In AJAX mode, values entered in a form can be checked and processed directly without reloading the web page. In order to enable this, two JavaScripts are required: one JavaScript inside the form and one JavaScript hosted by PAYONE. The second JavaScript is required because JavaScript does not allow cross-domain access. Checking and processing the data via AJAX should take place before the form is sent to the shop.

Include the following JavaScript in your HTML page containing the form:

AJAX JavaScript URL: https://secure.pay1.de/client-api/js/ajax.js         


Payment data should not come into touch with your system. This is very important with credit card data. Certification according to the PCI standard is not necessary only if the card data does not come into touch with your systems. Sensible payment data should be removed from the form after checking and processing via the client API (see below) in order to not have contact with your systems. Any other data can be queried in preceding steps.

Important note

This mode is also known as “direct post”. The input fields are placed on the merchant payment page and not provided by PAYONE. Therefore the merchant needs to comply with PCI DSS SAQ A-EP certification if the full creditcard number (PAN) is processed (using the pseudocardnumber with “direct post” (e.g. to ask the customer for CVC) is fine).

To be SAQ A compliant PAYONE recommends implementation of the PAYONE hosted-iFrame-solution when processing the full original creditcard number (PAN).


JavaScript/AJAX code example
var data = {

       request : 'creditcardcheck',

       responsetype : ‘REDIRECT’,            // JSON or REDIRECT available

       mode : 'live',

       mid : '10000',

       aid : '10001',

       portalid : '2000000',

       encoding : 'UTF-8',

       storecarddata : 'yes',

       hash : '19062005567ca72601cc9d031f9a94b1',

       cardholder : document.Testform.cardholder.value,

       cardpan : document.Testform.cardpan.value,

       cardtype : document.Testform.cardtype.value,

       cardexpiremonth : document.Testform.cardexpiremonth.value,

       cardexpireyear : document.Testform.cardexpireyear.value,

       cardcvc2 : document.Testform.cardcvc2.value,

       language : 'en'


var options = {

       return_type : 'object',

       callback_function_name: 'processPayoneResponse'


function processPayoneResponse(response) {

       if (response.get('status') == 'VALID') {






       else {




var request = new PayoneRequest(data, options);



JSON response example
   "status" : "ERROR",
   "errorcode" : "1078",
   "errormessage" : "Parameter {cardpan} incorrect or missing",
   "customermessage" : "Invalid cardpan. Please check the information on the card.",