Creating a save card page with the iframe

Background
Before starting this tutorial, make sure you understand the following topics from the Quick start section: Sandbox environments (especially about testing). Authentication (about authenticating using your API user and when you need a login versus a one-time-use token).

A save card page allows you to gather card information (also known as tokenization) from a customer for use in a future transaction.

You can use the Nexio iframe as part of your save card page. The iframe uses RSA encryption with no padding in the customer's web browser in order to limit your PCI scope.

You can control the fields that display in the iframe, as well as the style of the iframe. For more information about these, see the Customizing the iframe topic.

To create a save card page with the iframe, complete the following steps:

Create an iframe on your web page, as in the following example:

<html>
  <body>
    <iframe id="myIframe" src="">
    </iframe>
  </body>
</html>

Create an event listener to monitor actions in the iframe. This listener keeps your code updated on what is happening inside the iframe. You handle the success, error, and loading states here.

See our Iframe events table for a list of possible events.

The following is an example of how to add an event listener with JavaScript:
```
window.addEventListener('message', function messageListener(event) {
    if (event.origin === iframeUrl) {
        // switch on event.data properties
        // (e.g. loaded, formValidations, error)
    }
});
```
On page load, request a one-time-use token by sending a POST request to the Create one-time-use token endpoint.

Note that you must include uiOptions and processingOptions in this request because they affect the display and function of the iframe. (See the endpoint reference for more information about these objects.)

If you do not need any parameters, you can pass nothing in the body, as in the following example:
```
curl -X POST https://api.nexiopaysandbox.com/pay/v3/token \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Basic [Base64_encoded_login]'
  -d '{}'
```
```
{
  "expiration": "2022-03-14T15:43:05.664Z",
  "fraudUrl": "https://api.nexiopaysandbox.com/pay/v3/fingerprint?token=830d36f6-a5e3-4455-9600-3a55b63e2fc2",
  "token": "830d36f6-a5e3-4455-9600-3a55b63e2fc2"
}
```
You will use the token in the next steps.
👍
Try it out . . .
1. Go to the Create one-time-use token endpoint.
2. In the main content area, click the "SAVE CARD TOKEN IFRAME" option.
3. In the right pane, type your API username and password.
4. Select the language you want to use (or leave the default selection).
5. Click the Try It! button.
  See the token in the Response area.
Copy or store the token value from the above response.

The token is your one-time-use token.
📘
Notes
- Each one-time-use token expires after one hour.
- Each one-time-use token can only be used to submit a single iframe form.
Assign the src value of the iframe.

a. Set the start of the iframe's URL to the Save card token with iframe endpoint. (https://api.nexiopaysandbox.com/pay/v3/saveCard).

b. Append the one-time-use token to the iframe's URL in a query parameter called token.

c. Assign the result to your iframe's src tag.
📘
Notes
- If an error occurs while loading an iframe, the endpoint returns a JSON object with the error message.
- To receive an HTML response instead, include shouldReturnHtml=true as an additional query parameter in the save card token URL.
```
var iframeBaseUrl = "https://api.nexiopaysandbox.com/pay/v3/saveCard";
var oneTimeUseToken = "?token=" + token;
var returnHtml = "&shouldReturnHtml=true";
var url = iframeBaseUrl + oneTimeUseToken + returnHtml;
window.document.getElementById('myIframe').src = url;
```
👍
Try it out . . .
1. Go to the Save card token with iframe endpoint.
2. Using the token you got from step 3 above, in the "Authentication" area, paste the token text.
3. Click the Try It! button.
  The response shows the HTML returned to the iframe.
Add an event listener to your form's submit button that triggers a POST request inside the iframe.
```
myForm.addEventListener('submit', function processPayment(event) {
    event.preventDefault();
    const url = 'https://api.nexiopaysandbox.com';
    myIframe.contentWindow.postMessage('posted', url);
    return false; // keeps the form from auto submitting
});
```
Now when a user clicks submit on your outer form, the iframe submits itself.

Because of the event listener you created in step 2, your code is aware of iframe responses and errors.

👍Try it out . . .

📘Notes

📘Notes

👍Try it out . . .

👍
Try it out . . .

📘
Notes

📘
Notes

👍
Try it out . . .