Enabling security code verification with the iframe

Before starting this tutorial, make sure you understand the following topics from the Quick start section:

You can enable security code verification while saving a card token with the iframe, with your own form, or through the API.

  1. Prepare the Iframe

    Follow steps 1-2 of the Creating a save card page with the iframe tutorial.

  2. Request a One-time-use Token

    a. Request an e-commerce one-time-use token.

    Include the object "processingOptions": { "verifyCvc": true } in the body of your request.

    b. Adjust the requireCvc and hideCvc UI options as desired. (Optional)

    See the Settings for security code verification table for an explanation of how changing these settings will affect your iframe.

    The following will be selected by default:

    • requireCvc: true
    • hideCvc: false
    curl -X POST https://api.nexiopaysandbox.com/pay/v3/token \
      -H 'Content-Type: application/json' \
      -H 'Accept: application/json' \
      -H 'Authorization: Basic [Base64_encoded_login]'
      -d '{
      "processingOptions": {
        "verifyCvc": true

  3. Load the Iframe

    Follow steps 4-6 of the Creating a save card page with the iframe.
    Now, when the iframe is loaded, a CVC check will be performed.
    Nexio will return the results back to you in the CVC response.

Settings for security code verification

truefalsetrueThe user will be required to input the CVC field. The card will be saved if the security code is verified or if verification cannot be completed (error). If the security code is not verified (failure), the card will not be saved.
truefalsefalseThe card will only be saved if the provided CVC is verified, but users will also have the option of ignoring the CVC field.
falsefalsetrueThe security code will not be verified and the card will be saved.

Please also note the following:

truetruetrue, falseYou will receive a 400 error, because the CVC cannot be verified when the field is hidden.