3

I've read documentation of PayFort payment gateway . I've setup project and completed transaction with android SDK. Transaction generation and save cards are worked proper. After successful transaction (with remember card ) response is

Success Response: {"amount":"XXXX","response_code":"14000","card_number":"400555******0001","card_holder_name":"Test","payment_option":"VISA","expiry_date":"2105","customer_ip":"xxx.xx.xxx.xx","eci":"ECOMMERCE","language":"en","fort_id":"xxxxxxxxxxxxxxxxxx","command":"PURCHASE","response_message":"Success","sdk_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","authorization_code":"xxxxxx","merchant_reference":"xxxxxxxxxxxxx","customer_email":"xxxxx@gmail.com","token_name":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","currency":"SAR","status":"14"}

After successful transaction (without remember card ) response is

Success Response: {"amount":"XXXX","response_code":"14000","card_number":"400555******0001","card_holder_name":"Test","payment_option":"VISA","expiry_date":"2105","customer_ip":"xxx.xx.xxx.xx","eci":"ECOMMERCE","language":"en","fort_id":"xxxxxxxxxxxxxxxxxx","command":"PURCHASE","response_message":"Success","sdk_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx","authorization_code":"xxxxxx","merchant_reference":"xxxxxxxxxxxxx","customer_email":"xxxxx@gmail.com","currency":"SAR","status":"14"}

Just token_name parameter is extra response in save card response. Now my question is that, if user saved his card detail and want to use later then how to list those saved card list? I can't get Any rest api in documentation page which list all cards. One more thing if user want to pay direct without entering card detail using that token then what's the parameters used and which API will be use for that transaction?
Note: I can see those cards detail in my payfort account.

Bhavin Chauhan
  • 1,950
  • 1
  • 26
  • 47
  • Hi, Have you found a solution for this issue? – Vlad Pylyp Jul 26 '18 at 12:03
  • yes, I've store those tokens with our server and show masking cards. If you need more detail then let me know. – Bhavin Chauhan Jul 26 '18 at 12:31
  • can you please describe a process? can we in some way get a list of card for user, or we have to save cards info in our server with this token, and chose card from our server, get token, and make payfort request with this token after that? – Vlad Pylyp Jul 30 '18 at 10:21
  • payfort not saving user's card against any account I mean like stripe payment doing. If user wish to save card detail then payfort will return one token you need to save it to your server. Now you need to save those token against userId/Email(any unique id). And next time you can use that token for payment. Next time user don't need to enter card detail but user need to enter cvv detail and payment can be possible – Bhavin Chauhan Jul 30 '18 at 11:27
  • Create new database table to save token. So multiple token can be save against one user – Bhavin Chauhan Jul 30 '18 at 11:29
  • @BhavinChauhan Can you please elaborate how to process payment only with "token_name". What would be the request? Would CVV dialog given by Payfort Mobile SDK? It would be a great help if you could share code. – Poras Bhardwaj Dec 14 '18 at 05:32
  • @PorasBhardwaj, When you use token_name then card detail will be autofilled with masking text. you need to insert cvv detail. Don't have code right now. If you need any more help let me know. I'll try my best to help you. – Bhavin Chauhan Dec 20 '18 at 05:44
  • @BhavinChauhan Thanks, I can use token_name to fill card details. Do you have any idea how to delete/remove saved card from payort usind mobile SDk? And, have you implemented refund, is refund & removal of card possible using mobile SDK? – Poras Bhardwaj Dec 28 '18 at 07:14
  • @PorasBhardwaj, No I didn't work for refund and delete card part. But as per my knowledge it's not possible from mobile SDK. You need to work from website. – Bhavin Chauhan Dec 29 '18 at 07:16

1 Answers1

1

You won't be able to actually 'see' or get a list of the card details. That will be insecure on Payfort's part. All you would get is the masked card number '400555******0001' in response along with the token_name.

What you can do is this:

  1. Save these details for the particular user in your database. You might have to save a new card entry every time you find a new one in the response (this would happen when user will use different cards for different transactions and keeps the 'remember me' setting on).
  2. Then in your mobile UI or on web UI, show a dropdown with these 'masked' card numbers. For the selected card, only send the 'token_name' in your payment request.

The biggest benefit is that you don't have to save the card details and be vulnerable. Instead, just keep the token_name and get it pre-filled when redirecting to Payfort.

Mayank Sehgal
  • 96
  • 2
  • 14