¶ IngoPay iFrame
¶ Overview
Dynamic plugin component embeds seamlessly in your UX to securely capture, verify and tokenize payment account credentials.
The overall flow is four steps:
- Post an IngoPay - Session Management API request to initialize a plugin session.
- Utilize the plugin to tokenize a card or non-card based account data.
- Retain the
customer_account_tokenreceived via webhook for future use in funding events to the same customer using the same account.- Post an IngoPay - Gateway Process API request to initiate a funding event to the customer's account.
IngoPay iFrame Flow Chart (Happy Path Model)
¶ API Authentication
The IngoPay API utilizes HMAC Authentication. HMAC Authentication is a mechanism for calculating a message authentication code using a hash function in combination with a shared secret key between the two parties involved in sending and receiving the data (Front-end client and Back-end HTTP service). The main use for HMAC is to verify the integrity, authenticity, and identity of the message sender.
¶ The following is required to authenticate to any of the IngoPay API methods.
Valid participant ID provided by Ingo Money
Valid Secret provided by Ingo Money
An HMAC signature must be generated and sent in the Authorization header; the data in the Authorization header will contain the username, signing algorithm, headers, and the signature
- A comprehensive packet of information on creating your HMAC authentication will be provided with the credentials listed above.
¶ Abstracts
| Abstract | Summary |
|---|---|
| Provide customer information used to establish a branded & secure PCI-compliant plug in session. | |
| Mount a secure PCI-compliant plugin to capture account data in your own UX over web and mobile platforms. Includes recipient risk screening and account verification. | |
| Receive timely detailed information regarding plugin session activities. Obtain a customer account token for future use in funding events. Only subscribe to events of interest for your program. | |
| Tell us what account to pay & how much to pay utilizing a secure PCI-Compliant account token received via webhook. |
¶ Permitted Character Set
