Storing cardholder information using E-xact’s hosted payment page (HCO) and API

Storing cardholder information using E-xact’s hosted payment page (HCO)

Once you have a payment page configured on your account (instructions found here: the next step is to use it to store credit card data; this data can be used to make subsequent tagged, or recurring transactions.

The two x_type transactions that can be used to create Recurring Seed transactions are AUTH_TOKEN or PURCHASE_TOKEN:


  • AUTH_TOKEN is a Pre-authorization transaction that returns a transaction tag which can be used by the API to perform additional transactions for that cardholder.
  • PURCHASE_TOKEN will capture funds and return a transaction tag which can be used by the API to perform additional transactions for that cardholder.


Here is an example of an AUTH_TOKEN transaction made using the Hosted Payment Page (HCO):

<form action="" method="post">

<input name="x_login" value="HCO-N/A-D-63000" type="hidden">

<input name="x_type" value="AUTH_TOKEN" type="hidden">

 <input name="x_amount" value="1.00" type="hidden">

 <input name="x_fp_sequence" value="12345" type="hidden">

 <input name="x_fp_timestamp" value="1517595403" type="hidden">

 <input name="x_fp_hash" value="20e25b88da63c10599395e4e2e6724a6" type="hidden">

 <input name="x_show_form" value="PAYMENT_FORM" type="hidden">

 <input value="Checkout" type="submit">


Note: This example shows the endpoint to E-xact’s demo environment. If you are making a transaction in the production environment you must use ‘’.


Once this transaction has been executed—if the transaction was approved—the response data will contain both an Authorization Number, and a Tag Number. These two values are required in
order to make the subsequent Tagged Transactions using the API. See the example of a raw transaction response, below. We have emboldened the Authorization Number (x_auth_code), and the Tag Number (x_trans_id):



Using the API and Transaction Tags to make Tagged Transactions


Once you have the Authorization and Tag Numbers (whether they were created from a previous API or HCO transaction) you are ready to make a Tagged Transaction.

There are three types of Tagged Transactions: Tagged Purchase (30), Tagged Pre-Authorization (31), and Tagged Completion (32). In the majority of situations, E-xact recommends the use of a Tagged Purchase (30) to make subsequent charges from a tokenized card. Here is an example of a Tagged Purchase using the API, using the Tag that we created from our original transaction: 

purchase = {

   transaction_type: '30',

   amount: '1.00',

   transaction_tag: '984166872',

   authorization_num: 'ET161625'


There you have it, from start to finish, a walkthrough of how to create a Recurring Seed transaction through the payment page and follow up with a Tagged Purchase transaction made through the API.

Note: you can create a Recurring Seed Transaction without the payment page. From the API, a Recurring Seed Pre-Authorization is Transaction Type ‘40’, and a Recurring Seed Purchase is Transaction Type ‘41’. The hosted payment page ensures that you, as the merchant, do not handle sensitive credit card data; if this is not a concern to your business then using the API to store the data is an alternative.

Further HCO and API information, including additional request and response fields, can be found at the following links:

HCO Integration Guide:

API Integration Guide:



Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk