iPOS Transact – Clear Card Tokenization API

Prerequisites

For Sandbox (UAT)

  • Users must be onboarded on the iPOSpays sandbox (UAT) environment as a merchant.

  • A valid CloudPOS TPN is required.

For Production (Live)

  • Users must be onboarded on the iPOSpays production environment as a merchant.

  • A valid CloudPOS TPN is required.

If your application is accessing or handling clear card data, the third-party software or integrating application must be PCI compliant. This is mandatory to ensure the security and compliance of cardholder data.


Generate Auth Token

End Points

Sample Requests and Responses

Post head request
{
    "apiKey": "dakey_tKf9gua1wSGBRbXYLpt7ugYn2cm-9X1C",
    "secretKey": "dskey_EdnqZe0STrqhQO3qwvDlNgnuXpNL5YWv",
    "scope": "paymentTokenize"
}
Response
{
  "responseCode": "00",
  "responseMessage": "Success",
  "createdDt": "2025-04-16T12:48:22.260979707",
  "token": "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6InBheW1lbnRUb2tlbml6ZSIsInVuaXF1ZUlkIjoiNzQxYzFiM2YtMTUyYS0xMWYwLWI3YTMtMTZhOTc1NjBiMjc1IiwiaWF0IjoxNzQ0ODA3NzAyLCJleHAiOjE3NDQ4OTQxMDJ9.WUXSxe3e4fMY43qmkVC5wpzzpnj78G590E-tG9O1yZD7RhCu2L2giQOSb6qrfpH6w11iP-n2_ZfpZXu0He66Rge-6FyjKAW0wE5Dz-VLrFsZWxSHaIQLMbm900BPqNo_hBhstfESbO_UA-4uQItfBF5lg8PD1cDhS5K5N6tp1yFOEEflQOUysxvven8rLcg2XnimWJDaH-d-i6-tN9RgFgZCj-ZgAfqW4U3NH3MjcvlCASA-mTTnkJ_PvNBC9HRXBl862-Tgzb9AvZVYgc8qypIWD3QkROpwUmlXoCHfIQFlyQFSPp9rcHiFXy73RrMTppmDMzgsPWpzNKAuXpw4bw"
}

Auth Token Error Responses

{
  "errorCode": "AUTH_ERR_001",
  "errorMessage": "API Key is required."
},
{
  "errorCode": "AUTH_ERR_002",
  "errorMessage": "Secret Key is required."
},
{
  "errorCode": "AUTH_ERR_003",
  "errorMessage": "Scope is required."
},
{
  "errorCode": "AUTH_ERR_004",
  "errorMessage": "Invalid API Key or Secret Key. Please contact the support team."
},
{
  "errorCode": "AUTH_ERR_005",
  "errorMessage": "Invalid scope provided. Please use a valid scope."
}

Refresh Auth Token

End Points

Post body request
{
  "token": "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6InBheW1lbnRUb2tlbml6ZSIsInVuaXF1ZUlkIjoiNzQxYzFiM2YtMTUyYS0xMWYwLWI3YTMtMTZhOTc1NjBiMjc1IiwiaWF0IjoxNzQ0MjkxMzEzLCJleHAiOjE3NDQzNzc3MTN9.E2Rrf9D4ZvM9t-llUAPttVR2_paCxXnYW1rL0z1-g3DnekRsBJLlbT3efm0ecKnO6PZI1AXJNrMx3tM-0cjGvSOiT1-PeqRMSWib7c2yxqN-fkM9gYQlSpvwMPY5GZ5X2JJ2XAt5f4KwyzVsYoFRYutf2ADRj8f_gPFfouyrQH-v0EjGCe1qx1lr_IupXPDfjYzys9w1MNMqUTp9ZJEt8hav5NFFBddQf_Tf5sfynmhAP2DB_UgaINhS16KzQG3mpGzMk6NqWk8iCa2HbTUJBVJB7ZQmoaKsW95mUaXwSwR2w9pMUeM0ME1P-VHDMjQ9RbA86MDoHi1DUm-3OwJkvA"
}
Response
{
  "responseCode": "00",
  "responseMessage": "Success",
  "createdDt": "2025-04-16T12:54:45.438486168",
  "token": "eyJhbGciOiJSUzI1NiJ9.eyJzY29wZSI6InBheW1lbnRUb2tlbml6ZSIsInVuaXF1ZUlkIjoiNzQxYzFiM2YtMTUyYS0xMWYwLWI3YTMtMTZhOTc1NjBiMjc1IiwiaWF0IjoxNzQ0ODA4MDg1LCJleHAiOjE3NDQ4OTQ0ODV9.APh5_tkBTT62dK783mzIVVdvXJxaYySGU20ZwWNBwu9lIGZ6hJ-zXEXCuPg6cTjbOSZViu3OEvsGvlrEN_nrnqgNIqYRIXmgtz6VS4BVp5yfP_XrMviO1F184AZIK_UlC598O_nKYMcjg-1wTaQQY7By4SCO0RFVXeN4YFm7X4YOAz8g3-Y9LCTpNXKftjEl8RbTkkWsKQjGFuNhTcnrJFSmY0AnPban8v4SUtGdH7nKWXsXwrV4HCJ6AipWcJ1XULwm521VDyYw4Y-ldGJ7kciOi-Oho7sDNDi0HeHwTuCQvSj2SfRRNXiXDhDDveU6-Sw3DJOQRre8LYNtabRzdg"
}

Encrypt Card Data with Public Key

To securely tokenize cardholder data, you must first encrypt the raw card details (card number, expiry, and CVV) using the public key provided by iPOSpays.

Once encrypted, the result is referred to as the encryptedCarddata.

You must then send this encryptedCarddata to the iPOS Transact API for transaction.