Apaya Consent Setup

Send your users to the Apaya Consent Setup page where they can select their desired payment option and provide their consent for future merchant-initiated payments. Apaya will manage the identification for all users and gather their consent, enabling payments via the Apaya API. Ability to perform refunds is available depending on the payment mechanism.

Breakdown of steps:

  1. Generate Consent Setup Token:
    Generate a unique token to access the Apaya Consent Setup by calling the RequestToken API method (Sandbox: RequestToken).
    Note: You must use a tokenTypeId of 6 when requesting a token for Consent Setup.

  2. Send users to Apaya Consent Setup:
    Send your user to the Apaya Consent Setup URL by appending the token .e.g.
    Sandbox: https://sandbox-checkout.apaya.io/setup/WHrH7zOq2hnDbJcYUuSgUXLwZ9J0LEfqemRV2x12345
    Production: https://checkout.apaya.io/setup/WHrH7zOq2hnDbJcYUuSgUXLwZ9J0LEfqemRV2x12345

  3. User provides their consent:
    Your user will provide their consent on the Apaya Consent Setup page, and upon successful completion, or upon failure (or if the user cancels the flow mid-way) they are returned to your endpoint.
    Note: This return endpoint is configured against your product in the Apaya Portal.

  4. Consent Setup page returns user:
    The user will return to your endpoint containing the following information in the URL e.g.
    http://www.example.com/?token=A9IotQFdJBSYjth7h)hGWmFAgzVjxU6xeGGT)AaAbB= &success=1&pt=ExamplePTValue&status=SUCCESS
    &hashedIdentifer=XXXXXXXXXXXX6417&providerId=1003&userConsentToken=OVoDEZZiD0F4heWCg7yYm3oTRjC7yU4i)JGxxdswOglsA%3d__kOJ49PeAFlVjgDDh5Ocrh)KXXXE3edA64xbIotu94%3d

    • token - Populated with the original token passed in when starting the Apaya Consent Setup flow.

    • pt - The pass-through value provided in the Token

    • success - '1' signifying that successful acquisition has taken place. '0' if not.

    • status - Contains a brief description of the status of the user after the consent setup flow. See Status Values for details, especially any 'SETUP_' statuses.

    • hashedIdentifier - Contains a 'hashed' user identifier (card number, mobile number, or other) which you can display on your UI after being decoded.

      • Card numbers will be hashed with an 'X' character except for the final 4 digits E.g. XXXXXXXXXXXX6417

    • providerId - The payment provider used when providing consent. See Providers for a full list.

    • userConsentToken - The encrypted consent token created by the Apaya platform. Store this in your platform for use in future interactions with Apaya APIs to trigger reserve/authorization and when capturing a charge. If the user abandons the flow or fails consent, this will be returned as an empty parameter.

  5. Store details and trigger payments:
    Log details of the Consent Setup in your platform and perform payment API calls now that the end-user has given pre-authorisation for this service. View API documentation for the options below:

    1. Perform immediate payment (Sandbox: Charge)

    2. Reserve/authenticate funds only (Sandbox: Reserve)

    3. Capture payment for previously reserved/authenticated funds (Sandbox: Capture)

    4. Void a previously reserved/authenticated transaction (Sandbox: Void)

    5. Refund a successful transaction (Sandbox: Refund)

  6. Handle webhooks:
    Handle asynchronous webhook notifications from the Apaya platform. Click here for more details.
    Note: These webhooks are currently just for the payment aspect of the Consent Setup flow.

Get Production access:

  1. Once you're happy with your Sandbox tests and you want Production access, sign in and go to Products and click on Production. Configure a 'subscription' just as you did for Sandbox. Give your subscription a relevant name, again you can change this later if required.

  2. Your Production subscription will be sent to Apaya for approval. Once approved, you will have access to the production API. Click on the green 'Try It' button to test your request and see a response from any of the required production API methods. Note: Your API access key will only be pre-populated after your Production subscription request has been approved by Apaya.

  3. If you require any assistance, contact us on support@apaya.io