Integrate Non-PCI Custom Integration
Copy page
Copy page as Markdown for LLMs
Open in ChatGPT
Ask questions about this page
Open in Claude
Ask questions about this page
This guide walks you through implementing Custom Integration for Non-PCI certified merchants using the secure tokenization approach. This method allows you to build custom payment experiences while Amazon Payment Services handles PCI compliance requirements.
Prerequisites
Before starting your integration, ensure you have:
-
Test Account Access
Contact merchantsupport-ps@amazon.com to obtain access to our test environment for testing and development. -
Security Credentials
Retrieve your integration credentials from the merchant dashboard:- Log into your Amazon Payment Services test account
- Navigate to Merchant Management → Security Settings
- Save the following values:
- Access Code - Authentication token for API requests
- Merchant Identifier - Your unique merchant ID
- SHA Request/Response - Keys for signature calculation
Integration Steps
Create Payment Form
Create Payment Form
Build a custom payment form on your checkout page to collect customer card details. The form should include proper validation and user experience enhancements.
<form id="paymentForm" class="payment-form">
<div class="form-group">
<label for="cardNumber">Card Number</label>
<input type="text" id="cardNumber" name="card_number"
placeholder="1234 5678 9012 3456" maxlength="19" required>
<div class="error-message" id="cardNumberError"></div>
</div>
<div class="form-row">
<div class="form-group">
<label for="expiryDate">Expiry Date</label>
<input type="text" id="expiryDate" name="expiry_date"
placeholder="MM/YY" maxlength="5" required>
<div class="error-message" id="expiryError"></div>
</div>
<div class="form-group">
<label for="cvv">CVV</label>
Tokenization Request
Tokenization Request
When the customer submits the payment form, you can either do tokenization or create token as HTTPS POST FORM directly from your frontend to Amazon Payment Services.
- TOKENIZATION: Securely converts card details into a temporary token for immediate payment processing
- CREATE_TOKEN: Generates permanent tokens without charging customers
Use the appropriate endpoint based on your environment:
https://sbcheckout.payfort.com/FortAPI/paymentPage
Sample Tokenization/Create Token Request
<form action="https://sbcheckout.payfort.com/FortAPI/paymentPage"
method="post" target="form" id="paymentForm">
<input type="hidden" name="service_command" value="TOKENIZATION">
<input type="hidden" name="language" value="en">
<input type="hidden" name="merchant_identifier" value="WeVJHPYm">
<input type="hidden" name="access_code" value="s4lwuuoY5upZlZY5D6dr">
<input type="hidden" name="signature" value="calculated_signature_here">
<input type="hidden" name="return_url" value="https://yoursite.com/tokenization-result">
<input type="hidden" name="expiry_date" value="2505">
<input type="hidden" name="card_number" value="4557012345678902">
<input type="hidden" name="card_security_code" value="123">
<input type="hidden" name="merchant_reference" value="ORD-12345-2024">
<input type="hidden" name="card_holder_name" value="John Doe">
</form>
Make sure merchant reference value is unique value per request.
Check signature calculation section to learn how to calculate the signature.
Before sending the transaction amount, multiply it by the currency's decimal factor based on its ISO 3-letter code, e.g. AED (2 decimals): 500 AED should be sent in the request as 50000. For currencies with 3 decimal places, VISA requires amounts to be rounded to end in zero, E.g 3.475 becomes 3480.
Sample Tokenization Response
{
"access_code": "s4lwuuoY5upZlZY5D6dr",
"card_bin": "455701",
"card_holder_name": "John Doe",
"card_number": "455701******8902",
"expiry_date": "2505",
"language": "en",
"merchant_identifier": "WeVJHPYm",
"merchant_reference": "ORD-12345-2024",
"response_code": "18000",
"response_message": "Success",
"return_url": "https://yoursite.com/tokenization-result",
"service_command": "TOKENIZATION",
"signature": "e59ff5567f5308657f24d29234deccf6e7f9dcf6bd9ecf9efa8281bc5ee3319c",
"status": "18",
"token_name": "8bc8ba22dcc34b838024ef03f8d89786",
"client_ip": "192.168.1.1"
}
Process Payment
Process Payment
After successful tokenization, use the received token to process the payment through a server-to-server API call. This step should be performed from your backend for security.
Use the appropriate endpoint based on your environment:
https://sbpaymentservices.payfort.com/FortAPI/paymentApi