Pockyt Credit Card Payments w/ Capture 3DS
Introduction
This solution enables merchants to securely process credit card payments through Pockyt's hosted 3D Secure (3DS) authentication flow. The process begins by registering the customer via API and continues through a redirect to a secure hosted authentication page. Once the customer completes the 3DS flow, the payment result is confirmed through a webhook or optional status query.
- Customer Registration: The merchant registers the customer using the
POST /v1/customers/create
endpoint to obtain acustomerNo
, which is required to initiate the payment. - Capture with 3DS: The merchant calls the
POST /order/v4/capture
endpoint, and Pockyt returns anauthenticationUrl
for redirecting the customer to complete 3DS authentication. - Transaction Confirmation: After authentication, the merchant receives the payment result either through a webhook notification or by calling the
POST app-data-search/v3/tran-query
endpoint.
## Pre-requisites
API Credentials: Obtain
merchantNo
,storeNo
, andverifySign
values from Pockyt.Webhook Configuration: Set up webhook URLs to receive asynchronous transaction updates.
Server Setup: A secure server for handling webhooks (
ipnUrl
) and callback URLs.Compliance PCI compliance for handling credit card data if applicable.
API Diagram

API workflow
Step-by-Step Hosted Credit Card Payment with 3DS Workflow
API References for Endpoints in this Workflow:
- Step 1 Register Customer /v1/customers/create
- Step 2 Capture API
- Step 4 Query Transaction Status
- Step 5 Handling Webhooks via IPN Url
Step 1: Register Customer
Action: The merchant backend registers the customer using the
POST /v1/customers/create
endpoint.
This returns a customerNo
that will be referenced in the Capture request.
Step 2: Call Capture API (3DS Enabled)
Action: The customer initiates a card payment.
The merchant backend calls the POST /order/v4/capture
endpoint with 3DS enabled.
- Pockyt returns an
authenticationUrl
. - The merchant redirects the customer to this URL to complete 3D Secure authentication and payment.
Step 3: Complete 3DS Authentication
Action: The customer completes the authentication process on the hosted page.
- This step finalizes the transaction on the payment provider’s side.
- No further input is required from the merchant at this point.
Step 4: (Optional) Query Transaction Status
Action: If webhook confirmation is delayed or not received, the merchant may query the transaction status using
POST app-data-search/v3/tran-query
.
Use Case: This endpoint retrieves the transaction status using the original transaction number.
Step 5: Handle Webhook Notifications
Action: After the payment is completed and authenticated,
Pockyt sends a webhook to the merchant backend with the transaction result.
- The webhook includes transaction number, status, and related details.
- The merchant should rely on this webhook to finalize and update their system records.
Always confirm payment success through webhook or status query before fulfillment.
Updated 3 days ago