14 posts / 0 new
Last post
jonathanstrauss8668
Tokenization Client Side using POST?

Is tokenization for Javascript clientside rely on GET requests? Or can we use the POST method? I've tried using the post method with the same parameters but it doesn't seem to want to work.

return fetch("https://api-cert.payeezy.com/v1/transactions/tokens", {
method: "POST",
body: JSON.stringify(params),
headers: {
'Content-Type': 'application/json',
'Accept': '*/*'
}
})

Params:
{ currency: 'USD',
credit_card:
{ type: 'VISA',
card_number: '4012000033330026',
cardholder_name: 'JohnSMith',
cvv: '123',
exp_date: '1030' },
billing_address:
{ street: '123 Main',
zip_postal_code: '12345',
phone_number: '1234567890',
phone: { type: 'home' },
email: 'a@a.com',
city: 'Springfield',
country: 'US',
state_province: 'MA' },
apikey: '*** removed ***',
type: 'FDToken',
auth: 'false',
js_security_key: '*** removed ***',
ta_token: 'NOIW' }

Result: {"code":"400", "message":"Bad Request"}


christopherlord730
Re: Tokenization Client Side using POST?

The HTTP GET method (excluding Payeezy.JS) is being deprecated at the end of March 2018 and being replaced with POST. You need to follow the sample payload structure as outlined in the Docs & Sandbox.

https://developer.payeezy.com/payeezy-api/apis/post/transactions/tokens

{
"type": "FDToken",
"credit_card": {
"type": "VISA",
"cardholder_name": "JohnSmith",
"card_number": "4788250000028291",
"exp_date": "1030",
"cvv": "123"
},
"auth": "false",
"ta_token": "NOIW"
}


christopherlord730
Re: Tokenization Client Side using POST?

Additionally, no CVV verification is performed with GET or POST. It just tokenizes the card number.


julieiammarino6697
Re: Tokenization Client Side using POST?

What is actually being deprecated? Tokenization using GET in the API method or the payeezy JS?


christopherlord730
Re: Tokenization Client Side using POST?

The HTTP GET method is being deprecated. Payeezy.JS wasn't the only way to obtain the token with GET; it was just the most utilized option.

Payeezy.JS will continue to use the GET method for the foreseeable future.


omariftikhar18984
Re: Tokenization Client Side using POST?

So does this mean that there is no Client side method of tokenization, the method that was advertised as reducing PCI compliance and allowing one to bypass the merchant server for credit card tokenization. The POST method brings the card back to the merchant server thus increasing the PCI scope of the merchant network and servers.


christopherlord730
Re: Tokenization Client Side using POST?

At this time, yes that is the case since the GET method is being deprecated at the end of March. You can integrate with a hosted payment page and submit a $0 authorization to get a tokenized card number or use the POST token method outlined in the Docs & Sandbox. Merchants that already have existing integrations using Payeezy.JS or other HTTP GET methods to tokenize card numbers will still be able to utilize the same method.


omariftikhar18984
Re: Tokenization Client Side using POST?

We actually have an existing integration using Jayeezy.js and the GET method. Are you saying that this will keep functioning after 3/31?


christopherlord730
Re: Tokenization Client Side using POST?

Yes, apologies for any confusion. Payeezy.JS is not being deprecated BUT any other HTTP GET methods for tokenization are being deprecated.


patrickmcivor11237
Re: Tokenization Client Side using POST?

I'm thoroughly confused. you have made conflicting statements about what is being depricated:

"Merchants that already have existing integrations using Payeezy.JS or other HTTP GET methods to tokenize card numbers will still be able to utilize the same method."

and

"Payeezy.JS is not being deprecated BUT any other HTTP GET methods for tokenization are being deprecated."

we currently tokenize using a get to
https://api-cert.payeezy.com/v1/securitytokens

then handle the response with the callback function. Is this going to still be available? What exactly is being deprecated if Payeezy.JS is still available, and we can make GET requests to the endpoint above?

and to clarify, you are saying we cannot do a client side POST to https://api.payeezy.com/v1/transactions/tokens via CORS, it has to be server side?


christopherlord730
Re: Tokenization Client Side using POST?

A POST request with CORS will fail since the Payeezy API does not support it (you'll get a pre-flight check error returned by the browser). The POST would have to be done server side.

The GET methods that are being deprecated are for all other languages through the direct API (PHP, Python, Java etc.) but the Payeezy.JS method will still be supported and is still technically a GET request.


patrickmcivor11237
Re: Tokenization Client Side using POST?

thank you that clears it up for me. And yes we get the pre-flight error when trying to post from the browser.

I would suggest you all update the announcement to more clearly state that PayeezyJS will still support the GET. I suspect there will be a lot of people like us that thought the get method would be going away all together from Payeezy.JS.

Just for final confirmation so I can close this issue, I will still be able to make the get calls to /v1/securitytokens to tokenize a credit card after March 31?

thanks again.


christopherlord730
Re: Tokenization Client Side using POST?

Hi Patrick,

A new blog post and communication should be forthcoming but I don't have an ETA. But yes if you call /v1/securitytokens with the Payeezy.JS method after March 31st it will still work.


jitakarcherla13416
Re: Tokenization Client Side using POST?

HI Chris,
Can you please post in this thread when a new blog post is out with the above clarification about payeezy.js being supported even after 31st March. I was getting ambivalent response when I called the support folks regarding this issue.
Thanks.