API type-One-time Token System | Developer

About the One-time Token System

Online Payment ASP's One-time token is to convert the credit Credit card information entered by the end user into a One-time token (another Character string) before performing the Payment. merchant can be Payment without holding credit Credit card information by incorporating the JavaScript of the One-time token we provide into the merchant website.

Usage Overview

Available Payment Methods

Credit Card Payment

Sequence

The flow of the One-time token acquisition to Payment request (One-time token usage) API is as follows. For details on the flow of Payment after acquiring an One-time token, please refer to the API-type System Specification (Basic Specification).

Interface

The interfaces of the One-time token system are as follows: Note that the format is the same as API type XML. For details, refer to the API-type System Specification (Basic Specifications).

File	com_sbps_system_token.js
Function name	com_sbps_system.generateToken

Destination	To be informed when the service starts

One-time Token Acquisition Request

Object/function name	Field name	Description	Remarks
tokenRequest	Token request	An object that specifies the properties required to generate a One-time token.	Set the Credit card information obtained by merchant website
callback	Callback	One-time Functions to call back after acquiring a token

One-time Token Request

About ≪ type≫ 9: Numeric type (0~9 in 1Byte), X: Half-width Character string, M: Multibyte Character string (BASE64 encoding required)

SEQ	Tag element name	Field name	Chars	Format	Req'd	Type	Description	Remarks
1	merchantId	Merchant ID	5	9	○	Fixed	ID for identifying the merchant	Specified by SBPS
2	serviceId	Service ID	3	9	○	Fixed	ID for identifying the merchant's service	Specified by SBPS
3	ccNumber	Credit card number	16	9	○	Var.	0 to 99999999999999999 (no hyphens)
4	ccExpiration	Expiration date	6	9	○	Fixed	YYYYMM
5	securityCode	Security code	4	9		Fixed	3 or 4 digits [0-9]	If you want to use it, please check the input with merchant.

One-time Token Acquisition Results

Object/function name	Field name	Description	Remarks
response	Response result	One-time Token Information Result Object	Return the One-time token information generated by our company

Response Result (Success)

About ≪ type≫ 9: Numeric type (0~9 in 1Byte), X: Half-width Character string, M: Multibyte Character string (BASE64 encoding required)

SEQ	Tag element name	Field name	Chars	Format	Req'd	Type	Description
1	result	Result status	2	X	○	Fixed	OK: Request processing OK
2	tokenResponse	Token Response			○	Var.	One-time Token Information Result Object
3	token	Token		X	○	Var.
4	tokenKey	Token key		X	○	Var.
5	maskedCcNumber	Credit card number	16	X	○	Var.
6	ccExpiration	Expiration date of the credit card	6	９	○	Fixed	Credit card expiration date sent
7	cardBrandCode	Card company brand code	1	X	○	Fixed	Credit card company brand code J: JCB brand V: Visa brand M: Master Brand A: AMEX brand D: Diners brand X: Other

Response Result (Error)

About ≪ type≫ 9: Numeric type (0~9 in 1Byte), X: Half-width Character string, M: Multibyte Character string (BASE64 encoding required)

SEQ	Tag element name	Field name	Chars	Format	Req'd	Type	Description	Remarks
1	result	Result status	2	X	○	Fixed	NG: Request processing NG
2	errorCode	Error code	5	X	○	Fixed	See list of error codes

List of Error Codes

The error code system to be returned is shown below.

Digits 1-2: Represent a type. (2-digit fixed length alphanumeric characters)
Digits 3-5: Represent a field. (3-digit fixed length alphanumeric characters)

Type of Codes

Code	Type	Description
Errors related to request information
03	Required field error	No value is specified in a required field.
04	Attribute error	Allowed character attribute error
05	Number of digits error	Outside of the allowable number of digits (bytes)
07	Defined value error	A value other than the defined values is specified.
Error which occurs on the server
99	System error	An internal processing error occurred.

Field Codes

Code	Type	Description
Credit Credit card information One-time Token Generation
001	Merchant ID
002	Service ID
003	Credit card number
004	Expiration date of the credit card
005	Security code
999	(N/A)

Sample Codes

The image at the time of acquiring the One-time token is as follows.

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0.1//EN" "http://www.w3.org/TR/html4/strict.dtd"> 	 
<html lang="ja"> 
<head> 
    <script type="text/javascript" src="http://example.co.jp/token/js/com_sbps_system_token.js"></script> 
    <script type="text/javascript"> 	    上記URLはサンプルとなります。 
    <!-- 	                            サービス開始時に別途ご案内いたします     
    function doSubmit(){ 
        // トークン生成ロジック呼び出し 
       com_sbps_system.generateToken({
            merchantId : document.getElementById('merchant_id').value,
            serviceId : document.getElementById('service_id').value,
            ccNumber : document.getElementById('cc_number').value,
            ccExpiration : document.getElementById('cc_expiration').value,
            securityCode : document.getElementById('security_code').value 
        }, afterGenerateToken); 
    } 
 
    var afterGenerateToken = function(response) {
        if (response.result == "OK") {
            document.getElementById('token').value = response.tokenResponse.token;             
            document.getElementById('tokenKey').value = response.tokenResponse.tokenKey; 
            document.getElementById('cardBrandCode').value = response.tokenResponse.cardBrandCode; 
            // マスクされた番号で上書き 
            document.getElementById('cc_number').value = response.tokenResponse.maskedCcNumber; 
            // カード情報のクリア 
            document.getElementById('cc_expiration').value = '';             
            document.getElementById('security_code').value = ''; 
 
            if(window.confirm('トークン取得しました。決済を実施します。')){ 
                document.getElementById('frm').submit(); 
            } else { 
                alert("キャンセルしました。"); 
            } 
        } else { 
            alert('トークン取得に失敗しました。'); 
        } 
    } 
    // --> 
    </script> 
</head> 
 
<body> 
    <h1>トークン生成サンプル</h1> 
    <form name="frm" id="frm" method="POST" action="Confirm.jsp"> 
 
    <dl> 
        <dt>マーチャントID</dt> 
        <dd><input type="text" id="merchant_id" name="merchant_id" maxlength="5" value="12345"></dd> 
 
        <dt>サービスID</dt> 
        <dd><input type="text" id="service_id" name="service_id" maxlength="3" value="001"></dd> 
 
        <dt>クレジットカード番号</dt> 
        <dd><input type="text" id="cc_number" name="cc_number" maxlength="16" value="4111111111111111"></dd> 
 
        <dt>クレジットカード有効期限</dt> 
        <dd><input type="text" id="cc_expiration" name="cc_expiration" maxlength="6" value="202212"></dd> 
 
        <dt>セキュリティコード</dt> 
        <dd><input type="text" id="security_code" name="security_code" maxlength="4" value="1234"></dd> 
    </dl> 
 
    <dl> 
        <dt>トークン</dt> 
        <dd><input type="text" id="token" name="token" value="" disabled></dd>  
        <dt>トークンキー</dt> 
        <dd><input type="text" id="tokenKey" name="tokenKey" value="" disabled></dd>  
        <dt>カード会社ブランドコード</dt> 
        <dd><input type="text" id="cardBrandCode" name="cardBrandCode" value="test" disabled></dd> 
    </dl> 
        <table> 
            <tr><td> 
            <input type="button" name="btnSend" id="btnSend" value="送信" onClick="doSubmit()">             <input type="reset" name="btnReset" id="btnReset" value="リセット"> 
            </td></tr> 
        </table> 
    </form> 
</body> 
</html>

                     <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0.1//EN" "http://www.w3.org/TR/html4/strict.dtd"> 	 
<html lang="ja"> 
<head> 
    <script type="text/javascript" src="http://example.co.jp/token/js/com_sbps_system_token.js"></script> 
    <script type="text/javascript"> 	    上記URLはサンプルとなります。 
    <!-- 	                            サービス開始時に別途ご案内いたします     
    function doSubmit(){ 
        // トークン生成ロジック呼び出し 
       com_sbps_system.generateToken({
            merchantId : document.getElementById('merchant_id').value,
            serviceId : document.getElementById('service_id').value,
            ccNumber : document.getElementById('cc_number').value,
            ccExpiration : document.getElementById('cc_expiration').value,
            securityCode : document.getElementById('security_code').value 
        }, afterGenerateToken); 
    } 
 
    var afterGenerateToken = function(response) {
        if (response.result == "OK") {
            document.getElementById('token').value = response.tokenResponse.token;             
            document.getElementById('tokenKey').value = response.tokenResponse.tokenKey; 
            document.getElementById('cardBrandCode').value = response.tokenResponse.cardBrandCode; 
            // マスクされた番号で上書き 
            document.getElementById('cc_number').value = response.tokenResponse.maskedCcNumber; 
            // カード情報のクリア 
            document.getElementById('cc_expiration').value = '';             
            document.getElementById('security_code').value = ''; 
 
            if(window.confirm('トークン取得しました。決済を実施します。')){ 
                document.getElementById('frm').submit(); 
            } else { 
                alert("キャンセルしました。"); 
            } 
        } else { 
            alert('トークン取得に失敗しました。'); 
        } 
    } 
    // --> 
    </script> 
</head> 
 
<body> 
    <h1>トークン生成サンプル</h1> 
    <form name="frm" id="frm" method="POST" action="Confirm.jsp"> 
 
    <dl> 
        <dt>マーチャントID</dt> 
        <dd><input type="text" id="merchant_id" name="merchant_id" maxlength="5" value="12345"></dd> 
 
        <dt>サービスID</dt> 
        <dd><input type="text" id="service_id" name="service_id" maxlength="3" value="001"></dd> 
 
        <dt>クレジットカード番号</dt> 
        <dd><input type="text" id="cc_number" name="cc_number" maxlength="16" value="4111111111111111"></dd> 
 
        <dt>クレジットカード有効期限</dt> 
        <dd><input type="text" id="cc_expiration" name="cc_expiration" maxlength="6" value="202212"></dd> 
 
        <dt>セキュリティコード</dt> 
        <dd><input type="text" id="security_code" name="security_code" maxlength="4" value="1234"></dd> 
    </dl> 
 
    <dl> 
        <dt>トークン</dt> 
        <dd><input type="text" id="token" name="token" value="" disabled></dd>  
        <dt>トークンキー</dt> 
        <dd><input type="text" id="tokenKey" name="tokenKey" value="" disabled></dd>  
        <dt>カード会社ブランドコード</dt> 
        <dd><input type="text" id="cardBrandCode" name="cardBrandCode" value="test" disabled></dd> 
    </dl> 
        <table> 
            <tr><td> 
            <input type="button" name="btnSend" id="btnSend" value="送信" onClick="doSubmit()">             <input type="reset" name="btnReset" id="btnReset" value="リセット"> 
            </td></tr> 
        </table> 
    </form> 
</body> 
</html>

... 3Show all rows

Special notes

One-time Token lifetime
Since it will not be available after a certain period of time has elapsed since the One-time token issuance, it is recommended to obtain a One-time token just before requesting Payment. If it becomes unusable, please obtain it again.

About Browser Settings
This document assumes that you are using a JavaScript-enabled browser. Operation is not guaranteed for environments in which JavaScript does not function.

Available Encryption Protocols
Due to the regulations of PCI DSS (which SBPS complies with), SSL 3.0 and TLS 1.0 cannot be used.
In addition, there is a high possibility that the use of TLS 1.1 will be prohibited in the future because its vulnerabilities as an encryption method have been disclosed. Therefore, Merchants shall use TLS 1.2.

Introduction

Connection method

Billing method

Payment Services

Payment Services | Options

Payment management tool

Test

Notices

One-time Token System

About the One-time Token System

Sequence

Interface

One-time Token Acquisition Request

One-time Token Acquisition Results

List of Error Codes

Sample Codes

Special notes

Introduction

Connection method

Billing method

Payment Services

Payment Services | Options

Payment management tool

Test

Notices