The Hosted Tokenization SDK allows to embed a secure payment form into your web application. It renders the payment page via an iframe and provides methods to customize the UI, handle tokenization, and submit payment data securely.
Important remark:
This guide enhances the Credit Card Documentation and doesn`t replace it.
Please read the New - Credit and Debit Card Payments first.
Currently the latest version is 1.3.0. Please migrate to the newer version once available.
Supported versions of the SDK :
You will always use the latest Hosted Tokenization Page even while using the older version of the SDK. This ensure higher security and stability. However certain feautures and configurations are not supported by the older versions.
| Property | Required | Type | Default | Description |
| iframe.iframeWrapperId | Mandatory | string | n/a | ID of the HTML container for the iframe |
| iframe.height | Optional | number | string | auto | If not provided, the height will be automatically adjusted. When specified, the value will serve as the minimum height of the iframe in pixels. |
| iframe.width | Optional | number | string | 400 | Maximum width of iFrame in pixels |
| iframe.zIndex | Optional | number | string | 9999 | Z-Index of the Iframe |
| uiConfig | Optional | Object | Default UI | Custom styling of the form. See more details below. |
| locale | Optional |
string |
en_US | de_DE → Deutsch en_US → English |
| token | Mandatory | string | JWT token for authentication | |
| mode | Optional | string | LIVE | only LIVE is supported |
| allowedCardSchemes | Optional | string | All cards are allowed |
If not provided or provided an empty array, all the cards are allowed. Merchants should pass the values in all lowercase ("mastercard", "amex"). Only version 1.2 and above |
| customTextConfig | Optional | Object | Default text | If provided it will replace the default text for field lables, errors and aria-lables for provided fields. |
|
---end
Trigger form submission and tokenization button should be implemented on the Merchant page:
|
---end
| Callback | Description | Parameters | Description |
| `successCallback` | Called on successful tokenization | `statusCode`, `token` (string), `cardDetails` (object) | This callback is triggered when card tokenization completes successfully using the JS SDK. |
| `failureCallback` | Called if tokenization fails | `statusCode`, `error` (string/object) |
---end
|
This callback is triggered when card tokenization completes successfully using the JS SDK. This has to be handled
| Name | Type | Description |
| statusCode | number | HTTP-style status code. 201 indicates successful tokenization. |
| token | string | Unique token representing the card. Securely store this for future transactions. |
| cardDetails | object | Contains masked card data and metadata. See below. |
| inputMode | string | Method used for tokenization (eg. manual, register or ClickToPay) |
| Property | Type | Description |
| cardholderName | string | Name of the cardholder as entered. |
| cardNumber | string | Truncated card number (411111XXXXXX1111). |
| expiryDate | string | Card expiry in MM/YY format (e.g. 11/33 = November 2033). |
| cardType | string | Card scheme |
---end
|
| Attribute | Type | Description | Example |
| formBgColor | string | Background color of the entire form | "black" |
| fieldBorder | string | Background color of individual input fields | "wheat" |
| fieldOutline | string | CSS border for input fields | "1px solid #b33cd8" |
| fieldLabelColor | string | CSS outline for fields on focus/active | "cyan solid 5px" |
| fieldPlaceholderColor | string | Color of the field labels | "#d3d83c" |
| fieldTextColor | string | Color of placeholder text in inputs | "blue" |
| fieldErrorCodeColor | string | Color of text entered by the user | "crimson" |
---end
|
---end
In version 1.0.2 features for customizing the font of the document, font size and font weight for the fields have been introduced. This can be configured by adding the fields specified below.
| Attribute | Type | Description | Example |
| fontFamily | string | The family of the font. For google fonts, it should be a valid value specified by google fonts. For font file URL, any custom string can be given. | "Mozilla Headline" |
| fontUrl | string | The URL of the that needs to be applied. It can be a google fonts URL or a URL of a font file. Supported font files: .woff2, .woff, .ttf, .otf, .eot, .svg, .sfnt |
"https://fonts.googleapis.com/css2?family=Mozilla+Headline:wght@200..700& family=Nata+Sans:wght@100..900&display=swap" |
| labelStyle.fontSize | string | Font size of the label element. The fontSize should be a unit value (eg. px, em, rem, %). Values like s-small, large cannot be applied. | "20px" |
| labelStyle.fontWeight | string | Font weight of the label element. Any valid css value can be applied | "900" |
| inputStyle.fontSize | string | Font size of the input element. The fontSize should be a unit value (eg. px, em, rem, %). Values like s-small, large cannot be applied. | "20px" |
| inputStyle.fontWeight | string | Font weight of the input element. Any valid css value can be applied | "normal" |
| errorValidationStyle.fontSize | string | Font size of the error message element. The fontSize should be a unit value (eg. px, em, rem, %). Values like s-small, large cannot be applied. | "16px" |
| errorValidationStyle.fontWeight | string | Font weight of the error message element. Any valid css value can be applied | "bold" |
---end
|
Text configuration is supported in version 1.3 and above only.
Our application natively supports only German and English locale values out of the box starting from the initial release.
|
---end
In order to modify the current text for a certain language you can provide the Language value (en: { }, ) in the configuration.
Partial modification is supported so you are able to modify only some part of the default texting by providing the configuration only for the needed fields
In order to use the custom language you need to provide a complete configuration for the language in the configuration. If this is not provided - the missing field will use a fallback language - English.
This configuration sample replaces standard text for english and extends the app to support czech language as an example.
---end
---end
---end
|
---end
This is a Sample Application that you may use for the integration of the Hosted Tokenization.
|
---end
If you want to test this script locally, you can use docker to test it:
docker run -p 80:80 -v <your directory>:/usr/local/apache2/htdocs/ httpd:latest---end
With the following test card data the described integration can be tested to create a token: https://docs.payone.com/security-risk-management/3d-secure#/
---end
If you want to switch to production, please exchange the source domain of the JS by changing
<script src="https://sdk.preprod.tokenization.secure.payone.com/1.0.2/hosted-tokenization-sdk.js" integrity="sha384-JavLFVzhH2fmwhTeBqVkXIiKlGAMbvznkievdJ4VHNpc02zWI0djUJS6J9LVI9L3" crossorigin="anonymous"></script>
to
<script src="https://sdk.tokenization.secure.payone.com/1.0.2/hosted-tokenization-sdk.js" integrity="sha384-JavLFVzhH2fmwhTeBqVkXIiKlGAMbvznkievdJ4VHNpc02zWI0djUJS6J9LVI9L3" crossorigin="anonymous"></script>