Card Tokenization

Tokenization or stored card feature is a method to replace sensitive data such as credit card details with non-sensitive data. Whenever the card is stored, 2C2P will return the card token to merchant.

With 2C2P's Tokenization feature, merchants do not need to undertake a complex and time-consuming PCI-DSS certification process. All the sensitive information is protected at 2C2P with the most advanced security that is compliant with PCI-DSS standards.

 

🚧

How to Integrate

Please refer to the high level diagram flow of Third Party Redirection.

📘

Please refer to available payment channels below :

Global Card (CC)
Local Card (LCC)

 

1. Prepare Payment Token Request

To prepare a payment token request, refer to the required parameters below.

📘

Please refer to: Payment Token API Request

Pre Requisite

  1. MerchantID, secret code & currencyCode are provided by 2C2P.
  1. For PaymentChannel, merchants can refer to the available payment channels for Global Card (CC) & Local Card (LCC) linked above.

Merchants who already know which specific card payment needs to proceed may fill in the corresponding Channel Code, Category Code , or Group Code. The available payment channel will then be shown in the Payment Option and Payment Option Detail APIs.

  1. Set the parameter tokenize to true
{
  "merchantID": "JT04",
  "invoiceNo": "170920135155",
  "description": "V4 Test",
  "amount": "10",
  "currencyCode": "THB",
  "paymentChannel": ["CC"],
  "tokenize": true
}

 

2. Receive Payment Token Response

To receive a payment token response, refer to the sample payment token response below.

📘

Please refer to: Payment Token API Response

{
  "paymentToken": "kSAops9Zwhos8hSTSeLTUXrxyFzAKZHBxhvHgxADrG4oFFZzdTCrla1Kec0wT37heodfXdVtKiCMpA9Vdas2oloFJe2PHGxu6S6NdKcIbhc=",
  "respCode": "0000",
  "respDesc": "Success"
}

 

3. Validation of Payment Token

Proceed only when the parameter "respCode" is "0000". Otherwise, terminate the payment process. Refer to the Payment Response Code below.

🚧

Please refer to: Payment Response Code

 

4. Prepare Payment Option Request

To retrieve available payment options, send a payment option request. Refer to the sample Payment Option Request below.

For merchants who already know which payment options are available, this step is optional.

📘

Please refer to: Payment Option API Request

{
    "paymentToken": "kSAops9Zwhos8hSTSeLTUXrxyFzAKZHBxhvHgxADrG4oFFZzdTCrla1Kec0wT37heodfXdVtKiCMpA9Vdas2oloFJe2PHGxu6S6NdKcIbhc=",
    "locale": "en",
    "clientID": "30c7cf51-75c4-4265-a70a-effddfbbb0ff"
}

 

5. Receive Payment Option Response

To receive a payment option response, refer to the sample payment option response below.

📘

Please refer to: Payment Option API Response

{
    "paymentToken": "kSAops9Zwhos8hSTSeLTUXrxyFzAKZHBxhvHgxADrG4oFFZzdTCrla1Kec0wT37heodfXdVtKiCMpA9Vdas2oloFJe2PHGxu6S6NdKcIbhc=",
    "merchantDetails": {
        "id": "JT04",
        "name": "DEMO Merchant TH",
        "address": "DEMO",
        "email": "",
        "logoUrl": "https://pgw-static-sandbox.s3.amazonaws.com/images/merchantlogo/JT04.png",
        "bannerUrl": null
    },
    "transactionDetails": {
        "amount": "10.00",
        "currencyCode": "THB",
        "invoiceNo": "170920135155",
        "description": "V4 Test"
    },
    "channelCategories": [{
        "groups": [{
            "sequenceNo": 1,
            "name": "Credit Card Payment",
            "code": "CC",
            "iconUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/icon/cc.png",
            "logoUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/logo/.png",
            "default": true,
            "expiration": false
        }],
        "sequenceNo": 1,
        "name": "Global Card",
        "code": "GCARD",
        "iconUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/icon/gcard.png",
        "logoUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/logo/.png",
        "default": true,
        "expiration": false
    }],
    "respCode": "0000",
    "respDesc": "Success"
}

 

6. Prepare Payment Option Details Request

To retrieve details for available payment options, send a payment option details request. Refer to the sample Payment Option Details Request below.

For merchants who already know payment option details, this step is optional.

Pre Requisite

  1. Payment Token from Payment Token API
  1. CategoryCode & GroupCode from Payment Option API

📘

Please refer to: Payment Option Details API Request

{
    "categoryCode": "GCARD",
    "groupCode": "CC",
    "paymentToken": "kSAops9Zwhos8hSTSeLTUXrxyFzAKZHBxhvHgxADrG4oFFZzdTCrla1Kec0wT37heodfXdVtKiCMpA9Vdas2oloFJe2PHGxu6S6NdKcIbhc=",
    "locale": "en",
    "clientID": "30c7cf51-75c4-4265-a70a-effddfbbb0ff"
}

 

7. Receive Payment Option Details Response

To receive a payment option details response, refer to the sample payment option details response below.

📘

Please refer: Payment Option Details API Response

{
    "totalChannel": 4,
    "name": "Credit Card Payment",
    "categoryCode": "GCARD",
    "groupCode": "CC",
    "iconUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/icon/cc.png",
    "channels": [{
        "sequenceNo": 1,
        "name": "MasterCard",
        "currencyCodes": null,
        "iconUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/icon/master.png",
        "logoUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/logo/master.png",
        "payment": {
            "code": {
                "channelCode": "CC"
            },
            "input": {
                "cardNo": "M",
                "expiryDate": "M",
                "securityCode": "O",
                "name": "O",
                "email": "O",
                "pin": "I"
            },
            "validation": {
                "cardNo": "^(?:5[1-5][0-9]{2}|222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}$",
                "expiryDate": "^(2\\d{3}0?[1-9]|1[012])$",
                "securityCode": "^[0-9]{3,4}$",
                "name": "^(?!\\s*$)[-a-zA-Z' ''.']{1,}$",
                "email": "^(([^<>()\\[\\]\\\\.,;:\\[email protected]\"]+(\\.[^<>()\\[\\]\\\\.,;:\\[email protected]\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}])|(([a-zA-Z\\-0-9]+\\.)+[a-zA-Z]{2,}))$",
                "token": "(.*?)",
                "additional": {
                    "cardNo": {
                        "luhn": true,
                        "prefixes": ["51", "52", "53", "54", "55", "2221", "2222", "2223", "2224", "2225", "2226", "2227", "2228", "2229", "223", "224", "225", "226", "227", "228", "229", "23", "24", "25", "26", "270", "271", "2720"]
                    },
                    "amount": null
                }
            }
        },
        "isDown": false
    }, {
        "sequenceNo": 2,
        "name": "VISA",
        "currencyCodes": null,
        "iconUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/icon/visa.png",
        "logoUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/logo/visa.png",
        "payment": {
            "code": {
                "channelCode": "CC"
            },
            "input": {
                "cardNo": "M",
                "expiryDate": "M",
                "securityCode": "O",
                "name": "O",
                "email": "O",
                "pin": "I"
            },
            "validation": {
                "cardNo": "^4[0-9]{12}(?:[0-9]{3})?$",
                "expiryDate": "^(2\\d{3}0?[1-9]|1[012])$",
                "securityCode": "^[0-9]{3,4}$",
                "name": "^(?!\\s*$)[-a-zA-Z' ''.']{1,}$",
                "email": "^(([^<>()\\[\\]\\\\.,;:\\[email protected]\"]+(\\.[^<>()\\[\\]\\\\.,;:\\[email protected]\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}])|(([a-zA-Z\\-0-9]+\\.)+[a-zA-Z]{2,}))$",
                "token": "(.*?)",
                "additional": {
                    "cardNo": {
                        "luhn": true,
                        "prefixes": ["4"]
                    },
                    "amount": null
                }
            }
        },
        "isDown": false
    }, {
        "sequenceNo": 3,
        "name": "JCB",
        "currencyCodes": null,
        "iconUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/icon/jcb.png",
        "logoUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/logo/jcb.png",
        "payment": {
            "code": {
                "channelCode": "CC"
            },
            "input": {
                "cardNo": "M",
                "expiryDate": "M",
                "securityCode": "O",
                "name": "O",
                "email": "O",
                "pin": "I"
            },
            "validation": {
                "cardNo": "^(?:2131|1800|35\\d{3})\\d{11}$",
                "expiryDate": "^(2\\d{3}0?[1-9]|1[012])$",
                "securityCode": "^[0-9]{3,4}$",
                "name": "^(?!\\s*$)[-a-zA-Z' ''.']{1,}$",
                "email": "^(([^<>()\\[\\]\\\\.,;:\\[email protected]\"]+(\\.[^<>()\\[\\]\\\\.,;:\\[email protected]\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}])|(([a-zA-Z\\-0-9]+\\.)+[a-zA-Z]{2,}))$",
                "token": "(.*?)",
                "additional": {
                    "cardNo": {
                        "luhn": true,
                        "prefixes": ["35"]
                    },
                    "amount": null
                }
            }
        },
        "isDown": false
    }, {
        "sequenceNo": 4,
        "name": "American Express",
        "currencyCodes": null,
        "iconUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/icon/amex.png",
        "logoUrl": "https://d27uu9vmlo4gwh.cloudfront.net/images/v4/images/logo/amex.png",
        "payment": {
            "code": {
                "channelCode": "CC"
            },
            "input": {
                "cardNo": "M",
                "expiryDate": "M",
                "securityCode": "O",
                "name": "O",
                "email": "O",
                "pin": "I"
            },
            "validation": {
                "cardNo": "^3[47][0-9]{13}$",
                "expiryDate": "^(2\\d{3}0?[1-9]|1[012])$",
                "securityCode": "^[0-9]{3,4}$",
                "name": "^(?!\\s*$)[-a-zA-Z' ''.']{1,}$",
                "email": "^(([^<>()\\[\\]\\\\.,;:\\[email protected]\"]+(\\.[^<>()\\[\\]\\\\.,;:\\[email protected]\"]+)*)|(\".+\"))@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}])|(([a-zA-Z\\-0-9]+\\.)+[a-zA-Z]{2,}))$",
                "token": "(.*?)",
                "additional": {
                    "cardNo": {
                        "luhn": true,
                        "prefixes": ["34", "37"]
                    },
                    "amount": null
                }
            }
        },
        "isDown": false
    }],
    "validation": {
        "cardNo": {
            "prefixes": ["51", "52", "53", "54", "55", "2221", "2222", "2223", "2224", "2225", "2226", "2227", "2228", "2229", "223", "224", "225", "226", "227", "228", "229", "23", "24", "25", "26", "270", "271", "2720", "4", "35", "34", "37"],
            "regex": null
        },
        "cardTypes": null
    },
    "configuration": {
        "payment": {
            "tokenize": true,
            "tokenizeOnly": false,
            "cardTokenOnly": false,
            "immediatePayment": false,
            "fx": {
                "mcp": {
                    "active": false
                },
                "dcc": {
                    "active": false
                }
            }
        },
        "notification": {
            "facebook": false,
            "whatsApp": false,
            "line": false
        }
    },
    "respCode": "0000",
    "respDesc": "Success"
}

 

8. Prepare Do Payment Request

Merchants must call the Do Payment API to request for payment. To prepare a payment request, refer to the sample payment request below.

Pre Requisite :

  1. Payment Token from Payment Token API
  1. ChannelCode from Payment Option Details API
  1. For the parameter payment.data , refer to the Payment Option Details API Response parameter channels.payment.input to determine the particular data required.
  1. The parameter "securePayToken" requires encryption for sensitive information. Refer to Encryption of card info token on how to generate the token.
  1. Set the parameter cardTokenize to true

📘

Please refer to: Do Payment API Request

{
    "responseReturnUrl": "https://sandbox-pgw-ui.2c2p.com/payment/4.1/#/info/",
    "payment": {
        "code": {
            "channelCode": "CC"
        },
        "data": {
            "name": "Terrance",
            "email": "[email protected]",
            "securePayToken": "00act6XgOLomx0zY2CjCDXrxgNRmek64Qf0p84xBWS5dwwxHFgAmlUuQbsk2wFUjLb0C0B8VI1E7GcWGr9X5htIeE+2d/ESan2kSeISLKOY5HelObaCG0Ihy3qDKbmpN/2AvTA6naWMRmCObqa0lQIFtgGK/QMpTm3WXHWMyTrPPKys=U2FsdGVkX18pXKteGoBNj4DFrkuuFTIsml4A7qkPEnv4IBO/enWGRp2i40x1XPuK",
            "cardTokenize": true
        }
    },
    "clientIP": "175.143.223.174",
    "paymentToken": "kSAops9Zwhos8hSTSeLTUXrxyFzAKZHBxhvHgxADrG4oFFZzdTCrla1Kec0wT37heodfXdVtKiCMpA9Vdas2oloFJe2PHGxu6S6NdKcIbhc=",
    "locale": "en",
    "clientID": "30c7cf51-75c4-4265-a70a-effddfbbb0ff"
}

 

9. Receive Do Payment Response

To receive a payment response, refer to the the sample payment response below.

📘

Please refer to: Do Payment API Response

{
    "data": "https://demo2.2c2p.com/2C2PFrontEnd/storedCardPaymentV2/MPaymentProcess.aspx?token=oYIr9sCUlCP05XjDLSdNVusbvXlzbSE+22hAzgD1+sfH5h7yOdQ+FoPeOvR//4KP",
    "channelCode": "CC",
    "respCode": "1001",
    "respDesc": "Redirect to authenticate ACS bank page."
}

 

10. Redirect to Third Party Processor

Redirect to the appropriate third party processor via browser. The third party processor details are returned through the following parameters from the Do Payment API response. **Failure or rejection of the call for the respCode parameter will terminate the process.**

parameter from Do Payment Response

Description

data

Third party URL endpoint

respCode

Indicates redirection method. For more details, refer to Payment Process Flow

 

11. Receive Payment Response via backend API

📘

Please refer to: Payment Response - Backend API

The parameter "backendReturnUrl" that was previously sent via Payment Token Request is the merchant endpoint that will receive the backend notification. If the parameter "backendReturnUrl" is not set, the system will obtain the backend return URL from the merchant profile set in 2C2P's merchant portal by default.

Perameter

Description

cardToken

After the tokenization process, the generated card token will be returned to the merchant and can be used for subsequent payments.

{
  "merchantID": "JT04",
  "invoiceNo": "170920135155",
  "cardNo": "411111XXXXXX1111",
  "amount": 10.0,
  "currencyCode": "THB",
  "cardToken": "28052010234224845229",
  "recurringUniqueID": "",
  "tranRef": "3249053",
  "referenceNo": "3128339",
  "approvalCode": "212277",
  "eci": "05",
  "transactionDateTime": "20200917163355",
  "agentCode": "KTC",
  "channelCode": "VI",
  "issuerCountry": "US",
  "installmentMerchantAbsorbRate": null,
  "respCode": "0000",
  "respDesc": "Success"
}

 

12. Receive Payment Response via browser redirection

📘

Please refer : Payment Response - Frontend API

The parameter "frontendReturnUrl" that was previously sent via Payment Token Request is the merchant page that customers will be redirected to. If the parameter "frontendReturnUrl" is not set, the system will obtain the front end return URL from the merchant profile set in the 2C2P merchant portal by default. Refer to the sample response returned below.

{
    "invoiceNo": "170920135155",
    "channelCode": "CC",
    "respCode": "2000",
    "respDesc": "Transaction is completed, please do payment inquiry request for full payment information."
}

 

13. Payment Inquiry to retrieve payment information

For merchants who do not implement "Receive Payment Response via backend API", you are required to call to the Payment Inquiry API to receive the payment response.

To prepare a payment inquiry request, refer to the sample payment inquiry request below.

📘

Please refer : Payment Inquiry API Request

{
    "merchantID": "JT04",
    "invoiceNo": "170920135155",
    "locale": "en"
}

 

14. Receive Payment Inquiry Response

To receive a payment inquiry response, refer to the sample payment inquiry response below.

📘

Please refer : Payment Inquiry API Response

{
  "merchantID": "JT04",
  "invoiceNo": "170920135155",
  "cardNo": "411111XXXXXX1111",
  "amount": 10.0,
  "currencyCode": "THB",
  "cardToken": "28052010234224845229",
  "recurringUniqueID": "",
  "tranRef": "3249053",
  "referenceNo": "3128339",
  "approvalCode": "212277",
  "eci": "05",
  "transactionDateTime": "20200917163355",
  "agentCode": "KTC",
  "channelCode": "VI",
  "issuerCountry": "US",
  "installmentMerchantAbsorbRate": null,
  "respCode": "0000",
  "respDesc": "Success"
}