Creating a save echeck page with your own form

Background
Before starting this tutorial, make sure you understand the following topics from the Quick start section:

📘

Note

Although bank data never touches your servers, using your own form changes your PCI liability from SAQ A to SAQ A-EP.

  1. Create a Form on Your Web Page

    <html>
        <form id="myForm">
        </form>
    </html>
    

  2. Add Fields to Your Form

    The following fields are required by Nexio:

    • Account holder name (bank.accountHolderName)
    • Routing number (bank.routingNumber)
    • Account number (bank.encryptedBankAccountNumber)
      (Your form will accept the full account number, which you will then encrypt prior to sending it to Nexio—see step 4)

    You may include any fields listed in the Save echeck token endpoint.

  3. Load the Form

    Load the form on your page and allow the user to enter their information.

  4. Encrypt the Bank Account Number

    Prior to sending the bank information to Nexio, you must encrypt it using browser-based encryption.
    To do so, follow the steps below.

    a. Contact us to obtain the public key.
    While testing in the sandbox environment, you may use the sandbox public key, shown below.

    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWpIQFjQQCPpaIlJKpeg
    irp5kLkzLB1AxHmnLk73D3TJbAGqr1QmlsWDBtMPMRpdzzUM7ZwX3kzhIuATV4Pe
    7RKp3nZlVmcrT0YCQXBrTwqZNh775z58GP2kZs+gVfNqBampJPzSB/hB62KkByhE
    Cn6grrRjiAVwJyZVEvs/2vrxaEpO+aE16emtX12RgI5JdzdOiNyZEQteU6zRBRJE
    ocPWVxExaOpVVVJ5+UnW0LcalzA+lRGRTrQJ5JguAPiAOzRPTK/lYFFpCAl/F8wt
    oAVG1c8zO2NcQ0Pko+fmeidRFxJ/did2btV+9Mkze3mBphwFmvnxa35LF+Cs/XJHDwIDAQAB
    

    b. Encrypt the account number using the public key and standard RSA encryption. See this JSFiddle page for an example of how to encrypt data to be tokenized.

    📘

    Note

    If you want to store the token in your own database you must either use a callback or use the token returned in the event info. Echeck tokens can be used to process through any MID on your account. They are not restricted to a specific merchant account or currency.

    ❗️

    Warning

    If you do not to perform browser-based encryption in the card holder's browser you have full PCI liability.



  5. Send Bank Information to Your Server

    Send the encrypted bank account number and other bank information to your server.

  6. Post Bank Information to Nexio

    a. Request a one-time-use token.

    b. Send a POST request from your server to the Save echeck token endpoint with the one-time-use token and the bank information.

    curl -X POST https://api.nexiopaysandbox.com/pay/v3/saveECheck \
      -H 'Content-Type: application/json' \
      -H 'Accept: application/json' \
      -H 'Authorization: Basic [Base64_encoded_login]'
      -d '{
      "bank": {
        "accountHolderName": "John Doe",
        "routingNumber": "231375151"
      },
      "token": "830d36f6-a5e3-4455-9600-3a55b63e2fc2"
    }'
    

  7. Listen for Nexio's Response

    If Nexio returns a 200 status:

    • Display a success page to the customer.
    • Save the echeck token (tokenex.token). eCheck tokens can be used to process through any MID on your account. They are not restricted to a specific merchant account or currency.
      You will need this echeck token to run a transaction as well as to view, edit, or delete the echeck token.

    If Nexio returns a non-200 status:

    Contact Integrations Support if you need additional help.