Token ID is a unique value that is associated with the customer’s credit card information during a transaction. The GET Token method sends the credit card information via Midtrans.min.js to Midtrans server and returns the Token ID to you.
To utilize Midtrans JavaScript library, add the code given below in your payment page inside the <head> tag.
<script id= "midtrans-script" src="https://api.midtrans.com/v2/assets/js/midtrans-new-3ds.min.js" data-environment="<production|sandbox>" data-client-key="<INSERT CLIENT KEY HERE>" type="text/javascript"></script>
Note
The GET Token method and its features are applicable only for card transactions. Read more here for API references on various card features to be used in conjuction with this guide.
Midtrans JavaScript Library
Midtrans JavaScript library consists of two functions as given below.
- Get Card Token: Securely sends the customer’s payment card details to Midtrans server, without the merchant handling the credit card details.
- Redirect: Redirects the customer to 3DS authentication page.
Secure token only support 3DS 1.0, need to implement 3DS 2.0 refer Card Feature: 3D Secure (3DS)
3D Secure 2.0 is an authentication protocol that aims to reduce fraud and enhance security in online card payments.
| Attribute | Description |
|---|---|
| data-environment | The environment which the request is pointing to. Possible values are production and sandbox. |
| data-client-key | Your Client key. For more details, refer Retrieving API Access Keys. |
8 Digit Bin
With the oncoming mandates from Visa and other principals, Midtrans will start supporting 8-digit BIN's for card transaction processing flows.
The 8-digit bin changes on CoreAPI and will impact the length of token_id and format of saved_token_id.
Changes list:
- Change on token_id length from
6 first digit + "-" + 4 last digit + "-" + 36 random digitinto 8first digit + "-" + 4 last digit + "-" + 36 random digit(e.g:481111-1114-7baba36c-5698-47cf-9170-80efd6a2e973to48111111-1114-7baba36c-5698-47cf-9170-80efd6a2e973) - Change on saved_token_id length from
6 first digit + 22 random digit + 4 last digitinto8 first digit + 20 random digit + 4 last digit(e.g:481111sHdcfSakAvHvFQFEjTivUV1114to48111111sHfSakAvHvFQFEjTivUV1114) - Masked_card on response, event, log changed from
6 first digit + 4 last digit from card numberinto8 first digit + 4 last digitfrom a card number - Support 8 Digit bin in Midtrans Fraud Detection System (for Aegis's users)
- Support 8 digit bin in Bin API
Getting Card Token
GET Card Token Request
The card object attributes are given below. Depending on the token type, some parameters are conditional.
// Create the card object with the required fields
var card = {
card_number: "4811111111111114",
card_cvv: "123",
card_exp_month: "12",
card_exp_year: "2025",
bank_one_time_token: "12345678"
}
var options = {
onSuccess: function(response) {
// Implement success handling here
},
onFailure: function(response) {
// Implement error handling here
}
}
MidtransNew3ds.getCardToken(card, options);
| JSON Attribute | Description | Normal | Two Clicks | Remarks |
|---|---|---|---|---|
| card_number | The 16 digits Credit Card number. | Required | Conditional | Space( ) is allowed. For example, 4111 1111 1111 1111 or 4111111111111111 both are valid. |
| card_cvv | The CVV number printed on the card. | Required | Required | For example, 123. |
| card_exp_month | The card expiry month in MM format. | Required | Conditional | For example, 12. |
| card_exp_year | The card expiry year in YYYY format. | Required | Conditional | For example, 2022. |
| token_id | The token ID of credit card saved previously. Its value is same as the saved_token_id retrieved from initial Charge response. | Conditional | Required | For example, 48111111sHfSakAvHvFQFEjTivUV1114. |
| bank_one_time_token | The one-time token is shown on the customer's phone mobile banking | Conditional | - | For example, 12345678 |
Note
bank_one_time_token is only required for KKI (Kartu Kredit Indonesia) transactions, where merchants must send CPAN as card number and OTT as bank_one_time_token to get the Midtrans one-time token.
GET Card Token Response
Callback response object attributes are listed below.
| JSON Attribute | Description | Remarks |
|---|---|---|
| status_code | Status code of transaction charge result. | "200" for success, "400" when validation error. |
| status_message | Status message describing the result of the API request. | "OK, success request new token". |
| validation_messages | The message describing the error. | “card_exp_year must be greater than this year”, "card_exp_month must be greater than this year's month”. |
| token_id | The token id of the card. | "48111111-1114-d3d690db-3e18-4edd-9fee-4d061e4eb6f3" Note: token_id is required during Card Payment Charge Transaction. |
| hash | Produced from one-way hashing of the given card number. This value is irreversible and will always be consistent for each card number. | "6d9df2ff-ae9c-3cee-a5ff-a063dc476077" |
Available options are given below.
| Name | Description |
|---|---|
| onSuccess | This function is called only when get token responds with status code 200. |
| onFailure | This function is called for all the other status codes except 200. |