Payment Token


This document comprises the recommended steps for processing a transaction using a payment token.

Payment token:

For a transaction request sent to OnePay, a payment token will be generated in the response which can be used for completing a transaction lifecycle. This will avoid including card information for a transaction.

Sequence Diagram:

Sample Form Setup:

This sample HTML form page contains card information.

<form method="post" action=" " id="form-token">
<!-- The feild for tokenization result -->
<input id="onepayResult" type="hidden" name="onepayResult" />
<!-- Non Onepay Fields -->
<input type="text" id="cardHolderName" name="cardHolderName" placeholder="Card holder name" />
<input type="text" id="email" name="email" placeholder="Email" />
<br />
<br />
<!-- Error display field -->
<span id="cardError" name="cardError" style="color:red"></span>
 !-- Start Onepay Fields that is need for tokenization -->
<div class="form-group">
<span>Card Number</span><span style="color:red">*</span>
<input type="text" size="20" maxlength="16" id="cardNumber" name="cardNumber" />
<br />
<div class="form-group">
<span>Expiration Date</span>
<select id="expMonth" name="expMonth">
<option value="">Month</option>
<option value="01">01</option>
<option value="02">02</option>
<option value="03">03</option>
<option value="04">04</option>
<option value="05">05</option>
<option value="06">06</option>
<option value="12">12</option>
<select id="expYear" name="expYear">
<option value="">Year</option>
<option value="2021">2021</option>
<option value="2022">2022</option>
<option value="2023">2023</option>
<option value="2024">2024</option>
<option value="2025">2025</option>
<option value="2026">2026</option>
<option value="2027">2027</option>
<br />
<div class="form-group">
<span>Security Code</span>
<input type="text" size="20" id="securityCode" name="securityCode" maxlength="4" />
<!-- End Onepay Fields that is needed for tokenization -->
<button style="margin-top:8px" id="btnGenerateToken" type="submit">Submit</button>

Onepay Token:

To get the payment token key go to the Security Keys in Manage section on the Onepay portal.

Custom Form key should be used for data-paymenttokenkey.


In this step, the below (in bold) OnePay payment token script has to be included. This is responsible for token generation for the provided card details.


<script src="https://code.jquery.com/jquery-3.5.0.js">
<script type="text/javascript" src="https://api.onepay.com/payui/OnePayPaymentToken.min_v1.0.js"


let paymentTokenScript = this._renderer2.createElement('script');   
paymentTokenScript.type = "text/javascript";   
paymentTokenScript.src =  OnePaymentTokenJavaScriptUrl;   
paymentTokenScript.setAttribute("data-paymenttokenkey", <payment token key>);    
this._renderer2.appendChild(this._document.body, checkoutScript);

Requesting for payment token:

A request should be sent to get a payment token from the card details/account number. A payment token will be sent in response which will be valid for 10 minutes.

Users will not be able to use the payment token after a successful transaction or after the time validity.

Users can create payment tokens for the following combinations:

  1. Card data and code.
  2. Card number and expiration date.
  3. Card number, Code, and expiration date.
  4. Account number.

Sample request for payment token request is given below.

"number": "",
"code": "182",
"expiration_date": ""

"check": {
"account_number": ""

Transaction Request

A payment token will be sent in the transaction request for processing. This will include other transaction fields such as action code, entry_mode, account type, etc.

The sample request is given below:

"amount": 11,
"method": "CC",
"type": 2,
"nonce": {{$timestamp}},
"client_Ip": "",
"market_Code": "R",
"payment_token": ""

Transaction will be successful if the payment token is valid. If the transaction token is invalid, an appropriate error message will be sent.

Response Codes:

Result Code Result Sub Code Result Text
1 7000 Success
3 7001 Failure
3 7002 General Error
3 7003 Invalid token request or empty
3 7004 Invalid payment token key

Leave a Reply