Enabling security code verification with the iframe

Background
Before starting this tutorial, make sure you understand the following topics from the Quick start section: Sandbox environments (especially about testing). Authentication (about authenticating using your API user and when you need a login versus a one-time-use token).

You can enable security code verification while saving a card token with the iframe, with your own form, or through the API.

Prepare the Iframe

Follow steps 1-2 of the Creating a save card page with the iframe tutorial.
Request a One-time-use Token

a. Request an e-commerce one-time-use token.

Include the object "processingOptions": { "verifyCvc": true } in the body of your request.

b. Adjust the requireCvc and hideCvc UI options as desired. (Optional)

See the Settings for security code verification table for an explanation of how changing these settings will affect your iframe.

The following will be selected by default:
- requireCvc: true
- hideCvc: false
```
curl -X POST https://api.nexiopaysandbox.com/pay/v3/token \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Basic [Base64_encoded_login]'
  -d '{
  "processingOptions": {
    "verifyCvc": true
  }
}'
```
Load the Iframe

Follow steps 4-6 of the Creating a save card page with the iframe.
Now, when the iframe is loaded, a CVC check will be performed.
Nexio will return the results back to you in the CVC response.

Settings for security code verification

verifyCvc	hideCvc	requireCvc	Result
`true`	`false`	`true`	The user will be required to input the CVC field. The card will be saved if the security code is verified or if verification cannot be completed (error). If the security code is not verified (failure), the card will not be saved.
`true`	`false`	`false`	The card will only be saved if the provided CVC is verified, but users will also have the option of ignoring the CVC field.
`false`	`false`	`true`	The security code will not be verified and the card will be saved.

Please also note the following:

verifyCvc	hideCvc	requireCvc	Result
`true`	`true`	`true`, `false`	You will receive a 400 error, because the CVC cannot be verified when the field is hidden.

Updated 9 days ago