Direct Card Payment

These are server to server card payments where you send encrypted card details directed to our server within the request body.

We support direct card collection requests. This means that as a merchant, you can create a payment form on your interface and then send the card details within the request body.

Card data is not sent in plain text but rather as an encrypted string.

To make direct card payments, you are required to provide an extra parameter in the request body, card_cipher

Generating data for the `card_cipher` parameter

Encryption

1. Create a JSON String With Card Details

A JSON string with data keys like those that follow should be created in that order. This includes the card details as shown below.

{
    "full_name": "John Doe",
    "card_no": "0123456789123456",
    "exp_month": "06",
    "exp_year": "22",
    "cvv": "123",
    "pin": "1234",
    "billing_address": "Second Street",
    "billing_city": "San Francisco",
    "billing_zip": "94105",
    "billing_state": "CA",
    "billing_country": "US"
}

Parameter

Type

Description

Required

full_name

string

The full name of the cardholder as registered by the issuer

YES

card_no

string

The card number. Usually the length of 16 to 19

YES

exp_month

string

The card expiry month. For single-digit months, prefix 0 e.g. 06

YES

exp_year

string

The card expiry year

YES

cvv

string

The card CVV, CVC, etc depending on the nature of the card

YES

pin

string, optional

The card PIN as used on the ATM

Only for locally issued Nigerian Verve cards

billing_address

string

Billing address as registered by the issuer.

Only for cards issued in the USA, Canada, and Europe

billing_city

string

Billing city name as registered by the issuer.

Only for cards issued in the USA, Canada, and Europe

billing_zip

string

The zip/postal code.

Only for cards issued in the USA, Canada, and Europe

billing_state

string

State name.

Only for cards issued in the USA, Canada, and Europe

billing_country

string

The 2 character ISO country code. The country code list can be obtained using the API description that follows

Only for cards issued in the USA, Canada, and Europe

>>Getting a list of billing countries

To get a list of the available billing countries to use when composing the JSON card details string above, use the API description that follows

// sandbox
GET https://sandbox.dusupay.com/v1/avs-countries

Request

Header

Value

Required

secret-key

SEC-*** Your Merchant secret key

YES

// sandbox
curl -v -X GET 'https://sandbox.dusupay.com/v1/avs-countries?api_key=PUBK-***' -H 'secret-key: SECK-***'

2. Encrypt the JSON String

To encrypt the JSON string correctly, we have organized a few code samples to illustrate how it could be done as shown below.

>> Downloading Public Key

// sandbox
GET https://sandbox.dusupay.com/v1/download-public-key

Request Header

Header

Value

Required

secret-key

SEC-*** Your Merchant secret key

YES

// sandbox
curl -v -X GET 'https://sandbox.dusupay.com/v1/download-public-key?api_key=PUBK-***' -H 'secret-key: SECK-***' --output dusupay.public.key.pem

Download our public key for encryption.

First Download the public key and store it in a text file named dusupay.public.key.pem. This will be used to encrypt the card details included in the JSON string created earlier.

>> Encryption Code Samples

const crypto = require('crypto');
const fs = require('fs');

const data = {
        full_name: "John Doe",
        card_no: "0123456789123456",
        exp_month: "06",
        exp_year: "22",
        cvv: "123"
    };

function encryptData(data) {
    const payload = JSON.stringify(data);
    const publicKeyFile = "path-to-file/dusupay.public.key.pem";
    const publicKey = fs.readFileSync(publicKeyFile).toString().replace(/\\n/g, '\n');

    const encryptedData = crypto.publicEncrypt(
        {
            key: publicKey,
            padding: crypto.constants.RSA_PKCS1_PADDING
        },
        Buffer.from(payload)
    );

    /*return the base64 encoded version of the encrypted string*/
    return encryptedData.toString("base64");
}

<?php

public function encryptData($jsonString) {
    $file = "path-to-file/dusupay.public.key.pem";
    $keyContent = file_get_contents($file);
    $publicKey = openssl_get_publickey($keyContent);
    $ret = null;

    if (openssl_public_encrypt($jsonString, $result, $publicKey, OPENSSL_PKCS1_PADDING)) {
        /*get the base64 encoded version of the encrypted string*/
        $ret = base64_encode('' . $result);
    }

    return $ret;
}

?>

Set card_cipher parameter

Now that we have encrypted the card details. The resultant string after encryption is what we need to set as the card_cipher and include it in the Post Collection Request when making a Card Collection Request

{
  ...
  "card_cipher": "***"
  ...
}

By simply including the parameter, card_cipher in the collection request body, is enough for Dusupay to know that you want to make a direct card payment.

Since it's 3D by default, it will return the bank authentication URL where you will redirect the customer.

In the future when we support 2D cards, we will simply charge the card as expected and the payment_url response parameter will be empty

PreviousHosted Payment Page NextBank

Last updated 8 months ago