Charge Saved Card
Charge a previously saved card server-to-server using the cardId from VERIFY
Header Parameters
accessCodestring
Pass the merchant access code issued by Hesabe
Content-Typestring
application/json
datastring
Convert payload JSON object to encrypted string and send it to the server
Sample Encryption and Decryption Process:
The following steps demonstrate how to integrate with this API using sandbox credentials.
Step 1: Create JSON Object
{
"merchantCode": "842217",
"card_id": 2269,
"customer_id": 4026,
"amount": "9.900",
"order_reference": "INVOICE-2025-001"
}Payload Details:
Contains the list of parameters and their corresponding values required to make the API request.
| Field Name | Description | Required |
|---|---|---|
merchantCode | Pass the merchant code provided by Hesabe | Yes |
card_id | The cardId returned from the VERIFY callback | Yes |
amount | Amount in KWD — must be greater than 0 | Yes |
customer_id | Hesabe Customer ID — request is rejected if card does not belong to this customer | Optional |
order_reference | Your internal order or invoice ID | Optional |
Step 2: Convert the JSON object into an encrypted string format and post to Hesabe
{
"data": "0e7898bd7464d0c402fe8a949d9cbf9b3f8a3cdbac3bcb30fe330efbb740bbefb69c2c032a1899c3f082784570b76703f6b67e46ab96e13b391c9f7453543540cf2c20e99822d721384d96f9708174fa74229945c1524de89e7a22f8fe5e2de1e0ae2c3b403b90f06d0bd749e4a9888fb63c38759faba9b16e50f3f868cc9b1e"
}Step 3: Receive encrypted response from Hesabe:
{
"response": "60a8f6241932227b840a9f5e36987f4dbd3e4820a9bb083b46749f8fb5c5f34d167611cea6470cf957f3d69dd2e3b87667eb284af1c3126af56693ead8ccc924ffe84bb969ccedd3ec92cb887dad42bb5ae20a8ad66aa3e77afa29b945e6e53d2d65c986c3cf3647f1eb0c396370b04f6a4a0c5b39b81c24a60eacbaf9a849b98526f64a1e2af4d10171eaadd6f18c51b4994af19cfc5bb7571bc887fd97968443c2672f9033cc2ea0d5124548ae1307f959871289e03d8119f1865c0a22ff117e2ddb1da74ebc278ed4153b1dbfb93837786ebcede864c84a943893b4e0cbef9448cd7b059004ef82dc044425c99b6aca7ddd2eaa114c715ff90c485a0ad32c49726ac3333faee845ef4acf19350c18a61d602a4f6dd9ff0724c4906d8092e0ad05cc38ea6e63eae2ad99eeb12638f2173b779d1324dcf8e91c810a65d83a9bb432eced8083ae6b139408bc4527806648a07d5f1529a7a173b0b7d16c90b750e4285b1d5b482c77d1e79c7237d4a0de91ab330e69cec1d2423729c88e6b500ae5a0a1e49509549a17e6f6943620b300065cf6c09d8b707127d56b07c4c76343e3aa9614ec4390f2aaa955750af3ab426e784eb7035fe208afb002621cfb8b5f2003d31702dac698e2c916beb67c00b94a5b0c86522ede32f61c63e84684e8af4819f2166a788ae1a880b53e8235389101ec72d5c84b148226b9e12cc9c6b02ea8c6a385a54da48d966edf45316a71fc9bbbc4caec3720054f9ac32e500433f50245548e98e66a04a8db14a2f16fea8cc4e5cc12c2abf0c2b05e6c5900562b7e6ef717f9439cd43f85bea9fac4e166f561a7ccd1a8aeb1d88b2d9b84f74d7001e3cecbc8df2484a5b54c6611ec30cc5921eb4c6c1dedc9d86fc41f077185d03a019d46c9b9350bf79cc965860b391cf9cc2177dd00754b1e9f5a38fe0f809d411b1c89d0a5b12464d38dbad002af11ce736e9454dd235a5898a8a36adb0260d856a0d894f26aa85c19638f86dbf397357efdb42b8995b0ccb88374e55d792227"
}Step 4: Decrypt the api response and view the JSON output
{
"status": true,
"message": "Payment successful",
"response": {
"resultCode": "CAPTURED",
"amount": "9.900",
"baseAmount": "9.900",
"currency": "KWD",
"paymentToken": "84221717778836779887383787338",
"paymentId": "612408113675",
"paidOn": "2026-05-04 11:34:37",
"orderReferenceNumber": "INVOICE-2025-001",
"auth": "113675",
"trackID": "367353",
"transactionId": "84221717778836779887383787338_PAY",
"Id": 175584,
"bankReferenceId": "84221717778836779887383787338",
"variable1": null,
"variable2": null,
"variable3": null,
"variable4": null,
"variable5": null,
"administrativeCharge": "0.000",
"customer": {
"Name": "test ",
"Email": "test@gmail.com.com",
"Mobile": "66680499",
"NameOnCard": null,
"CardNumber": "444000xxxxxx0010",
"CardType": "VISA"
},
"cardId": null
}
}Response Body
application/json
application/json
application/json
application/json
application/json
const body = JSON.stringify({ "data": "0e7898bd7464d0c402fe8a949d9cbf9b3f8a3cdbac3bcb30fe330efbb740bbefb69c2c032a1899c3f082784570b76703f6b67e46ab96e13b391c9f7453543540cf2c20e99822d721384d96f9708174fa74229945c1524de89e7a22f8fe5e2de1e0ae2c3b403b90f06d0bd749e4a9888fb63c38759faba9b16e50f3f868cc9b1e"})fetch("https://sandbox.hesabe.com/api/direct-payment/charge-card", { method: "POST", headers: { "Content-Type": "application/json", "accessCode": "c333729b-d060-4b74-a49d-7686a8353481" }, body}){
"status": true,
"message": "Payment successful",
"response": {
"resultCode": "CAPTURED",
"amount": "9.900",
"baseAmount": "9.900",
"currency": "KWD",
"paymentToken": "84221717778836779887383787338",
"paymentId": "612408113675",
"paidOn": "2026-05-04 11:34:37",
"orderReferenceNumber": "INVOICE-2025-001",
"auth": "113675",
"trackID": "367353",
"transactionId": "84221717778836779887383787338_PAY",
"Id": 175584,
"bankReferenceId": "84221717778836779887383787338",
"variable1": null,
"variable2": null,
"variable3": null,
"variable4": null,
"variable5": null,
"administrativeCharge": "0.000",
"customer": {
"Name": "test",
"Email": "test@gmail.com",
"Mobile": "66680499",
"NameOnCard": null,
"CardNumber": "444000xxxxxx0010",
"CardType": "VISA"
},
"cardId": null
}
}{
"status": false,
"message": "Invalid request data — please check your payload and try again",
"response": null
}{
"status": false,
"message": "Unauthorized — the provided accessCode is missing or invalid",
"response": null
}{
"status": false,
"message": "Forbidden — you do not have permission to access this resource",
"response": null
}{
"status": false,
"message": "Internal Server Error — an unexpected error occurred, please try again later",
"response": null
}