Tokenization helps you tokenize customer's credit card data that can be used for making payment(s) without requesting for input every time.
Hosted Model with customizable payment pages is supported. Similarly to other hosted model payments, PCI DSS is not required as BBMSL stores all the tokenized data.
- Payment Card: Visa, Mastercard
- Digital Wallet: Apple Pay, Google Pay, Alipay, AlipayHK, WeChat Pay
You can redirect the customer to our hosted checkout page, or embed the payment page into an iframe Html element.
You can upload your company logo and configure the checkout page theme color in BBMSL Merchant Portal. There are also UI options to be enabled through PayAPI request parameters. Two diagrams are shown below indicating the available customization options on desktop and mobile layout,
- Payment Card: The Tokenization supports 3-D Secure (3DS) security verification to protect your payment. The 3DS challenge page will be presented automatically if the issuing bank requires it.
- Digital Wallet: The authentication process is conducted by the wallet's service provider through biometric authentication or username/password.
To integrate the tokenization flow, the merchant needs to tokenize the customer's card before conducting a payment. The customer will be charged with a small amount for card verification, which will be voided afterwards. A diagram is given below showing the workflow of each required steps,
- Use the PayAPI Add Token:
/tokenization/add-tokento generate a
checkoutUrlfor customers to input the card data. The mentioned small amount will be charged in this step. After that, the card data is tokenized in BBMSL Payment Gateway.
- A unique
tokenIdwill be mapped to each credit card being tokenized. Merchant needs to query the
tokenIdusing PayAPI Query Token:
/tokenization/query-tokenwith the corresponding
userIdused in the previous step for later payment.
- With the
tokenIdyou can proceed payment directly with PayAPI Sale:
/tokenization/salewithout asking for card data. The
tokenIdcan be reused until expired or deleted, merchant can start another payment by this step.
The merchant need to handle the failure result in different stages. In case of any network errors, you need to query the result of the order instead of assuming it succeeded.