Card tokenization & maintenance

❗️

Important Notice

New version of Payment Action API has been released.
We are recommending our merchants to refer new guide Payment Maintenance to implement Payment Action API.

Allows merchant to Tokenize credit card information securely, and to inquire, update or delete Tokenized card data.

📘

Environment

Please refer Demo & Live Endpoint.

 

Prepare Card Token & Maintenance Request

👍

Download Sample Code

PHP Code

🚧

Prerequisite

Required necessary certificate key for the Payment Action Request and Response. Please refer Certificate Generation Guide.

Set account credentials

//Merchant's account information
	$merchantID = "JT01";		//Get MerchantID when opening account with 2C2P
	$secretKey = "7jYcp4FxFdf0";	//Get SecretKey from 2C2P PGW Dashboard

Set Inquiry Parameter

//Request Information 
	$version = "2.4";
	$action = "A" ;
	$pan = "4111111111111111" ;
	$panExpiry = "1220" ;
	$panBank = "OCBC";
	$panCountry = "SG" ;
	$panCurrency= "702";
	$cardHolderName = "CARDHOLDER" ;
	$cardHolderEmail = "[email protected]" ;
	$storeCardUniqueID="";
ActionDescription
AAdd new Card information to the Vault and generate Card Token.
IInquiry Card Token information
UUpdate Card Token information
DDelete Card Token

Set payment action request information

//Construct signature string
	$stringToHash = $merchantID . $storeCardUniqueID . $panBank . $panCountry . $cardHolderName . $cardHolderEmail . $panExpiry . $action . $pan . $panCurrency;
	$hash = strtoupper(hash_hmac('sha256', $stringToHash ,$secretKey, false));	//Compute hash value

Construct payment action request message

//Construct request message
	$xml = "<MaintenanceRequest>
			<version>$version</version>
			<merchantID>$merchantID</merchantID>
			<action>$action</action>
			<pan>$pan</pan>
			<panExpiry>$panExpiry</panExpiry>
			<panBank>$panBank</panBank>
			<panCountry>$panCountry</panCountry>
			<panCurrency>$panCurrency</panCurrency>
			<cardholderName>$cardHolderName</cardholderName>
			<cardholderEmail>$cardHolderEmail</cardholderEmail>
			<storeCardUniqueID>$storeCardUniqueID</storeCardUniqueID>
			<hashValue>$hash</hashValue>
			</MaintenanceRequest>";  

	include_once('pkcs7.php');
	
	$pkcs7 = new pkcs7();
	$payload = $pkcs7->encrypt($xml,"./keys/demo2.crt"); //Encrypt payload

Submit payment action request message

include_once('HTTP.php');
	
	//Send request to 2C2P PGW and get back response
	$http = new HTTP();
 	$response = $http->post("https://demo2.2c2p.com/2C2PFrontend/PaymentActionV2/PaymentAction.aspx","paymentRequest=".$payload);

Read payment response and Validate Hash

include_once('HTTP.php');
	
	//Send request to 2C2P PGW and get back response
	$http = new HTTP();
 	$response = $http->post("https://demo2.2c2p.com/2C2PFrontend/PaymentActionV2/PaymentAction.aspx","paymentRequest=".$payload);
	 
	//Decrypt response message and display  
	$response = $pkcs7->decrypt($response,"./keys/demo2.crt","./keys/demo2.pem","2c2p");   
	echo "Response:<br/><textarea style='width:100%;height:80px'>". $response."</textarea>"; 
 
	//Validate response Hash
	$resXml=simplexml_load_string($response); 
	$res_version = $resXml->version;
	$res_timeStamp = $resXml->timeStamp;
	$res_merchantID = $resXml->merchantID;
	$res_respCode = $resXml->respCode;
	$res_respReason = $resXml->respReason;
	$res_panBank = $resXml->panBank;
	$res_storeCardUniqueID = $resXml->storeCardUniqueID;
	$res_panCountry = $resXml->panCountry;
	$res_cardholderName = $resXml->cardholderName;
	$res_cardholderEmail = $resXml->cardholderEmail;
	$res_panMasked = $resXml->panMasked;  
	
	//Compute response hash
	$res_stringToHash = $res_merchantID . $res_respCode . $res_respReason . $res_storeCardUniqueID . $res_panBank . $res_panCountry . $res_cardholderName . $res_cardholderEmail . $res_panMasked; 
	
	$res_responseHash = strtoupper(hash_hmac('sha256',$res_stringToHash,$secretKey, false));	//Compute hash value
	echo "<br/>hash: ".$res_responseHash."<br/>"; 
	if(strtolower($resXml->hashValue) == strtolower($res_responseHash)){ echo "valid response"; } 
	else{ echo "invalid response"; }
	
?>

Complete Code

<?php
  
	
	//Merchant's account information
	$merchantID = "JT01";		//Get MerchantID when opening account with 2C2P
	$secretKey = "7jYcp4FxFdf0";	//Get SecretKey from 2C2P PGW Dashboard

	//Request Information 
	/* 
	Action Type: 
		A = Add new Card information to the Vault and generate Card Token.
		I = Inquiry Card Token information
		U = Update Card Token information
		D = Delete Card Token
	*/ 	 
	$version = "2.4";
	$action = "A" ;
	$pan = "4111111111111111" ;
	$panExpiry = "1220" ;
	$panBank = "OCBC";
	$panCountry = "SG" ;
	$panCurrency= "702";
	$cardHolderName = "CARDHOLDER" ;
	$cardHolderEmail = "[email protected]" ;
	$storeCardUniqueID="";	//Required when doing I / U / D
	
	
	//Construct signature string
	$stringToHash = $merchantID . $storeCardUniqueID . $panBank . $panCountry . $cardHolderName . $cardHolderEmail . $panExpiry . $action . $pan . $panCurrency;
	$hash = strtoupper(hash_hmac('sha256', $stringToHash ,$secretKey, false));	//Compute hash value

	//Construct request message
	$xml = "<MaintenanceRequest>
			<version>$version</version>
			<merchantID>$merchantID</merchantID>
			<action>$action</action>
			<pan>$pan</pan>
			<panExpiry>$panExpiry</panExpiry>
			<panBank>$panBank</panBank>
			<panCountry>$panCountry</panCountry>
			<panCurrency>$panCurrency</panCurrency>
			<cardholderName>$cardHolderName</cardholderName>
			<cardholderEmail>$cardHolderEmail</cardholderEmail>
			<storeCardUniqueID>$storeCardUniqueID</storeCardUniqueID>
			<hashValue>$hash</hashValue>
			</MaintenanceRequest>";  

	include_once('pkcs7.php');
	
	$pkcs7 = new pkcs7();
	$payload = $pkcs7->encrypt($xml,"./keys/demo2.crt"); //Encrypt payload
	
 	
				
	include_once('HTTP.php');
	
	//Send request to 2C2P PGW and get back response
	$http = new HTTP();
 	$response = $http->post("https://demo2.2c2p.com/2C2PFrontend/PaymentActionV2/PaymentAction.aspx","paymentRequest=".$payload);
	 
	//Decrypt response message and display  
	$response = $pkcs7->decrypt($response,"./keys/demo2.crt","./keys/demo2.pem","2c2p");   
	echo "Response:<br/><textarea style='width:100%;height:80px'>". $response."</textarea>"; 
 
	//Validate response Hash
	$resXml=simplexml_load_string($response); 
	$res_version = $resXml->version;
	$res_timeStamp = $resXml->timeStamp;
	$res_merchantID = $resXml->merchantID;
	$res_respCode = $resXml->respCode;
	$res_respReason = $resXml->respReason;
	$res_panBank = $resXml->panBank;
	$res_storeCardUniqueID = $resXml->storeCardUniqueID;
	$res_panCountry = $resXml->panCountry;
	$res_cardholderName = $resXml->cardholderName;
	$res_cardholderEmail = $resXml->cardholderEmail;
	$res_panMasked = $resXml->panMasked;  
	
	//Compute response hash
	$res_stringToHash = $res_merchantID . $res_respCode . $res_respReason . $res_storeCardUniqueID . $res_panBank . $res_panCountry . $res_cardholderName . $res_cardholderEmail . $res_panMasked; 
	
	$res_responseHash = strtoupper(hash_hmac('sha256',$res_stringToHash,$secretKey, false));	//Compute hash value
	echo "<br/>hash: ".$res_responseHash."<br/>"; 
	if(strtolower($resXml->hashValue) == strtolower($res_responseHash)){ echo "valid response"; } 
	else{ echo "invalid response"; }
	
?>

Next : Recurring Payment Plan maintenance