API Flows

Definition & Flow Dependency

Ayoconnect’s Card Acceptance Solution offers API flows that securely manage card registration, payment processing, and the card’s lifecycle.

Each flow plays a specific role:

Card Registration – Creates a secure token that represents the customer’s card. This token must be used consistently in all subsequent payment-related flows.
Card Payment relies on:
1. the card token (from Card Registration), or
2. encrypted PAN data (PCI DSS merchants only).
Get Payment Status, Get Cards List, and Card Unbinding - These APIs act as supporting flows and do not affect the core payment lifecycle. They help retrieve information or update card usability.

Within Card Payment, there are two processing sub-flows i.e. Direct Deduct and Auth-Capture:

Direct Payment - Finalizes the payment immediately after authentication.
Auth-Capture - Splits the process into two stages:
(1) authorization (fund hold); and
(2) capture (fund settlement).
If a Capture request is not performed within the allowed time window, the authorization will eventually expire.

Flows

There are 2 main flows and 5 supplemental flows in Ayoconnect’s Card Acceptance Solution.

Main Flows

No	Flow	Details
1	Card Registration	Registers the customer’s card and converts it into a secure token. Notes: (1) Non-PCI DSS merchants must use Ayoconnect’s Webview. (2) After authentication (OTP/PIN/3DS) and card verification, the card becomes tokenized and ready for payment.
2	Card Payment	Executes payments using the card token (or encrypted PAN for PCI-DSS merchants). Two payment models are supported: (1) Direct Deduct - Payment is completed immediately after issuer authentication. (2) Auth-Capture - Authorization holds the funds first; the merchant must send a Capture request to finalize the payment.

Flow

Details

Card Registration

Registers the customer’s card and converts it into a secure token.

Notes:
(1) Non-PCI DSS merchants must use Ayoconnect’s Webview.
(2) After authentication (OTP/PIN/3DS) and card verification, the card becomes tokenized and ready for payment.

Card Payment

Executes payments using the card token (or encrypted PAN for PCI-DSS merchants).

Two payment models are supported:
(1) Direct Deduct - Payment is completed immediately after issuer authentication.
(2) Auth-Capture - Authorization holds the funds first; the merchant must send a Capture request to finalize the payment.

Supporting Flows

No	Flow	Details
1	Get Payment Status	Retrieves the latest status of a previously initiated card payment. Useful for asynchronous polling or reconciliation when callbacks are delayed.
2	Get Cards List	Returns all card tokens registered under a specific customer. Supports “saved cards” functionality and card selection UX flows.
3	Card Unbinding	Disables an existing card token. Once unbound, the token can no longer be used for payments unless re-registered.
4	Void	Cancels a previously successful authorized payment before Capture. Only applicable for the Auth–Capture flow.
5	Refund	Returns funds for a completed card payment transaction (either Direct Deduct or Auth–Capture). Only full refunds are supported.

API Flows

Definition & Flow Dependency

Flows

Main Flows

Supporting Flows

Card Registration Flow

Card Payment Flow

1. Direct Payment

2. Authorize/Capture Payment