Collecting Payments via Direct Charge

Sometimes you're building a platform that needs greater control over payments. You might want to allow customers save and switch between multiple cards, or you might need custom logic for when and how they should be charged. Credo provides Direct Charge APIs for this.

Requirements

When using these endpoints, you're asking customers to trust you with their card information. As you can imagine, this is a big ask, and customers need to know that you won't use or store those details wrongly. The PCI DSS certification provides a way to verify this and is required for any services that handle users' card details directly.

Credo's Direct Charge endpoints require PCI DSS certification to use, so you will not have live access to these endpoints unless we've verified that you are compliant. If you're certified, please email us your certificate to hello@credocentral.com to get live access to the endpoints.

Working with Direct Charge

There are two options when charging a customer's card with Direct Charge: with or without 3D Secure (3DS). 3DS is an authentication mechanism designed to protect a customer against card fraud. Typically, you direct the customer to an authentication page on their bank’s website (powered by the card scheme, such as MasterCard or Visa), and they enter a PIN associated with the card, or a code sent to their phone.

Why use 3ds?

3D Secure requires customers to complete an additional verification step with their card issuer when paying. Payments authenticated via 3DS are covered by a liability shift; should a 3DS payment be disputed as fraudulent by the cardholder, the liability shifts from you to the card issuer.

With 3D Secure

• Verify a card's correctness by calling the verify a card endpoint. The endpoint will return a transactionId and orderId identifying this transaction, as well as some HTML content for you to render in your webpage in order to display the card issuer's verification screen to the customer.

Request (JS)

credo.payments.verifyCardNumber({
  cardNumber: "4242424242442",
  orderCurrency: "NGN"
});

Response

{
    "orderId": "order-hu35yy63f3534",
    "transactionId": "trans-35hucj63f",
    "gatewayCode": "PENDING",
    "gatewayRecommendation": "PROCEED",
    "correlationId": "pay",
    "timeOfRecord": "2021-01-26T12:17:57",
    "redirectHtml": "<div>...</div>"
}

• After the customer completes the verification screen, the card is verified, and the customer is returned to your page.
• Complete the charge by calling the charge endpoint with the card details and the returned transaction details.

Request (JS)

credo.payments.pay(details);

Response

{
    "status": "Success",
    "code": "200",
    "message": "Payment was successful",
    "transRef": "254655-4946-3634"
}

Without 3D Secure

To charge without 3DS, call the direct charge endpoint, passing in the card details.

Request (JS)

credo.payments.cardThirdParty(details);

Response

{
    "status": "string",
    "message": "string",
    "code": 200,
    "transRef": "iy67f64hvc63"
}