Creating a save echeck page with your own form
Background |
---|
Before starting this tutorial, make sure you understand the following topics from the Quick start section:
|
Note
Although bank data never touches your servers, using your own form changes your PCI liability from SAQ A to SAQ A-EP.
-
Create a Form on Your Web Page
<html> <form id="myForm"> </form> </html>
-
Add Fields to Your Form
The following fields are required by Nexio:
- Account holder name (
bank.accountHolderName
) - Routing number (
bank.routingNumber
) - Account number (
bank.encryptedBankAccountNumber
)
(Your form will accept the full account number, which you will then encrypt prior to sending it to Nexio—see step 4)
You may include any fields listed in the Save echeck token endpoint.
- Account holder name (
-
Load the Form
Load the form on your page and allow the user to enter their information.
-
Encrypt the Bank Account Number
Prior to sending the bank information to Nexio, you must encrypt it using browser-based encryption.
To do so, follow the steps below.a. Contact us to obtain the public key.
While testing in the sandbox environment, you may use the sandbox public key, shown below.MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWpIQFjQQCPpaIlJKpeg irp5kLkzLB1AxHmnLk73D3TJbAGqr1QmlsWDBtMPMRpdzzUM7ZwX3kzhIuATV4Pe 7RKp3nZlVmcrT0YCQXBrTwqZNh775z58GP2kZs+gVfNqBampJPzSB/hB62KkByhE Cn6grrRjiAVwJyZVEvs/2vrxaEpO+aE16emtX12RgI5JdzdOiNyZEQteU6zRBRJE ocPWVxExaOpVVVJ5+UnW0LcalzA+lRGRTrQJ5JguAPiAOzRPTK/lYFFpCAl/F8wt oAVG1c8zO2NcQ0Pko+fmeidRFxJ/did2btV+9Mkze3mBphwFmvnxa35LF+Cs/XJHDwIDAQAB
b. Encrypt the account number using the public key and standard RSA encryption. See this JSFiddle page for an example of how to encrypt data to be tokenized.
Note
If you want to store the token in your own database you must either use a callback or use the token returned in the event info. Echeck tokens can be used to process through any MID on your account. They are not restricted to a specific merchant account or currency.
Warning
If you do not to perform browser-based encryption in the card holder's browser you have full PCI liability.
-
Send Bank Information to Your Server
Send the encrypted bank account number and other bank information to your server.
-
Post Bank Information to Nexio
a. Request a one-time-use token.
b. Send a
POST
request from your server to the Save echeck token endpoint with the one-time-use token and the bank information.curl -X POST https://api.nexiopaysandbox.com/pay/v3/saveECheck \ -H 'Content-Type: application/json' \ -H 'Accept: application/json' \ -H 'Authorization: Basic [Base64_encoded_login]' -d '{ "bank": { "accountHolderName": "John Doe", "routingNumber": "231375151" }, "token": "830d36f6-a5e3-4455-9600-3a55b63e2fc2" }'
-
Listen for Nexio's Response
If Nexio returns a 200 status:
- Display a success page to the customer.
- Save the echeck token (
tokenex.token
). eCheck tokens can be used to process through any MID on your account. They are not restricted to a specific merchant account or currency.
You will need this echeck token to run a transaction as well as to view, edit, or delete the echeck token.
If Nexio returns a non-200 status:
- Display a failure page to the customer.
- Handle the error. See our list of common errors for more information.
Contact Integrations Support if you need additional help.
Updated 7 months ago