Iframe Tokenization allow API applications to experience all the benefits of conditional payments but in a more efficient manner. Iframe Tokenization allows applications to receive authorization to send money to any account that they (the applications) have set up for the users. We can accomplish this by using app-level preapprovals instead of account-level preapprovals.
Limited PCI Responsibiltiy
When you use iframe tokenization, WePay takes on most of the PCI compliance responsibility. You are still responsible for adhering to certain basic PCI compliance rules.
You can create an app-level preapproval in three steps:
- Create a pre-approval object to define the conditional payment (amount, expiration, etc.) using the /preapproval/create call while specifically using
- Get the customer’s payment information by sending them to the preapproval_uri returned by the /preapproval/create call.
- Charge the customer once the conditions are met.
Create a pre-approval object
To create a pre-approval object, make the /preapproval/create call.
Use client_secret instead of the access_token
For app-level iframe tokenization, use the client_secret of your application rather than the user’s access_token.
|client_id||Your app's unique identifier. Found on your dashboard.|
|client_secret||Your app's unique password. Found on your dashboard.|
|period||For iframe tokenization, set period to "once".|
|amount||The amount you'll charge the customer.|
|short_description||What the payment is for.|
|mode||There are two modes: 1) regular - customer is redirected to WePay to complete the pre-approval, and 2) iframe - customer completes the pre-approval in an iframe window on your site.|
|redirect_uri||Where the customers will be sent after entering their credit card information|
|preapproval_id||The unique ID of the subscription approval|
|preapproval_uri||The uri for the customer to finish approving the subscription|
Complete the Pre-Approval
Now that you have the
preapproval_id and the
preapproval_uri, you should have the customer enter their payment information on the
preapproval_uri. You can either redirect them to WePay or keep them on your site.
Keep your customer on your site
You can have customers enter their payments information in a secure iframe on your site.
- Set the mode parameter in /preapproval/create to iframe.
- Paste the following HTML wherever you want the payment form to appear on your page:
preapproval_div_idis the ID of the element in which you want to put the iframe.
preapproval_urithat you received in the previous step as a response to the /preapproval/create call.
Charge the customer
Now that the customer has authorized you to charge them in the future, you can charge them at any time.
The customer will automatically be charged using the payment method they specified when they confirmed the original pre-approval.