Skip to main content
The fastest way to see a full Prava payment: hosted mode, where Prava serves the card-entry page and your side is three HTTP calls. Everything below is copy-pasteable; swap in your own sk_test_* key.

1. Create the session

Response:
The session expires at expires_at, 15 minutes after creation. Don’t create it until the cardholder is ready.

2. Send the cardholder to the hosted page

Redirect (or link) the cardholder to the iframe_url. On Prava’s hosted page they enter the card and approve with a passkey (Touch ID / Face ID); Prava then redirects them to your callback_url. No SDK, no frontend code, no card data anywhere near you.
Behind the scenes Prava runs authentication, mandate registration (recording the cardholder’s permission to pay), and tokenization (swapping the real card for one-time credentials): what Prava does for you.

3. Poll the payment result

While the cardholder is still on the hosted page you’ll see "status": "pending". Once they finish:
token + dynamic_cvv + expiry are the one-time card credentials. Use them at the merchant’s checkout like a normal card; they’re single-use, merchant-locked, and amount-scoped.

4. Report the outcome

After the checkout runs (note the txn_ref_id from step 3):
Report DECLINED if the checkout failed; either way, always report. Re-poll the payment result and the status is now "completed" (or "failed").

That’s the whole flow

Prefer embedded card entry?

The same flow with Prava’s card UI inside your own page.

Test cards & test OTP

What you need to run this walkthrough end to end.