Developer Suite
Register Sandbox
Register Sandbox
    • Overview
    • API Endpoints
    • Ecommerce Checkout
      • Purchase
        POST
      • Get a transaction details
        POST
      • Close transaction
        POST
      • Check transaction
        POST
      • Refund API
        POST
      • Get transaction list
        POST
      • Exchange rate
        POST
    • Checkout Plugins
      • Prestashop
      • Woocommerce
    • Credentials on File
      • Link Account
        POST
      • Link Card
        POST
      • Purchase using token
        POST
      • Remove account token
        POST
      • Remove card token
        POST
      • Get linked account details
        POST
    • ABA QR API
      • QR API
        POST
    • Payment Link
      • Create payment link
        POST
      • Get payment link details
        POST
    • Pre-auth
      • Complete pre-auth transactions
        POST
      • Complete pre-auh transaction with payout
        POST
      • Cancel pre-purchase transaction
        POST
    • Payout
      • Payout
      • Update a beneficiary status
      • Add a beneficiary to whitelist
    • KHQR Guideline
    • Resources

    Credentials on File

    1. Introduction#

    Credential on File (CoF) is an innovative solution that allows businesses to securely store customer payment details for on-demand or automatic future payments. Customers save their ABA account or their credit/debit card once, and they can make future payments without re-entering their details.

    Common Use Cases:#

    Subscription Services – Automatic recurring billing for weekly/monthly plans
    One-Click Purchase – Faster checkout experience for returning customers
    Recurring Bills - Utilities, insurance, loan payments processed automatically
    Usage-Based Billing - Dynamic charging based on consumption metrics

    2. How it works#

    ABA Account
    Credit/Debit card
    1.
    The customer selects "Link ABA Account” on your platform.
    Desktop users will see a QR code to scan with ABA Mobile. Mobile users are sent via deeplink to open ABA Mobile
    The user confirms and authorises the account link in the app.
    PayWay generates and sends a secure token to your platform.
    2.
    You store the token securely for future payments.
    3.
    When the customer wants to pay, they select their linked ABA account and process the payment.
    4.
    PayWay processes the transaction and confirms the status.

    3. Set up your COF UI#

    To integrate PayWay Credentials on File and allow your customers to add their ABA account or Credit/Debit card to your platform, you must have UI section where customers can:
    Add or link their ABA account or credit/debit card
    View all their saved payment methods
    Remove any linked payment method when needed
    You must follow PayWay Credential on file guidelines to ensure proper customer card/account storage.
    Web UI Guideline
    To store ABA accounts or cards securely on your website
    Mobile UI Guideline
    To store ABA accounts or cards securely on your mobile apps

    4. Integration Steps#

    1
    Linking Process
    Link ABA Account
    Link Credit/Debit Card
    To allow your customers to link their ABA account on your platform, use the Link Account API. Here’s a sample of a successful API response:
    {
  "status": {
    "code": "00",
    "message": "QR generated successfully"
  },
  "deeplink": "abamobilebank://ababank.com?type=account_on_file&qrcode=ABAAOF...uGTSatzgFses",
  "qr_string": "ABAAOF+hEGxkym0GCTuGTSatzgF...Bi2Q/+xEVex6SbF19enqLB2xU46jTzVY",
  "qr_image": "https://payway-staging.ababank.com/assets/abaqr/aba8f8...0a6e68c5616",
  "expire_in": 1627113926
}
    Web Browser
    Mobile Browser
    Android
    iOS
    Display a QR code using qr_string or qr_image for customers to scan with ABA Mobile and authorise the account linking.
    After user linked their ABA account, PayWay will call your return_url param and passing the following information. Your return_url must accept http method POST and content type application/json.
    {
    "tran_id": "aof-rq-1741840838",
    "apv": "",
    "status": 0,
    "return_params": {
      "ctid": "6451397de98d966...e7f5db97738209",
      "payment_status": "",
      "card_status": {
        "status": "00",
        "pwt": "645139774AF0ED859615580A1...B992C374",
        "mask_account": "*****1481",
        "expired_in": 1747024840
      },
      "return_param": "{YOUR RETURN PARAMS DURING INITIATE LINK ACCOUNT}"
    }
  }
    tran_id string
    Transaction id auto generate by payment gateway
    apv string
    Approval code. Since this is a linked account without a purchase, this field will always be empty
    status string
    The value is always 0, which represents success.
    return_params object
    ctid string
    Consumer Token Identification. This is a unique token automatically generated by the payment gateway to identify the consumer securely.
    payment_status string
    Since this is a linked account without a purchase, this field will always be empty.
    card_status object
    status string
    The value is always 00, which represents success.
    pwt string
    PayWay token. his is a unique token automatically generated by the payment gateway to identify ABA Account.
    mask_account string
    Masked ABA account. Only the last 4 digits are shown.
    expired_in int
    The token expiration date, represented as a timestamp.
    return_param string
    Your return_param contains the information you sent to the payment gateway during the link account initiation process.
    If you encounter issues with the pushback notification and do not receive the details, you can manually retrieve the linked account information using the Get link account details API.
    2
    Purchase using token
    To perform purchase using the token, please follow the specification of Purchase using token API
    Previous
    Woocommerce
    Next
    Link Account