Overview

nib travel insurance is PCI-DSS certified and supports been the merchant of record. nib Travel insurance also supports processing payments by the partner as part of integrated purchases - In this model nib Travel invoices the partner ('on account') For handling on-account purchases contact the nib Travel partnerships team.

nib has a tokenisation endpoint, to support scenarios such as fail over between multiple payment gateways used for redundancy and to support different tender types. This separation is to enforce strict security boundaries and avoid core APIs been involved in PCI scope.

On-account payments

To enable on-account payments the partner needs to be set up in the nib travel systems with on-account functionality enabled. This is ideally suited to bundled purchases embedded as part of a broader travel insurance booking flow.

When making the payment method the following request should be sent as part of the Purchase API. It is not necessary to send tokenised credit card information if the payment method been utilised is on-account.

Copy
Copied
 quote : {
   ...
 },
 paymentMethod : "CASH"

Credit card - Tokenisation request

To tokenise the request you need to send the card information to the Card tokenisation endpoint. This provides a one-time use token endpoint for any purchase transactions.

To support this you can pass in the following request to the card token API. This returns a token that can be used in the Quote API Booking request:

Copy
Copied
{
"source": "string",
"pan": "string",
"expiryMonth": 1,
"expiryYear": 2018,
"cardHolderName": "string"
}

WPAY - Supporting payments

This section documents use-cases about integration with WPAY as a payment gateway. This is applicable for Partners using WPAY as their payment gateway.

Prerequisites

The Partner will need to fetch the token / paymentid from WPAY and while calling the WPAY endpoint they need to make sure of these points :

  • Generate the buyer id to create as session for the user. This needs to be passed as a request to WPAY.
  • The "intent" payload need to be marked as authorize and not capture.
  • The amount property used in the payload in cents only, there should not be any decimals.

Making a API call

The partner will make a call to our Purchase API with following updates to the request payload:

Copy
Copied
"cardToken": 
{
"token": "ptt-wpay-67528656-f704-4d1b-982d-66516182f90f",
"source": "NIBAU",
"validation": {}
},

In the above example please note that,

  • The prefix applied is "ptt-wpay".
  • The token / payment id received by partner calling WPAY is "67528656-f704-4d1b-982d-66516182f90f".
  • The "source" parameter will be expecting "brandcode".
Copyright © nib Travel 2022. All right reserved.