API Reference
Start typing to search…

PCI

For organizations that are not PCI compliant

PCI Configuration for Non-Compliant Clients

If your organization is not PCI compliant, MassPay will automatically enable a configuration flag upon account setup. This flag ensures that whenever PCI-sensitive information must be collected via the Get User Attributes for destination_token endpoint, the data will be gathered through a secure iframe interface.

Example Attribute Response

[
  {
    "input_type": "text",
    "token": "attr_8bff08d2-16e8-11f0-9853-02a851951a6d",
    "label": "Debit Card Information",
    "validation": "https://dev.members.masspay.io/pci/<token>",
    "is_optional": false,
    "type": "IFramePaymentCollection",
    "expected_value": "Display validation url in an iFrame",
    "last_attr_value_used": false
  }
]

validation Field

The validation field provides a URL that can be embedded in your application via an iframe or a webview. You can customize the appearance and behavior of the iframe by appending optional query parameters.

Optional Query Parameters

ParameterDescriptionAccepted Values
background_colorPage background colorHEX value (e.g., FFFFFF)
button_background_colorBackground color for submit/cancel buttons (requires show_button or show_cancel_button)HEX value
button_text_colorText color for submit/cancel buttons (requires show_button or show_cancel_button)HEX value
input_background_colorBackground color of input fieldsHEX value
text_colorText color for page contentHEX value
show_logoDisplay your configured logotrue or false
show_buttonDisplay a submit button. If false or omitted, submission occurs on input blurtrue or false
show_cancel_buttonDisplay a cancel buttontrue or false
return_urlURL to redirect to after a successful submissionFull URL

PostMessage Events

The iframe will communicate back to the parent window using the postMessage API. Below are the possible event payloads:

1. Successful Submission

{
  "action": "submit",
  "attr_set_token": "attr_set_1d147a0e-3408-472c-926d-6f74e7e23532"
}

Use the attr_set_token when initiating a payout.

2. Validation Failure

{
  "action": "form_not_valid"
}

Indicates that one or more fields failed validation.

3. User Cancelled

{
  "action": "cancel"
}

Triggered when the user presses the cancel button.