Hesabe LogoHesabe Documentation
Integration Guides API ReferenceIntegration KitsSandbox EnvironmentTechnical SupportEmbedded Direct Payments & Saved Cards

List Saved Cards

Retrieve all reusable saved cards for a customer

GET
/api/direct-payment/cards

Query Parameters

datastring

Convert payload JSON object to encrypted string and send it as a query parameter

Sample Encryption and Decryption Process:

The following steps demonstrate how to integrate with this API using sandbox credentials.

Step 1: Create JSON Object

{
  "merchantCode": "842217",
  "customer_id": 4026
}

Payload Details:

Contains the list of parameters and their corresponding values required to make the API request.

Field NameDescriptionRequired
merchantCodePass the merchant code provided by HesabeYes
customer_idHesabe Customer ID (returned by POST /api/v2/customer)Yes

Step 2: Convert the JSON object into an encrypted string format and send as query parameter

GET /api/direct-payment/cards?data="0e7898bd7464d0c402fe8a949d9cbf9b191a5c36b416dd227c080e9e34889e37d5eaa841d20a93a3177b0671b29ce4a2"

Step 3: Receive encrypted response from Hesabe:

{
  "response": "60a8f6241932227b840a9f5e36987f4da8391cf5ed4b4f066f27c91f55ae51167640c3d0b033933180ef55bb559850bcdcc53426c04e9b5c028661a49f2b06a6d823b77344266a2a42d69c2fc6789f4581c1f7ccad36e4b66ba4bbdb76f7a0e61b94b45111552efbcd09cd1773343e810ecb5b6953446512db8e6b00d46cc0e42fcf2987d2b86e8d48d16e2a210dd11824745d9058572d7d2b533fe0c5b701bccd45508fa646fedee38e585cc5dc60233ed7a02e5b2ac76c08fc446abb1d94cba218c646996a59105e98881bf783b3247a112efbda418d64fe97833b7d9581b13ee6d92b78d56e7ccb2d5c87fe27868f26cd71fed199f2c5453e8f1ad8788a2306ff8bfe6761da92678c7a86f629fd78af72e58d81e2d8bdd4643cb1b615fd33c99abc695fbad010325e4a72dede8b4b9ef87947202012fd48771f94d40cdfdc873553bd6fe9045da0002569fe6b0bc76b53e7b932d76a6cc6d49b4d7a70cd8d4ac2e2fde3e2107e06f5d92296d9cadf444282a93bb4bad105c2a472ebbf6409c7d1549d7d4a8dbd38375b6163cb70903e08b830c76061077492bbb8df3c520720c876af9f9ace57daa2ed084114d875e3589e486a024d680f41ee0c1b7e09a47f0b4b783e5f3235957a72f5ec8ca765596a68feeaae4d9b7687c56282355022"
}

Step 4: Decrypt the api response and view the JSON output

{
  "status": true,
  "message": "Customer cards fetched successfully",
  "response": {
    "cards": [
      {
        "card_id": 2268,
        "card_number": "****0008",
        "expiry_month": "01",
        "expiry_year": "39",
        "brand": "MASTERCARD",
        "name_on_card": "Test"
      },
      {
        "card_id": 2269,
        "card_number": "****0010",
        "expiry_month": "01",
        "expiry_year": "39",
        "brand": "VISA",
        "name_on_card": "Test"
      },
      {
        "card_id": 2270,
        "card_number": "****2346",
        "expiry_month": "01",
        "expiry_year": "39",
        "brand": "MASTERCARD",
        "name_on_card": "HESABE"
      }
    ]
  }
}

Header Parameters

accessCodestring

Pass the merchant access code issued by Hesabe

Response Body

application/json

application/json

application/json

application/json

application/json

fetch("https://sandbox.hesabe.com/api/direct-payment/cards?data=0e7898bd7464d0c402fe8a949d9cbf9b191a5c36b416dd227c080e9e34889e37d5eaa841d20a93a3177b0671b29ce4a2", {  method: "GET",  headers: {    "accessCode": "c333729b-d060-4b74-a49d-7686a8353481"  }})
{
  "status": true,
  "message": "Customer cards fetched successfully",
  "response": {
    "cards": [
      {
        "card_id": 2268,
        "card_number": "****0008",
        "expiry_month": "01",
        "expiry_year": "39",
        "brand": "MASTERCARD",
        "name_on_card": "Test"
      }
    ]
  }
}
{
  "status": false,
  "message": "Invalid request data — please check your payload and try again",
  "response": null
}
{
  "status": false,
  "message": "Unauthorized — the provided accessCode is missing or invalid",
  "response": null
}
{
  "status": false,
  "message": "Forbidden — you do not have permission to access this resource",
  "response": null
}
{
  "status": false,
  "message": "Internal Server Error — an unexpected error occurred, please try again later",
  "response": null
}

Initiate VERIFY Session POST

Create a zero-amount checkout session to save a card with full 3DS authentication

Charge Saved Card POST

Charge a previously saved card server-to-server using the cardId from VERIFY