Initiate 3D card tokenisation (web view / iframe)

GET

/senangpay/tokenization/{merchantId}

Initiates the card tokenisation flow by redirecting the card holder to senangPay's web view for 3D OTP verification. This endpoint is not a REST API — it must be loaded in a browser, web view, or iframe (not called server-to-server).
The card holder enters their card details and completes the OTP challenge. senangPay validates the card by making two RM1 transactions (both reversed). On success, a reusable payment token is returned to the merchant's configured Tokenisation Return URL and Tokenisation Callback URL.
Pre-requisite: Configure the Tokenisation Return URL and Callback URL in your senangPay Dashboard under Settings > Profile > Shopping Cart Integration Link before using this endpoint.
Hash generation (HMAC-SHA256): string_to_hash = merchant_id + order_id hash = HMAC-SHA256(string_to_hash, secret_key)

Request

Path Params

Query Params

Request Code Samples

Shell

JavaScript

Java

Swift

PHP

Python

HTTP

Objective-C

Ruby

OCaml

Dart

curl --location '/senangpay/tokenization/?order_id=undefined&name=undefined&email=undefined&phone=undefined&hash=undefined'

Responses

🟢200

text/html

Card validation web view rendered. The card holder completes the 3D OTP challenge in this page. After completion, senangPay redirects to the merchant's configured Tokenisation Return URL with the response parameters as query strings.

Modified at 2026-06-10 03:59:46

Charge a credit card using a saved payment token

Initiate Order