Last updated
These docs are intended for a developer audience.Dismiss

Payment form using a JWT

This guide describes how to:

  • Integrate a payment form into your website using the Rebilly Instruments JavaScript library
  • Configure the payment form to retrieve a customer JWT from a backend endpoint.
  • Use the JWT to process payments for both invoices and transactions.

Use payment forms to process payments from your customers. To interact with an example payment form, see the Preview tab in the Set up a payment form section.

To complete this tutorial, an active gateway is required. If you are testing in the sandbox environment, a test payment gateway called TestProcessor is already configured. For more information, see Set up a payment gateway.

Payment methods that are displayed in the payment form are based on the gateway configuration. For more information, see Set up a payment gateway.

Prerequisites

Complete this section to create resources and also to gather your website ID, organization ID, and secret API key. These resources and details are required to complete this guide using your Rebilly sandbox environment. If you have already created these resources, skip this step and continue to Set up a payment form.

Expand to complete

1) Obtain IDs and API keys

This process describes how to obtain your website ID, organization ID, and publishable API key from your Rebilly sandbox.

When you first log in to Rebilly, you create an organization as part of the setup process. A default website is created when a new organization is created. For more information, see Organizations and websites.

  1. Log in or sign up to Rebilly.

  2. Obtain your organization ID and website ID
    1. In the left navigation bar, press Settings .
    2. In the Management section, press My organization & websites.
    3. In the Organization details section, note the ID value.
    4. In the Website section, note the ID value.
  3. Obtain your publishable API key
    1. In the left navigation bar, press Automations .
    2. In the Development section, press API keys.
    3. Optionally, if you have not created a publishable key:
      1. In top right of the screen, press Create API key.
      2. In the API key type section, select Publishable.
      3. Optionally, in the Organizations dropdown, select the organizations that can use the API key.
      4. Optionally, in the Allowed IPs field, enter the IP addresses that are permitted to use the API key.
      5. Press Save API key.
      6. Go to the API keys page.
    4. Select a publishable key and copy the Key value.
  4. Obtain your secret API key
    1. In the left navigation bar, press Automations .
    2. In the Development section, press API keys.
    3. Optionally, if you have not created a secret key:
      1. In top right of the screen, press Create API key.
      2. In the API key type section, select Secret.
      3. Optionally, in the Organizations dropdown, select the organizations that can use the API key.
      4. Optionally, in the Allowed IPs field, enter the IP addresses that are permitted to use the API key.
      5. Press Save API key.
      6. Go to the API keys page.
    4. Select a secret key and copy the Key value.

2) Create a product

This API interaction creates a product in your Rebilly sandbox account. For more information, see Create a product.

To create a product you must have your Rebilly website ID, organization ID, and secret API key. For more information, see Obtain IDs and API keys.

How to use the interactive example
  1. Enter your organization ID:
    1. Beneath the Environment field, press {{server}}.
    2. Beneath the URL, press Show nested variables, then press Edit.
    3. In the Value field, enter your organization ID and press Save.
  2. Enter your secret API key:
    1. Press Security.
    2. In the API key field, press {{SecretApiKey}}, then press Set value.
    3. In the Value field, enter your secret Rebilly sandbox API key and press Save.
  3. Optionally, to change the product details, press Body.
  4. Press Send.
    The id value from this response is used as the productId value in the next step.
Loading...

3) Create a pricing plan

This API interaction creates a pricing plan for a product in your Rebilly sandbox account. For more information, see Create a plan.

To create a pricing plan, you must have a product ID. To create a product, see Create a product.

How to use the interactive example
  1. Enter your organization ID:
    1. Beneath the Environment field, press {{server}}.
    2. Beneath the URL, press Show nested variables, then press Edit.
    3. In the Value field, enter your organization ID and press Save.
  2. Enter your secret API key:
    1. Press Security.
    2. In the API key field, press {{SecretApiKey}}, then press Set value.
    3. In the Value field, enter your secret Rebilly sandbox API key and press Save. For more information, see Prerequisites.
  3. Enter the product ID from the Step 2 response.
    1. Press Body.
    2. In the productId field, enter the id value from the Step 2 response.
    3. Optionally, change the plan details.
  4. Press Send.
Loading...

4) Create a customer

This API interaction creates a customer in your Rebilly sandbox account. For more information, see Create a customer.

How to use the interactive example
  1. Enter your organization ID:
    1. Beneath the Environment field, press {{server}}.
    2. Beneath the URL, press Show nested variables, then press Edit.
    3. In the Value field, enter your organization ID and press Save.
  2. Enter your secret API key:
    1. Press Security.
    2. In the API key field, press {{SecretApiKey}}, then press Set value.
    3. In the Value field, enter your secret Rebilly sandbox API key and press Save. For more information, see Prerequisites.
  3. Enter a customer ID:
    1. In the URL field beneath the Environment field, press {{id}}.
    2. Press Set value.
    3. In the Value field, enter a customer ID.
      Example: cus_01HDP7FFX2PGDVH1995EA4QY95.
  4. Enter your website ID:
    1. Press Body.
    2. In the websiteId, enter your website ID.
    3. Optionally, change the customer details.
  5. Press Send.
    The id value from this response is used as the customerId value in Step 5.
Loading...

5) Create an order

This API interaction creates an order in your Rebilly sandbox account.

To create an order, you must have a customer ID and a plan ID. For more information, see Create a customer and Create a pricing plan.

How to use the interactive example
  1. Enter your organization ID:
    1. Beneath the Environment field, press {{server}}.
    2. Beneath the URL, press Show nested variables, then press Edit.
    3. In the Value field, enter your organization ID and press Save.
  2. Enter your secret API key:
    1. Press Security.
    2. In the API key field, press {{SecretApiKey}}, then press Set value.
    3. In the Value field, enter your secret Rebilly sandbox API key and press Save. For more information, see Prerequisites.
  3. Enter the customer ID, plan ID, and website ID:
    1. Press Headers, then in the Organization-Id field, enter your organization ID.
    2. Press Body.
    3. In the customerId field, enter the id value from the Step 4 response.
    4. In the id field, enter the id value from the Step 3 response.
    5. In the websiteId field, enter your website ID.
  4. Press Send.
Loading...

Set up a payment form

This section describes how to create a payment form, integrate it to your website, and how to process payments from an invoice and how to process a transaction.

1

Set up the server

Set up an Express node app to authenticate the client.

Install and initialize dependencies

Dependencies may change from implementation to implementation. This example is for an app that uses Node.js and Express.

server.js

Provide credentials

Provide your secret key, website ID, and organization ID. For more information, see Prerequisites.

server.js

Initialize Rebilly JS SDK

Set up the Rebilly JS SDK, and provide sandbox mode and API key.

server.js

Define route for GET requests

Define a route for handling HTTP GET requests to the /checkout endpoint. For more information, see Express example.

server.js

Define route for POST requests

Define route for handling HTTP POST requests to the /authenticate endpoint. This request is used to authenticate the customer. You can use any endpoint. In this example it is called authenticate.

server.js

Rebilly passwordless login

In the request body, provide a customerId. Then, provide that value along with mode: "passwordless" to rebilly.customerAuthentication.login.

server.js

Rebilly exchange token

Use the token provided by the passwordless login and exchange it for a JWT that will be used by Rebilly Instruments within the client.

server.js

ACL scope data

In the scope object, provide your organization ID.

For more information, see Prerequisites.

server.js

ACL permissions data

In the permissions array, provide operation IDs for all actions that will be used in the Rebilly Instruments client.

server.js

ACL customClaims data

In the customClaims object, provide your website ID. For more information, see Prerequisites.

You can also provide the invoiceId or transactionId in the customClaims object and omit them in the client when mounting Rebilly Instruments.

server.js

Set endpoint response

Respond with the JWT token that is provided by the token exchange.

server.js

Listen for requests

Start an Express server on port 8080, listen for host and port information from the server, and log a messages to the console.

server.js
2

Set up the client

This step describes how to set up the client using a using Content Delivery Network (CDN).

Install the library

Include the Rebilly Instruments library using a CDN:

https://cdn.rebilly.com/instruments/@latest/core.js
example.html

Specify mounting controls

The default mounting points are:

  • rebilly-instruments
  • rebilly-instruments-summary.

To provide custom mounting points, pass a valid CSS class or a HTML element to the RebillyInstrument.mount() function, as a parameter.

example.html
3

Configure the library

This step describes the basic setup for mounting.

Gather values

Gather the customerId from URLSearchParams of the page hosting, and provide this value to the server endpoint to exchange for it for a customer JWT.

For demonstration purposes, this example uses a hardcoded customerId value in client.js. In a production environment, you must obtain the customerId value from the URLSearchParams of the hosting page.

client.js

Mount

Initialize the library and configure the experience. This method returns a promise and accepts a single configuration object.

For more information, see RebillyInstruments.mount().

client.js

Provide payment data

Select one of the following:

  • Process from an invoice:
    Provide the invoiceId value of an invoice you want to process. To create an order, see step 5 of Prerequisites.
    invoiceId: 'an-invoice-id',
    jwt: 'token',
    

  • Process from a transaction:
    Provide the transactionId value of a transaction you want to process.
    transactionId: 'a-transaction-id',
    jwt: 'token',
    

Provide the apiMode value as sandbox or live based on your environment. Website and organization IDs are obtained from the JWT token. A JWT is required to process a purchase based on invoiceId or transactionId.

The following purchase data properties are available:items, money, invoiceId, transactionId. For more information, see Purchase data examples.

It is also possible to obtain the invoiceId value from the jwt value. For more information, see Purchase data examples.

client.js
4

Optional: Include listeners

Use the instrument-ready and purchase-completed to connect to the lifecycle of the library.

instrument-ready

Indicates when an instrument token is created, and provides access to the instrument response. RebillyInstruments.on('instrument-ready')

client.js

purchase-completed

Indicates when a purchase is completed, and provides access to the transaction response.

For more information, see RebillyInstruments.on('purchase-completed').

If you are using a local server, use this listener to view the transaction response in the browser console.

client.js

Basic set up complete

You now have a basic payment form integration.
To learn more, see:

Copy to clipboard
  • server.js
  • client.js
  • example.html
1const express = require('express');
2const bodyParser = require('body-parser');
3const RebillyAPI = require('rebilly-js-sdk').default;
4const app = express();
5const port = 3000;
6
7app.use(express.static('client'));
8app.use(express.json());
9app.use(bodyParser.json());
10app.use(bodyParser.urlencoded({ extended: true }));
11
12const REBILLY_API_SECRET_KEY = 'REBILLY_API_SECRET_KEY';
13const REBILLY_WEBSITE_ID = 'REBILLY_WEBSITE_ID';
14const REBILLY_ORGANIZATION_ID = 'REBILLY_ORGANIZATION_ID';
15
16const rebilly = RebillyAPI({
17 sandbox: true,
18 apiKey: REBILLY_API_SECRET_KEY,
19});
20
21app.get('/checkout', async (req, res) => {
22 res.redirect(301, '/checkout.html');
23});
24
25app.post('/authenticate', async function (req, res) {
26 const { customerId } = req.body;
27 const data = {
28 mode: 'passwordless',
29 customerId,
30 };
31 const { fields: login } = await rebilly.customerAuthentication.login({
32 data,
33 });
34 const { fields: exchangeToken } = await rebilly.customerAuthentication.exchangeToken({
35 token: login.token,
36 data: {
37 acl: [
38 {
39 scope: {
40 organizationId: [REBILLY_ORGANIZATION_ID],
41 },
42 permissions: ['PostToken', 'PostDigitalWalletValidation', 'StorefrontGetAccount', 'StorefrontPatchAccount', 'StorefrontPostPayment', 'StorefrontGetTransaction', 'StorefrontGetPaymentInstrumentCollection', 'StorefrontPostPaymentInstrument', 'StorefrontGetPaymentInstrument', 'StorefrontPatchPaymentInstrument', 'StorefrontPostPaymentInstrumentDeactivation', 'StorefrontGetWebsite', 'StorefrontGetInvoiceCollection', 'StorefrontGetInvoice', 'StorefrontGetProductCollection', 'StorefrontGetProduct', 'StorefrontPostReadyToPay', 'StorefrontPostPreviewPurchase'],
43 },
44 ],
45 customClaims: {
46 websiteId: REBILLY_WEBSITE_ID,
47 },
48 },
49 });
50 res.send({ token: exchangeToken.token });
51});
52
53app.listen(port, () => {
54 console.log(`Sandbox listening on port ${port}`);
55});