# Link Card ## OpenAPI Specification ```yaml openapi: 3.0.1 info: title: '' description: '' version: 1.0.0 paths: /api/payment-credential/v3/cof/link-card: post: summary: Link Card deprecated: false description: >+ The API returns **HTML**, allowing users to enter their credit/debit card details (**Visa, Mastercard, JCB, and UPI**) to link their card to your platform. Once the user has completed the linking process, **PayWay** will send the account details and token to the merchant via the **`callback_url`**. ![Link Card.png](https://api.apidog.com/api/v1/projects/831852/resources/374087/image-preview) Refer to the step-by-step integration guide [here](https://developer.payway.com.kh/credentials-on-file-4395178f0.md) for detailed instructions. tags: - Credentials on File parameters: - name: Content-Type in: header description: '' required: true example: multipart/form-data schema: type: string requestBody: content: multipart/form-data: schema: type: object properties: request_id: type: string description: >- Your request id. The request id shall be unique from your side. This id will be use to obtain the token details in the future. We only return the last record. Length from 5 to 24 characters long, consisting only of letters (uppercase and lowercase) and numbers, with no special characters or spaces allowed. example: '' request_time: type: string description: Request date and time in UTC format as YYYYMMDDHHmmss. example: '' merchant_id: type: string description: A unique merchant key which provided by ABA Bank. maxLength: 20 example: '' ctid: type: string description: >- This is your consumer identification number, which is a unique code used to identify you in the system. The string must be between 5 and 24 characters long and can only contain letters and numbers — no spaces or special characters. example: '' token_flag: type: string description: >- Possible value `CITI_FLEX`, `CITO_FLEX`. Make sue the flag is enable on your profile example: '' currency: type: string description: >- Transaction currency, the value is based on merchant profile. Possible value `KHR` and `USD`. example: '' callback_url: type: string description: >- Once the user links their card, the token details and other important information will be sent to the URL specified here. This field is optional. If left empty, the system will use the `pushback_url` defined in your profile by default. If you choose to provide a custom URL, please ensure that the domain is whitelisted in your merchant profile. Must be base64-encoded. example: '' continue_success_url: description: > After linking their card, the user will see a success screen with a **Done** button. Your `continue_success_url` will be embedded in this button. When the user taps **Done**, they will be redirected to your platform. Please ensure that the `continue_success_url` is **base64-encoded**. example: '' type: string hash: type: string description: >- Base64 encode of hash hmac sha512 encryption. **PHP Sample Code** ```js // public key provided by ABA Bank $api_key = "API KEY PROVIDED BY ABA BANK"; // Prepare the data to be hashed $b4hash = $merchant_id . $request_time . $ctid . $callback_url . $request_id . $token_flag . $frequency . $amount . $currency . $continue_success_url ; // Generate the HMAC hash using SHA-512 and encode it in Base64 $hash = base64_encode(hash_hmac('sha512', $b4hash, $api_key, true)); ``` example: '' required: - request_id - request_time - merchant_id - ctid - token_flag - currency - hash examples: {} responses: '200': description: >- Regardless of whether the request is successful or results in an error, PayWay will respond with an HTML page. This page can be rendered in an iFrame and displayed to the user. If there is an error, the user will see a clear error message. If the transaction is successful, the page will display a saved card screen, allowing customers to securely enter their card details directly on the PayWay-hosted screen. content: text/html: schema: type: object properties: {} headers: {} x-apidog-name: OK security: [] x-apidog-folder: Credentials on File x-apidog-status: released x-run-in-apidog: https://app.apidog.com/web/project/831852/apis/api-19336819-run components: schemas: {} securitySchemes: {} servers: - url: https://checkout-sandbox.payway.com.kh/ description: StillZeroBug security: [] ```