Creating a save echeck page with your own form

📘

Note

Although bank data never touches your servers, using your own form changes your PCI liability from SAQ A to SAQ A-EP.

  1. Create a Form on Your Web Page

    Example
    <html>
        <form id="myForm">
        </form>
    </html>
    

  2. Add Fields to Your Form

    The following fields are required by Nexio:

    • Account holder name (bank.accountHolderName)
    • Routing number (bank.routingNumber)
    • Account number (bank.encryptedBankAccountNumber)
      (Your form will accept the full account number, which you will then encrypt prior to sending it to Nexio—see step 4)

    You may include any fields listed in the Save echeck token endpoint.

  3. Load the Form

    Load the form on your page and allow the user to enter their information.

  4. Encrypt the Bank Account Number

    Prior to sending the bank information to Nexio, you must encrypt it using browser-based encryption.
    To do so, follow the steps below.

    a. Contact us to obtain the public key.
    While testing in the sandbox environment, you may use the sandbox public key, shown below.

    Sandbox Public Key
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWpIQFjQQCPpaIlJKpeg
    irp5kLkzLB1AxHmnLk73D3TJbAGqr1QmlsWDBtMPMRpdzzUM7ZwX3kzhIuATV4Pe
    7RKp3nZlVmcrT0YCQXBrTwqZNh775z58GP2kZs+gVfNqBampJPzSB/hB62KkByhE
    Cn6grrRjiAVwJyZVEvs/2vrxaEpO+aE16emtX12RgI5JdzdOiNyZEQteU6zRBRJE
    ocPWVxExaOpVVVJ5+UnW0LcalzA+lRGRTrQJ5JguAPiAOzRPTK/lYFFpCAl/F8wt
    oAVG1c8zO2NcQ0Pko+fmeidRFxJ/did2btV+9Mkze3mBphwFmvnxa35LF+Cs/XJHDwIDAQAB
    

    b. Encrypt the account number using the public key and standard RSA encryption. See this JSFiddle page for an example of how to encrypt data to be tokenized.

    Note: If you want to store the token in your own database you must either use a callback or use the token returned in the event info.

    If you do not to perform browser-based encryption in the card holder's browser you have full PCI liability.

  5. Send Bank Information to Your Server

    Send the encrypted bank account number and other bank information to your server.

  6. Post Bank Information to Nexio

    a. Request a one-time-use token.

    b. Send a POST request from your server to the Save echeck token endpoint with the one-time-use token and the bank information.

    Example Request
    curl -X POST https://api.nexiopaysandbox.com/pay/v3/saveECheck \
      -H 'Content-Type: application/json' \
      -H 'Accept: application/json' \
      -H 'Authorization: Basic [Base64_encoded_login]'
      -d '{
      "bank": {
        "accountHolderName": "John Doe",
        "routingNumber": "231375151"
      },
      "token": "830d36f6-a5e3-4455-9600-3a55b63e2fc2"
    }'
    

  7. Listen for Nexio's Response

    If Nexio returns a 200 status:

    • Display a success page to the customer.
    • Save the echeck token (tokenex.token).
      You will need this token to run a transaction as well as to view, edit, or delete the card token.

If Nexio returns a non-200 status:


Did this page help you?