Embedded Integration
How It Works
Backend Integration
Info
Make sure that requests to IOTPay endpoints are performed on the merchant's server (as opposed to the client side browser) to avoid potential CORS errors.
Card Purchase
Make a POST request to the cc_purchase API endpoint on your backend server.
Endpoint
https://ccapi.iotpaycloud.com/v3/cc_purchase
Method
POST
Header
Content-Type: application/json;charset=UTF-8
Request
| name | required | type | sample | description |
|---|---|---|---|---|
| mchId | y | String(30) | 10000701 | assigned by IOTPay |
| mchOrderNo | y | String(30) | 1234567890abc | assigned by merchant |
| amount | y | Int | 1500 | in cents |
| currency | y | String(3) | CAD | for now only CAD supported |
| loginName | y | String(12) | jack123 | merchant's login name |
| subject | n | String(64) | ||
| body | n | String(250) | ||
| channel | y | String | PF_CC | PF_CC or UPI_EX |
| notifyUrl | y | String(200) | get notify when success | |
| returnUrl | y | String(200) | https://example.com | redirect to this url after payment |
| sign | y | String(32) | C380BEC2BFD727A4B6845133519F3AD6 | Sign algorithm |
Response
| name | required | type | sample | description |
|---|---|---|---|---|
| retCode | y | String | SUCCESS or FAIL | |
| retMsg | y | String | ||
| retData.redirectUrl | y | String | For redirect purchase, please ignore this field for embedded integration | |
| retData.secureId | y | String | For embedded SDK integration only |
Info
Make the secureId available to the client.
Card Tokenize
Make a POST request to the cc_addcard API endpoint on your backend server.
Endpoint - Add Card
https://ccapi.iotpaycloud.com/v3/cc_addcard
Method
POST
Header
Content-Type: application/json;charset=UTF-8
Request
| Name | Required | Type | Sample | Description |
|---|---|---|---|---|
| mchId | y | String(30) | 0000701 | assigned by IOTPay |
| cardId | y | String(30) | 604567999 | assigned by merchant, must be unique |
| loginName | y | String(12) | jack123 | merchant's login name |
| channel | y | String | PF_CC | PF_CC or UPI_EX |
| returnUrl | y | String(200) | redirect to this url after card is added | |
| sign | y | String(32) | C380BEC2BFD727A4B6845133519F3AD6 | Sign algorithm |
Please note
Each cardId can bind only one credit card, if one user need to bind more cards, use different cardId
Response
| name | required | type | sample | description |
|---|---|---|---|---|
| retCode | y | String | SUCCESS or FAIL | |
| retMsg | y | String | ||
| retData.redirectUrl | y | String | For redirect purchase, please ignore this field for embedded integration | |
| retData.secureId | y | String | For embedded SDK integration only | |
| retData.channel | y | String | PF_CC | PF_CC or UPI_EX |
Info
Make the secureId available to the client.
Frontend Integration
Info
You will need the secureId from response above to create a IOTPay iframe instance through JS SDK.
Add a placeholder div
<div id="iotpay_normal"></div>Add a html script tag
Once you received the secureId from the API call, mount the iframe in the place holder div
Warning
To be PCI compliant, you must load IOTPay.js directly from https://ccapi.iotpaycloud.com/cc/iotpaycc.js. You cannot include it in a bundle or host it yourself.
Additional SDK and Documents
For iOS integration: iOS sdk
For Android integration: Android sdk
PHP and JS integration: Php sdk