This article describes how to process merchant-initiated transactions with and without tokenisation through APEXX.
Merchants offering subscription services need to ensure that recurring transactions are correctly flagged to satisfy SCA requirements and to achieve high acceptance rates.
The initial (first) transaction during which the card details are captured should be flagged as cit (customer-initiated) in the recurring_type field and undergo 3D Secure authentication. You can send the CVV value in the initial request.
Merchants using the Hosted Payment Page (HPP) or Client Side Encryption (CSE) integration approaches can request a token at this point by setting the create_token parameter in the card block to "true"
Where supported by the acquirer, APEXX will return a value in the scheme_transaction_id field of the card block in the payment response
Where requested by the merchant, APEXX will return a value in the token field of the card block in the payment response
Any subsequent transactions that are initiated by the merchant according to the payment schedule agreed with the cardholder should be flagged as mit (merchant-initiated) in the recurring_type field. They do not need to undergo 3D Secure authentication. You cannot send the CVV value in the subsequent request as the CVV value must not be stored.
Where available, the scheme_transaction_id value obtained in the initial transaction should be sent in the initial_scheme_transaction_id field in the card block of the subsequent transaction
Merchants using the hosted payment page integration will not need to store the scheme transaction ID for subsequent transactions. APEXX will store the scheme transaction ID internally and use it when a subsequent payment request containing a token is received.
Merchants wishing to use a token obtained in the initial transaction will need to use the direct payment request format for any subsequent payments. The token is sent in the card block instead of the card number.
Tokens do not have an expiry date and can be used multiple times. Tokens can be deleted by using the deleteToken request.
How do I activate tokenisation?
Can tokenised cards be shared across multiple business units, entities and acquirers?