Paysafe.js allows merchants to create a customized payment form while still complying with the least demanding level of PCI compliance, SAQ-A. Each of the sensitive payment fields (card number, cvv, and expiry date or expiry year and month) are displayed in their own small iframe hosted on Paysafe's servers. The user input and storage of these fields is handled by Paysafe. Paysafe.js makes use of the Customer Vault and Card Payments REST APIs.


  • Complies with PCI SAQ-A.
  • Paysafe handles security for the sensitive fields.
  • Extensive customization options allow you to create your own payment form that matches your website.
  • Create as many translated or localized versions of your payment form as required.
  • Fast page load times.
  • No redirection required.
  • Embeds naturally and remains invisible.
  • Supports processing payments with 3D Secure enabled cards.

Before You Begin

Before continuing, you will need to obtain your standard server-to-server API key and a single-use token-generating API key from the merchant back office.

The single-use token-generating API key is used in your JavaScript code on the client to generate single-use tokens from customer credit cards and bank accounts. Unlike, the server-to-server API key, this key has no ability to take payment or carry out any other operation, and can therefore be safely exposed in your client side code.

The obtain a single-use token-generating key:

  1. SIGN UP to get a test account, if you haven't already done so.
  2. Login to the test back office. Sign in with the username and password you used when signing up for the test account. You should now see the API key page.
  3. In the Single-Use Token area, click the Create button.
  4. You will receive a security token by email. Enter this token and click Next.
    The Single-Use Token area in the API key page updates to show the username and password for the single-use token API key.
  5. If you haven't already done so, take a copy of the user name and password for the Server to Server API key as well. You will need this (and your account ID in your signup email) for taking payments with the generated tokens.

Paysafe.js uses the Base64-encoded version of the single-use token API key constructed by concatenating the user name and password separated by a colon and Base64 encoding the result. You can use a site like https://www.base64encode.org/ to do the base 64 encoding. See authentication for more details.

Try Now

Enter a test card value below e.g. 4111 1111 1111 1111, a valid future expiry date, a random three digit CVV, and click Pay for a successful tokenization. The token will then be shown in the Curl example below which shows how you can take payment on your server. Try this out in a Unix / Cygwin terminal to see the API response. If you have python installed, then we recommend that you add the following to the end of the Curl request to format the response | python -m json.tool

Payment Details

Link to codepen for the above example

curl -X POST https://api.test.paysafe.com/cardpayments/v1/accounts/1001134830/auths \
  -u test_vniezsai:B-qa2-0-59564dfa-0-302c021426a55dde98dc2a052cccc1ddc8daa776a7a4fe2e0214080388fded986767abc445e58af123c01003cb8b \
  -H 'Content-Type: application/json' \
  -d ' {
    "merchantRefNum" : "payment-token-demo-1",
    "amount" : 5000,
    "card" : {
   } '

How to Use the SDK

  1. Create an HTML payment form with the content (text, images, etc.) and style you require. The video below describes how to create a custom payment form.

  2. Include the Paysafe.js JavaScript SDK in the header of your HTML payment form.
  3. Add empty container elements (typically divs) to your HTML for each of the sensitive payment fields, e.g., card number, cvv, and expiry date.
  4. Call the SDK setup function with your single-use token API key. The setup function inserts iframes hosted on Paysafe's servers inside these containers. These iframes contain input fields to capture the payment data.
  5. Finally, add a tokenize function to the Pay button's click event. This returns a single-use payment token. The token representing the card data entered by the user is stored in the Customer Vault. Single-use tokens are valid for only 5 minutes and are not consumed by verification.
  6. Send the token to your merchant server, where the standard Card Payments API authorization endpoint can be used to make payment.

Single-use tokens are valid for 5 minutes before they expire. You can convert them to re-usable, permanent payment tokens, which enable you to implement capabilities such as recurring billing (perhaps used to pay a subscription) or a "remember me" feature.

You can convert single-use tokens to permanent tokens in the following ways:

  • By using them to create a profile in the Customer Vault. If the token is for a card payment, Paysafe recommends that before you create the profile, you should verify that the token corresponds to a valid card. If the token is for a DD payment, ensure that you create the profile for the correct bank account type: ACH or EFT.
  • For DD payments, use the single-use token in a request to either the /standalonecredits or /purchases endpoint that includes "replaceWithMultiUsePaymentToken": true.

Enhancing the Payment Form

You can enhance the Payment form in two ways:

  • Styling the payment fields by passing any of the supported subset of CSS commands as part of the styles section of the setup function.
  • By using the SDK on function to subscribe to a defined set of events inside the hosted field iframes. These correspond to user actions while using these fields such as entering an invalid card number, selecting the field (focus), etc. You can then respond to these events in your payment form.

Including the SDK

There are two ways to include the SDK:

  • Include the latest official version - Paysafe strongly recommends this approach.
  • Include a specific version.

Include the Latest Official Version

To include the latest official version of the SDK, use the following:

	<script src="https://hosted.paysafe.com/js/v1/latest/paysafe.min.js"></script>

Paysafe recommends this approach as you will automatically receive all the latest updates and bugfixes.

Include a Specific Version

Each specific version of SDK is located at https://hosted.paysafe.com/js/version/paysafe.min.js. To include one of these, replace version with the version of the SDK you wish to use; for example:

	<script src="https://hosted.paysafe.com/js/<version>/paysafe.min.js"></script>

Paysafe maintains compatibility between minor versions. For example, version 1.X.Y is compatible with version 1.V.W, but version 2.A.B would not be compatible with any version 1 release.

Example Payment Form

The following code sample shows a simple Paysafe.js example that creates a payment form with three sensitive fields: Card number, Expiry date and CVV. The example contains a payment button that tokenizes the data entered by the user and displays the token (if successful) in the browser console.

<!-- Basic Paysafe.js example -->

    <!-- include the Paysafe.js SDK -->
    <script src = "https://hosted.paysafe.com/js/v1/latest/paysafe.min.js"></script>

    <!-- external style for the payment fields.internal style must be set using the SDK -->
      .inputField {
        border: 1px solid #E5E9EC;
        height: 40px;
        padding - left: 10px;


    <!-- Create divs for the payment fields -->
    <div id = "cardNumber" class="inputField" ></div>
    <div id = "expiryDate" class="inputField"></div>
    <div id = "cvv" class="inputField"></div>

    <!-- Add a payment button -->
    <button id = "payNow" type = "button"> Pay now </button>

    <script type = "text/javascript">

      // Base64-encoded version the Single-Use Token API key.
      // Create the key below by concatenating the API username and password
      // separated by a colon and Base 64 encoding the result
      var apiKey = "Your Base64-encoded Single-use-Token Api Key";

      var options = {

        // select the Paysafe test / sandbox environment
        environment: "TEST",

        // set the CSS selectors to identify the payment field divs above
        // set the placeholder text to display in these fields
        fields: {
          cardNumber: {
            selector: "#cardNumber",
            placeholder: "Card number"
          expiryDate: {
            selector: "#expiryDate",
            placeholder: "Expiry date"
          cvv: {
            selector: "#cvv",
            placeholder: "CVV"

      // initalize the hosted iframes using the SDK setup function
      paysafe.fields.setup(apiKey, options, function(instance, error) {

        // When the customer clicks Pay Now,
        // call the SDK tokenize function to create
        // a single-use payment token corresponding to the card details entered
        document.getElementById("payNow").addEventListener("click", function(event) {
          instance.tokenize(function(instance, error, result) {
            if (error) {
              // display the tokenization error in dialog window
            } else {
              // write the Payment token value to the browser console
        }, false);

You can try out the HTML code example above using the first Codepen below. Enter a test card value, a valid future expiry date, and random CVV and click Pay for a successful tokenization. Codepens 2 and 3 show additional Paysafe.js features such as styling and basic event handling.

  1. Simple example (the example above)


  2. Simple example with basic styling


  3. Simple example with basic styling and event handling


Paysafe.js errors are numbered in the range 9nnn. Errors in the range 7nnn are generated by the Customer Vault, and may be caused by using an invalid single-use token API key, or by using your server-to-server API key rather than the single-use token API key. Errors in the range 3xxx are caused by the Cards API.

Further Details

The SDK consists of the setup and a number of instance functions. Finally, there are a number of fields functions. Click on the links below to view detailed information about each function.

Function Purpose
Main Functions
setup Populates the specified containers (typically div containers) on your payment form with iframes for each of the sensitive fields. Sets the style and placeholder text (e.g., Card number) for these fields along with an optional card number separator. Provides access to the instance object used by the functions below in a callback once setup is complete.

Triggers the tokenization process that provides a single-use payment token for use with the Card Payments API.

instance.on Subscribe to events emitted by the instance.
instance.fields.<fieldname>.on Subscribe to events emitted by a particular field.
Additional Functions
instance.fields.<fieldname>.<event type> Shorthand event registration - a shorthand method of registering for events. This is an alternative to the on function.
instance.getCardBrand Retrieves the current card brand.
instance.cardBrandRecognition Subscribe to the cardBrandRecognition event.
instance.submit Subscribe to the submit event.
instance.fields.<fieldname>.isEmpty Checks if the named field is empty or not.
instance.fields.<fieldname>.isValid Checks if the named field is valid.
instance.areAllFieldsValid Checks if all fields are valid.


Version Description
1.1.0 Added support for processing payments for cards (Visa and Mastercard) enrolled in 3D Secure.
  • Dragging and dropping text into payment fields now triggers events.
  • Added support for mobile device browsers: Mozilla Firefox and Google Chrome.
1.2.0 Added support for assigning billing address and holder name to the issued token.
1.3.0 Added a correlationId in the error object returned from the Paysafe Checkout. The correlationId represents a unique ID which can be provided to the Paysafe Support team as a reference for investigation.
1.3.1 Fixed emitting focus and blur events in Safari under MacOS and iOS.
1.3.2 Added more strict validation for the merchant API key.
Did you find this page useful?