API Reference
Start typing to search…

Collecting Cardholder Data Details

This endpoint allows PCI DSS–certified merchants to transmit raw cardholder data directly to the Carusell Payment Gateway for processing. It is designed for direct API integrations where sensitive payment information (such as card number, expiration date, and CVV) is collected on the merchant’s infrastructure and sent securely to Carusell. > ⚠️ This method requires full PCI DSS compliance. > If you are not certified, you must use the hosted /pay form instead. The request must include: - A data parameter: base64-encoded JSON with cardholder and transaction data. - A sign parameter: HMAC-SHA256 signature of the data, using your secret_key. A successful request will return a transaction reference and status, which can be used to track payment results.

💳 Collecting Cardholder Data Details

Endpoint:
POST https://secure.carusell.world/pay/direct

This endpoint is used for transmitting raw cardholder data securely from your system to the Carusell Payment Gateway.
It is typically used in direct integration flows, where you collect card data on your PCI DSS–certified infrastructure and send it server-to-server to Carusell for processing.

🔐

PCI DSS Certification Required
This method is only available to merchants and partners who are certified under the PCI DSS standard. Collecting, processing, or transmitting cardholder data without certification is strictly prohibited.

🕒 Recent Requests

Log in with your api_key to view your request and response history.

📥 Request Example

To submit a request, include the following in the body:

  • data: A base64-encoded JSON string that includes sensitive cardholder and transaction data.
  • sign: A HMAC-SHA256 signature generated from the data, using your secret_key.

🔐 Signature Formula

sign = HMAC_SHA256(base64(data), secret_key)
⚠️

Your secret_key must never be transmitted. It is used only to generate the sign.

🔧 Body Parameters

NameTypeRequiredDescription
datastringA base64-encoded JSON string containing cardholder and transaction details
signstringA HMAC signature created using the data string and your secret_key

✅ Response

Status Code: 200 OK

Example:

{
  "status": "processing",
  "reference_id": "card_txn_7890"
}

The response confirms that the card data was received and is being processed.
You can check the transaction status later using /get_orders_data or webhook callbacks.

sign = HMAC_SHA256(base64(data), secret_key)