Cashonrails - Developer Documentation

Server to Server Card Payments

Overview

Process card payments directly through your server using Cashonrails S2S APIs.

Integration Steps

Follow these steps to integrate card payments using our Server to Server APIs:

Collect Card Information
Encrypt Card Data
Initialize Transaction
Handle 3D Secure
Verify Transaction

Each step has specific requirements and security considerations. Follow the detailed guides below for implementation.

Base URL

https://mainapi.stag.cashonrails.com/api/v1/s2s

1. Collect Card Information

Collect the customer’s card details securely within your application:

{
  "data": {
    "number": "4242424242424242",
    "cvv": "123",
    "expiryMonth": "12",
    "expiryYear": "2023",
    "pin": "1234"  // Required for local cards
  },
  "reference": "{{reference}}"
}

Required Fields:

Field	Description
number	Card number
cvv	Card verification value
expiryMonth	Card expiry month
expiryYear	Card expiry year
pin	Card PIN (for local cards)
reference	Unique transaction reference

2. Encrypt Card Data

Card details must be encrypted using AES-256-CBC encryption before transmission. This ensures sensitive data remains secure during the API call.

Encryption Requirements

Parameter	Description
Algorithm	AES-256-CBC
Key	Your Cashonrails public key
IV	First 16 characters of transaction reference
Input Format	JSON string of card data
Output Format	Hexadecimal string

Code Examples

const crypto = require('crypto');
 
function encryptCardDetails(cardData, publicKey) {
  // Generate reference with prefix and timestamp
  const reference = `COR_${Date.now()}`;
  
  // Use first 16 chars of reference as IV
  const iv = reference.slice(0, 16);
  
  // Prepare the encryption key
  const key = Buffer.from(publicKey, 'utf-8');
  const ivBuffer = Buffer.from(iv, 'utf-8');
  
  try {
    // Create cipher
    const cipher = crypto.createCipheriv('aes-256-cbc', key, ivBuffer);
    
    // Encrypt the data
    let encrypted = cipher.update(JSON.stringify(cardData), 'utf8', 'hex');
    encrypted += cipher.final('hex');
    
    return {
      encryptedData: encrypted,
      reference: reference
    };
  } catch (error) {
    throw new Error(`Encryption failed: ${error.message}`);
  }
}
 
// Usage example
const cardData = {
  number: "4242424242424242",
  cvv: "123",
  expiryMonth: "12",
  expiryYear: "2023",
  pin: "1234"
};
 
const result = encryptCardDetails(cardData, 'YOUR_PUBLIC_KEY');
console.log(result);

Testing Encryption

To verify your encryption implementation:

Generate encrypted data using the code above
Test the encryption using our verification endpoint:

curl -X POST {{baseurl}}/test/encryption \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_SECRET_KEY" \
-d '{
  "data": {
    "number": "4242424242424242",
    "cvv": "123",
    "expiryMonth": "12",
    "expiryYear": "2023",
    "pin": "1234"  // Required for local cards
  },
  "reference": "COR_202402210123456789"
}'

Success response:

{
    "status": true,
    "message": "Encryption verified successfully"
}

The encryption verification endpoint helps ensure your implementation is correct before attempting actual transactions.

Common Encryption Issues

Invalid IV Length: Ensure your IV is exactly 16 bytes
Incorrect Key Format: Use the raw public key string without formatting
Data Structure: Card data must be a valid JSON object before encryption
Reference: Must always be unique for every transaction

⚠️

Never log or store the raw card details. Only work with encrypted values when saving to your database.

3. Initialize Transaction

Send encrypted card data to initialize the transaction:

curl -X POST {{baseurl}}/card/initialize \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_SECRET_KEY" \
-d '{
    "card": "encrypted_card_data",
    "amount": "5000",
    "currency": "NGN",
    "email": "customer@example.com",
    "reference": "COR_202402210123456789"
}'

4. Handle 3D Secure

If 3DS is required, you’ll receive a response with authentication URL:

{
    "success": true,
    "message": "Proceed to card authentication",
    "data": {
        "gatewayRecommendation": "AUTHENTICATE",
        "transactionId": "cor_tx_20240221123456789",
        "orderId": "COR_202402210123456789"
    },
    "_links": {
        "url": "https://mainapi.cashonrails.com/api/v1/3ds/authenticate/cor_tx_20240221123456789",
        "method": "POST",
        "payload": "reference,transactionId,orderId"
    }
}

After receiving this response, make a POST request to the URL provided in _links.url with the following data:

curl -X POST "https://mainapi.cashonrails.com/api/v1/3ds/authenticate/cor_tx_20240221123456789" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_SECRET_KEY" \
-d '{
    "reference": "COR_202402210123456789",
    "transactionId": "cor_tx_20240221123456789",
    "orderId": "COR_202402210123456789"
}'

5. Verify Transaction

Always verify the transaction status before providing value:

curl -X GET {{baseurl}}/transaction/verify/{reference} \
-H "Authorization: Bearer YOUR_SECRET_KEY"

Test Cards

Card Type	Number	CVV	Expiry	PIN
Visa	4000000000000009	130	02/29	1234
Mastercard	5123450000000009	325	02/29	1234
Verve	50609905800247111	121	02/35	1234

Introduction Bank Transfer