Low-Level Payments (core-js + REST)
Which Approach Should I Use?
When to Use This
When NOT to Use This
The Flow
Every payment follows 4 steps:Prerequisites
- A TagadaPay account with an API key (Bearer token)
- A store with at least one payment flow configured (connects to your PSP: Stripe, NMI, Airwallex, etc.)
- Install the tokenization SDK:
The tokenization SDK runs client-side (browser). Steps 2–4 happen server-side with your API key. Never expose your API key in the browser.
Step 1: Tokenize the Card (Client-Side)
The card number never touches your server. It goes directly to a PCI-compliant secure vault (BasisTheory) and returns a token.- React
- Vanilla JavaScript
- Apple Pay / Google Pay
Step 2: Create a Payment Instrument (Server-Side)
Send thetagadaToken from your client to your server, then call TagadaPay to create a reusable payment instrument:
paymentInstrument.id — you’ll use it for every charge on this card. The instrument is reusable for future payments (subscriptions, repeat purchases).
Step 3: 3DS Authentication (If Required)
3DS (3D Secure) is required by many card issuers, especially in Europe (SCA regulation). The tokenization step tells you if it’s needed viarawToken.metadata.auth.scaRequired.
3DS has two parts: creating a session (server + client) and handling the challenge (client).
3a. Create a 3DS Session
Client-side: Create a local session with the 3DS provider SDK:3b. Handle the Challenge (After Payment — See Step 4)
If the issuer requires a challenge (password, SMS, biometric), it comes back in the payment response. You handle it client-side — see Step 4b below.Step 4: Process the Payment (Server-Side)
4a. Send the charge request
If payment succeeds immediately:
4b. Handle the 3DS Challenge (Client-Side)
When the payment response hasrequireAction: "threeds_auth", show the challenge to the customer:
4c. Poll for Final Status
After 3DS completes, the PSP processes the payment asynchronously. Poll until you get a terminal status:succeeded, failed, declined.
CIT vs MIT (Customer vs Merchant Initiated)
CIT Example (Customer Paying Now)
MIT Example (Subscription Renewal)
MIT Example (Auth + Capture)
Void and Refund
Void (Cancel an Authorization)
Refund (Full or Partial)
amount for a full refund.
What TagadaPay Does Under the Hood
When you call/payments/process, TagadaPay:
- Routes to the right PSP — based on your payment flow rules (card brand, currency, amount, BIN range, etc.)
- Attaches 3DS data — if a
threedsSessionIdis provided, the authentication result is forwarded to the PSP - Handles retries — if the primary PSP declines, the payment flow can cascade to a backup PSP
- Normalizes the response — regardless of which PSP handled it, you get the same response format
- Records the transaction — for analytics, dispute management, and reconciliation
API Reference
Working Examples
Complete working examples with React, TypeScript, and Tailwind CSS are available on GitHub:Card Tokenization + Payment
Full 4-step payment flow with 3DS
Apple Pay & Google Pay
Wallet tokenization integration
4242 4242 4242 4242 (any future expiry, any CVC)
SDK Reference
@tagadapay/core-js Package
Key Types
npm Package
@tagadapay/core-js on npm
API Reference
Full REST API documentation
