Build Cards Encryption Flow

Allows you to manage card input directly on your side while staying compliant with PCI DSS. To enhance security, sensitive card details are encrypted using an RSA public key before being transmitted, reducing vulnerabilities in the transport layer and protecting customer data.

Create Payment Session

A windowed time for the end customer to complete the payment, starting when the client initiates the payment request through your app. The payment session duration is customizable, with a default duration of 15 minutes.

API Reference: Create Payment Session

{
  "clientReferenceId": "1751620870",
  "amount": {
    "value": 10000,
    "currency": "IDR"
  },
  "paymentMethod": {
    "type": "CARD"
  },
  "mode": "API",
  "redirectUrl": {
    "successReturnUrl": "https://merchant.com/success",
    "failureReturnUrl": "https://merchant.com/failure",
    "expirationReturnUrl": "https://merchant.com/expiration"
  },
  "customer": {
    "givenName": "Reforza Jordan",
    "sureName": "Geotama",
    "email": "reforza@pivot-payment.com",
    "phoneNumber": {
      "countryCode": "+62",
      "number": "89699990001"
    },
    "refundPreference": {
      "method": "AUTO",
      "transferDestination": {
        "channelCode": "014",
        "channelInformation": {
          "accountNumber": "17677665415",
          "accountName": "Reforza Jordan Geotama"
        }
      }
    }
  },
  "orderInformation": {
    "productDetails": [
      {
        "type": "PHYSICAL",
        "category": "FASHION",
        "subCategory": "FASHION WANITA",
        "name": "Dress Kasual Warna Putih",
        "description": "Ukuran M",
        "quantity": 1,
        "price": {
          "value": 100000,
          "currency": "IDR"
        }
      }
    ],
    "billingInfo": {
      "givenName": "Reforza Jordan",
      "sureName": "Geotama",
      "email": "reforza@pivot-payment.com",
      "phoneNumber": {
        "countryCode": "+62",
        "number": "89699990001"
      },
      "addressLine1": "Biomedical Building Lantai 3",
      "addressLine2": "Digital hub, BSD City",
      "city": "Tangerang Regency",
      "provinceState": "Banten",
      "country": "ID",
      "postalCode": "15331"
    },
    "shippingInfo": {
      "givenName": "Reforza Jordan",
      "sureName": "Geotama",
      "email": "reforza@pivot-payment.com",
      "phoneNumber": {
        "countryCode": "+62",
        "number": "89699990001"
      },
      "addressLine1": "Biomedical Building Lantai 3",
      "addressLine2": "Digital hub, BSD City",
      "city": "Tangerang Regency",
      "provinceState": "Banten",
      "country": "ID",
      "postalCode": "15331",
      "method": "REGULAR",
      "shippingFee": {
        "value": 100000,
        "currency": "IDR"
      }
    }
  },
  "autoConfirm": false,
  "statementDescriptor": "Reforza Pivot",
  "expiryAt": "2025-12-30T23:59:00Z",
  "metadata": {
    "invoiceNo": "INV001"
  }
}

Choose a mode

To manage your own Card Input Page choose mode “API”

{
  "mode": "API"
}

Define Payment Method

Set autoConfirm to false and fill paymentMethod.type = "CARD" to generate the Card RSA Encryption Key

Object Reference:

Payment Method Object

{
  "paymentMethod": {
    "type": "CARD"
  },
  "autoConfirm": false
}

Send us your Success, Failure, and Expired Payment Session URL

Handle Success, Failure, and Expired cases on your Payment Session

Object reference: Redirect Object

{
  "redirectUrl": {
    "successReturnUrl": "https://merchant.com/success",
    "failureReturnUrl": "https://merchant.com/failure",
    "expirationReturnUrl": "https://merchant.com/expiration"
  }
}

Fill Customer and Order information

Include customer and order details by filling the customer and orderInformation objects. Personalize the payment experience, enhance fraud detection and reconciliation, and ensure smoother processing of refund requests.

Object Reference:

{
  "customer": {
    "givenName": "Reforza Jordan",
    "sureName": "Geotama",
    "email": "reforza@pivot-payment.com",
    "phoneNumber": {
      "countryCode": "+62",
      "number": "89699990001"
    },
    "refundPreference": {
      "method": "AUTO",
      "transferDestination": {
        "channelCode": "014",
        "channelInformation": {
          "accountNumber": "17677665415",
          "accountName": "Reforza Jordan Geotama"
        }
      }
    }
  },
  "orderInformation": {
    "productDetails": [
      {
        "type": "PHYSICAL",
        "category": "FASHION",
        "subCategory": "FASHION WANITA",
        "name": "Dress Kasual Warna Putih",
        "description": "Ukuran M",
        "quantity": 1,
        "price": {
          "value": 100000,
          "currency": "IDR"
        }
      }
    ],
    "billingInfo": {
      "givenName": "Reforza Jordan",
      "sureName": "Geotama",
      "email": "reforza@pivot-payment.com",
      "phoneNumber": {
        "countryCode": "+62",
        "number": "89699990001"
      },
      "addressLine1": "Biomedical Building Lantai 3",
      "addressLine2": "Digital hub, BSD City",
      "city": "Tangerang Regency",
      "provinceState": "Banten",
      "country": "ID",
      "postalCode": "15331"
    },
    "shippingInfo": {
      "givenName": "Reforza Jordan",
      "sureName": "Geotama",
      "email": "reforza@pivot-payment.com",
      "phoneNumber": {
        "countryCode": "+62",
        "number": "89699990001"
      },
      "addressLine1": "Biomedical Building Lantai 3",
      "addressLine2": "Digital hub, BSD City",
      "city": "Tangerang Regency",
      "provinceState": "Banten",
      "country": "ID",
      "postalCode": "15331",
      "method": "REGULAR",
      "shippingFee": {
        "value": 100000,
        "currency": "IDR"
      }
    }
  }
}

Get RSA Encryption Key details

After creating the Payment Session, pass the RSA Encryption Key to the Merchant Front-end, which is returned in the response.

Object Reference: Payment Session Object

{
  "encryptionKey": "Eykc6QYeUuG5aKcPMrUsaZq0bWWCGLJY"
}

Encrypt Card Information in Merchant Front-end

Encrypt Card Information details using the RSA Encryption Key from the Merchant Back-end, then pass the Encrypted Card to the Merchant Back-end

Encryption Code Reference: Card Encryption

Card Simulation Reference: Payment Simulation

Confirm Payment Session

Finalize the Payment Method by filling paymentMethod.card.encryptedCard and paymentMethodOptions objects

API Reference: Confirm Payment Session

POST [BASE_URL]/v2/payments/{id}/confirm

{
  "paymentMethod": {
    "type": "CARD",
    "card": {
      "encryptedCard": "vFbUU18gh35lmeVnhb7fgG91tBNb890MTv+0yKBEIARbaiYFySPTvFZZGa7f5V9ONqAJg6KKmtsQn2Qmt7R7V8KdscSgB29zr8MypMvofd3RjNihKk8QvbWOe1qaVjoIzEvkO30oMm3go1nPRFtVcojpw+NAyF1Uip1ED7fZGDfo5haaa2jdSGRg3kei12LcOHZ5jfh94GsPrQ4MCsWfKn1o8Y5b/aPAmfRsfQ2BnGudFAfoxG4hCdCcUTtpNBTt27dPIVeCdyfoOaRRjjgM3JO1dCerhAOgCw2DOvBsHw+Z2VJHJmURPvVTOiuZhSa8E6SRQ1GW7Cf4CRlPLmLa54UU6hbyNePq7W7TGMV11j8Slzan6JF0Wayow0gJp+aTjSER4ZwrmyqRTxKKA2l4t6vi66Yc2B/bzsJtslYa5tJoxmatavuCZma29kUtqU9Dtlu2UNkGoW7XweBtwxkOWpFLfnufTLYNpd7SuaRqOvW0Yc6CjbXZMbradd3ZqFJ+mtSOuU3BAFV5xSjxv90mYWqnZBOpZIVM3WZQanJ//fEReXg7YasvAxQIGYBJybob3uy4mEcODVy6Ty9E9c0UdF5WN7XV0K+5bTLzGEPlMSlTqgL4HSccXp4dpVdWFL4XpVwQBgdjtpmRpklfyaco4YFlGutFSgVYvEitAKYkCtpG9m6RYw4="
    }
  },
  "paymentMethodOptions": {
    "card": {
      "captureMethod": "automatic",
      "threeDsMethod": "CHALLENGE",
      "processingConfig": {
        "bankMerchantId": null,
        "merchantIdTag": null
      }
    }
  }
}

Redirect to 3DS Page

After confirming the Payment Session, redirect your customer to the 3DS Page URL for authenticating the transaction returned in the response.

{
  "paymentUrl": "https://creditcard-webview-stg.harsya.com/payment/creditcard/threeds?client_transaction_id=1751620870&acquirer_transaction_id=TRXCC36ac8979a69a17516228851&session_id=FYb9MAxPBhiwsMGEwbtV5SmkF6t2DnWK"
}

PreviousBuild Full API Mode NextAfter the Payment

Last updated 1 day ago