GuestyPay Tokenization Flow

How to safely tokenize credit card details for the GuestyPay payment method.

Overview

There are two primary steps to creating a guest payment method through GuestyPay for reservations.

  1. Collect and tokenize the guest's credit card.
  2. Create the guest payment method.

 

Create a Guest Payment Method Sequence Diagram

Figure 1.0. Create a Guest Payment Method Flow


Step 1: Tokenize the Guest's Card


📘

Determine the Payment Processor ID

The API will automatically identify a property's payment processor when you include the listingId in your tokenization request. Even then, it is a best practice to include the paymentProviderId as well. You can retrieve it with the following request.


Payment Form and SDK

The quickest, easiest, and recommended way to facilitate payments on your website is by using our payment form SDK. Guesty offers a JavaScript SDK that supports multiple payment methods, ensuring that your guests enjoy a personalized and hassle-free checkout process. It's secure and PCI-compliant. You can access it at the links below.

Please note that the SDK only supports the GuestyPay.


Resources

❗️

Directly Interfacing with the API

Interfacing with the API directly, using the resources outlined below, should only be attempted if the SDK cannot be adapted for your use case. Even then, please contact Customer Experience and we will assist you with it. We plan to offer the SDK as the only method in the near future.


Available Endpoints

MethodEndpoint
POSThttps://pay.guesty.com/api/tokenize/v2

Payload

Body ParameterData TypeDescriptionRequired
paymentProviderIdstringThe payment processing account ID as stored in Guesty - Learn more.✔️
listingIdstringThe ID of the property being booked.✔️
cardobjectCredit card details.✔️
billing_detailsobjectBilling details.✔️
threeDSobject3D Secure validation (refer to the threeDS Object table below).✔️
merchantDataobjectSee the Merchant Data section below.

Card Object

This table describes the parameters of the card object from the Payload table above.

Body ParameterData TypeDescriptionRequired
numberstringCredit card number.✔️
exp_monthstringExpiration month in 2 digits string format ("04").✔️
exp_yearstringExpiration year in 4 digits string format ("2024").✔️
cvcstringCard verification code. Three digits in string format.✔️

Billing Details Object

These are the parameters of the billing_details object from the Payload table above.

Body ParameterData TypeDescriptionRequired
namestringCardholder name.✔️
addressobjectBilling address.✔️

Address Object

Here are the parameters of the address object from the billing_details object in the previous section above.

Body ParameterData TypeDescriptionRequired
citystringCity. Max length 50 characters.✔️
countrystringThe ISO 3166 Alpha-2 country code.✔️
line1stringStreet name and number. Max length 50 characters.✔️
postal_codestringPostal code. Max length 20 characters.✔️

threeDS Object

Guesty offers two parameters that can help guide the user toward the next step in your booking process after an authentication attempt.

  1. successURL is the next step in your booking flow after a successful authentication attempt. For example, post the token as the guest's payment method and provide the user with a booking confirmation message.

  2. failureURL is the next step in your process after authentication fails. Your website/application should redirect the guest to the relevant page to either try again, provide an alternate payment method, or follow any other process you have in place for invalid credit cards.


Body ParameterData TypeDescriptionRequired
amountnumberThe total amount of the future payment.✔️
currencystringThe currency code. E.g. "USD"✔️
successURLstringURL for redirect after successful authentication.
failureURLstringURL for redirect after a failed authentication.

🚧

Success and Failure URLs

If you don't provide any URLs, the user will be redirected to a blank white page after attempting to authenticate. To avoid this, we suggest specifying the URL of the next step in your booking process, based on the authentication result, for a better user experience.


Merchant Data

Body ParameterData TypeDescriptionRequired
freeTextstringAny text you may wish to retain for future reference. E.g., "PayeeId-1234567".
transactionDatestringThe ISO 8601 date and time (YYYY-MM-DDTHh:Mm.ss.sssZ).
transactionDescriptionstringDefine your transaction for ease of reference.
transactionIdstringEnter the transaction ID you require for your systems.

Example

Request

curl --location 'https://pay.guesty.com/api/tokenize/v2' \
--header 'Content-Type: application/json' \
--data '{  
    "listingId": "64f03f9094d741004fda977d",
    "card": {
        "number": "4580458045804580",
        "exp_month": "12",
        "exp_year": "2024",
        "cvc": "123"
    },
    "billing_details": {
        "name": "John Smith",
        "address": {
            "line1": "20 W 34th St",
            "city": "New York",
            "postal_code": "10001",
            "country": "US"
        }
    },
     "threeDS": {
        "amount": 500,
        "currency": "USD",
        "successURL": "https://book.pms.com?{orderN}",
        "failureURL": "https://book.pms.com/fail?{orderN}"
    },
     "merchantData": {
        "freeText": "PayeeId-1234567",
        "transactionDate": "2023-11-14T12:12:33.162Z",
        "transactionDescription": "Descriptor",
        "transactionId": "Reservation-2000583"
    }
}

 

Response

Body ParameterData TypeDescription
_idstringThe ID of the newly tokenized card. It is a parameter in add payment method API.
threeDSobjectContains the authentication URL ("authURL").

Send the authURL to the user to authenticate the payment method. Once the authentication process is complete, the user is redirected to either the successURL or failureURL specified in the tokenization request, depending on the outcome.

If authentication is successful or noauthURL is returned in the response (the issuer didn't require it), you may proceed to use the token_id to create the guest payment method.


Response

{
    "_id": "64d4d01f1884841581a7768e",
    "threeDS": {
        "authURL": "https://api.checkout.com/sessions-interceptor/sid_.....",
    }
}

Step 3: Create the Guest Payment Method

This action is part of the second step of the Open API's booking process. You will use the token you've generated to create the payment method. For a detailed explanation and examples, see Create a Guest and Payment Method


Troubleshooting

The reservation was created without a payment method

This may be due to either of the following:

  1. The credit card was tokenized in a different payment processor account than the one assigned to the listing. Determine the correct account using the Get payment provider by listing and Get provider stats.
  2. The payment processor or credit card issuer reported an issue. Check your payment processor extranet for error messages and see our Help Center troubleshooting articles.
How can I be sure the payment method succeeded?

The reservation object payload will show the payment object, nested under the money.payments section.

Error 402: ERR_BAD_REQUEST

When the data of your response contains the messages: "Request contradicts clearing interface configuration" and"Bad Bin or Host Disconnect", it means there is an issue with your GuestyPay account and it could be offline. To remedy this, contact Customer Experience

Does GuestyPay have a test environment?

Currently, GuestyPay is only available as a live environment. You will need a valid real credit card to test payments.