Creating a save echeck page with your own form



Although bank data never touches your servers, using your own form changes your PCI liability from SAQ A to SAQ A-EP.

  1. Create a Form on Your Web Page

        <form id="myForm">

  2. Add Fields to Your Form

    The following fields are required by Nexio:

    • Account holder name (bank.accountHolderName)
    • Routing number (bank.routingNumber)
    • Account number (bank.encryptedBankAccountNumber)
      (Your form will accept the full account number, which you will then encrypt prior to sending it to Nexio—see step 4)

    You may include any fields listed in the Save echeck token endpoint.

  3. Load the Form

    Load the form on your page and allow the user to enter their information.

  4. Encrypt the Bank Account Number

    Prior to sending the bank information to Nexio, you must encrypt it using browser-based encryption.
    To do so, follow the steps below.

    a. Contact us to obtain the public key.
    While testing in the sandbox environment, you may use the sandbox public key, shown below.


    b. Encrypt the account number using the public key and standard RSA encryption. See this JSFiddle page for an example of how to encrypt data to be tokenized.



    If you want to store the token in your own database you must either use a callback or use the token returned in the event info. Echeck tokens can be used to process through any MID on your account. They are not restricted to a specific merchant account or currency.



    If you do not to perform browser-based encryption in the card holder's browser you have full PCI liability.

  5. Send Bank Information to Your Server

    Send the encrypted bank account number and other bank information to your server.

  6. Post Bank Information to Nexio

    a. Request a one-time-use token.

    b. Send a POST request from your server to the Save echeck token endpoint with the one-time-use token and the bank information.

    curl -X POST \
      -H 'Content-Type: application/json' \
      -H 'Accept: application/json' \
      -H 'Authorization: Basic [Base64_encoded_login]'
      -d '{
      "bank": {
        "accountHolderName": "John Doe",
        "routingNumber": "231375151"
      "token": "830d36f6-a5e3-4455-9600-3a55b63e2fc2"

  7. Listen for Nexio's Response

    If Nexio returns a 200 status:

    • Display a success page to the customer.
    • Save the echeck token (tokenex.token). eCheck tokens can be used to process through any MID on your account. They are not restricted to a specific merchant account or currency.
      You will need this echeck token to run a transaction as well as to view, edit, or delete the echeck token.

    If Nexio returns a non-200 status:

    Contact Integrations Support if you need additional help.