Firstoken API Docs
  • ⚙️API Reference
    • Firstoken API
      • Tokenization As A Service
        • Simple Tokenization
        • Simple Detokenization
        • Inspect Token
        • Delete Tokens
      • Transactions
        • Create a Transaction
        • Retrieve a Transaction
        • Inspect a Transaction
        • Delete a Transaction
        • Tokenize a Transaction
      • Proxy
        • Allowed Headers
        • Actions
        • Methods
          • POST - Proxy
          • GET - Proxy
          • PUT - Proxy
          • PATCH - Proxy
          • DELETE - Proxy
        • Get Payload Hash
        • Proxy JOSE
        • Proxy WSSEC
      • Inbound Routes
        • Create an Inbound - POST
      • Payments
        • Attributes of the Request
        • Common response
        • Endpoints
          • Authorizations
          • Reversals
          • Capture
            • Capture Refunds
            • Capture Void
          • Payments
            • Payment Refunds
            • Payment Void
          • Refunds void
          • Credit
            • Credit Void
          • Get Transaction Details
        • Decision Manager
          • How it works
          • Create decision
          • Update Decision
        • Risk Payer Authentication
          • How to use it
          • 3-D Secure Flows
            • Successful Frictionless Authentication
            • Unsuccessful Frictionless Authentication
            • Attempts Processing Frictionless Authentication
            • Unavailable Frictionless Authentication
            • Rejected Frictionless Authentication
            • Authentication not available on Lookup
            • Enrollment check error
            • Time-out
            • Bypassed Authentication
            • Successful Step-Up Authentication
            • Unsuccessful Step-Up Authentication
            • Unavailable Step-Up Authentication
            • Require Method URL
        • Point of Sale Payments
          • Authorization
          • Capture
          • Payment
          • Credit
  • 📖Guides
    • Firstoken Captures Hosted Iframe
      • How Firstoken Captures works
      • Generating a JSON Web Token
      • JSON form Schema
      • Iframe Communication
    • De-scoping Components
      • How Firstoken De-scoping Components works
      • Inbound Routes Module
        • Create an Inbound Route
        • Edit an Inbound Route
        • Delete an Inbound Route
      • Webhook Module
        • Create a Webhook
        • Edit a Webhook
        • Delete a Webhook
        • Webhook events
        • How to sign Webhooks data
      • Proxy Module
        • Create a Proxy
        • Edit a Proxy
        • Delete a Proxy
    • Firstoken Captures SDK JS
      • Getting Started
      • Functions
      • Type of Elements
      • Elements Options
      • CSS Object
      • Full Example of Usage
      • SDK versions
Powered by GitBook
On this page

Was this helpful?

  1. Guides
  2. Firstoken Captures Hosted Iframe

Generating a JSON Web Token

A JWT brings more security and flexibility to the captures process. A valid JWT must be passed within the “-t” query param in the URL source for the correct functionality of the iframe element. In this section, you will learn how to generate a valid JWT on your server-side and pass it into the iframe source.

The code below shows a Node.js example code to illustrate the generation of the JWT. You must replace the SECRET field with a valid SECRET code provided by Firstoken in the onboarding and account setup process team. If you do not have a SECRET code yet, please contact your representative agent to complete the setup process.

var nJwt = require('njwt');
var signingKey = SECRET;
var claims = {
    sub: "3a59a5d4-7069-4bbd-b1ab-faece289cfb7",
    form_id: "3d824b19-fbeb-4ecd-addb-fbc57e5c0545",
    origin: "http://example.com/"
}
var jwt = nJwt.create(claims, signingKey);
var token = jwt.compact();
console.log(token)

According to the above example code, you must send within the payload object of the JWT three required values. You can build in FirsToken Captures multiples forms and every form into an iframe object have an identifier. Have multiples forms is useful when you have different payment flows; for example, you can have a form with a CVV field and another form without CVV field and dynamically embed different iframes in every payment case. The table below depict every required value that you must insert into the payload object.

sub: Required

The identifier of your account. This value is unique for every client account in Firstoken. If you do not have an account identifier yet, please request to your representative agent to provide one.

form_id: Required

The identifier of the form invoking. This value is unique for every form in your account. You can have multiples form for different payments flow. A form is build using our owned form JSON Schema explained in the next section.

origin: Required

The origin is the URL of the window that received the final message sent from Firstoken Captures. Firstoken used the postMessage interface to send messages to form Firstoken Captures iframe to the windows that invoke it, and you can read this message on your client-side using a JavaScript listener. This interaction is explained in detail in the "Post message" section.

PreviousHow Firstoken Captures worksNextJSON form Schema

Last updated 1 year ago

Was this helpful?

📖