# Charge Card ## Charge Card `POST` `https://a1pay.net/api/cardpayment/paynow` #### Request Body | Name | Type | Description | | ----------------------- | ------- | -------------------------------------------------------------------------------------- | | PIN | string | 4 digit PIN of the card | | CardId | number | 0 if this is a new card, or Id of selected card if user is using an existing card | | UserId | integer | Id of the logged in user | | CVV | string | User's CVV also known as CVC | | RecipientNameResolved | boolean | set to true | | ClientReference | string | set to .PostData.TransactionCode of the selected OnlinePaymentOptions\[] array element | | Medium | string | set to 'web' or 'mobile' depending on your platform | | UserPhoneNumber | string | set to .PostData.PhoneNumber | | UserEmail | string | set to .PostData.EmailAddress of the selected OnlinePaymentOptions\[] array element | | ResolvedBeneficiaryName | string | set to .PostData.TransType of the selected OnlinePaymentOptions\[] array element | | BeneficiaryEmail | string | | | BeneficiaryName | string | set to .PostData.TransType of the selected OnlinePaymentOptions\[] array element | | BeneficiaryPhone | string | | | Amount | number | set to .PostData.AmountExpected of the selected OnlinePaymentOptions\[] array element | | Fee | number | set to 0 | | RecipientBankCode | string | set to 'wallet' | | BeneficiaryAccount | string | set this to 'wallet' | {% tabs %} {% tab title="200 Transaction initialized" %} ```javascript { "status": "success", //or error. If error, data will contain the error message "data": { "Use3DSecure": false, //if true load AuthURL in a webview "OTPMessage": "Kindly enter the OTP sent to *******3337 and o*******@yahoo.com", "AuthURL": "", "GatewayReference": "", "TransactionId": "12345", "OTPValidationEndpoint": "https://www.a1pay.net/home/api/CardPayment/OTPValidation", "ReferenceCode": "" } } ``` {% endtab %} {% endtabs %} {% hint style="warning" %} **Very important.** The entire request body needs to be serialized to JSON and encrypted using AES before posting to the endpoint. The encryption should follow these steps:\ 1\. Convert the user token base 64 string. Then convert to byte array of length 16. If the array length is less than 16 add empty bytes to make up 16. Use this as the AES Key\ 2\. Repeat step 1 above for your Secret Key and use this as the AES IV {% endhint %} ### Where to go from here? Once you have called the endpoint successfully, check If **`status == "success"`** then you can proceed to inspect the data object. If not, then data will contain the error message. \ If **`data.Use3DSecure == true`**, then you need to load **`data.AuthURL`** in a webview, otherwise, display **`data.OTPMessage`** as a prompt to the user with a text input field to accept user's OTP. ```javascript if (Response.data.Use3DSecure) { //transaction can only go through 3D secure //Load Response.data.AuthURL for the user in a webview, or browser page } else { //show OTP screen to user //Response.data.OTPMessage: will contain the message you need to display to the user //Response.data.OTPValidationEndpoint will contain the endpoint to post the OTP to } ```