New hosted tokenization form

In order to be able to integrate new payment methods on your Checkout you have to first integrate the new Hosted Tokenization Page.

The new form was developed to comply with modern accesibility and UI requirement also simplyfying the integration.

Only tokenization in fronted is changing.

No change for the creditcard processing is needed. You receive PPAN and other data that is needed for the existing Authorization/Preauthorization and other requests.

Integration

This documentation is simplified and should be enough for the simple integration. For extended documentation please use the extended documentation.

Session Initiation Request

In order to load the JS SDK and Hosted Tokenization Page you have first to fetch the JWT from the Server API of Payone. This is a new API Request against our Server API that will return a JWT that later has to be included while loading the SDK/HTP as a token value. Currently the validity of the Token is 10 minutes and it can be used multiple times during this time to tokenize card data.

Step 1: JWT Token Generation

Create a Json Web Token

Creating a JWT needed for later authentication within JS form when is being submitted for card processing

POST Request to retrieve a JWT token

POST  https://api.pay1.de/post-gateway/
Accept: application/json
Content-Type: application/x-www-form-urlencoded

request=getJWT
    &mid=123456
    &portalid=YOURPORTALID
    &key=%HASH_of_THE_PORTAL__KEY%

Sample response

Response JWT

HTTP/1.1 200
Date: Mon, 13 Oct 2025 05:55:03 GMT
Server: Apache
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Type: application/json
Content-Length: 687
Strict-Transport-Security: max-age=31536000; includeSubDomains

{
  "creationDate": "2025-10-13T05:55:03Z",
  "token": "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJhcGlndzAxLmpha2t1LnBheTEtdGVzdC5kZSIsInN1YiI6IjEwMTc2IiwiYXVkIjoiYXBpZ3cwMS5qYWtrdS5wYXkxLXRlc3QuZGUiLCJleHAiOjE3NjAzMzU4MDMsImlhdCI6MTc2MDMzNDkwMywianRpIjoiYWQ3YWYzMTEtZmUxYi00YjViLTkyY2QtMmFmM2I4ZGExOTZjIn0.E5WGje6E8KmUq3o8zAV4dwjBQauNcm7od41kdxGkeOCgJ3gVFP59HrB6EUikuUCfZWrr4vWR9IviVbgdSq6IPsQ8hLHgDudGHXQU9mfWJuW_E5-mBzpOF9fNP6hppNb3M-Qq0gLSwEQNP1RwZgxpG7DNaoKlTl9OqEoPDqFt9I-RFQAvgI5ArwSn9w5yKn5YaXd_cOxZb7-UxiVHJ6m97TxMmtCgkibPc8gAmq0eHngdFm4qiULyN9oRPZoloahbJiSeqGo89IRRc4NvMPrzkk5DnOGCkh9D9xJEYKATfYI4eGTZWusVBRgSH-SEw5-ew_Q0t8yaTtaDjs_-pgcLnA",
  "status": "ok",
  "expirationDate": "2025-10-13T06:10:03Z"
}

Step 2: hosted iframe for tokenization of credit and debit cards

Don`t forget to change mode to LIVE before going to Production.

Tokenization page example

<!-- HTML -->
<html>
    <head>
        <script src="https://sdk.tokenization.secure.payone.com/1.7.0/hosted-tokenization-sdk.js" integrity="sha384-En0FTt1/y/oAtSiKcVajUNbL3xKFS6znYv+TGUO6wtMrD8d//NlUJRCVA7PT44Ua" crossorigin="anonymous"></script>

    <script>
            function tokenizationSuccessCallback(statusCode, token, cardDetails) {
                // This is where you can do stuff with the token and the cardDetails e.g.:
                console.log(statusCode); // e.g. 201
                console.log(token);
                console.log(cardDetails.cardholderName);
                console.log(cardDetails.cardNumber);
                console.log(cardDetails.expiryDate);
            }

            function tokenizationFailureCallback(statusCode, errorResponse) {
                // This is where you can handle errors that can happen during the tokenization (e.g. expired JWTs or malformated JWTs)
                console.log(statusCode); // e.g. 400
                console.log(errorResponse.error); // optional e.g. "JWT structure is incorrect."
            }

            function callbackfunc(statusCode, res) {
            console.log("statusCode:", statusCode,res);
            }

            const config = {
                iframe: {
                    iframeWrapperId: "payment-IFrame",
                    height: 400,
                    width: 400,
                    zIndex: 9999,
                },
                uiConfig: {
                    formBgColor: "#64bbb7",
                    fieldBgColor: "wheat",
                    fieldBorder: "1px solid #b33cd8",
                    fieldOutline: "#101010 solid 5px",
                    fieldLabelColor: "#d3d83c",
                    fieldPlaceholderColor: "blue",
                    fieldTextColor: "crimson",
                    fieldErrorCodeColor: "green",
                    fontFamily: "Mozilla Headline",
                    fontUrl: "https://fonts.googleapis.com/css2?family=Mozilla+Headline:wght@200..700&family=Nata+Sans:wght@100..900&display=swap",
                    labelStyle: {
                        fontSize: "20px",
                        fontWeight: "900",
                    },
                    inputStyle: {
                        fontSize: "20px",
                        fontWeight: "normal",
                    },
                    errorValidationStyle: {
                        fontSize: "16px",
                        fontWeight: "normal",
                    },
                    btnBgColor: "#6390f2",
                    btnTextColor: "#FFFFFF",
                    btnBorderColor: "#6390f2",
                    separatorColor: "#8FA8C8",
                    separatorTextColor: "#64748B",
                },
                locale: "en_US",                
                token:"STRING",
                email:  "",  
                showCardholderName:true,
                strictCardholderName:false,
                isSecurityCodeMasked: true,
                customIconsConfig: {
                            useCustomValidationIcons: true,
                            showCardBrandIcons: false,
                            successIcon: '/validIcon.svg',
                            errorIcon: '/invalidIcon.svg',
                },
                allowedCardSchemes: [
                    "amex",
                    "diners",
                    "discover",
                    "jcb",
                    "maestro",
                    "mastercard",
                    "visa",
                    "unionpay",
                ],
            }

            if (window.HostedTokenizationSdk) {
                async function loadSDK() {
                    try {
                        await window.HostedTokenizationSdk.init();
                        window.HostedTokenizationSdk.getPaymentPage(config,callbackfunc);
                    } catch (error) {
                        console.error('Error initializing HTP-SDK:', error);
                    }
                }
                loadSDK();
            } else {
                console.log("HTP-SDK failed to load");
            }
        </script>
    </head>
    <body>
        <div id="payment-IFrame"></div>
            <button onClick="window.HostedTokenizationSdk.submitForm(tokenizationSuccessCallback, tokenizationFailureCallback)">Submit</button>
    </body>
</html>

In the iFrame example the JWT Token previously generated needs to be used.

---end

Tokenization response sample

---end

Response sample - cardInputMode : Manual

Status code: 201, token: "string", cardDetails: {"cardholderName":"govind","cardNumber":"439584XXXXXX0011","expiryDate":"1228","cardType":"VISA"}, cardInputMode: manual

---end

Supported configuration

Parameter name	Type and value	Optional/Mandatory	Comment
locale	locale value such as de_DE	O with default us_EN.	By default only de_DE and us_EN are supported. Texts can be customized for other languages via text configuration
mode	LIVE or TEST	O	is LIVE by default
token	JWT Token to load the SDK	M	Token retrieved from Server API
uiConfig		O	Ui configuration for HTP - see details below

UI configuration

This feature allows to customize payment form UI from merchant application page after completion of first/initial rendering of payment form.

The following code is used to customize payment form UI from merchant application page after completion of first/initial rendering of payment form.

---end

UI Configuration

const uiConfig = {
    formBgColor: "black",
    fieldBgColor: "wheat",
    fieldBorder: "1px solid #b33cd8",
    fieldOutline: "cyan solid 5px",
    fieldLabelColor: "#d3d83c",
    fieldPlaceholderColor: "blue",
    fieldTextColor: "crimson",
    fieldErrorCodeColor: "green"
};

// Customize the payment form UI
sdk.customizeUI(callbackfunction, uiConfig);

Ui configuration explanation

formBgColor: background color of payment form
fieldBgColor: background color of input field
fieldBorder: border of the input field
fieldOutline: outline of the input field
fieldLabelColor: text color of the input field label.
fieldPlaceholderColor: text color of the input field placeholder
fieldTextColor: text color of the input field text
fieldErrorCodeColor: text color of the error code.

Custom languages support

In order to modify the current text for a certain language you can provide the Language value in the configuration.Partial modification is supported so you are able to modify only some part of the default texting by providing the configuration only for the needed fields.In order to use the custom language you need to provide a complete configuration for the language in the configuration. If this is not provided - the missing field will use a fallback language - English.

Sample Configuration - English and Czech

This configuration sample replaces standard text for english and extends the app to support czech language as an example.

To display czech language you will need to provide the czech configuration from the sample below and set locale: "cs_CZ".

---end

Objecttitle

customTextConfig: {
    en: {
        labels: {
            cardNumber: "Card number",
            cardholderName: "Cardholder Name",
            expiryDate: "Expiry Date",
            securityCode: "Security Code",
        },
        placeholders: {
            cardNumber: "cardNumber ",
            cardholderName: "CarholderName ",
            expiryDate: "expiryDate Custom ",
            securityCode: "securityCode ",
        },
        arialabels: {
            cardNumber: "Enter your card number",
            cardholderName: "Enter the name on the card",
            expiryDate: "Enter the expiration month and year of your card",
            securityCode: "Enter the card verification code",
        },
        errors: {
            cardNumber: {
                isRequired: "Card number is required",
                isInvalid: "Invalid card numbe",
                isTooShort: "Card number is too short",
                notSupported: "Card number not supported",
            },
            cardholderName: {
                isRequired: "Cardholder name is required ",
                isInvalid: "Invalid Cardholder name"
            },
            expiryDate: {
                isRequired: "Expiry date is required",
                isInvalid: "Invalid Expiry date"
            },
            securityCode: {
                isRequired: "security code is required",
                amexCardSecurityCodeError: "Invalid security code",
                generalSecurityCodeError: "Invalid security code"
            },
        },  
    },
    cs: {
        labels: {
            cardNumber: "Číslo karty",
            cardholderName: "Jméno držitele karty",
            expiryDate: "Platnost",
            securityCode: "Bezpečnostní kód",
        },
        placeholders: {
            cardNumber: "1234 1234 123 1234",
            cardholderName: "Jan Pavel",
            expiryDate: "MM/RR",
            securityCode: "123",
        },
        arialabels: {
            cardNumber: "Zadejte číslo karty",
            cardholderName: "Zadejte jméno držitele karty",
            expiryDate: "Zadejte měsíc a rok expirace karty",
            securityCode: "Zadejte bezpečnostní kód karty",
        },
        errors: {
            cardNumber: {
                isRequired: "Zadejte číslo karty",
                isInvalid: "Neplatné číslo karty",
                isTooShort: "Číslo karty je příliš krátké",
                notSupported: "Tento typ karty není podporován",
            },
            cardholderName: {
                isRequired: "Zadejte jméno držitele karty",
                isInvalid: "Neplatné jméno držitele karty"
            },
            expiryDate: {
                isRequired: "Zadejte měsíc a rok expirace karty",
                isInvalid: "Neplatné datum expirace"
            },
            securityCode: {
                isRequired: "Zadejte bezpečnostní kód karty",
                amexCardSecurityCodeError: "Neplatný bezpečnostní kód",
                generalSecurityCodeError: "Neplatný bezpečnostní kód"
            },
        },  
    },
}

---end

Step 3: Run html on a webserver to load the javaScript file from payone server

If you want to test this script locally, you can use docker to test it:

docker run -p 80:80 -v <your directory>:/usr/local/apache2/htdocs/ httpd:latest

The page will load the JavaScript and use the configured credentials to perform a tokenization request.

Step 4: Test cards for testing of integration

You can use mode:''test'' for testing

With the following test card data the described integration can be tested to create a token: https://docs.payone.com/security-risk-management/3d-secure#/

STEP 5: Going to production

Change the mode to LIVE.