API Credentials
Brick provides you with the following API credentials:
- Public API Key - used for building the Frontend credit card form. This can be publicly available to your end-users.
- Private API Key - used for charging cards from your backend. Keep this private at all times.
Step 1: Front End
To charge a credit card, you will first need to collect the credit card details from the end-user and pass them to your backend. Brick helps you to do this in a PCI DSS compliant manner by creating a one-time token that you can further use to charge the card on Step 2.
Please note: payment pages are required to be loaded via https://
(At least TLSv1.1 is recommended).
Step 2: Back End
Below is the code sample for your backend script (billing.php) that uses the credit card token obtained on Step 1 to charge the card. The code sample below uses Brick PHP Library.
12345678910 11121314151617181920212223 232425262728293031require_once 'path/to/lib/paymentwall.php'; Paymentwall_Config::getInstance()->set(array( 'private_key' => 'YOUR_PRIVATE_KEY' )); $parameters = $_POST; $cardInfo = array( 'email' => $parameters['email'], 'amount' => 9.99, 'currency' => 'USD', 'token' => $parameters['brick_token'], 'fingerprint' => $parameters['brick_fingerprint'], 'description' => 'Order #123' ); $charge = new Paymentwall_Charge(); $charge->create($cardInfo); $response = $charge->getPublicData(); if ($charge->isSuccessful()) { if ($charge->isCaptured()) { // deliver a product } elseif ($charge->isUnderReview()) { // decide on risk charge } } else { $errors = json_decode($response, true); } echo $response;
Step 3: Testing
Using your Test API Keys available in your merchant area upon activating Brick, you can use one of the cards below for performing tests:
4242424242424242
4000000000000002
Test CVV/CSC values:
Value | Outcome |
---|---|
111 | Error: Please ensure the CVV/CVC number is correct before retrying the transaction. | 222 | Error: Please contact your credit card company to check your available balance. | 333 | Error: Please contact your credit card company to approve your payment. | 555 | Payment is under risk review. Payment is accepted after 2 minutes and respective pingback is sent (type=201). See Preventing Fraud. | 556 | Payment is under risk review. Payment is declined after 2 minutes and respective pingback is sent (type=202). See Preventing Fraud. | Other | Success |
Brick.js
Brick.js is a powerful JavaScript library for building Brick standard credit card forms, tokenizing credit card data, adding submit listeners for tokenizing your custom credit card forms, as well as generating fingerprints for risk scoring.
Brick(options[, type])
Initializes Brick.js
- options - required - object - list of options for Brick.js:.
- public_key - required - Your project's Public Key
- container - required - ID of the container where payment form will be placed
- amount - required - Payment amount
- currency - required - Payment currency
- action - required - Pyment form action URL
- form - optional - Payment form configuration object
- id - optional - ID of the pyment form. Used for one-line tokenization of custom forms
- merchant - Your company name
- product - Your product name
- pay_button - Text for submit button
- lang - optional - ISO alpha-2 language code to localize the payment form into
- onTokenized(data) - optional - Callback after custom payment form is tokenized and hidden inputs brick_token and brick_fingerprint are added to the form. Used for one-line tokenization of custom forms.
- data - optional - object - Data format is similar to response from Tokenization API.
- onError(errors) - optional - Callback for errors that occurred during one-line tokenization.
- errors - optional - object - Returns error response object. For example,
{"success": "0", "error": {"code": "3004", "message": "Expiration month is invalid"}}
- type - optional - payment form type. Possible value: default, custom
Brick.showPaymentForm(onSuccess, onError)
- onSuccess(data) - required - object - Callback on successful payment
- data - optional - object - Returns object. For example,
{"success": "1"}
- onError(errors) - required - Callback when something went wrong
- errors - optional - object - Returns error response object. For example,
{"success": "0", "error": {"code": "3004", "message": "Expiration month is invalid"}}
Brick.tokenizeCard(data, callback)
- data - required - Tokenization data. Possible values: HTMLElement | jQuery object | JavaScript Object // HTMLElement
- document.getElementById('my-payment-form') // JavaScript object
- card_number - Card number
- card_expiration - Card expiration date. Format (MM / YY), for example: "10 / 22"
- card_expiration_month - Card expiration month
- card_expiration_year - Card expiration year
- card_cvv - Card CVV
- callback(data) - required - Callback returning tokenization data on success.
- data - optional - object - Data format is similar to response from Tokenization API
Brick.localize(form, language, options)
Localizes a custom payment form.
- form - required - Payment form HTML Element / jQuery element
- language - optional - string - Language used for translations. Available options: 'de', 'ja', 'fr'. English is set by default.
- options - optional - object - Config for translations. Format: {element: 'label|span|div', position: 'adjacent|inner'}
API Reference
Authentication
HTTP Header
All API endpoints except One-time Token expect the Private API key to be sent as custom HTTP header "X-ApiKey". For example, "X-ApiKey: YOUR_PRIVATE_KEY". The API libraries supporting Brick automatically add this API header.
Please note that the Private API key can only be used for server-to-server calls and should never be exposed to end-users. For this reason One-time Token API accepts Public API key via public_key parameter instead of the Private API key header. Paymentwall is also expecting header Content-Type: application/x-www-form-urlencoded Client-side libraries supporting Brick automatically add X-ApiKey and Content-Type into API requests.
One-Time Token
Create a One-Time Token
This section describes how to create a one-time token that can be used for charging a card. The one-token is valid for 5 minutes to further perform a charge.
One-time token can be created utilizing Brick.js - see Step 1: Frontend. Alternatively, for merchants who are PCI DSS compliant, the API below can be used.
Request
POST https://pwgateway.com/api/token
(If you're using test keys - POST https://api.paymentwall.com/api/brick/token)
Parameter | Description |
---|---|
public_key | Merchant's public API key |
card[number] | Card number, digits only |
card[exp_month] | Expiration month, 2 digits from 01 to 12 |
card[exp_year] | Expiration year, 4 digits |
card[cvv] | CVC/CVV, 3-4 digits |
Simple Request
Sample Response - Success
Sample Response - Error
One-Time Token Error Codes
- 200 - Submited request is empty
- 223 - Expiration date is empty or invalid
- 224 - Card number is empty or invalid
- 225 - CVV is empty or invalid
- 231 - Internal Error
- 700 - Internal Error
- 2111 - Public key is missed or invalid
Charge
Create a Charge
Request
POST https://api.paymentwall.com/api/brick/charge
parameter | required | description |
---|---|---|
amount | yes | Amount to be charged, positive decimal, no commas. E.g. 9999.99 |
currency | yes | Code of the currency to be charged in ISO 4217 format |
browser_ip | yes, if no fingerprint | End-user's IP address |
browser_domain | yes, if no fingerprint | Domain of the website where the payment is originating from |
custom | no | Array of custom parameters, e.g. custom[field1]=1, custom[field2]=2. To receive these values via Pingbacks, please add Custom Pingback Parameter with name=custom and value=OWN |
description | yes | Description for the payment |
yes | End-user's email | |
fingerprint | yes | Brick-generated unique fingerprint of a purchase, used for fraud protection as well as advanced analytics. This field is automatically added as a hidden field to your credit card form when brick.js is used on frontend |
lang | no | ISO alpha-2 language code for email receipt localization, supported languages |
options[capture] | no | Whether or not to immediately capture the charge. Default is true |
plan | no | Identifies the product ID, send back as goodsid parameter in Pingbacks |
store_card | no | Whether to tokenize credit card details for subsequent purchases and return Permanent Token parameter in Charge object. Default value is 1 |
token | yes | One-time Token generated for the card or Permanent Token returned in card.token in Charge object |
uid | no | Identifies the internal end-user ID within merchant's system. Used for uid parameter in Pingbacks. If omitted, email is used as uid parameter in Pingbacks |
User Profile API parameters | yes | Parameters for enhanced Risk Scoring, such as customer[lastname], customer[firstname], address, engagement history. Refer to User Profile API |
Sample Request
Response - Returns a Charge Object
Preventing Fraud
Brick has an in-house risk scoring system assessing the risk level of every transaction in real time based on various such as velocity metrics, geolocation, transaction history, engagement, device information. Brick also has a 24/7 in-house team of risk analysts that perform agent review of transactions with high risk score on behalf of merchants. To ensure that Brick's risk engine has all the necessary data to score transactions accurately, please ensure to pass as much User Profile API information as possible along with every Charge or Subscription API creation request.
In case a payment is currently under risk review by Brick, the following fields will be returned in the charge object among the others:
{ ... "risk":"pending", "captured":false, ... }
At the same time, pingback with type=200 is sent to your server letting you know that the payment is pending risk review. Once the risk review is over (which normally takes only a few minutes), Brick will send a Pingback with the respective decision: type=201 if the payment is accepted; type=202 if the payment is declined. You can use Test CVV numbers 555 and 556 to emulate accepted and declined after risk review scenarios, respectively.
Storing a Card After a Charge
If you want to store the credit card for future use, you can store the permanent token (card.token field of charge response object) and use it for a new charge later on. For this you can use the following example utilizing Brick PHP library:
// Library initialization section $charge = new Paymentwall_Charge(/* charge details */); if ($charge->isSuccessful()) { store($charge->card->token); }
Please note that during charge you can pass options[capture]=true, thus only creating a temporary authorization without charging the funds from the user's card. You can then void the charge and return funds to the user.
Get Charge Details
Request
GET https://api.paymentwall.com/api/brick/charge/$id
Response
Charge object
Refund a Charge
Request
GET https://api.paymentwall.com/api/brick/charge/$id/refund
Response
Charge Object
Capture a Charge
Request
GET https://api.paymentwall.com/api/brick/charge/$id/capture
Response
Charge object
Void a Charge
Request
GET https://api.paymentwall.com/api/brick/charge/$id/void
Code example using Brick PHP library:
Response
Charge object
Subscriptions
Create a Subscription
Request
POST https://api.paymentwall.com/api/brick/subscription
parameter | required | description |
---|---|---|
amount | yes | Amount to be charged, positive decimal, no commas. E.g. 9999.99 |
currency | yes | Code of the currency to be charged in ISO 4217 format |
custom | no | Array of custom parameters, e.g. custom[field1]=1, custom[field2]=2. To receive these values via Pingbacks, please add Custom Pingback Parameter with name=custom and value=OWN |
description | yes | Description for the payment |
yes | End-user's email | |
fingerprint | yes | Paymentwall-generated unique fingerprint of a purchase, used for fraud protection as well as advanced analytics. This field is automatically added as a hidden field to your credit card form when brick.js is used on frontend |
lang | no | ISO alpha-2 language code for email receipt localization, supported languages |
plan | yes, if trial | Identifies the product ID, send back as goodsid parameter in Pingbacks |
period | yes | day/week/month/year |
period_duration | yes | Number of periods mentioned in the period parameter. By default minimum duration for recurring is 3 days. This can be adjusted by contacting devsupport@paymentwall.com |
token | yes | One-time Token generated for the card or Permanent Token returned in card.token in Charge object |
trial | optional | Trial subscription details array |
trial[amount] | yes, if trial | Trial amount. Free trials are also supported (to have free trials active for your account please contact devsupport@brickpayments.com) |
trial[currency] | yes, if trial | Trial currency |
trial[period] | yes, if trial | Trial recurring period |
trial[period_duration] | yes, if trial | Trial recurring period duration. By default minimum duration is 3 days. This can be adjusted by contacting devsupport@brickpayments.com |
uid | no | Identifies the internal end-user ID within merchant's system. Used for uid parameter in Pingbacks. If omitted, email is used as uid parameter in Pingbacks |
User Profile API parameters | yes | Parameters for enhanced Risk Scoring, such as lastname, firstname, address, engagement history. Refer to User Profile API |
Response - Returns a subscription object
{ "object":"subscription", "id":"VCBZT392SW", "period":"day", "period_duration":3, "payments_limit":122, "is_trial":0, "started":1, "expired":0, "active":1, "date_started":1419525232, "date_next":1419784432, "trial":{ "object":"subscription", "id":"VCBZT392SW", "period":"day", "period_duration":1, "payments_limit":1, "is_trial":1, "started":1, "expired":1, "active":0, "date_started":1419438832, "date_next":1419525232, } "charges":[ 49393608, 49393609 ] }
Every time a user is charged, a Pingback will be sent to your servers using the URL specified as the Pingback URL in your project settings.
Get Subscription Details
Request
GET https://api.paymentwall.com/api/brick/subscription/$id
Response
Subscription object
Cancel a Subscription
Request
GET https://api.paymentwall.com/api/brick/subscritpion/$id
Response
Susbscritpion object
Error
Error object
{
"type":"Error",
"error":"Wrong charge amount",
"code":3002
}
In case of an error, Paymentwall responds back with 4xx HTTP Response Status Codes. For example, error 4007 (API key is invalid) is sent back with 401 status code. In order to fetch the response body for error object, please make sure your application is able to read response body for requests that return 4xx status code.
List of Error Codes
- 1000 Internal error
- 1001 Project isn't loaded, please double-check the API keys
- 1003 Requested payment method is not active for the given project - contact devsupport@brickpayments.com
- 3000 Charge not found
- 3001 Permission denied
- 3002 Wrong charge amount
- 3003 Card number is missing or invalid
- 3004 Expiration month is invalid
- 3005 Expiration year is invalid
- 3006 Expiration date is invalid
- 3007 Currency is missing or invalid
- 3008 Please fill in all required fields
- 3009 Please correct the billing address and retry the transaction
- 3010 Please contact your credit card company to approve your payment
- 3011 Please contact your credit card company to check your available balance
- 3012 Transaction was declined
- 3013 Transaction was declined due to issues with the card
- 3014 Wrong CVV
- 3101 Please verify the credit card number and retry the transaction
- 3102 You submitted an expired credit card number. Please ensure the credit card is valid
- 3103 You have submitted a card which is not supported. Please, use Visa, MasterCard, AmEx or Discover credit card
- 3104 Country of the card is not supported
- 3111 Token was not found
- 3112 One-time token is invalid
- 3113 Test credentials are invalid
- 3114 Token was deleted
- 3115 Charge amount is too small. Default minimum is 0.50 USD. Please contact devsupport@brickpayments.com to adjust
- 3116 Charge amount is too high. Default maximum is 500 USD. Please contact devsupport@brickpayments.com to adjust
- 3200 Please retry the transaction or use another credit card
- 3201 The charge has already been fully refunded
- 3202 You can't cancel this transaction
- 3203 This charge is not found or already captured
- 3204 You can't refund this transaction
- 3205 Duplicate charge
- 3206 Authorization for this card has expired
- 3301 Please check first name
- 3302 Please check last name
- 3303 Please check address
- 3304 Please check city
- 3305 Please check state
- 3306 Please check Zip / Postal Code
- 3401 Wrong subscription period
- 3402 Subscription not found
- 3403 Wrong subscription period duration
- 3404 Some subscription trial parameters are missing
- 3405 Subscription trial period is invalid
- 3406 Subscription trial period duration is invalid
- 3407 Subscription trial amount is invalid
- 3408 Number of repeated payments in case of subscription failure is invalid
- 4004 Undefined method
- 4005 Request is empty
- 4006 API key is not provided
- 4007 API key is invalid
- 4008 Decryption failed
- 4010 This API is not activated for the given project
- 5000 Customer is not allowed to pay