POST
/
payments
/
creditCard
/
{id}
cURL
curl --request POST \
  --url https://gateway.cyrexa.com/ipg/2.0.0/payments/creditCard/{id} \
  --header 'Content-Type: application/json-patch+json' \
  --data '{
  "name": "<string>",
  "number": "<string>",
  "expiration": "<string>",
  "cvv": "<string>",
  "email": "jsmith@example.com",
  "phoneNumber": "<string>",
  "address": "<string>",
  "city": "<string>",
  "state": "<string>",
  "postalCode": "<string>",
  "country": "<string>",
  "captureDelayHours": 3,
  "browserInfo": {
    "acceptHeader": "<string>",
    "colorDepth": "<string>",
    "ip": "<string>",
    "javaEnabled": true,
    "javascriptEnabled": true,
    "language": "<string>",
    "screenHeight": "<string>",
    "screenWidth": "<string>",
    "timezone": "<string>",
    "userAgent": "<string>"
  },
  "wallet": {
    "walletType": "<string>",
    "authenticationValue": "<string>",
    "xid": "<string>",
    "eci": "<string>"
  },
  "is3ds": true,
  "isSandbox": true,
  "ipAddress": "<string>"
}'
This response does not have an example.

Credit Card Payments

Process credit card payments directly through the Host-to-Host API with full control over the payment flow, including 3D Secure authentication and advanced fraud protection.

Overview

Credit card processing through H2H API provides:
  • Direct Processing: Server-to-server credit card processing
  • 3D Secure Support: Enhanced security with 3DS authentication
  • Multiple Card Types: Support for Visa, Mastercard, American Express, and more
  • Real-time Processing: Immediate payment processing and response
  • Fraud Protection: Advanced fraud detection and prevention

Required Parameters

Core Credit Card Fields

ParameterDescriptionRequiredExample
nameCard holder full nameYES”John Doe”
numberCredit card numberYES”4111111111111111”
expirationCard expiration (MM/YY)YES”12/25”
cvvCard verification valueYES”123”

Customer Information

ParameterDescriptionRequiredExample
emailCustomer email addressYESjohn@example.com
phoneNumberCustomer phone numberYES”+1234567890”
addressBilling addressYES”123 Main St”
cityBilling cityYES”New York”
stateState or provinceYES”NY”
postalCodeZIP or postal codeYES”10001”
countryCountry code (ISO 3166-1)YES”US”

Transaction Details

ParameterDescriptionRequiredExample
amountPayment amountYES99.99
unitCurrency codeYES”USD”
originDomainMerchant domainYES”shop.example.com”
referenceIdMerchant referenceNO”ORDER-12345”

Optional Parameters

ParameterDescriptionRequiredExample
captureDelayHoursCapture delay (0-7 hours)NO0
notifyUrlWebhook notification URLNOhttps://api.example.com/webhook
successUrlSuccess redirect URLNOhttps://shop.example.com/success
failureUrlFailure redirect URLNOhttps://shop.example.com/failure
browserInfo3DS browser informationNOSee browser info object

Browser Info Object

For 3D Secure authentication, include browser information: 
{
  "browserAcceptHeader": "application/json, text/plain, */*",
  "browserColorDepth": "24",
  "browserIP": "192.168.1.100",
  "browserJavaEnabled": false,
  "browserJavascriptEnabled": true,
  "browserLanguage": "en-US",
  "browserScreenHeight": "1080",
  "browserScreenWidth": "1920",
  "browserTZ": "300",
  "browserUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
}

Complete Request Example

{
  "name": "John Doe",
  "number": "4111111111111111",
  "expiration": "12/25",
  "cvv": "123",
  "email": "john@example.com",
  "phoneNumber": "+1234567890",
  "address": "123 Main Street",
  "city": "New York",
  "state": "NY",
  "postalCode": "10001",
  "country": "US",
  "amount": 99.99,
  "unit": "USD",
  "originDomain": "shop.example.com",
  "referenceId": "ORDER-12345",
  "notifyUrl": "https://api.example.com/webhook",
  "successUrl": "https://shop.example.com/success",
  "failureUrl": "https://shop.example.com/failure",
  "captureDelayHours": 0,
  "browserInfo": {
    "browserAcceptHeader": "application/json, text/plain, */*",
    "browserColorDepth": "24",
    "browserIP": "192.168.1.100",
    "browserJavaEnabled": false,
    "browserJavascriptEnabled": true,
    "browserLanguage": "en-US",
    "browserScreenHeight": "1080",
    "browserScreenWidth": "1920",
    "browserTZ": "300",
    "browserUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
  }
}

Implementation Example

JavaScript/Node.js

async function processCreditCardPayment(paymentData) {
  const apiEndpoint = process.env.YONOBI_H2H_ENDPOINT;
  const apiKey = process.env.YONOBI_API_KEY;
  
  try {
    const response = await fetch(apiEndpoint, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'X-API-Key': apiKey
      },
      body: JSON.stringify({
        // Card details
        name: paymentData.cardholderName,
        number: paymentData.cardNumber,
        expiration: paymentData.expiryDate,
        cvv: paymentData.cvv,
        
        // Customer info
        email: paymentData.customerEmail,
        phoneNumber: paymentData.customerPhone,
        address: paymentData.billingAddress.street,
        city: paymentData.billingAddress.city,
        state: paymentData.billingAddress.state,
        postalCode: paymentData.billingAddress.postalCode,
        country: paymentData.billingAddress.country,
        
        // Transaction
        amount: paymentData.amount,
        unit: paymentData.currency,
        originDomain: paymentData.merchantDomain,
        referenceId: paymentData.orderId,
        
        // URLs
        notifyUrl: paymentData.webhookUrl,
        successUrl: paymentData.successUrl,
        failureUrl: paymentData.failureUrl,
        
        // 3DS
        browserInfo: paymentData.browserInfo
      })
    });
    
    const result = await response.json();
    
    if (response.ok) {
      return {
        success: true,
        paymentRequestId: result.paymentRequestId,
        redirectUrl: result.redirectUrl,
        status: result.status
      };
    } else {
      return {
        success: false,
        error: result.error,
        message: result.message
      };
    }
  } catch (error) {
    return {
      success: false,
      error: 'NETWORK_ERROR',
      message: error.message
    };
  }
}

PHP

<?php
function processCreditCardPayment($paymentData) {
    $apiEndpoint = $_ENV['YONOBI_H2H_ENDPOINT'];
    $apiKey = $_ENV['YONOBI_API_KEY'];
    
    $requestData = [
        // Card details
        'name' => $paymentData['cardholderName'],
        'number' => $paymentData['cardNumber'],
        'expiration' => $paymentData['expiryDate'],
        'cvv' => $paymentData['cvv'],
        
        // Customer info
        'email' => $paymentData['customerEmail'],
        'phoneNumber' => $paymentData['customerPhone'],
        'address' => $paymentData['billingAddress']['street'],
        'city' => $paymentData['billingAddress']['city'],
        'state' => $paymentData['billingAddress']['state'],
        'postalCode' => $paymentData['billingAddress']['postalCode'],
        'country' => $paymentData['billingAddress']['country'],
        
        // Transaction
        'amount' => $paymentData['amount'],
        'unit' => $paymentData['currency'],
        'originDomain' => $paymentData['merchantDomain'],
        'referenceId' => $paymentData['orderId'],
        
        // URLs
        'notifyUrl' => $paymentData['webhookUrl'],
        'successUrl' => $paymentData['successUrl'],
        'failureUrl' => $paymentData['failureUrl'],
        
        // 3DS
        'browserInfo' => $paymentData['browserInfo']
    ];
    
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $apiEndpoint);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($requestData));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        'Content-Type: application/json',
        'X-API-Key: ' . $apiKey
    ]);
    
    $response = curl_exec($ch);
    $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);
    
    $result = json_decode($response, true);
    
    if ($httpCode === 200) {
        return [
            'success' => true,
            'paymentRequestId' => $result['paymentRequestId'],
            'redirectUrl' => $result['redirectUrl'] ?? null,
            'status' => $result['status']
        ];
    } else {
        return [
            'success' => false,
            'error' => $result['error'] ?? 'UNKNOWN_ERROR',
            'message' => $result['message'] ?? 'Payment processing failed'
        ];
    }
}
?>

3D Secure Authentication

3DS Flow

  1. Initial Request: Submit payment with browser info
  2. 3DS Check: System determines if 3DS is required
  3. Challenge: Customer completes 3DS challenge if needed
  4. Final Processing: Payment processed after authentication

Browser Info Collection

function collectBrowserInfo() {
  return {
    browserAcceptHeader: navigator.userAgent,
    browserColorDepth: screen.colorDepth.toString(),
    browserIP: '', // Server-side detection
    browserJavaEnabled: navigator.javaEnabled(),
    browserJavascriptEnabled: true,
    browserLanguage: navigator.language,
    browserScreenHeight: screen.height.toString(),
    browserScreenWidth: screen.width.toString(),
    browserTZ: new Date().getTimezoneOffset().toString(),
    browserUserAgent: navigator.userAgent
  };
}

Error Handling

Common Error Codes

  • INVALID_CARD: Invalid card number or format
  • EXPIRED_CARD: Card has expired
  • INSUFFICIENT_FUNDS: Insufficient funds on card
  • CARD_DECLINED: Card declined by issuer
  • CVV_MISMATCH: CVV verification failed
  • 3DS_FAILED: 3D Secure authentication failed

Error Response Example

{
  "success": false,
  "error": "CARD_DECLINED",
  "message": "The card was declined by the issuing bank",
  "code": "002",
  "details": {
    "declineReason": "Insufficient funds",
    "issuerResponse": "51"
  }
}

Security Best Practices

PCI DSS Compliance

  • Never Store: Never store card numbers, CVV, or expiration dates
  • Secure Transmission: Use HTTPS for all API communications
  • Data Minimization: Only collect necessary card data
  • Access Control: Restrict access to payment processing systems

Implementation Security

  • API Key Protection: Store API keys securely
  • Input Validation: Validate all input parameters
  • Error Handling: Don’t expose sensitive information in errors
  • Logging: Log transactions without sensitive data

Testing

Test Card Numbers

Card TypeNumberCVVExpiry
Visa411111111111111112312/25
Mastercard555555555555444412312/25
American Express378282246310005123412/25

Test Scenarios

  • Successful Payment: Use valid test card numbers
  • Declined Payment: Use specific test numbers for declines
  • 3DS Challenge: Test 3D Secure authentication flows
  • Network Errors: Test timeout and network failure scenarios

Best Practices

Implementation

  1. Validation: Validate card data before API calls
  2. Error Handling: Implement comprehensive error handling
  3. Retry Logic: Use appropriate retry mechanisms
  4. Monitoring: Monitor payment success rates

User Experience

  1. Real-time Validation: Validate card details as user types
  2. Clear Errors: Provide clear, actionable error messages
  3. Loading States: Show processing indicators
  4. Security Indicators: Display security badges and SSL indicators

Performance

  1. Connection Pooling: Use HTTP connection pooling
  2. Timeout Handling: Set appropriate timeout values
  3. Async Processing: Handle responses asynchronously
  4. Caching: Cache non-sensitive configuration data

Next Steps

3D Secure Integration

Learn about 3D Secure authentication implementation

Payment Status

Track credit card payment status

Webhooks

Handle payment status notifications

Path Parameters

id
integer
required

Query Parameters

transaction3dsId
string

Body

Response

200

OK