Hosted Vault Method
This document provides technical specifications for adding customer information and financial data for future rebills through the Tranzpay gateway by interfacing with the Gateway API and a Hosted Vault Entry Page. We have written this specifically for web designers and professionals who implement and support the intended systems. We use HTTPS POST to transmit and receive data.
To reduce your PCI DCSS requirements and liability, and eliminate sensitive card data footprints in your environment, Tranzpay provides a Hosted Vault Solution that provides the ability for customers to add their payment information for future rebills while adhering to all PCI requirements.
Summary of Steps Required
- Send non-secure customer data in initial request to prefill Customer Name, Address, Phone, Email, Policy Number, along with your PostBack and RedirectUrl to capture and store payment results.
- Receive encrypted link via API Response to prefilled vault entry form.
- Using tokenized link, customer will enter payment information to store in PCI secure vault for future use (rebill).
- Data is saved and customer is sent to provided RedirectUrl.
- Provided PostBackUrl receives POST response and stores response in database.
ThirdPartyCallID must be unique to every transaction.
PostBackUrl is your API page set up to process a POST request containing results of saved entry.
RedirectUrl is the page the customer will be directed to to view the results of the saved entry from the Postback results provided to the PostBackUrl.
CancelUrl is the page the customer will be directed to if the vault entry is cancelled before completion, or the session times-out.
AddVault should be “Y” to save payment information for future use in the Customer Vault.
CustomerID should be a minimum of 6 characters with no spaces.
To test and view the postback response within the page, it is recommended to use
tranzpaydev.com/testThirdPartyCheck.php in the RedirectUrl field and tranzpaydev.com/testSilentPostBack.php in the PostBackUrl field. These pages are for demonstration purposes only.
Sample Initial Response
SUCCESS or FAILED
Token ID for Vault Entry (Saved Payment Information)
Transaction type. (“ThirdPartyAddCustomer”)
Bank Routing Number.
9 Digit Routing Number
Bank Account Number.
Last 4 Digits of Account Number
Bank Account Type.
CH = Checking SV = SAVINGS
Payment method card type.
Visa, Mastercard, Discover, Amex
Last four digits of account number.
2 digit month and 2 digit year
Transaction Payment Type (CC or ACH)
02/04/2020 1:21:30 pm
Unique ID assigned by merchant for transaction.
Customer policy number or equivalent.
Returned error Message.
Sample Postback Success Return
Sample Postback Failed Return
Values above can be fetched in PHP via $_POST variables. Example: on the Post Back url page just use $_POST[‘Status’] to fetch “SUCCESS” or “FAILED”.
Postback response contains ‘CustomerID’ if the customer’s information was successfully added the vault. Using the ‘CustomerID’ the following functions are available:
Billing a Customer:
To bill a vaulted customer that was previously added to the Customer Vault, provide the CustomerID and then utilize one the following API requests:
Updating a Vault Record:
To update a customer record in the vault, provide the CustomerID and utilize the UpdateCustomer request.
View Vault Record:
To view details of a previously stored Vault record, provide the CustomerID and utilize the GetCustomer API Request.
Demo Account Credentials
Log on to Tranzpay’s Demo Account to explore the payment gateway at https://demo.tranzpay.com. You many verify your transactions processed successfully by using listed credentials or by using any credit card. Data created with test credentials will never hit the credit card networks and are void of costs.
Test transactions can be submitted with the following information: