Introduction

The Mangopay Vault SDK allows you to securely tokenize an end user’s payment card for use in your application. A tokenized card is a virtual and secure version of the card that can be used for payment. It is very highly recommended that you use the Mangopay Vault SDK, rather than integrating the API endpoints directly. By doing so, you:
  • Avoid sensitive card details transiting your system
  • Benefit from PCI-DSS compliance
  • Receive ongoing support and updates
To use the Mangopay Vault SDK, you’ll need:
  • A Mangopay ClientId and API key (get a Sandbox API key for free)
  • A User to register the card for (see Testing - Payment methods for test cards)

Installation

You can install the Mangopay Vault SDK using npm or yarn.
Install with npm
npm install --save @mangopay/vault-sdk
Install with Yarn
yarn add @mangopay/vault-sdk

Creating the Card Registration

In your backend, create the Card Registration via the Mangopay API, using the Id of the user as the UserId . You must also define the currency and type of the card at this stage. 
{
    "Tag": "Created with the Mangopay Vault SDK",
    "UserId": "193020185",
    "CardType": "CB_VISA_MASTERCARD",
    "Currency": "EUR"
}
API response
{
    "Id": "193020188",
    "Tag": null,
    "CreationDate": 1686147148,
    "UserId": "193020185",
    "AccessKey": "1X0m87dmM2LiwFgxPLBJ",
    "PreregistrationData": "XBDYiG8w9PrylPS01KmupZunmK2QRHKIC-yUF6il3aIpAnKba1TGkR9VJe5lHjHt2ddFLVXdicolcUIkv_kKEA",
    "RegistrationData": null,
    "CardId": null,
    "CardType": "CB_VISA_MASTERCARD",
    "CardRegistrationURL": "https://pci.sandbox.mangopay.com/api/mangopay/vault/tokenize/eyJjbGllbnQiOiJjbGllbnRJZCIsInRva2VuIjoidW5xaXVlVG9rZW4ifQ==",
    "ResultCode": null,
    "ResultMessage": null,
    "Currency": "EUR",
    "Status": "CREATED"
}
The data obtained in the response will be used in the preregistrationData defined below.

Initializing the SDK

Initialize the SDK with your ClientId and select your environment (Sandbox or Production).
Initialization
import { MangopayVault } from '@mangopay/vault-sdk';

const options = {
  clientId: 'your-mangopay-client-id',
  environment: 'SANDBOX | PRODUCTION',
};

const vault = MangopayVault.initialize(options);

Providing data for tokenization

The SDK requires the following information to tokenize the card:
  • The end user’s card details (cardInfoObject) entered on the payment page (see Testing - Payment methods for test cards)
  • The Card Registration data (preregistrationData) previously returned by the Mangopay API

cardInfoObject

PropertyTypeDescription
cardNumber stringThe card number to be tokenized, without any separators.
cardExpirationDate string (Format: “MMYY”)The expiration date of the card.
cardCvx stringThe card verification code (on the back of the card, usually 3 digits).

preregistrationData

PropertyTypeDescription
Id stringThe unique identifier of the Card Registration object.
CardRegistrationURLstringThe URL to which the card details are sent to be tokenized.
AccessKey stringThe secure value used when tokenizing the card.
PreregistrationDatastringA specific value passed to the CardRegistrationURL.
errorsMgpTypedErrorA generic type describing the error report that is returned in case of an error.
Data for tokenization
const cardInfoObject = {
  cardNumber: '4970107111111119',
  cardExpirationDate: '1127',
  cardCvx: '123',
};

const preregistrationData = {
  id: createCardRegistrationResult.Id,
  cardRegistrationURL: createCardRegistrationResult.CardRegistrationURL,
  accessKeyRef: createCardRegistrationResult.AccessKey,
  data: createCardRegistrationResult.PreregistrationData,
};

Tokenizing the card

You can now tokenize the card with the card data obtained previously using the frontend SDK. The SDK automatically updates the Card Registration object to provide you with a CardId that can be used for payments.
tokenizePaymentMethod
const tokenizePaymentMethodResult = await vault.tokenizePaymentMethod(cardInfoObject, preregistrationData);
tokenizePaymentMethodResult
{
  "AccessKey": "1X0m87dmM2LiwFgxPLBJ",
  "CardId": "193441306",
  "CardRegistrationURL": "https://pci.sandbox.mangopay.com/api/mangopay/vault/tokenize/eyJjbGllbnQiOiJjbGllbnRJZCIsInRva2VuIjoidW5xaXVlVG9rZW4ifQ==",
  "CardType": "CB_VISA_MASTERCARD",
  "CreationDate": 1686643376,
  "Currency": "EUR",
  "Id": "193440893",
  "PreregistrationData": "_nfGWK2M2AY-H3lgOikqrLj8AggrYxTmIT6E0-gC3pi_kanrlI9ECtUTFz9bpEPj2ddFLVXdicolcUIkv_kKEA",
  "RegistrationData": "data=acIcnwwLleiAvlZUea5VxRdiKSkTpQi9C_4mwMDZj2dVqeVp2t5Ale0bTDDR67xRZV7S6MnMEyJzhjosylCjNfKlVqHrO6v9_p3mEzQNSjd6qFPuWUQSA1IhgrZj4v4eNx0xgKTVnyDj15oG8jR88g",
  "ResultCode": "000000",
  "ResultMessage": "Success",
  "Status": "VALIDATED",
  "Tag": null,
  "UserId": "193020185"
}
PropertyTypeDescription
AccessKey stringThe secure value used when tokenizing the card.
CardId stringThe unique identifier of the Card object.
CardRegistrationURLstringThe URL to which the card details are sent to be tokenized.
CardTypestringThe type of the card.
CreationDatetimestampThe date and time at which the object was created.
CurrencystringThe currency of the card.
IdstringThe unique identifier of the Card Registration object.
PreregistrationDatastringA specific value passed to the CardRegistrationURL.
RegistrationDatastringThe string returned by the tokenization server after tokenizing the card.
ResultCodestringThe code indicating the result of the operation. This information is mostly used to handle errors or for filtering purposes.
ResultMessagestringThe explanation of the result code.
StatusstringThe status of the card registration:
  • CREATED – The card registration has been created, but no RegistrationData has been entered yet and the CardId value is null.
  • VALIDATED – The card registration has been successfully updated with the RegistrationData from the tokenization server.
  • ERROR – The card registration couldn’t be updated with the RegistrationData and no CardId was generated. For more information, refer to the ResultCode (105206, 105299) and ResultMessage.
TagstringCustom data that can be added to this object.In the case of the Card Registration, this parameter can be used to facilitate the link between the User object and its equivalent on your platform for instance. This value will be inherited by the Card object Tag parameter and will not be editable.
UserIdstringThe unique identifier of the user the card belongs to.
errors`MgpTypedErrorA generic type describing the error report that is returned in case of an error.

Managing cards

You can use the following endpoints to manage cards:
  • View a Card provides key information about the card, including its Fingerprint which can be used as an anti-fraud tool
  • Deactivate a Card allows you to irreversibly set the card as inactive
Warning – End user’s approval needed to save card detailsUnder no circumstances should card information be kept without the end user’s approval. 
If you don’t have the end user’s approval, you need to deactivate the card systematically after use in your implementation.

Making card payments

You can use a registered card (CardId) for pay-ins with the following objects:
  • The Direct Card PayIn object, for one-shot card payments
  • The Recurring PayIn Registration object, for recurring card payments
  • The Preauthorization object, for 7-day preauthorized card payments
  • The Deposit Preauthorization object, for 30-day preauthorized card payments
Caution – Card validation within 24 hoursA successful transaction (preauthorization, pay-in, or recurring) within 24 hours of the card registration is required to validate a card. Otherwise, the card remains invalid and a new card registration will be necessary to make a payment.

Guide

Learn about all supported payment methods

Testing

Learn more about testing all payment methods