2Checkout Documentation

Payment API

With 2Checkout’s Payment API, buyers can place sales directly on your website, with no redirection to our checkout. You can take credit card information with a simple HTML form, and use our 2co.js JavaScript library to convert the credit card information into a secure token. The token can then be safely passed to your server so that you can submit the transaction using our API.

Important: To ensure that no sensitive data touches your server, your input elements for the credit card, expiration date and CVV must NOT contain name attributes.

Create a Token

You can use our JavaScript library to pass the buyer’s credit card information to us in the browser and generate a secure token so that no sensitive card information touches your server. You will just need to provide a payment form for the buyer to enter their card information.

var args = {
    sellerId: "1817037",
    publishableKey: "E0F6517A-CFCF-11E3-8295-A7DD28100996",
    ccNo: $("#ccNo").val(),
    cvv: $("#cvv").val(),
    expMonth: $("#expMonth").val(),
    expYear: $("#expYear").val()

TCO.loadPubKey('production', function() {
    TCO.requestToken(successCallback, errorCallback, args);

You will then be able to use the token to create a sale, and charge your buyer. This token is only good for one sale, and expires if not used within 30 minutes. For further information on creating a token, please review our Create Token documentation.

Create the Sale

Once the token has been created, you can use it to charge the customer through our server-side authorization API call.

// Twocheckout::sandbox(true);  #Uncomment to use Sandbox

try {
    $charge = Twocheckout_Charge::auth(array(
        "merchantOrderId" => "123",
        "token" => 'Y2U2OTdlZjMtOGQzMi00MDdkLWJjNGQtMGJhN2IyOTdlN2Ni',
        "currency" => 'USD',
        "total" => '10.00',
        "billingAddr" => array(
            "name" => 'Testing Tester',
            "addrLine1" => '123 Test St',
            "city" => 'Columbus',
            "state" => 'OH',
            "zipCode" => '43123',
            "country" => 'USA',
            "email" => '',
            "phoneNumber" => '555-555-5555'
        "shippingAddr" => array(
            "name" => 'Testing Tester',
            "addrLine1" => '123 Test St',
            "city" => 'Columbus',
            "state" => 'OH',
            "zipCode" => '43123',
            "country" => 'USA',
            "email" => '',
            "phoneNumber" => '555-555-5555'
    ), 'array');
    if ($charge['response']['responseCode'] == 'APPROVED') {
        echo "Thanks for your Order!";
} catch (Twocheckout_Error $e) {
Twocheckout::API.credentials = {
    :seller_id => '1817037',
    :private_key => '8CE03B2D-FE41-4C53-9156-52A8ED5A0FA3',
#   :sandbox => 1   #Uncomment to use Sandbox

params = {
    :merchantOrderId     => '123',
    :token          => 'ZmYyMzMyZGMtZTY2NS00NDAxLTlhYTQtMTgwZWIyZTgwMzQx',
    :currency       => 'USD',
    :total          => '1.00',
    :billingAddr    => {
        :name => 'Testing Tester',
        :addrLine1 => '123 Test St',
        :city => 'Columbus',
        :state => 'OH',
        :zipCode => '43123',
        :country => 'USA',
        :email => '',
        :phoneNumber => '555-555-5555'

  result = Twocheckout::Checkout.authorize(params)
rescue Twocheckout::TwocheckoutError => e
  puts e.message
var tco = new Twocheckout({
    sellerId: "901248156",
    privateKey: "3508079E-5383-44D4-BF69-DC619C0D9811",
//  sandbox: true   #Uncomment to use Sandbox

var params = {
    "merchantOrderId": "123",
    "token": "MWQyYTI0ZmUtNjhiOS00NTIxLTgwY2MtODc3MWRlNmZjY2Jh",
    "currency": "USD",
    "total": "10.00",
    "billingAddr": {
        "name": "Testing Tester",
        "addrLine1": "123 Test St",
        "city": "Columbus",
        "state": "Ohio",
        "zipCode": "43123",
        "country": "USA",
        "email": "",
        "phoneNumber": "5555555555"

tco.checkout.authorize(params, function (error, data) {
    if (error) {
    } else {
    'private_key': '8CE03B2D-FE41-4C53-9156-52A8ED5A0FA3',
    'seller_id': '1817037',
#   'mode': 'sandbox'  #Uncomment to use Sandbox

params = {
    'merchantOrderId': '123',
    'token': 'ODAxZjUzMDEtOWU0MC00NzA3LWFmMDctYmY1NTQ3MDhmZDFh',
    'currency': 'USD',
    'total': '1.00',
    'billingAddr': {
        'name': 'Testing Tester',
        'addrLine1': '123 Test St',
        'city': 'Columbus',
        'state': 'OH',
        'zipCode': '43123',
        'country': 'USA',
        'email': '',
        'phoneNumber': '555-555-5555'

    result = twocheckout.Charge.authorize(params)
    print result.responseCode
except TwocheckoutError as error:
    print error.msg
TwoCheckoutConfig.SellerID = "901248156";
TwoCheckoutConfig.PrivateKey = "8CE03B2D-FE41-4C53-9156-52A8ED5A0FA3";
// TwoCheckoutConfig.Sandbox = true;    #Uncomment to use Sandbox

    var Billing = new AuthBillingAddress();
    Billing.addrLine1 = "123 test st"; = "Columbus";
    Billing.zipCode = "43123";
    Billing.state = "OH"; = "USA"; = "Testing Tester"; = "";
    Billing.phoneNumber = "5555555555";

    var Customer = new ChargeAuthorizeServiceOptions(); = (decimal)1.00;
    Customer.currency = "USD";
    Customer.merchantOrderId = "123";
    Customer.billingAddr = Billing;
    Customer.token = "MzIwNzI3ZWQtMjdiNy00NTVhLWFhZTEtZGUyZGQ3MTk1ZDMw";

    var Charge = new ChargeService();
    var result = Charge.Authorize(Customer);
catch (TwoCheckoutException e)
Twocheckout.privatekey = "3508079E-5383-44D4-BF69-DC619C0D9811";
// Twocheckout.mode = "sandbox";    #Uncomment to use Sandbox

try {
    HashMap billing = new HashMap();
    billing.put("name", "Testing Tester");
    billing.put("addrLine1", "xvxcvxcvxcvcx");
    billing.put("city", "Columbus");
    billing.put("state", "Ohio");
    billing.put("country", "USA");
    billing.put("zipCode", "43230");
    billing.put("email", "");
    billing.put("phoneNumber", "555-555-5555");

    HashMap request = new HashMap();
    request.put("sellerId", "1817037");
    request.put("merchantOrderId", "test123");
    request.put("token", "MGI4OTU0OTQtMDIxNi00YThlLTliOTctZjg1YmJiMzg0MjA3");
    request.put("currency", "USD");
    request.put("total", "1.00");
    request.put("billingAddr", billing);

    Authorization response = TwocheckoutCharge.authorize(request);
    String message = response.getResponseMsg();
} catch (Exception e) {
    String message = e.toString();
curl -X POST \
    -d '{"sellerId": "901248156", "privateKey": "8CE03B2D-FE41-4C53-9156-52A8ED5A0FA3", "merchantOrderId": "123", "token": "ODAxZjUzMDEtOWU0MC00NzA3LWFmMDctYmY1NTQ3MDhmZDFh", "currency": "USD", "lineItems": [{"name": "Demo Item", "price": "4.99", "type": "product", "quantity": "1", "recurrence": "4 Year", "startupFee": "9.99"}  ], "billingAddr": {"name": "testing tester", "addrLine1": "123 test blvd", "city": "columbus", "state": "Ohio", "zipCode": "43123", "country": "USA", "email": "", "phoneNumber": "123456789"} }' \
    -H 'Accept: application/json' -H 'Content-Type: application/json'

Each of our community supported libraries provides a method to perform an authorization and create a new sale.

Get PCI Compliant

Important Note: The page containing your credit card form must be served over HTTPS. Although we encrypt the card data in the browser before sending a token request, you must also utilize SSL to protected yourself from man-in-the-middle attacks. Serving your checkout page over HTTPS will also instill confidence in the buyer and help to increase your conversion rate.

To gain PCI compliance, click on the API tab in your account to register with our PCI partner Trustwave.

Once you have agreed to the legal terms under the API tab, your account information will be sent to Trustwave for pre-registration and you will receive an email from Trustwave to begin your PCI compliance check. The processing of your information by Trustwave can take up to 12 hours. When we have confirmed your successful registration, you will be able to access your API key generator and start making live Payment API sales.

You can try out our Payment API and test your integration by setting up a sandbox account.