Skip to main content

Merchant setup

To process Click to Pay payments, register as a Digital Payments Application (DPA). Set up Click to Pay in the Connections dashboard which automatically registers and configures the DPA with Mastercard.

Prepare the server

Before loading Click to Pay with Secure Fields into the checkout, generate a checkout session via the API. This is made easy with the server-side SDKs.

Install a server-side SDK

Use the package manager in the preferred programming language to install the server-side SDK. Generating a checkout session can only be done server side and doing this client side is not recommended as it exposes the API key to customers.
Please install the latest release of the preferred SDK.

Initialize the SDK client

Next, initialize the SDK with the ID of the instance and the private key.
This SDK needs to be initialized on your server-side. Please do not expose your private key to your client-side code.
This assumes the key you created in the previous step is kept in a secure location and can be loaded as a string. You could store this key in an environment variable or a secure vault.
To learn more about the API authentication, and how to generate a bearer token for use without the SDKs, please see the more extensive authentication guide.

Create a Checkout Session

With the SDK installed, use it to create a checkout session for use with Click to Pay.

Please refer to the API reference to learn more about our Checkout Sessions and the additional options that can be passed when creating them.

Create your checkout

With your checkout session ready, it’s time to start creating a card form that can support Click to Pay. The frontend integration is called Secure Fields and it essentially wraps each of your credit card input fields in a secure element, keeping you PCI-compliant and allowing for seamless integration with Click to Pay.
For more information on Secure Fields, please see the detailed guide which covers all the available options, events, and theming customizations available.

Install Secure Fields

There are three ways to install Secure Fields for use with Click to Pay: either as a React library, a Node library or straight off the CDN.

Initializing Secure Fields

With Secure Fields installed it’s now possible to initialize the connection to your instance. It expects the checkout session ID you created earlier.
When SecureFields is loaded without a valid sessionId it will error. We recommend only loading the component if the session ID is set.

Create a card form

Next, add any of the 3 individual card fields to the form. Mix and match these with custom forms, and add custom labels.Let’s start by adding the form with 4 fields: the card holder’s name, the card number, card expiration date, and the security code for the card.
Each secure field should now be loaded on the page. Please see our more extensive guides on how to add event listeners and custom styles to Secure Fields.

Add Click to Pay

Next, add the Click to Pay components to show and hide their UI on demand.
Secure Fields will automatically display and hide the Click to Pay Component, the sign in form, and your card form, based on the status of Click to Pay.

Handle form submission

Once the data has been submitted, use the onCardVaultSuccess property on the SecureFields component to create a transaction.
For more information on Secure Fields, please see our detailed guide which will cover all the available options, events, and theming customizations available.

Create a payment

With the card data stored in the vault, create a transaction on the server-side. To create a transaction, pass the amount, currency, as well as the payment method, in this case a checkout session.
The returned transaction includes details about the payment method used, and the status of the transaction.

Client-side vs server-side

A transaction should be created server-side instead of client-side, as there are many reasons why a success message may never reach your server, leaving you in a state where it’s unclear if your transaction has succeeded.

Error handling

The available error codes for Click to Pay are as follows. It is recommended to catch and handle Click to Pay errors as required.
  • CODE_INVALID - The user entered an incorrect OTP. An error message is also displayed on the OTP component.
  • INVALID_CARD - The user entered incorrect card details, or the details of a card that is not one of the supported schemes.
  • ACCT_INACCESSIBLE - The user’s account is temporarily not accessible.
  • USER_NOT_RECOGNIZED - The user is not recognized by Click to Pay (typically when a user hasn’t signed in yet).
  • UNKNOWN - An unknown error occurred. These are usually unrecoverable. For example, the Click to Pay library was not initialized due to an invalid parameter.
  • RETRIES_EXCEEDED - The user has exceeded the maximum number of retries filling in their one-time password (OTP) and their profile is locked. An error message is also displayed in the OTP component. It is recommended to hide the Click to Pay component for the user at this point.
  • SIGN_OUT_FAILED - When attempting to sign out via the “Not you?” link, it is possible that Click to Pay is not able to sign out the user. It is recommended to hide the Click to Pay component for the user at this point.

Events

The following props can be used on the SecureFields component to listen to specific Click to Pay events.Additionally, you can add the prop onVisibilityChange to the ClickToPay, ClickToPaySignIn and CardForm components to listen to visibility change events (CLICK_TO_PAY_VISIBILITY_CHANGE, CLICK_TO_PAY_CARD_FORM_VISIBILITY_CHANGE, CLICK_TO_PAY_SIGN_IN_VISIBILITY_CHANGE).

Testing

To test Click to Pay in the sandbox environment, use the test resources below. These sandbox environments and test cards are provided and maintained by the card networks.

Quick start: Secure fields

Guide: Vault Forward

API Reference: New checkout session

API Reference: New transaction