sk_test_*
key.
1. Create the session
2. Send the cardholder to the hosted page
Redirect (or link) the cardholder to theiframe_url. On Prava’s hosted page they enter the card and
approve with a passkey (Touch ID / Face ID); Prava then redirects them to your callback_url. No SDK, no frontend
code, no card data anywhere near you.
Behind the scenes Prava runs authentication, mandate registration (recording the cardholder’s
permission to pay), and tokenization (swapping the real card for one-time credentials):
what Prava does for you.
3. Poll the payment result
"status": "pending". Once they finish:
token + dynamic_cvv + expiry are the one-time card credentials. Use them at the merchant’s
checkout like a normal card; they’re single-use, merchant-locked, and amount-scoped.
4. Report the outcome
After the checkout runs (note thetxn_ref_id from step 3):
DECLINED if the checkout failed; either way, always report. Re-poll the payment result and
the status is now "completed" (or "failed").
That’s the whole flow
Prefer embedded card entry?
The same flow with Prava’s card UI inside your own page.
Test cards & test OTP
What you need to run this walkthrough end to end.