How can I set up the "One-Click" using the Direct Post?

1. Generating a token with the Direct Post SDK

You can use our Direct Post SDK for tokenization to generate a token.

2. Saving data in your database

In the API response, you will receive the card information. For later use, you should save the following data in your database:

Field name

Description

token

Token that was created

request_id

Request ID linked to the token

brand

Card’s brand (e.g.: Visa, MasterCard, American Express, JCB, Discover, Diners Club, Solo, Laser, Maestro)

pan

Card number (up to 19 characters). Please note: due to PCI DSS security standards, our system has to mask credit card numbers in any output (e.g.: 549619**4769).

card_holder

Cardholder’s name

card_expiry_month

Card expiry month (2 digits)

card_expiry_year

Card expiry year (4 digits)

issuer

Card-issuing bank’s name Do not rely on this value to remain static over time. Bank names may change over time due to acquisitions and mergers.

country

Bank country code where the card was issued. This two-letter country code complies with ISO 3166-1 (alpha 2).

card_type

Card type (if applicable, e.g.: “DEBIT, CREDIT”)

card_category

Card category (if applicable, e.g.: “PLATINUM”)

3. Using the token

To create a first transaction, you will have to use the /order API method, with parameter "eci" = 7. Depending on fraud parameters, you will be able to trigger 3-D Secure on this first transaction.

For additional transactions, HiPay is not allowed to store the CVC/CVV number. Therefore, you must use the parameter "eci" = 9. 3-D Secure will not be possible.

You should check the expiration date before triggering additional orders to avoid declined transactions. Please also inform your client each time you submit a new order.