Tokenization using a Hosted Payment Page

The Exact Payments Gateway supports internal tokenization services where a merchant can submit credit/debit card numbers and have an algorithmically generated token (called 'Tags') returned. The returned token (Tag) can be stored in the merchant system and used for processing all future transactions including: pre-authorization, purchase, void, refund and capture/settlement.

Tokenization is strongly recommended. Eliminating credit and debit card numbers from passing through or being stored in your internal systems is a best practice for data security and PCI compliance requirements.

Step 1: Use Hosted Payment Page for credit card submission

Build a Hosted Payment Page and use a $0 pre-authorization request with CVV for transactions with a new customer, or new credit/debit card presented by an existing customer.

Step 2: Use Reporting API to retrieve Token

Retrieve the Exact Token using our GET /payments API endpoint. The new Token value is returned in API response field payment_id.

Token values can be securely stored for future transactions.

Step 3: Use REST APIs to process purchase authorizations (and other follow-on transactions)

Submit a 'pre-authorization' or 'purchase' transaction using our POST /payments API endpoint with payment_method set to token and the token_type set to "exactpay", eg:

POST /accounts
{
  "terminal":{
     "gateway_id":"XXXXXXX"
  }    
  "amount":"5000",
  "payment_method":{
    "token":{
     "token": "94b87c82-178b-4f61-99c1-87ae153982f0", //the payment_id 
     "token_type": "exactpay"
    }
  }
}

Tokens are used for follow-on transactions including: Void, Refund and Capture.

• POST /payments/payment_id/void
• POST /payments/payment_id/refund
• POST /payments/payment_id/capture