter please click here. | ||||
| ||||
| BOOLEAN | β | ||
| Indicates whether to hide shipping and billing information or not from the payment page. Note: The customer details are still required and must be passed in case any of the details are missing or passed with invalid values; the hide_shipping option will be ignored, and the cardholder will be required to enter any of the missing details on the payment page. To know more about this parameter please click here. | ||||
| ||||
| Object | β | ||
| Indicates the customer shipping details for this payment. If provided, the payment page will be prefilled with the provided data.. | ||||
| ||||
| Nested Parameter | Data Type | Min | Max | Required |
| STRING | 3 | 128 | β |
| STRING | N/A | N/A | β |
| STRING | N/A | N/A | β |
| STRING | 3 | 128 | β |
| STRING | 3 | 128 | β |
| STRING | 2 | 2 | β |
| STRING | N/A | N/A | β |
| STRING | N/A | N/A | β |
| STRING | Either en or ar | β | |
| Indicates the payment page displaying language. To know more about this parameter please click here. | ||||
| ||||
| Object | β | ||
| For more customizations, you can pass to the Transaction API request your own "user-defined fields" up to 9 fields, and accordingly, you would receive those fields in the callback response. To know more about this parameter please click here. | ||||
| ||||
| Nested Parameter | Data Type | Min | Max | Required |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | 1 | 255 | β |
| STRING | Pass one of the following list:
| β | |
| The tokenization format the generated token should follow. Hosted Payment Page APIs | Token Based Transactions . To know more about this parameter please click here. | ||||
| ||||
| BOOLEAN | β | ||
| For showing the βsave this cardβ option on the payment page. To know more about this parameter please click here. | ||||
| ||||
| STRING | Pass one or more of the following list: click here | β | |
| To know more about this parameter please click here. | ||||
| ||||
| STRING | β | ||
| To know more about this parameter please click here. | ||||
| ||||
| STRING | β | ||
| Indicates the Transaction Reference on the PayTabs side check details on [Response Parameters | tran_ref] | ||||
| ||||
Request & Response Payload Samplesβ
The below sample request payload will show you how you can pass the above-mentioned parameters, which are needed to be passed with valid values to perform a request.
- Required Parameter sample Payloads
- Optional Parameter Sample Payloads
The below sample request payload will show you how you can pass the above-mentioned parameters, which are needed to be passed with valid values to perform a request.
- Sample Request Payload
- Sample Response Payload
{
"profile_id": "9876543",
"tran_type": "sale",
"tran_class": "ecom",
"cart_id": "CART#1001",
"cart_currency": "SAR",
"cart_amount": 500,
"cart_description": "Description of the items/services",
"customer_details":
{
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "CAI",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"card_details":
{
"pan": "4111111111111111",
"cvv": "123",
"expiry_month": 12,
"expiry_year": 2023
}
}
Once the managed form request is validated and initiated, you will receive the following response, There are two scenarios that would change the workflow, as shown below:
- Via Non-3DSecure Cards
- Via 3DSecured Cards
If the card does NOT require 3DSecure authentication from the cardholder and issuer side, You will receive a response like the following:
{
"tran_ref": "TST2233401397769",
"tran_type": "Sale",
"cart_id": "CART#1001",
"cart_description": "Description of the items/services",
"cart_currency": "SAR",
"cart_amount": "500.00",
"tran_currency": "SAR",
"tran_total": "500.00",
"return": "none",
"customer_details":
{
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "C",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"payment_result":
{
"response_status": "A",
"response_code": "G17534",
"response_message": "Authorised",
"transaction_time": "2022-11-30T14:12:14Z"
},
"payment_info":
{
"payment_method": "Visa",
"card_type": "Credit",
"card_scheme": "Visa",
"payment_description": "4111 11## #### 1111",
"expiryMonth": 12,
"expiryYear": 2023
},
"serviceId": 8,
"profileId": 81784,
"merchantId": 31237,
"trace": "PMNT0403.638764BE.000037CC"
}
You can notice that the payment is already made, A transaction has been created, and you are already receiving the payment results, unlike the following scenario, since the issuer required no 3DSecure, the transaction had been created.
If the card does require the 3DSecure authentication from the cardholder and issuer side, You will receive a response like the following:
{
"tran_ref": "TST2233401397780",
"tran_type": "Sale",
"cart_id": "CART#1001",
"cart_description": "Description of the items/services",
"cart_currency": "SAR",
"cart_amount": "500.00",
"tran_currency": "SAR",
"tran_total": "500.00",
"return": "none",
"redirect_url": "https://secure.paytabs.sa/payment/page/5974A26182E411E56CCD5245D4EBC0787AF379E9E450E3D8B8E555CF/redirect",
"customer_details": {
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "C",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"payment_info": {
"payment_method": "Visa",
"card_type": "Credit",
"card_scheme": "Visa",
"payment_description": "4000 00## #### 0002",
"expiryMonth": 12,
"expiryYear": 2022
},
"serviceId": 8,
"profileId": 81784,
"merchantId": 31237,
"trace": "PMNT0404.63876778.00003813"
}
Regarding Own Form | Payment Workflow, by initiating the payment, and if the card is 3DSecured, you will receive the redirect URL (redirect_url) within the response. Use this URL to redirect your client browser to the issuer 3DSecure page.
Once the cardholder authenticates using the card (E.G., via OTP), the customer will be redirected back to the return page if it had been set or to the PayTabs default transaction result page if no return page was set. To check more about this, you can navigate to the return URL parameter manual.
Once the Own form request is validated and initiated, you will receive the following response, There are two scenarios that would change the workflow, as shown below:
- Sample Request Payload
- Sample Response Payload
{
"profile_id": "987654",
"tran_type": "sale",
"tran_class": "ecom",
"cart_id": "CART#1001",
"cart_currency": "SAR",
"cart_amount": 500,
"cart_description": "Description of the items/services",
"customer_details":
{
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "CAI",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"shipping_details": {
"name": "FirstName LastName",
"email": "[email protected]",
"phone": "971555555555",
"street1": "street2",
"city": "dubai",
"state": "dubai",
"country": "AE",
"zip": "54321"
},
"card_details": {
"pan": "4111111111111111",
"cvv": "123",
"expiry_month": 12,
"expiry_year": 2023
},
"user_defined": {
"udf1": "UDF1 Test",
"udf2": "UDF2 Test",
"udf3": "UDF3 Test",
"udf4": "UDF4 Test",
"udf5": "UDF5 Test",
"udf6": "UDF6 Test",
"udf7": "UDF7 Test",
"udf8": "UDF8 Test",
"udf9": "UDF9 Test"
},
"return": "** Valid return URL **"
"callback":"** Valid callback URL **",
"tokenise": 2,
}
- Via Non-3DSecure Cards
- Via 3DSecured Cards
If the card does NOT require 3DSecure authentication from the cardholder and issuer side, You will receive a response like the following:
{
"tran_ref": "TST2433801966216",
"tran_type": "Sale",
"cart_id": "CART#1001",
"cart_currency": "SAR",
"cart_amount": 500,
"cart_description": "Description of the items/services",
"tran_currency": "SAR",
"tran_total": "500",
"return": "** Valid Return URL **",
"customer_details":
{
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "CAI",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"shipping_details": {
"name": "FirstName LastName",
"email": "[email protected]",
"phone": "971555555555",
"street1": "street2",
"city": "dubai",
"state": "dubai",
"country": "AE",
"zip": "54321"
},
"card_details": {
"pan": "4111111111111111",
"cvv": "123",
"expiry_month": 12,
"expiry_year": 2023
},
"payment_result": {
"response_status": "A",
"response_code": "184345",
"response_message": "Authorised",
"acquirer_message": "00:Approved",
"acquirer_rrn": "433812184345",
"transaction_time": "2024-12-03T12:29:52Z"
},
"payment_info": {
"payment_method": "MasterCard",
"card_type": "Credit",
"card_scheme": "MasterCard",
"payment_description": "5500 00## #### 5559",
"expiryMonth": 12,
"expiryYear": 2026
},
"serviceId": 15,
"token": "2C4654BD67A3E436C6BE90FA67847CBE",
"profileId": ****50,
"merchantId": **464,
"trace": "PMNT0402.674EF9B7.000DAFF6"
}
You can notice that the payment is already made, A transaction has been created, and you are already receiving the payment results, unlike the following scenario, since the issuer required no 3DSecure, the transaction had been created.
If the card does require the 3DSecure authentication from the cardholder and issuer side, You will receive a response like the following:
{
"tran_ref": "TST2433801966233",
"tran_type": "Sale",
"cart_id": "CART#1001",
"cart_description": "Description of the items/services",
"cart_currency": "SAR",
"cart_amount": "500.00",
"tran_currency": "SAR",
"tran_total": "500.00",
"return": "** Valid Return URL **",
"redirect_url": "https://secure.paytabs.sa/payment/page/5DBD3BA582E5CAABEC5B517D8C49E7486550540A11AE9AA7F65428DC/redirect",
"customer_details": {
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "C",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"shipping_details": {
"name": "FirstName LastName",
"email": "[email protected]",
"phone": "971555555555",
"street1": "street2",
"city": "dubai",
"state": "DU",
"country": "AE"
},
"payment_info": {
"payment_method": "Visa",
"card_type": "Credit",
"card_scheme": "Visa",
"payment_description": "4111 11## #### 1111",
"expiryMonth": 12,
"expiryYear": 2026
},
"serviceId": 15,
"profileId": ***150,
"merchantId": **464,
"trace": "PMNT0402.674EFEBC.000DBA66"
}
Regarding OWN | Payment Workflow, by initiating the payment, and if the card is 3DSecured, you will receive the redirect URL (redirect_url) within the response. Use this URL to redirect your client browser to the issuer 3DSecure page.
Once the cardholder authenticates using the card (E.G., via OTP), the customer will be redirected back to the return page if it had been set or to the PayTabs default transaction result page if no return page was set. To check more about this, you can navigate to the return URL parameter manual.
Expected Payment Flow Behaviorβ
You will collect the customer's card details through your own form, making sure to follow the correctSpecificationssection and include the necessary request payload same as the sample codes mentioned in the samples section above.
- Card Authentication Check
- If the card is not 3D Secure (3DS), the payment will proceed immediately without any further redirects.
- If the card is 3D Secure, the payment request will include a, redirect URL, in the response, as the following
"redirect_url": "https://secure.paytabs.com/payment/page/599458B182E5B6B********************B4818688", - Redirect to 3DS Authentication (If Applicable):
- If the response includes a redirect URL, this means the card is 3D Secure, and the customer will be redirected to their issuerβs 3DS/OTP page to complete the authentication process
- Return to Merchant's Page
- After completing the authentication, the customer will be redirected back to your return URL, where they will see the result of the payment attempt
Finally, you will be able to see his transaction on your merchant dashboard, whether it's accepted/authorized or not.
