Card Payments — Using the API (your own inputs)
If you collect card data with your own form inputs (instead of Ozura’s secure Elements or Checkout page), you need to understand the PCI/DSS scope implications for your application. Handling cardholder data on your systems increases your compliance scope and security responsibilities. If you want your own checkout UI but want card data to never touch your server, use Elements so tokenization happens in the browser.Flow
- Tokenize — From your server, call
POST /tokenizewith card number, expiry, and optionally CVV. See API Reference → POST /tokenize for request/response. - Store — Save the returned
tokenand, if you sent CVV,cvc_session_id. Use the token in Proxy requests; CVC session is short-lived (90 seconds; use test tokens for long-lived test CVC). - Charge — Send the token to your payment processor via the Proxy (see API Reference → POST /proxy/transaction) or use PayAPI (e.g. transactions).
Next steps
- Using Elements — Your own checkout UI with our Elements; card data never touches your server.
- Proxy — Forward tokenized card data to your PSP without handling raw card data.
- PayAPI transactions — Process payments with PayAPI.
- API Reference — Tokenize — Full request/response for
POST /tokenize. - API Reference — Proxy — Full request/response for
POST /proxy/transaction.