Dusupay
Search…
Direct Card Payment
These are server to server card payments where you send encrypted card details directed to our server within the request body.
We support direct card collection requests. This means that as a merchant, you can create a payment form on your interface and then send the card details within the request body.
Card data is not sent in plain text but rather as an encrypted string.
To make direct card payments, you will still make the same request as described in the, International Card PaymentsandLocal Card Payments however, you are required to provide an extra parameter in the request body, card_cipher

Generating data for the card_cipher parameter

Encryption

1. Create a JSON String With Card Details

A JSON string with data keys like those that follow should be created in that order. This includes the card details as shown below.
Data
Description
1
{
2
"full_name": "John Doe",
3
"card_no": "0123456789123456",
4
"exp_month": "06",
5
"exp_year": "22",
6
"cvv": "123",
7
"pin": "1234",
8
"billing_address": "Second Street",
9
"billing_city": "San Francisco",
10
"billing_zip": "94105",
11
"billing_state": "CA",
12
"billing_country": "US"
13
}
Copied!
Parameter
Type
Description
Required
full_name
string
The full name of the cardholder as registered by the issuer
YES
card_no
string
The card number. Usually the length of 16 to 19
YES
exp_month
string
The card expiry month. For single-digit months, prefix 0 e.g. 06
YES
exp_year
string
The card expiry year
YES
cvv
string
The card CVV, CVC, etc depending on the nature of the card
YES
pin
string, optional
The card PIN as used on the ATM
Only for locally issued Nigerian Verve cards
billing_address
string
Billing address as registered by the issuer.
Only for cards issued in the USA, Canada, and Europe
billing_city
string
Billing city name as registered by the issuer.
Only for cards issued in the USA, Canada, and Europe
billing_zip
string
The zip/postal code.
Only for cards issued in the USA, Canada, and Europe
billing_state
string
State name.
Only for cards issued in the USA, Canada, and Europe
billing_country
string
The 2 character ISO country code. The country code list can be obtained using the API description that follows
Only for cards issued in the USA, Canada, and Europe

>> Get a list of billing countries

To get a list of the available billing countries to use when composing the JSON card details string above, use the API description that follows
1
// sandbox
2
GET https://sandbox.dusupay.com/v1/avs-countries
Copied!
Headers
Request
Shell

Request

Header
Value
Required
secret-key
SEC-*** Your Merchant secret key
YES

Request

Parameter Name
Type
Description
Required
api_key
string
Merchant Account Public Key
YES
1
// sandbox
2
curl -v -X GET 'https://sandbox.dusupay.com/v1/avs-countries?api_key=PUBK-***' -H 'secret-key: SECK-***'
Copied!

2. Encrypt the JSON String

To encrypt the JSON string correctly, we have organized a few code samples to illustrate how it could be done as shown below.

>> Downloading Public Key

1
// sandbox
2
GET https://sandbox.dusupay.com/v1/download-public-key
Copied!
Headers
Request
Shell

Request Header

Header
Value
Required
secret-key
SEC-*** Your Merchant secret key
YES

Request Headers

Parameter Name
Type
Description
Required
api_key
string
Merchant Account Public Key
YES
1
// sandbox
2
curl -v -X GET 'https://sandbox.dusupay.com/v1/download-public-key?api_key=PUBK-***' -H 'secret-key: SECK-***' --output dusupay.public.key.pem
3
Copied!

Download our public key for encryption.

First Download the public key and store it in a text file named dusupay.public.key.pem. This will be used to encrypt the card details included in the JSON string created earlier.

>> Encryption Code Samples

NodeJS
PHP
1
const crypto = require('crypto');
2
const fs = require('fs');
3
4
const data = {
5
full_name: "John Doe",
6
card_no: "0123456789123456",
7
exp_month: "06",
8
exp_year: "22",
9
cvv: "123"
10
};
11
12
function encryptData(data) {
13
const payload = JSON.stringify(data);
14
const publicKeyFile = "path-to-file/dusupay.public.key.pem";
15
const publicKey = fs.readFileSync(publicKeyFile).toString().replace(/\\n/g, '\n');
16
17
const encryptedData = crypto.publicEncrypt(
18
{
19
key: publicKey,
20
padding: crypto.constants.RSA_PKCS1_PADDING
21
},
22
Buffer.from(payload)
23
);
24
25
/*return the base64 encoded version of the encrypted string*/
26
return encryptedData.toString("base64");
27
}
Copied!
1
<?php
2
3
public function encryptData($jsonString) {
4
$file = "path-to-file/dusupay.public.key.pem";
5
$keyContent = file_get_contents($file);
6
$publicKey = openssl_get_publickey($keyContent);
7
$ret = null;
8
9
if (openssl_public_encrypt($jsonString, $result, $publicKey, OPENSSL_PKCS1_PADDING)) {
10
/*get the base64 encoded version of the encrypted string*/
11
$ret = base64_encode('' . $result);
12
}
13
14
return $ret;
15
}
16
17
?>
Copied!

Set card_cipher parameter

Now that we have encrypted the card details. The resultant string after encryption is what we need to set as the card_cipher and include it in the Post Collection Request when making a Card Collection Request
Sample Request Body
1
{
2
...
3
"card_cipher": "***"
4
...
5
}
Copied!
By simply including the parameter, card_cipher in the collection request body, is enough for Dusupay to know that you want to make a direct card payment.
Since it's 3D by default, it will return the bank authentication URL where you will redirect the customer.
In the future when we support 2D cards, we will simply charge the card as expected and the payment_url response parameter will be empty
Last modified 5mo ago