Hosted Fields
Ce produit est en mode pilote. Contactez-nous pour devenir un pilote.
Get started
Pour traiter des transactions sur notre plateforme avec cette solution, assurez-vous que :
- Vous avez un compte sur notre plateforme.
- Au moins l'une de nos méthodes de paiement par carte disponibles est activée dans le Merchant Portal via Entreprise > Moyens de paiement.
- Utilisez-vous le Back Office ?
Vous pouvez vérifier le statut d'activation de la méthode de paiement via Configuration > Activation PM. - Vous avez configuré votre Clé API et Secret API dans votre compte.
- Votre serveur peut traiter des requêtes serveur-à-serveur via notre API RESTful.
Êtes-vous prêt ? Alors apprenez à utiliser notre Hosted Fields dans le prochain chapitre !
Comment ça fonctionne
Ciblez l'URL de base de l'API la plus à jour
Avant de traiter des transactions en production, utilisez notre environnement de test. Découvrez notre solution sans frais ni engagements ! Une fois que vous souhaitez passer en production, consultez ici comment obtenir un compte de production ou contactez-nous !
Pour être éligible au SAQ-A pour cette méthode d'intégration, vous devez respecter les critères d'éligibilité. Consultez la bibliothèque du PCI Security Standards Council pour une vue d'ensemble complète.
La Hosted Fields fonctionne uniquement en conjonction avec la méthode d'intégration Server-to-server, qui est une étape indispensable dans le flux de paiement. Par conséquent, cela nécessite d'inclure au moins les propriétés 3-D Secure obligatoires dans votre demande de paiement.
Ciblez l'URL de base de l'API la plus à jour
Nous vous encourageons à toujours cibler l'URL de base de l'API la plus à jour lors de l'envoi de requêtes à notre plateforme. Consultez notre guide dédié pour un aperçu complet.
Pour vous permettre une transition en douceur, les anciennes URL de base de l'API restent disponibles jusqu'à nouvel ordre.
Differences Hosted Fields vs Hosted Tokenization Page
Both the Hosted Fields and the Hosted Tokenization Page solutions rely on the same principle: Outsourcing sensitive data to <iframe> instances hosted by us, allowing you to keep a low PCI compliancy type.
However, they have some distinctive differences. Have a look at them to understand how each solution works:
| Element | Hosted Fields | Hosted Tokenization Page |
|---|---|---|
| Characteristics of the <iframe> instances | Each sensitive field is a separate <iframe>. | The whole payment form is inside a single <iframe>. |
| Each <div>/<iframe> can be placed individually on the checkout page. | The <iframe> is one unbreakable element to be merged with the checkout page. | |
| The <iframe> can be customised via CSS, no template necessary. | Can be customised as a whole via an uploaded template. | |
| Each <div>/<iframe> has its own event handler, providing detailed information for all possible scenarios. | The <iframe> has one event handler for all its fields, providing only basic information of the payment form’s global status. | |
| Worldline JavaScript library |
Must be retrieved for each Hosted Fields session. Must be soft-coded in your checkout page front-end. |
Identical Url for reach request. Can be hard-coded in your checkout page front-end. |
Integration steps
Your customers have to provide their credit card number at one point during their journey in your webshop. As a merchant, the greatest challenge is to link all steps during this journey into one seamless experience. At the same time, you need to ensure the safe transfer of your customers' data to the financial institutions handling the data.
Therefore, you can either:
- Outsource the necessary security precautions completely (by using our Hosted Checkout Page solution). However, this method has limits: Your customers will notice a redirection to an external URL - a noticeable break in the payment flow.
- Collect the sensitive data on your own (by using our Server-to-server solution). But this requires you to fulfil the highest PCI requirements - which involves a lot of effort.
- Implement the Hosted Tokenization Page on your checkout page to find a middle ground between Hosted Checkout Page and Server-to-server integration methods. However, although offering flexibility, its <iframe> can only be customized as whole.
Our Hosted Fields solution elevates the Hosted Tokenization Page to the next level: Instead of adding/customising the whole payment form to your checkout page, add and customise card data fields individually:
- Let us handle the credit card data without your customers noticing. Just add individual
<iframe>instances to your webshop's checkout page, splitting up the payment form at will. As we are the host for all<iframe>instances, the sensitive data come and stay at our end! We exchange the actual payment card number for ahostedFieldsSessionIdwhich is not in scope for PCI. - Use this
hostedFieldsSessionIdfor the actual payment request via the Server-to-server integration method. - Merge the
<iframe>instances seamlessly with into your webshop's look and feel. Adapt your webshop's checkout page completely at will!
Our Hosted Fields solution works with all card payment methods.
The following chapters cover a high-level overview of a typical flow. It describes all the steps you need to follow for processing Hosted Checkout Page transactions. Find a detailed overview including optional steps, 3-D Secure authentication etc. in the dedicated chapter.
- Build checkout page
- Initialise your system
- Create HostedFields session
- Load JavaScript library to checkout page
- Initialise Hosted Fields on checkout page
- Submit and tokenise card data
- Send CreatePayment request
- Traiter la réponse de la plateforme
- Obtenir & afficher le résultat de la transaction
Build checkout page
Our Hosted Fields solution requires your checkout page to implement specific HTML/JavaScript elements:
<script id="hosted-fields-sdk" crossorigin="anonymous"></script>
<form id="payment-form" novalidate>
<div id="cardholderName"></div>
<div id="cardNumber"></div>
<div id="expiryDate"></div>
<div id="csc"></div>
<div id="cardBrands"></div>
<button id="submit-button" type="submit" disabled>Pay</button>
</form>
<script>
// Store our platform’s response to the CreateHostedSession request
var apiResponse;
document.addEventListener(‘DOMContentLoaded’, () => {
const sdkScript = document.getElementById(‘hosted-fields-sdk’);
sdkScript.src = apiResponse.sdkUrl;
sdkScript.integrity = ‘sha256-${apiResponse.sdkSri}’;
sdkScript.onload = () => initializeHostedFields(apiResponse);
});
function initializeHostedFields(apiResponse) {
const submitButton = document.getElementById('submit-button');
const resultDisplay = document.getElementById('result-display');
const config = {
"sessionData": apiResponse.sessionData,
"logLevel": "debug",
"style": {
"input": {
"color": "#000000",
"font-family": "courier, monospace",
"font-size": "14px"
},
"input::placeholder": {
"color": "#999999"
}
},
"fields": {
"cardNumber": {
"id": "cardNumber",
"title": "Your card number",
"placeholder": "0000 0000 0000 0000"
},
"cardholderName": {
"id": "cardholderName",
"title": "Your name",
"placeholder": "John"
},
"cardBrands": {
"id": "cardBrands",
"title": "Your card brand",
"placeholder": "VISA"
},
"expiryDate": {
"id": "expiryDate",
"caption": "Your card expiration date",
"checkExpiredDate": "true",
"placeholder": "MM/YY"
},
"csc": {
"id": "csc",
"title": "Your card security code",
"caption": "Your card security code",
"placeholder": "123"
}
}
}
const hostedFields = sdpx.hostedfields.create(config);
// Add event listeners
hostedFields.on("focus", evt => console.log(evt.fieldId + " Focused"));
hostedFields.on("blur", evt => console.log(evt.fieldId + " Blurred"));
hostedFields.on("empty", evt => console.log(evt.fieldId + " Empty"));
hostedFields.on("valid", evt => console.log(evt.fieldId + " Valid"));
hostedFields.on("invalid", evt => console.log(evt.fieldId + " Invalid"));
hostedFields.on("field-ready", evt => console.log(evt.fieldId + " Field ready"));
hostedFields.on("all-fields-ready", evt => console.log(evt.fieldId + " All fields ready"));
hostedFields.on("error-init-fields", evt => console.log(evt.fieldId + " Error initiating fields"));
hostedFields.on("card-brand-selected", evt => console.log(evt.fieldId + " Card brand selected"));
hostedFields.on("card-brand-entry", evt => console.log(evt.fieldId + " Card brand entry"));
hostedFields.on("error", evt => console.log(evt.fieldId + " error"));
document.getElementById('payment-form').addEventListener('submit', (event) =>
{
const handleSubmit = async (onSuccess, onError) => {
if (!hostedFieldsInstance) return;
setIsSubmitting(true);
setError(null);
hostedFieldsInstance.tokenize(true).then(() => {
console.log("Tokenize succeed");
//CreatePayment via Server-to-server using apiResponse.hostedFieldSesssionId
}).catch(err => console.error("Error"))
}
});
}
</script>
The individual elements fulfil a specific role during the payment flow:
| Element | Description |
|---|---|
|
This <form> element is the payment mask for entering card data on your checkout page. It contains individual <div> instances for each input field of the payment form. Upon initialising the Hosted Fields via the var config, an <iframe> is added in each <div> instance. Each <iframe> loads a page containing a single <input> field for entering card data. |
|
Load the Hosted Fields JavaScript library which is used for
As the value for src is different for each request, you need to dynamically/soft-code it. Mind that you need to load the script from our server rather than hosting it yourself. |
|
Stores our platform's response to your CreateHostedFields request. |
|
Load the Hosted Fields JavaScript library to your checkout page for tokenising the card data. |
|
Initialise the Hosted Fields (the
<div> instances within the <form> element), including their look and feel to merge them into your checkout page.
|
|
Tokenize the card data in the <form>. |
Initialise your system
Initialise your system for sending requests to our Direct API by
- Defining test/live endpoint URLs.
- Activating your test/live PSPID on our platform.
- Setting up a test/live API Key/Secret pair.
- Assurez-vous d'utiliser le bon endpoint et de renseigner l'URL de production dès que vous avez terminé vos tests.
- Les données dans notre chapitre Cas de test fonctionnent UNIQUEMENT pour les demandes de paiement dans notre environnement de test. Utiliser ces données dans notre environnement de production entraînera des résultats de test indésirables.
Create HostedFields session
Your web shop application's backend sends a CreateHostedFields request to our platform:
{
"locale": "en-US"
}If you want to pre‑fill the Hosted Fields with stored card data for 1-click payments, make sure to include property tokens in your request.
Endpoint Urls in test / live
- Endpoint URL TEST: https://payment.preprod.direct.worldline-solutions.com/{merchantId}/hostedfields/sessions
- Endpoint URL LIVE: https://payment.direct.worldline-solutions.com/{merchantId}/hostedfields/sessions
Replace "{merchantId}" with your test/live account on our platform. Learn more about the "merchantId" in our glossary.
In our response, our platform will return the following data:
| Property | Description |
|---|---|
| sdkSri | The Subsource Integrity reference for the Javascript library (sdkUrl). Add it as HTML attribute integrity to the Hosted Fields JavaScript library. |
| sdkUrl |
The Hosted Fields JavaScript library for the subsequent steps in the payment flow. Load the library as a separate <script> element to the checkout page. This library is used for
|
| sessionData hostedFieldsSessionId locale platformUrl sessionToken tokens |
The sessionData object contains all necessary data for the subsequent steps:
|
Load JavaScript library to checkout page
Load the Hosted Fields JavaScript library you have received in the previous step via object sessionData.
Add sessionData.sdkUrl as a separate <script> element to your checkout page containing the <form> element. For enhanced security, add sessionDate.sdrSri it as HTML attribute integrity.
The library is used in subsequent steps for
<script id="hosted-fields-sdk" src="..." integrity="sha384-..." crossorigin="anonymous"></script>
document.addEventListener('DOMContentLoaded', () => {
const sdkScript = document.getElementById('hosted-fields-sdk');
sdkScript.src = apiResponse.sdkUrl;
sdkScript.integrity = 'sha256-${apiResponse.sdkSri}';
sdkScript.onload = () => initializeHostedFields(apiResponse);
});As the value for src is different for each request, you need to dynamically/soft-code it. Mind that you need to load the script from our server rather than hosting it yourself.
Initialise Hosted Fields on checkout page
Prepare a configuration object config using the sessionData object and initialise hostedFields. Add event listeners to react to user interactions (i.e. display errors, update the user interface).
The <button> event handler enables users to submit card data to our platform for tokenisation for the subsequent step.
function initializeHostedFields(apiResponse) {
const submitButton = document.getElementById('submit-button');
const resultDisplay = document.getElementById('result-display');
const config = {
"sessionData": apiResponse.sessionData,
"logLevel": "debug",
"style": {
"input": {
"color": "#000000",
"font-family": "courier, monospace",
"font-size": "14px"
},
"input::placeholder": {
"color": "#999999"
}
},
"fields": {
"cardNumber": {
"id": "cardNumber",
"title": "Your card number",
"placeholder": "0000 0000 0000 0000"
},
"cardholderName": {
"id": "cardholderName",
"title": "Your name",
"placeholder": "John"
},
"cardBrands": {
"id": "cardBrands",
"title": "Your card brand",
"placeholder": "VISA"
},
"expiryDate": {
"id": "expiryDate",
"caption": "Your card expiration date",
"checkExpiredDate": "true",
"placeholder": "MM/YY"
},
"csc": {
"id": "csc",
"title": "Your card security code",
"caption": "Your card security code",
"placeholder": "123"
}
}
}
const hostedFields = sdpx.hostedfields.create(config);
// Add event listeners
hostedFields.on("focus", evt => console.log(evt.fieldId + " Focused"));
hostedFields.on("blur", evt => console.log(evt.fieldId + " Blurred"));
hostedFields.on("empty", evt => console.log(evt.fieldId + " Empty"));
hostedFields.on("valid", evt => console.log(evt.fieldId + " Valid"));
hostedFields.on("invalid", evt => console.log(evt.fieldId + " Invalid"));
hostedFields.on("field-ready", evt => console.log(evt.fieldId + " Field ready"));
hostedFields.on("all-fields-ready", evt => console.log(evt.fieldId + " All fields ready"));
hostedFields.on("error-init-fields", evt => console.log(evt.fieldId + " Error initiating fields"));
hostedFields.on("card-brand-selected", evt => console.log(evt.fieldId + " Card brand selected"));
hostedFields.on("card-brand-entry", evt => console.log(evt.fieldId + " Card brand entry"));
hostedFields.on("error", evt => console.log(evt.fieldId + " error"));
document.getElementById('payment-form').addEventListener('submit', (event) =>
{
const handleSubmit = async (onSuccess, onError) => {
if (!hostedFieldsInstance) return;
setIsSubmitting(true);
setError(null);
hostedFieldsInstance.tokenize(true).then(() => {
console.log("Tokenize succeed");
//Create Payment S2S using apiResponse.hostedFieldSesssionId
}).catch(err => console.error("Error"))
}
});
}This will insert <iframe> instances into the <div> elements in the <form> element. Each <iframe> loads a page containing an individual <input> field for each card data field:
Card number
Card holder name
Card brands
Expiry date
CVC
Your customers can now enter their card data in the fields.
| Property | Description/Action |
|---|---|
| sessionData |
Mandatory The object containing all necessary data for initialising the Hosted Fields. The Javascript SDK extracts automatically all necessary sessions details. |
| logLevel | Controls the JavaScript SDK logging verbosity (DEBUG, INFO, WARN, ERROR). |
| language | Sets the locale for error messages. Overrides the locale from sessionData. |
| mode | Set to "development" for more verbose logging. |
| style |
Defines CSS rules applied inside the field <iframe> instances. These styles apply inside the <iframe> and do not interfere with your site's global CSS. Learn more about styling in the dedicated chapter. |
| fields cardNumber cardholderName cardBrands expiryDate csc |
Mandatory The individual card data input fields in separate <iframe> instances.
|
Event handlers
The <iframe> elements listen for the following events/user interactions on each card data field:
| Event/Interaction | Description |
|---|---|
| field-ready |
Field has been initialised. |
| all-fields-ready |
All fields belonging to the <form> have been initialised. |
| error-init-fields |
Field initialisation timeout. |
| card-brand-selected |
When the card holder changes the card brand of a co-badged card. |
| card-brand-entry |
When the entered card number allows determining available brands, including co-badged cards. |
| focus |
Input has focus. |
| blur |
Input loses focus. |
| empty |
Input takes or loses focus and is empty or becomes empty during entry. |
| valid |
Input data is valid during data entry. |
| invalid |
Input data is invalid during data entry. |
| error |
Our platform returns an error. |
| validityChange |
All fields have valid input. Thrown only by the object hostedFields. |
Event data structure
The event object passed to your event handlers contains the following information:
| Event type | Description |
|---|---|
| focus blur empty valid invalid field-ready |
|
| invalid |
|
| all-fields-ready |
|
| card-brand-selected |
|
| card-brand-entry |
|
| error |
|
Invalid event reasons
| Reason | Description |
|---|---|
| BAD_FORMAT |
Field content does not comply with the expected format. |
| BAD_LUHN |
Card number fails Luhn checksum validation. |
| NO_BRANDS |
Unable to determine card brand/scheme. |
| YEAR_TOO_FAR |
Expiry date year is too far in the future (more than 15 years). |
| YEAR_TOO_OLD |
Expiry date lies in the past. |
| TOO_SHORT |
Field content is too short. |
| TOO_LONG |
Field content is too long. |
Submit and tokenise card data
Your customers enter their card details in the <input> fields in the <form> element. Our platform detects the card scheme automatically once your customers start typing in the number. This also works for co-badged cards (where applicable). For every brand detected, our platform will display the respective logo(s) in <div id="cardBrands"></div>. All logos are clickable, allowing your customers to choose their preferred brand.
Once all card data fields have valid input, you can enable the <button> in the <form> element, allowing your customers to confirm the payment.
Your customers submit the card data to our platform via the <button> element, invoking the event listener you added to the <button> element when initialising the Hosted Fields. Our platform tokenises the card data and returns a hostedFieldsSessionId:
document.getElementById('paymentform').addEventListener('submit', (event) =>
{
e.preventDefault();
hostedFields.tokenize(true).then(()=> {
const handleSubmit = async (onSuccess, onError) => {
if (!hostedFieldsInstance) return;
setIsSubmitting(true);
setError(null);
hostedFieldsInstance.tokenize(true).then(() => {
console.log("Tokenize succeed");
//Create Payment S2S using apiResponse.hostedFieldSesssionId
}).catch(err => console.error("Error"))
}
console.log("Card Token:", token);
}).catch(console.error);
});
Send CreatePayment request
You send a CreatePayment request to our platform via our Server-to-server integration method. Replace the card details with the hostedFieldsSessionId, including the mandatory 3-D Secure properties:
{
"hostedFieldsSessionId": "apiResponse.sessionData.hostedFieldsSessionId",
"cardPaymentMethodSpecificInput":{
"returnUrl":"https://yourReturnUrl.com"
},
"threeDSecure":{
"skipAuthentication":false,
"redirectionData":{
"returnUrl":"https://yourReturnUrl.com"
}
},
"order":{
"amountOfMoney":{
"amount":1000,
"currencyCode":"EUR"
},
"customer":{
"device":{
"acceptHeader":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
"browserData":{
"colorDepth":99,
"javaEnabled":true,
"javaScriptEnabled":true,
"screenHeight":"768",
"screenWidth":"1024"
},
"ipAddress":"123.123.123.123",
"locale":"en_GB",
"userAgent":"Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/75.0.3770.142Safari/537.36",
"timezoneOffsetUtcMinutes":"-180"
}
}
}
}
Traiter la réponse de la plateforme
Notre plateforme envoie une réponse contenant un objet merchantAction.
Elle vous indique comment procéder avec le paiement. Selon la réponse, ces scénarios sont possibles :
- Cinématique d'authentification frictionless ou passive 3-D Secure : (merchantAction.actionType=null) : Vos clients utilisent une carte inscrite au 3-D Secure. Les propriétés 3-D Secure dans votre requête CreatePayment s'avèrent suffisantes pour l'étape d'authentification. Nous soumettons la transaction à l'acquéreur et fournissons le résultat dans la propriété statusOutput.statusCode.
- cinématique d'authentification forte 3-D Secure : (merchantAction.actionType="REDIRECT") : Vos clients utilisent une carte inscrite au 3-D Secure. Ils doivent s'identifier en tant que détenteur légitime de la carte. Redirigez-les vers leur émetteur via le merchantAction.redirectData.redirectURL. Définissez une cardPaymentMethodSpecificInput.returnUrl dans la requête CreatePayment initiale pour vous assurer que vos clients sont redirigés vers votre boutique en ligne par la suite.
- Pas d'authentification 3-D Secure (merchantAction.actionType=null) : Vos clients utilisent une carte non inscrite au 3-D Secure. Nous soumettons la transaction à l'acquéreur et fournissons le résultat dans la propriété statusOutput.statusCode.
Obtenir & afficher le résultat de la transaction
Êtes-vous en train de migrer de l'ancien système vers Direct ?
Contrairement à l'ancien système, notre plateforme n'envoie pas de notifications par e-mail pour les commandes Direct traitées ou les mises à jour de statut.
Utilisez les webhooks pour recevoir des notifications sur les mises à jour de statut des transactions. En fonction du résultat, implémentez un mécanisme sur votre serveur pour envoyer des e-mails à votre/vos clients. Cela vous permettra de personnaliser le contenu, le moment et de sélectionner les mises à jour de statut pour lesquelles vous souhaitez envoyer des e-mails.
En savoir plus sur la migration des fonctionnalités héritées vers Direct dans notre guide dédié.
Selon le scénario, l'obtention et l'affichage du résultat de la transaction / 3-D Secure diffère :
Cinématique Frictionless/Pas d'authentification 3-D Secure
Vos clients restent sur votre boutique en ligne. Adaptez la page de paiement de votre boutique en ligne selon le statusOutput.statusCode tel que retourné par la requête initiale CreatePayment.
Cinématique Challenge
Nous recevons le résultat de la transaction / 3-D Secure et redirigeons vos clients vers votre boutique en ligne. Définissez un cardPaymentMethodSpecificInput.returnUrl dans la requête initiale CreatePayment pour cette redirection. Assurez-vous d'implémenter un mécanisme sur ce returnUrl qui notifie votre serveur de cette redirection. Dès réception de cette notification, envoyez une requête GetPaymentDetails pour obtenir le résultat de la transaction. Utilisez le payment.id de la requête initiale CreatePayment :
Adaptez le returnUrl en fonction du statusOutput.statusCode tel que retourné par cette requête GetPaymentDetails.
Découvrez dans notre guide des statuts plus d'informations sur les propriétés de la réponse, leur signification et comment procéder de manière appropriée en fonction du statut des transactions.
Vous pouvez également recevoir le résultat de la transaction / 3-D Secure via les webhooks. Notez que les webhooks sont des événements asynchrones. Par conséquent, ils ne conviennent pas pour gérer des événements en temps réel pendant le processus de paiement.
Flows
Find a full transaction flow involving every party and (optional) steps in this overview:
- Your customers go to your check-out page and finalise the purchase.
- You send a CreateHostedFields session to our platform. Our platform returns the sdkUrl / hostedFieldsSessionId.
- You load the sdkUrl library to initialise the Hosted Fields in the input fields on your checkout page.
- Your customers enter their card details in the input fields and submit the card data to our platform.
- Our platform tokenises the card data.
- You send a CreatePayment request to our to our platform using our Server-to-server integration method, including the mandatory 3-D Secure properties.
6'(optional).We perform a fraud prevention check. - Our platform sends a response containing a merchantAction object, instructing you how to proceed. These scenarios are possible:
a) 3-D Secure frictionless flow (merchantAction.actionType=null). The flow continues at step 13).
b) 3-D Secure challenge flow (merchantAction.actionType="REDIRECT"). The flow continues at step 8).
c) No 3-D Secure authentication (merchantAction.actionType=null). The flow continues at step 13). - You redirect the customer to her/his issuing bank for 3-D Secure authentication. The customer identifies herself/himself.
- Our platform receives the 3-D Secure authentication result from the issuer. Based on the result, two scenarios are possible:
a) If the identification was unsuccessful, we redirect your customers to your returnUrl, ending the flow. You request/show the transaction result as described in step 12.
b) If the identification was successful, the flow continues at step 10. - We process the transaction and receive the result from the acquirer.
- We redirect your customer to your returnUrl.
- You request the transaction result from our platform and show it on your returnUrl/in your webshop.
- If the transaction was successful, you can deliver the goods/services.
Custom styling
The Hosted Fields solutions allows you a maximum of customisation, blending them seamlessly into your checkout page. These styles apply inside the iframe and do not interfere with your site's global CSS.
The content inside the embedded <iframe> instances is minimised whereas all other elements (i.e. borders, labels, overall layout) are managed by your website's CSS.
Customise the embedded <iframe> instance when initialising the Hosted Fields via the var config:
{
"style": {
"input": {
"color": "#000000",
"font-family": "courier, monospace",
"font-size": "14px"
},
"input::placeholder": {
"color": "#999999"
}
}
}Authorised selectors and CSS properties
For security reasons, our platform only allows the following CSS selectors and properties. These styles apply inside the <iframe> instances and do not interfere with your site's global CSS.
| Selectors | CSS Properties |
|---|---|
| input input:valid input:invalid select select:valid select:invalid select:disabled input::placeholder :valid :invalid :disabled ::placeholder |
background-color border border-radius caret-color color font-family font-size font-style font-variant font-weight letter-spacing line-height margin padding text-decoration |
CSS classes
The <iframe> instances implement the following CSS classes, allowing you to adapt their styling to their current status:
| Class | Description |
|---|---|
| sdpx-field-focus | Current field becomes focused. |
| sdpx-field-empty | Current field loses focus and is empty. |
| sdpx-field-valid | Current field validates the semantic rules in place getting input. |
| sdpx-field-invalid | Current field does not validate the semantic rules in place when getting input. |
| sdpx-field-ready | Current field is ready for accepting input. |
Use existing token
Our platform allows you to store your customers' credit card data permanently for 1‑click payments. By pre‑filling the Hosted Fields with the stored data, your customers' payment experience will become even smoother and improve your conversion rate.
As the token is already existing at the time of the transaction request, the payment flow is different:
- Step 1: Instruct our platform you want to use an existing token. To do so, modify the request CreateHostedFieldsSession by adding the property tokens. List all the identifiers for existing tokens for your customer:
{"locale":"en-GB", "tokens": "Your_token"} - Step 2 : Load the JavaScript library to checkout page.
- Step 3 : Initialise the Hosted Fields on your checkout page. As the card data will be pre-filled, only display the CVV.
var config = { "sessionData": "apiResponse.sessionData", "logLevel": "debug", "style": { "input": { "color": "#000000", "font-family": "courier, monospace", "font-size": "14px" }, "input::placeholder": { "color": "#999999" } }, "fields": { "csc": { "id": "csc", "title": "Your card security code", "caption": "Your card security code", "placeholder": "123" } } } - Step 4 : Populate the hostedFields instance with the token to be used:
Mind that the same session can be loaded multiple times on the same page.hostedFields.useToken(existingTokenId);
Make sure to call useToken on the right instance if you choose to load more than one token. - Step 5 : Listen for validation events, submit and create the payment like in the regular flow.
- Utiliser un token existant pour 1-click payments remplit automatiquement le numéro de carte de crédit et la date d'expiration de vos clients.
- En raison de SCA, vos clients pourraient tout de même devoir entrer leur CVC et/ou passer une vérification d'authentification 3-D Secure. Notre formulaire de paiement affiche les champs obligatoires à remplir automatiquement.