List Saved Cards
Retrieve all reusable saved cards for a customer
Query Parameters
Convert payload JSON object to encrypted string and send it as a query parameter
Sample Encryption and Decryption Process:
The following steps demonstrate how to integrate with this API using sandbox credentials.
Step 1: Create JSON Object
{
"merchantCode": "842217",
"customer_id": 4026
}Payload Details:
Contains the list of parameters and their corresponding values required to make the API request.
| Field Name | Description | Required |
|---|---|---|
merchantCode | Pass the merchant code provided by Hesabe | Yes |
customer_id | Hesabe Customer ID (returned by POST /api/direct-payment/customer) | Yes |
Step 2: Convert the JSON object into an encrypted string format and send as query parameter
GET /api/direct-payment/cards?data="0e7898bd7464d0c402fe8a949d9cbf9b191a5c36b416dd227c080e9e34889e37d5eaa841d20a93a3177b0671b29ce4a2"Step 3: Receive encrypted response from Hesabe:
{
"response": "60a8f6241932227b840a9f5e36987f4da8391cf5ed4b4f066f27c91f55ae51167640c3d0b033933180ef55bb559850bcdcc53426c04e9b5c028661a49f2b06a6d823b77344266a2a42d69c2fc6789f4581c1f7ccad36e4b66ba4bbdb76f7a0e61b94b45111552efbcd09cd1773343e810ecb5b6953446512db8e6b00d46cc0e42fcf2987d2b86e8d48d16e2a210dd11824745d9058572d7d2b533fe0c5b701bccd45508fa646fedee38e585cc5dc60233ed7a02e5b2ac76c08fc446abb1d94cba218c646996a59105e98881bf783b3247a112efbda418d64fe97833b7d9581b13ee6d92b78d56e7ccb2d5c87fe27868f26cd71fed199f2c5453e8f1ad8788a2306ff8bfe6761da92678c7a86f629fd78af72e58d81e2d8bdd4643cb1b615fd33c99abc695fbad010325e4a72dede8b4b9ef87947202012fd48771f94d40cdfdc873553bd6fe9045da0002569fe6b0bc76b53e7b932d76a6cc6d49b4d7a70cd8d4ac2e2fde3e2107e06f5d92296d9cadf444282a93bb4bad105c2a472ebbf6409c7d1549d7d4a8dbd38375b6163cb70903e08b830c76061077492bbb8df3c520720c876af9f9ace57daa2ed084114d875e3589e486a024d680f41ee0c1b7e09a47f0b4b783e5f3235957a72f5ec8ca765596a68feeaae4d9b7687c56282355022"
}Step 4: Decrypt the api response and view the JSON output
{
"status": true,
"message": "Customer cards fetched successfully",
"response": {
"cards": [
{
"card_id": 2268,
"card_number": "****0008",
"expiry_month": "01",
"expiry_year": "39",
"brand": "MASTERCARD",
"name_on_card": "Test"
},
{
"card_id": 2269,
"card_number": "****0010",
"expiry_month": "01",
"expiry_year": "39",
"brand": "VISA",
"name_on_card": "Test"
},
{
"card_id": 2270,
"card_number": "****2346",
"expiry_month": "01",
"expiry_year": "39",
"brand": "MASTERCARD",
"name_on_card": "HESABE"
}
]
}
}Header Parameters
Pass the merchant access code issued by Hesabe
Response Body
application/json
application/json
application/json
application/json
application/json
fetch("https://sandbox.hesabe.com/api/direct-payment/cards?data=0e7898bd7464d0c402fe8a949d9cbf9b191a5c36b416dd227c080e9e34889e37d5eaa841d20a93a3177b0671b29ce4a2", { method: "GET", headers: { "accessCode": "c333729b-d060-4b74-a49d-7686a8353481" }}){
"status": true,
"message": "Customer cards fetched successfully",
"response": {
"cards": [
{
"card_id": 2268,
"card_number": "****0008",
"expiry_month": "01",
"expiry_year": "39",
"brand": "MASTERCARD",
"name_on_card": "Test"
}
]
}
}{
"status": false,
"message": "Invalid request data — please check your payload and try again",
"response": null
}{
"status": false,
"message": "Unauthorized — the provided accessCode is missing or invalid",
"response": null
}{
"status": false,
"message": "Forbidden — you do not have permission to access this resource",
"response": null
}{
"status": false,
"message": "Internal Server Error — an unexpected error occurred, please try again later",
"response": null
}Initiate Checkout POST
Create a zero-amount checkout session to securely save the customer’s card with full 3DS authentication. For subsequent (first actual) transactions using the saved card, the checkout must be initiated with the actual payment amount, not a zero amount
Charge Saved Card POST
Charge a previously saved card server-to-server using the cardId from VERIFY