Linking a customer to a card

Securely handle customer's card information for future transactions

❗️

Do not save card information on your application

Do not store any card information (i.e. name, card number, expiry dates, cvv/cvc) on your application unless it is PCI-DSS certified.

Customers might opt to use their cards to transact with your e-commerce website in the future. It will be convenient for them not to type in all those fields a second or third time.

Maya Business's Vault allows your application to securely handle card information without the need to save any critical details to your server.

Customer Registration

Customers should sign-up to your application is the first step. Once user information is stored on your application's database. The application's web server will then send those user information to Vault using Create Customer endpoint. The endpoint will send a JSON response with the content below.

{
  "id": "d29f1635-8313-4ed4-94e5-94b6a6018f52",
  "firstName": "Maya",
  "middleName": "Jose",
  "lastName": "Juan",
  "contact": {
    "phone": "+63(2)1234567890",
    "email": "[email protected]"
  },
  "billingAddress": {
    "line1": "6F Launchpad",
    "line2": "Sheridan Street",
    "city": "Mandaluyong City",
    "state": "Metro Manila",
    "zipCode": "1552",
    "countryCode": "PH"
  },
  "shippingAddress": {
    "firstName": "Maya",
    "middleName": "Jose",
    "lastName": "Juan",
    "line1": "6F Launchpad",
    "line2": "Sheridan Street",
    "city": "Mandaluyong City",
    "state": "Metro Manila",
    "zipCode": "1552",
    "countryCode": "PH",
    "phone": "+63(2)1234567890",
    "email": "[email protected]",
    "shippingType": "ST"
  },
  "sex": "F",
  "birthday": "1987-07-28",
  "customerSince": "2020-12-25",
  "createdAt": "2021-07-06T14:01:25.000Z",
  "updatedAt": "2021-07-06T14:01:25.000Z"
}

Link the customerId to your application's user record.

Linking a card to the customer

Once your customer has submitted their card information, your application will have to tokenize the card details.

Link a customer to a tokenized cardLink a customer to a tokenized card

Link a customer to a tokenized card

The tokenization process will generate a paymentTokenId that you will send along with other details to Vault API to link the card to a customer using Create Card of Customer endpoint.

The endpoint will return cardTokenId, verificationUrl and other fields.

{
    "cardTokenId": "fIOA0DxV0WIqt4ij2qHa3ZCLKJks5A7th8Y7p8h4HK0zfipKRTtEV26sovKwbDaGwYPPsFelV2lJkrsBhvFJoary56nHjGWAGKPKn7E3XfD1pBDPv6m34V8uu1cdwSVOMiEsZlVdoMd7IR8Te124jnIdOIfqTvhO1lMDdk",
    "cardType": "master-card",
    "maskedPan": "2346",
    "createdAt": "2020-05-12T15:02:32.000Z",
    "updatedAt": "2020-05-12T15:02:32.000Z",
    "id": "160262a8-f8b8-4631-94eb-7dc35dc7ca00",
    "state": "PREVERIFICATION",
    "default": true,
    "verificationUrl": "https://payments-web-sandbox.paymaya.com/authenticate?id=160262a8-f8b8-4631-94eb-7dc35dc7ca00"
}

Your application will then store the cardTokenId.

Verification

There are 2 flows to verifying the linked card: through a test charge of Php 10.00 or through payment of their current transaction.

Through a test charge

From the successful call of the endpoint, your application should be redirected to the verificationUrl from the response data to continue the verification process.

🚧

Test Charge

We will be charging Php 10 to the customer's card. This amount will be automatically be refunded back.

Through payment of current transaction

Initiate the payment of the current customer transaction through Create Customer Payment endpoint. The response of the endpoint will give you a new verificationUrl that your application should redirect to.

Once the payment is successfully verified and handled by your webhooks, your application should be able to use the vaulted card in future transactions.

Vaulted Card

After the successful linking and verification of a card, your application will now be able to confirm that the card has been linked and vaulted securely using Retrieve Cards of Customer.

Future transactions using a vaulted card

For future payments using a vaulted card, your application will use Create Customer Payment endpoint. No customer verification needed.


Did this page help you?