Contact us


Tokenization API

Tokenization API

The 360-One JavaScript Tokenization API provides easy way to achieve PCI compliance through client-side tokenization. The API communicates with the 360-One Payment Gateway by using the cardholders web browser, and the CORS method for secure browser based cross-domain communication.

Note: In order to use the Tokenization API, the requesting domain must be registered with 360-One. Please consult your product certification specialist. Contact Us for more info.

Live Demo

The following demo shows how a card may be tokenized at the browser level, before it comes in contact with a merchant’s server.

This demo simply calls Mes.tokenize, and displays the result in a pop-up box. In a production situation, the token would be forwarded to the merchant’s server where it’s stored for any future transaction processing. The token has no expiration.

Billing Information
Card Number *
Expiration (MMYY) *

* indicates required field

Response:


Description

Typical transaction flow

The basic overview of this API as is follows:

  • When a payment form on your site is submitted, invoke the API by calling Mes.tokenize
  • The API will provide an array of data to your callback function.
  • The array key ‘code’ may be tested to ensure the process was successful (0 was a success).
  • In your callback function, you may do whatever you wish to the token, it’s entirely PCI compliant:
    • Populate a hidden form element with the token, and continue with the form submission to your server (typical).
    • Run another AJAX call to your server to store the token, or have your server perform any gateway transactions using the token.

Supported browsers

The JavaScript tokenization API utilizes XmlHttpRequest in browsers which support it, falling back to XDomainRequest for certain versions of Internet Explorer. Browsers which do not support any form of CORS are not compatible.

Browser Supported Version Supported Version Release
Firefox 3.5+ June 30, 2009
Internet Explorer 8.0+ June 3, 2009
Google Chrome 3.0+ September 25, 2009
Opera Opera 12+, Opera Mobile 12+ June 14, 2012
Android Mobile Browser All
Chrome for Android All
Firefox for Android All
iOS Safari All

Implementation

Full example

  1. <html>
    <head>
    <title>JS API Test</title>
    <script src=“mes-1.0-min.js” type=“text/javascript”></script>
    <script src=“http://ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js” type=“text/javascript”></script><script type=“text/javascript”>
    $(document).ready(function() {
    $(‘#payment’).submit(function() {
    document.getElementById(‘submitButton’).disabled = true;
    Mes.tokenize($(‘#card_number’).val(), $(‘#card_exp_date’).val(), responseHandler);
    return false; // Our responseHandler will submit the form for us.
    });
    });function responseHandler(result) {
    document.getElementById(‘submitButton’).disabled = false;// Display full result for debugging.
    $(‘#result’).html(“Result:<br />”);
    for(var i in result) {
    $(‘#result’).append(i+“: “+result[i]+“<br />”);
    }if(result[‘code’] == 0) {
    // Request was successful. Insert hidden field into the form before submitting.
    $(‘#payment’).append(‘<input type=”hidden” name=”mesToken” value=”‘+result[‘token’]+‘” />’);
    $(‘#payment’).append(‘<input type=”hidden” name=”mesCardNum” value=”‘+result[‘card_number’]+‘” />’);
    $(‘#payment’).append(‘<input type=”hidden” name=”mesHash” value=”‘+result[‘hash’]+‘” />’);
    // Continue to submit the form to the action, where we will read the mesToken POST data.
    document.forms[‘payment’].submit();
    }
    else {
    // Request failed. Check result[‘code’], or use result[‘text’] as a reference, and inform the user.
    }
    }
    </script>
    </head><body>
    <div id=“container”>

    <!– tokenlistener is any page that can extract mesToken from the post (PHP example: $_POST[‘mesToken’]) –>
    <form action=“tokenlistener.php” method=“POST” id=“payment”>
    <div class=“formRow”>
    <label>Card Number</label>
    <input type=“text” size=“20” autocomplete=“off” id=“card_number”/>
    </div>
    <div class=“formRow”>
    <label>Expiration (MMYY)</label>
    <input type=“text” size=“4” id=“card_exp_date”/>
    </div>
    <button type=“submit” id=“submitButton”>Submit</button>
    </form>

    <div id=“result”></div>

    </div>
    </body>
    </html>

Once the token has been posted to our form action, any server-side language can be used to extract the token from the POST data. It can then be substituted for a card number for use with the MeS Payment Gateway.

API Result Codes

Code Description Note
0 Request OK
1 Browser is incompatible with CORS, tokenization cannot proceed
2 Invalid Card Number
3 Invalid Expiry Date
4 Gateway Error Additional fields, gateway_text and gateway_error are the exact Payment Gateway text and error which occurred.
5 HTTP Error Error 5 will never occur in Internet Explorer 8 and 9. Invalid HTTP codes using these browsers (such as 404, 500, etc) will be reported as error 6; Transmission Error.
6 Transmission error
7 Cross Scheme Error When using Internet Explorer 8/9, while submitting across schemes (From non-SSL to SSL, or vice versa). This can be avoided by always hosting the page as SSL.
image
https://360-one.com/wp-content/themes/imperio/
https://360-one.com/
#6cd0f2
style1
paged
Loading posts...
/home/s7jsyzsnu9qr/public_html/
#
on
none
loading
#
Sort Gallery
on
yes
yes
off
Enter your email here
off
off