Skip to content

MoTo Usage

MOTO is an abbreviation for Mail or Telefon Order and is an exception in the credit card business in terms of 3DS and PSD2 compliance. In this case, no online verification or approval of the cardholder is required.

As a result, transactions made in this way are just as "unsafe" and can be contested by the cardholder if necessary.

The whole usage is pure server commmunications via HTTPS POST requests using a simple JSON payload.

Communcation flow

Services to be implemented

All requests in production require authentication! Please see authentication for details on this.

Mandatory

Optional

createToken requires a PCI-DSS compliant caller!
* not all payment providers allow this!

General information

Please refer to General Information

Webservices Reference

Please refer to Webservices

required services for MOTO usecases are shown in services to be implemented

Basic Examples

Sample javascript snippets these can run from the browsers console for demonstration purposes! Please note to keep the examples clean it uses a helper method postData which can be found here.

Feel free to copy and past it in your console!

CreateToken

let token = null
const url = "https://test-token-eu.sihot.com/0000/createToken"
let msg = {
  "cardText": "Carsten Wernet",
  "datetime": "2022-04-01 10:00",
  "hotelID": "1",
  "hotelIDType": "SIHOT.PMS",
  "resNo": "4711/1",
  "serviceProvider": "windcave",
  "user": "CWE",
  "cardNo": "4242424242424242",
  "cardType": "VISA",
  "cardTypeCode": "VI",
  "currency": "EUR",
  "cvc": "123",
  "transactionID": "12",
  "valid": "2023-03-30"
}

postData(url, msg).then( (e) => {
    token = e.tokenNo;
    console.log (e)
    })

Sample response

{
    "tokenNo": "0000040000289815",
    "tokenExpiry": "2023-03-31",
    "cardType": "4",
    "cardTypeCode": "visa",
    "cardNo": "424242......4242",
    "transactionID": "00000004000aaea1",
    "serviceProvider": "windcave",
    "returnCode": "0"
}

Payment

This example requires the createToken to be completed in the same session

let transactionID = null
const url = "https://test-token-eu.sihot.com/0000/pay"
let msg = {
  "cardText": "Carsten Wernet",
  "datetime": "2022-04-01 10:00",
  "hotelID": "1",
  "hotelIDType": "SIHOT.PMS",
  "resNo":  "4711/1",
  "serviceProvider": "windcave",
  "user": "CWE",
  "amount": "2000",
  "cardType": "VISA",
  "cardTypeCode": "VI",
  "currency": "EUR",
  "text": "Payment",
  "tokenExpiry": "2023-03-31",
  "tokenNo": token,
  "transactionID": "12"
}

postData(url, msg).then( (e) => {
    transactionID = e.transactionID;
    console.log (JSON.stringify(e));
    })

Sample response

{
    "cardType": "4",
    "cardNo": "424242......4242",
    "cardTypeCode": "visa",
    "serviceProvider": "windcave",
    "transactionID": "00000003004e22ac",
    "returnCode": "0"
}

Reversal

This example requires the payment to be completed in the same session

const url = "https://test-token-eu.sihot.com/0000/reversal"
let msg = {
    "user": "bo",
    "datetime": "2030-06-22 10:10",
    "currency": "EUR",
    "amount": "1000",
    "resNo": "4711/1",
    "transactionID": transactionID,
    "serviceProvider": "windcave",
    "hotelID": "1",
    "hotelIDType": "SIHOT.PMS"
}


postData(url, msg).then( (e) => {
    transactionID = e.transactionID;
    console.log (JSON.stringify(e));
    })

Sample response

{
    "cardType": "4",
    "serviceProvider": "windcave",
    "transactionID": "00000003004e22ae",
    "returnCode": "0"
}