# Link Card

## OpenAPI Specification

```yaml
openapi: 3.0.1
info:
  title: ''
  description: ''
  version: 1.0.0
paths:
  /api/payment-gateway/v1/cof/initial:
    post:
      summary: Link Card
      deprecated: false
      description: >
        The API returns **HTML**, allowing users to enter their credit/debit
        card details (**Visa, Mastercard, JCB, and UPI**) to link their card to
        your platform. Once the user has completed the linking process,
        **PayWay** will send the account details and token to the merchant via
        the **`return_url`**.


        :::highlight orange 💡

        Before using this API, please ensure that your profile has the Card on
        File feature enabled.

        If your merchant profile has not enabled this feature yet, please
        contact our merchant digital support at digitalsupport@ababank.com for a
        sandbox profile.

        For a production merchant profile, please contact our merchant
        acquisition team at paywaysales@ababank.com.

        :::


        Place this code snippet to your project and point `action` of the form
        to the correct url environment.


        ```html


        <!doctype html>

        <html lang="en">
           <head> 
              <meta charset="utf-8"> 
              <meta http-equiv="X-UA-Compatible" content="IE=edge">
              <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
              <meta name="description" content="">
              <meta name="author" content="PayWay">
              <title>PayWay Add Card Sample</title>
         
              <link rel="stylesheet" href="{payway based url}/checkout-popup.html?file=css"/>
              <style type="text/css">
                 /* Your css style*/
              </style>
           
              <script src="{payway based url}/checkout-popup.html?file=js"></script>
              <script>
                $(document).ready(function () {
                $('#add_card_button').click(function () {
                AbaPayway.addCard(); 
                }); 
              });
              </script>
           </head> 
           <body> 
              <div class="container">
                <a href="#" id="add_card_button" class="btn btn-primary add-to-card">Add New Card</a>
              </div>
              <!-- The Modal -->
              <div id="aba_main_modal" class="aba-modal">
                 <!-- Modal content --> 
                 <div class="aba-modal-content add-card"> 
                    <form method="POST" target="aba_webservice" id="aba_merchant_add_card"  action="{payway based url}/api/payment-gateway/v1/cof/initial?lang=en">
                      <input type="hidden" name="firstname" value="Samnang"/>
                      <input type="hidden" name="lastname" value="Sok"/>
                      <input type="hidden" name="phone" value="0123456789"/>
                      <input type="hidden" name="email" value="sok.samnang@gmail.com"/>
                      <input type="hidden" name="ctid" value="239acf04eace99ea1590857c7066acf260e"/>
                      <input type="hidden" name="merchant_id" value="###"/>
                      <input type="hidden" name="return_param" value="rp-1582083583"/>
                      <input type="hidden" name="hash" value="###"/>
                    </form>
                 </div>
              </div>
           </body>
        </html>


        ```
      tags:
        - Credentials on File
      parameters:
        - name: Content-Type
          in: header
          description: ''
          required: true
          example: multipart/form-data
          schema:
            type: string
      requestBody:
        content:
          multipart/form-data:
            schema:
              type: object
              properties:
                merchant_id:
                  description: A unique merchant key which provided by ABA Bank.
                  example: ''
                  type: string
                ctid:
                  description: 'Your consumer identification number. '
                  example: ''
                  type: string
                return_param:
                  description: >-
                    Extra information that you want to include when payment
                    gateway call your return_url. 
                  example: ''
                  type: string
                firstname:
                  description: Your consumer first name.
                  example: ''
                  type: string
                lastname:
                  description: Your consumer last name.
                  example: ''
                  type: string
                email:
                  description: Your consumer name.
                  example: ''
                  type: string
                phone:
                  description: Your consumer phone.
                  example: ''
                  type: string
                return_url:
                  description: >-
                    Once the user has linked their card, the details of the
                    token and other important information will be sent via this
                    URL.

                    This is an optional field. If left empty, it will default to
                    the merchant profile’s `pushback_url`.

                    If you provide a value, ensure that your domain is
                    whitelisted in your merchant profile.
                  example: ''
                  type: string
                continue_add_card_success_url:
                  description: >-
                    After linking their card, the user will see a success screen
                    with a **Done** button.

                    Your `continue_add_card_success`_url will be embedded in
                    this button. When the user taps **Done**, they will be
                    redirected to your platform.
                  example: ''
                  type: string
                hash:
                  description: >+
                    The hash is a Base64-encoded HMAC-SHA512 hash of the
                    concatenated values: `merchant_id`, `ctid`, and
                    `return_param`  with `public_key`.


                    **PHP Sample Code**

                    ```php

                    // public key provided by ABA Bank

                    $api_key = "API KEY PROVIDED BY ABA BANK";

                    // Prepare the data to be hashed

                    $b4hash =  $merchant_id . $ctid . $return_param;

                    // Generate the HMAC hash using SHA-512 and encode it in
                    Base64 

                    $hash = base64_encode(hash_hmac('sha512', $b4hash, $api_key,
                    true));

                    ```

                  example: ''
                  type: string
              required:
                - merchant_id
                - return_param
                - hash
            example: ''
      responses:
        '200':
          description: ''
          content:
            '*/*':
              schema:
                type: object
                properties: {}
                x-apidog-orders: []
          headers: {}
          x-apidog-name: OK
      security: []
      x-apidog-folder: Credentials on File
      x-apidog-status: released
      x-run-in-apidog: https://app.apidog.com/web/project/831852/apis/api-14530829-run
components:
  schemas: {}
  securitySchemes: {}
servers:
  - url: https://checkout-sandbox.payway.com.kh/
    description: StillZeroBug
security: []

```