Guides
  1. DIRECT WITH EMBEDDED TOKENIZATION

Steps

At a glance: (1) your server calls GetAPIKey to get a short-lived API key, (2) your browser loads the InterPay JS library and builds your checkout form, (3) the browser tokenizes the card and receives a One-Time Token (OTT), (4) your server submits a Direct Payment with the OTT and receives a permanent token back for future use.

All examples below use {gateway_endpoint}/ as a placeholder.
Replace it with your full gateway endpoint — see Development & Testing for test endpoints or Production for live endpoints.

Step 1 — GetAPIKey

Your server calls GetAPIKey to obtain a short-lived API key that your browser will use to tokenize the card. The response also includes the HOST your browser loads the InterPay JavaScript library from.

Required parameters

  • TERMID and PASS — terminal credentials
  • TYPE=Z — Administrative transaction
  • ACTION=GETAPIKEY
  • SUBTYPE=TA

Optional parameters

  • AMT — transaction amount. Required if the merchant is CustomerPay-enabled and you want the gateway to calculate USERFEE for you.
  • PLATFEE — platform fee amount. See Platform Billing.

Example request

curl --request POST \
  --url {gateway_endpoint}/ \
  --header 'Content-Type: application/json' \
  --data '{
    "TERMID":  "your_termid",
    "PASS":    "your_pass",
    "TYPE":    "Z",
    "ACTION":  "GETAPIKEY",
    "SUBTYPE": "TA",
    "AMT":     "125.00",
    "JSON":    "Y"
  }'

Example response

{
  "CODE":    "0000",
  "TEXT":    "KEY GENERATED",
  "APIKEY":  "@E1C51941FD4204F70F36A7AFBB21BDAF969E682CA6620E7C3C1E487965EC9779",
  "HOST":    "https://svra.interpaypos.com/api/payment",
  "USERFEE": "3.25",
  "DATE":    "20260412",
  "TIME":    "10:00:00",
  "DUR":     "0.383"
}

Pass the APIKEY, HOST, and (if CustomerPay-enabled) USERFEE to your checkout page.

Important: The API key is short-lived and valid only for this checkout. Do not cache or reuse it across customers.

Step 2 — Load the InterPay JavaScript Library

On your checkout page, load interpay_embed.min.js from the HOST returned in Step 1:

<script src="{HOST}/assets/interpay_embed.min.js"></script>

Warning: The JavaScript library filename differs between test and production. Always use the HOST returned by GetAPIKey rather than hard-coding the URL.

Build your checkout form in whatever layout and style you want — SportsPay does not constrain the markup. The customer enters their card number, expiry, and CVV into fields you control.

Step 3 — Validate the Card Data (Optional)

Before tokenizing, you can validate the cardholder's input client-side using Interpay.validate(). This catches obvious errors (wrong length, invalid expiry, missing CVV) without a round-trip to the gateway.

Example call

var interpay = new InterPay();
var result = interpay.validate(apiKey, cardData);
if (result.datavalid) {
    // proceed to tokenize
} else {
    // show field-level errors from result.cardnum, result.cardexp, result.cardcvv
}

Where cardData is a JavaScript object with:

  • CARDNUM — card number, numeric, no spaces or dashes
  • CARDEXPMM — 2-digit expiration month
  • CARDEXPYYYY — 4-digit expiration year
  • CARDCVV — 3- or 4-digit CVV

Result shape

{
  "tokenized": false,
  "text": "",
  "datavalid": true,
  "apikey":  { "isvalid": true, "message": "" },
  "cardnum": { "isvalid": true, "message": "" },
  "cardexp": { "isvalid": true, "message": "" },
  "cardcvv": { "isvalid": true, "message": "" }
}

If any isvalid is false, the corresponding message explains what's wrong. Display the error next to the field the customer needs to fix.

Step 4 — Tokenize the Card

Call Interpay.tokenize() to send the card data directly from the browser to the gateway. The gateway returns a One-Time Token (OTT). Card data never touches your server.

Example call (with callback)

var interpay = new InterPay();
await interpay.tokenize(host, apiKey, cardData, displayResult);

function displayResult(result) {
    if (result.tokenized) {
        // send result.ott to your server to complete the transaction
    } else {
        // show the error in result.text
    }
}

Example call (without callback)

var interpay = new InterPay();
var result = await interpay.tokenize(host, apiKey, cardData);

Result on success

{
  "tokenized": true,
  "text": "TOKEN OK",
  "datavalid": true,
  "ott": "4200HDETSHGT0042"
}

Result on failure

{
  "tokenized": false,
  "text": "INVALID APIKEY",
  "datavalid": true,
  "ott": ""
}
  • If datavalid is false, one of the card fields is invalid — check each isvalid entry for a specific message.
  • If tokenized is false with datavalid: true, the gateway rejected the request. text contains the reason.

Send the OTT to your server to complete the transaction.

Important: The OTT is valid for 10 minutes from the time the gateway issued it. Submit the Direct Payment (Step 5) before it expires.

Step 5 — Submit the Direct Payment

Your server submits the transaction to the gateway using the OTT in place of card data.

Required parameters

  • TERMID and PASS — terminal credentials
  • TYPE=S — Sale (see Transaction Types for other values like A for Auth Only, R for Refund, etc.)
  • AMT — transaction amount
  • REF — your reference number for this transaction. Must be unique within the batch.
  • TOKEN — the OTT returned in Step 4

Optional parameters

  • USERFEE — CustomerPay processing fee. Required if the merchant is CustomerPay-enabled.
  • PLATFEE, PLATCHRG, PLATFORM — see Platform Billing.
  • CUSTNAME, CUSTEMAIL, CUSTID — customer details for reporting.
  • INV, DESC — invoice number and description for reporting.

For field formats, see the API Reference.

Example request

curl --request POST \
  --url {gateway_endpoint}/ \
  --header 'Content-Type: application/json' \
  --data '{
    "TERMID":    "your_termid",
    "PASS":      "your_pass",
    "TYPE":      "S",
    "AMT":       "125.00",
    "USERFEE":   "3.25",
    "REF":       "102512003U13BOYS",
    "TOKEN":     "4200HDETSHGT0042",
    "CUSTNAME":  "Sample Customer",
    "CUSTEMAIL": "[email protected]",
    "INV":       "AW123456",
    "DESC":      "U13 Boys Select",
    "JSON":      "Y"
  }'

Example response

{
  "CODE":    "0000",
  "TEXT":    "APPROVED 123456",
  "AUTH":    "123456",
  "TOKEN":   "4xxxxxxxxxxx1111",
  "HASH":    "a1b2c3d4e5f6...",
  "GATEREF": "20260412-000182",
  "DATE":    "20260412",
  "TIME":    "14:24:17",
  "DUR":     "0.308"
}

A CODE of 0000 means the transaction was approved. See Payment Errors & Response Codes for the full list of response codes.

Step 6 — Store the Permanent Token

The TOKEN returned in Step 5 is a permanent token you can safely store on the customer's profile. Use it in place of TOKEN (OTT) on future Direct Payment requests to charge the same card — no tokenization step required.

curl --request POST \
  --url {gateway_endpoint}/ \
  --header 'Content-Type: application/json' \
  --data '{
    "TERMID": "your_termid",
    "PASS":   "your_pass",
    "TYPE":   "S",
    "AMT":    "35.00",
    "REF":    "renewal-2026-04-12",
    "TOKEN":  "4xxxxxxxxxxx1111",
    "JSON":   "Y"
  }'

See Transaction Types for the other operations that accept a permanent token (Auth, Refund, Void, etc.).

Step 6 — Store the Permanent Token

The TOKEN returned in Step 5 is a permanent token you can safely store on the customer's profile. Use it in place of TOKEN (OTT) on future Direct Payment requests to charge the same card — no tokenization step required.

curl --request POST \
  --url {gateway_endpoint}/ \
  --header 'Content-Type: application/json' \
  --data '{
    "TERMID":  "your_termid",
    "PASS":    "your_pass",
    "TYPE":    "E",
    "SUBTYPE": "S",
    "AMT":     "35.00",
    "REF":     "renewal-2026-04-12",
    "TOKEN":   "4xxxxxxxxxxx1111",
    "JSON":    "Y"
  }'

See Transaction Types for the other operations that accept a permanent token (Auth, Refund, Void, etc.).


Updated 9 days ago