The final step is to use the card data stored using Secure Fields to either create a transaction or store a card on file for later use.

Create a transaction

Card data stored in a checkout session can be used to create a transaction.

curl -i -X POST "https://api.example.gr4vy.app/transactions" \
    -H "Authorization: Bearer [JWT_TOKEN]" \
    -H "Content-Type: application/json" \
    -d '{
          "amount": 1299,
          "currency": "AUD",
          "payment_method": {
            "method": "checkout-session",
            "id": "332a6c3a-c4eb-45f6-9a4e-72af459535e2"
          }
        }'

The returned transaction includes details about the payment method used, and the status of the transaction.

{
  "type": "transaction",
  "id": "fe26475d-ec3e-4884-9553-f7356683f7f9",
  "status": "authentication_succeeded",
  "amount": 1299,
  "currency": "AUD",
  "payment_method": {
    "type": "payment-method",
    "id": "77a76f7e-d2de-4bbc-ada9-d6a0015e6bd5",
    "method": "card",
    "scheme": "visa",
    "expiration_date": "07/24",
    ...
  },
  ...
}

Store a card for later use

Card data in a checkout session can also be used to create a stored payment method that can be used later.

This will delete the security_code from the vault and any transaction created later will require the code to be requested again.

curl -i -X POST "https://api.example.gr4vy.app/payment-methods" \
    -H "Authorization: Bearer [JWT_TOKEN]" \
    -H "Content-Type: application/json" \
    -d '{
            "method": "checkout-session",
            "id": "332a6c3a-c4eb-45f6-9a4e-72af459535e2"
        }'

The returned payment method includes details about the card used, and ID of the payment method can be used to create a transaction at a later point.

{
    "type": "payment-method",
    "id": "77a76f7e-d2de-4bbc-ada9-d6a0015e6bd5",
    "method": "card",
    "scheme": "visa",
    "expiration_date": "07/24",
    ...
}

Checkout session expiry

Once card data has been stored in the vault with Secure Fields the data is only kept for 5 minutes. This means that the checkout session needs to be used to create a transaction, or store a payment method before that time.

3-D Secure

3-D Secure can be used in conjunction with Secure Fields using our hosted 3DS solution. To enable hosted 3DS, add a redirect_url to the API call to create a transaction, and then redirect the buyer to the approval_url in the response.

Summary

In this step you:

  • Used the checkout session to create a transaction or store a payment method

Was this page helpful?

3. Add secure fieldsTheming