Token-Based Transactions - CVV Only Payments
you should know
You should know that This step can be used and will behave the same in the following integration types:(Hosted Payment Page).
This manual provides guidance on creating a payment page using a Saved Card Token (CVV-Only), allowing customers to complete payments by entering only their CVV without needing to re-enter full card details. You will learn about the necessary parameters required to initiate a customer-initiated payment request effectively.
The Endpoint and Related Postman Collection​
In this manual, we will rely on the PayTabs Hosted Payment Page API Endpoint, mentioned on PayTabs API endpoints postman collection, which you can access fromPayTabs Postman APIs Collection. The endpoint will need to be accessed with a POST request on the below-mentioned URL
| POST | {{domain}}/payment/request |
|---|
Be Aware Of
Please note that not using the proper endpoint URL {domain} will lead to authentication issues within your responses. To find the your proper domain you can read ourWhat is my (Region)/(endpoint URL)?tutorial article.
- KSA
- UAE
- Egypt
- Oman
- Jordan
- Kuwait
- Global
https://secure.paytabs.sa/payment/request
https://secure.paytabs.com/payment/request
https://secure-egypt.paytabs.com/payment/request
https://secure-oman.paytabs.com/payment/request
https://secure-jordan.paytabs.com/payment/request
https://secure-kuwait.paytabs.com/payment/request
https://secure-global.paytabs.com/payment/request
The Required Parameters​
Along with the required parameters specified in "Step 3" of the integration type you are using, you will need to use the following parameter:
-
tokenParameter tokenDescription To know more about this parameter please click here. Data Type STRING Required ✘ Sample {
"token": "2C4652BD67A3EF30C6B390F9668175B9"
} -
tran_refParameter tran_refDescription Indicates the Transaction Reference on the PayTabs side check details on [Response Parameters | tran_ref] Data Type STRING Required ✘ Sample {
"tran_ref": "TST2234701408XXX"
}
Request & Response Payloads Samples​
- Hosted Payment Page
- Invoices
- Managed Form
- Own Form
The below sample request payload will show you how you can pass the above-mentioned required parameter, which are needed to be passed with valid values to perform a request. Along with the response payload received after using this request payload.
- Request Sample Payload
- Response Sample Payload
{
"profile_id": "79010",
"tran_type": "sale",
"tran_class": "ecom",
"cart_id": "cart_1",
"cart_currency": "SAR",
"cart_amount": 12.3,
"cart_description": "Description of the items/services",
"paypage_lang": "en",
"customer_details": {
"name": "FirstName LastName",
"email": "[email protected]",
"phone": "9771555555555",
"street1": "street2",
"city": "dubai",
"state": "dubai",
"country": "AE",
"zip": "54321"
},
"shipping_details": {
"name": "FirstName LastName",
"email": "[email protected]",
"phone": "971555555555",
"street1": "street2",
"city": "dubai",
"state": "dubai",
"country": "AE",
"zip": "54321"
},
"token": "2C4654BE67A3E530C6BF90FF65877DBB"
}
{
"tran_ref": "TST22********159",
"tran_type": "sale",
"cart_id": "cart_1",
"cart_description": "Description of the items/services",
"cart_currency": "SAR",
"cart_amount": "12.30",
"tran_total": "0",
"return": "none",
"redirect_url": "https://secure.paytabs.com/payment/wr/5DBXXX4F5BB9C2EXXXX8249E75E3D4D8C84",
"customer_details": {
"name": "FirstName LastName",
"email": "[email protected]",
"phone": "971555555555",
"street1": "street2",
"city": "dubai",
"state": "dubai",
"country": "AE",
"zip": "54321"
},
"shipping_details": {
"name": "FirstName LastName",
"email": "[email protected]",
"phone": "971555555555",
"street1": "street2",
"city": "dubai",
"state": "dubai",
"country": "AE",
"zip": "54321"
},
"serviceId": 2,
"profileId": "79010",
"merchantId": 43796,
"trace": "PMN****4.63****A8.00****C4"
}
The below sample request payload will show you how you can pass the above-mentioned required parameter, which are needed to be passed with valid values to perform a request. Along with the response payload received after using this request payload.
Warning
Only in "Invoices" integration type (via the invoice endpoint), you will NOT receive the tran_type in the response, as mentioned in theInvoices - Step 3 | Initiate the payment manual.
- Request Sample Payload
- Response Sample Payload
{
"profile_id": "79010",
"tran_type": "sale",
"tran_class": "ecom",
"cart_description": "Description of the items/services",
"cart_id": "Unique order reference00",
"cart_amount": 200,
"cart_currency": "SAR",
"invoice": {
"line_items": [
{
"unit_cost": 100,
"quantity":2
}
]
},
"token": "2C4654BE67A3E530C6BF90FF65877DBB"
}
{
"tran_ref": "TST22********159",
"tran_type": "Sale",
"cart_id": "Unique order reference00",
"cart_description": "Description of the items/services",
"cart_currency": "SAR",
"cart_amount": "200.00",
"tran_total": "0",
"return": "none",
"redirect_url": "https://secure.paytabs.com/payment/wr/5DB410*******9762FE9DBA2",
"invoice": {
"id": 3123814,
"shipping_charges": "0",
"extra_charges": "0",
"extra_discount": "0",
"total": "200",
"activation_date": 0,
"expiry_date": 0,
"due_date": 0,
"issue_date": 1732761054,
"line_items": [
{
"unit_cost": "100",
"quantity": "2",
"net_total": "200",
"discount_rate": "0",
"discount_amount": "0",
"tax_rate": "0",
"tax_total": "0",
"total": "200"
}
]
},
"serviceId": 2,
"profileId": "79010",
"merchantId": 28882,
"trace": "PMN****4.63****A8.00****C4"
}
The below sample request payload will show you how you can pass the above-mentioned required parameter, which are needed to be passed with valid values to perform a request. Along with the response payload received after using this request payload.
- Request Sample Payload
- Response Sample Payload
{
"profile_id": "79010",
"tran_type": "sale",
"tran_class": "ecom",
"cart_id": "CART#1001",
"cart_currency": "SAR",
"cart_amount": 9.5,
"cart_description": "Description of the items/services",
"customer_details":
{
"name": "FirstName LastName",
"email": "[email protected]",
"phone": "971555555555",
"street1": "street2",
"city": "dubai",
"state": "dubai",
"country": "AE",
"zip": "54321"
},
"token": "2C4654BE67A3E530C6BF90FF65877DBB",
"payment_token": "Dh4r8Jw*******zKgtk"
}
{
"tran_ref": "TST22********159",
"tran_type": "Sale",
"cart_id": "CART#1001",
"cart_description": "Description of the items/services",
"cart_currency": "SAR",
"cart_amount": "9.5",
"return": "none",
"redirect_url": "https://secure.paytabs.com/payment/page/599458B182E5B6B********************B4817FD44318539688688",
"serviceId": 2,
"profileId": "79010",
"merchantId": 28882,
"trace": "PMN****4.63****A8.00****C4"
}
The below sample request payload will show you how you can pass the above-mentioned required parameter, which are needed to be passed with valid values to perform a request. Along with the response payload received after using this request payload.
- Request Sample Payload
- Response Sample Payload
{
"profile_id": "9xxx4",
"tran_type": "sale",
"tran_class": "ecom",
"cart_id": "CART#1001",
"cart_currency": "SAR",
"cart_amount": 9.5,
"cart_description": "Description of the items/services",
"customer_details":
{
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "CAI",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"token": "2C4654BE67A3E530C6BF90FF65877DBB",
"card_details": {
"pan": "4111111111111111",
"cvv": "123",
"expiry_month": 12,
"expiry_year": 2023
}
}
{
"tran_ref": "TST22********159",
"tran_type": "Sale",
"cart_id": "CART#1001",
"cart_description": "Description of the items/services",
"cart_currency": "SAR",
"cart_amount": "9.5",
"return": "none",
"redirect_url": "https://secure.paytabs.com/payment/page/599458B182E5B6B********************B4817FD44318539688688",
"customer_details":
{
"name": "Technical Support Team",
"email": "[email protected]",
"phone": "+201234567890",
"street1": "address street",
"city": "Cairo",
"state": "CAI",
"country": "EG",
"zip": "45555",
"ip": "1.1.1.1"
},
"serviceId": 2,
"profileId": "79010",
"merchantId": 28882,
"trace": "PMN****4.63****A8.00****C4"
}
Expected Payment Flow Behavior​
- Hosted Payment Page
- Managed Form
- Own Form
- First, you should initiate a payment by following the steps mentioned in Hosted Payment Page | Initiating the Payment manual.
- Next, you should use the
tokeniseparameter within your request as clarified in the above Sample Request Payload. - Then, you will receive a response that includes redirect URL. This means you have initiated a correct payment request/page successfully.
"redirect_url": "https://secure.paytabs.com/payment/page/599458B182E5B6B********************B4818688", - Next, you should redirect your customer to this URL so the payment process can be finalized.
- After this, your customer would proceed normally with payment by providing his card information.
- Then, he will be redirected to his issuer bank 3DS/OTP page to authenticate the used card
- Finally, he would be redirected to a success/error page accordingly. By this time, you will receive the full transaction response in the specified return or callback urls, which will contain the generated token as shown below:
{
.
.
.
"token":"{Generated Token}"
.
.
.
} - Finally, you should save this
tokenin you database so that you can use it to create token-based transactions.
- First, you should initiate a payment by following the steps mentioned in Hosted Payment Page | Initiating the Payment manual.
- Next, you should use the
tokeniseparameter within your request as clarified in the above Sample Request Payload. - Then, you will receive a response that includes redirect URL or the full payment response based on the customer card type (3DS OR Not). This means you have initiated a correct payment request successfully.
"redirect_url": "https://secure.paytabs.com/payment/page/599458B182E5B6B********************B4818688", - Next and in case of 3DS cards, you should redirect your customer to this URL so the payment process can be finalized.
- After this, your customer would proceed normally with payment by providing his card information.
- Then, he will be redirected to his issuer bank 3DS/OTP page to authenticate the used card
- Next, he would be redirected to a success/error page accordingly. By this time, you will receive the full transaction response in the specified return or callback urls, which will contain the generated token as shown below:
{
.
.
.
"token":"{Generated Token}"
.
.
.
} - Finally, you should save this
tokenin you database so that you can use it to create token-based transactions.
- First, you should initiate a payment by following the steps mentioned in Hosted Payment Page | Initiating the Payment manual.
- Next, you should use the
tokeniseparameter within your request as clarified in the above Sample Request Payload. - Then, you will receive a response that includes redirect URL or the full payment response based on the customer card type (3DS OR Not). This means you have initiated a correct payment request successfully.
"redirect_url": "https://secure.paytabs.com/payment/page/599458B182E5B6B********************B4818688", - Next and in case of 3DS cards, you should redirect your customer to this URL so the payment process can be finalized.
- After this, your customer would proceed normally with payment by providing his card information.
- Then, he will be redirected to his issuer bank 3DS/OTP page to authenticate the used card
- Next, he would be redirected to a success/error page accordingly. By this time, you will receive the full transaction response in the specified return or callback urls, which will contain the generated token as shown below:
{
.
.
.
"token":"{Generated Token}"
.
.
.
} - Finally, you should save this
tokenin you database so that you can use it to create token-based transactions.