# 3. Initiate Pay #### API Endpoints {% tabs %} {% tab title="Production Endpoint" %} ``` Direct Pay Production Base URL /InitiatePay ``` {% endtab %} {% tab title="Sandbox Endpoint" %} ``` Direct Pay Sandbox Base URL /InitiatePay ``` {% endtab %} {% endtabs %} #### **Sample Request & Response** The request body should include the following fields: {% tabs %} {% tab title="Sample Request" %} ``` "Initiate pay request{ "ReferenceId" : "xxxxxxxxx",//15-digit reference id received in the validate requet response "MerchantId": xxxxxx, //merchant code "ECardData" = "encryptedCard", //card data encrypted using AES Encryption "ECardKey" = "encryptedKey", // Encrypt the 32 digit AES key using the public key "ACS_CallbackURL"= "call back url for 3DS"+ReferenceId //optional } }; ``` {% endtab %} {% tab title="Sample Response" %} ``` { "errorCode": 0, "errorMessgae": "SUCCESS", "result": { "authentication": { "the3Ds1": null, "the3Ds2": null, "acceptVersions": null, "channel": null, "purpose": null, "redirect": { "customized": null, "domainName": "ap.gateway.mastercard.com", "html": "
" }, "redirectHtml": null, "version": "3DS2", "the3Ds": null, "method": "OUT_OF_BAND", "payerInteraction": null } } } ``` {% endtab %} {% endtabs %}
Field NameTypeDescription
ReferenceIdstring15-digit reference id received in the validate requet response
MerchantIdstringMerchant code
ECardDatastringThe encrypted card data encrypted using AES encryption with a 32-bit key. Explained below
ECardKeystringThe AES encryption key, encrypted using an RSA public key generated at here
ACS_CallbackURLstringExplained here
### Explanation of the `ECardData` Encryption Object The `ECardData` field in the request is an encrypted representation of the sensitive card details. The following explains the object that is encrypted using AES encryption before being included in the API request: ``` { "CardNumber": "xxxxxxxxxxxxxxxx",//16-digit card number "CardName": "John Doe", //Name mentioned on card "CardExpiry": "mm/yy", //month/year format "CardCVV": "xxx" //3 decimal number } ``` ### ACS\_CallbackURL * If empty, the 3D Secure callback will be handled by the provider, and the user will be redirected to call back url provided in the step 1. For more info about redirection refer [here](/sample-code/3.-callback-merchant-portal.md). * If provided, the 3D Secure callback will be sent to the merchant's specified URL, and the merchant must call the API at [here](/direct-pay/4.-process-payment.md) for further processing. ### Response Explaination Upon receiving the response from the InitiatePay API, the merchant must verify the errorCode to determine the next steps. If the errorCode is 0, indicating a successful initiation, the merchant should parse the result object and render the HTML content provided in ***result.redirect.html*** to proceed with the 3DS authentication process. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://checkoutdocs.oneglobal.com/direct-pay/3.-initiate-pay.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.