Skip to main content

Acceptance tokens

For Wompi, privacy and the correct usage of the user's personal data are paramount. Therefore, according to Colombian regulation and Habeas data law you will have to send an Acceptance Token in the body of all requests when the user's personal data is present. This is the case, for instance, where a transaction is being created (POST /transactions) or a payment source (POST /payment_sources). This token indicates that the user was presented with the latest version of a contract (PDF document) explaining how Wompi is going to handle the user's data. They must explicitly accept that he or she has read this contract in the user interface of your website, through a checkbox for instance, and send the token subsequently.

The steps to follow in this process are:

  • Step 1: Acquire a presigned acceptance token
  • Step 2: Show a link displaying said contract to the user
  • Step 3: Make sure the user has read and accepted said contract
  • Step 4: Send token

Each step of the process is explained in detail below, which applies both to the creation of Transactions and Payment Sources.

Step 1: Acquire a presigned acceptance token

To get a presigned acceptance token you must make a request to the following endpoint using your public key GET /merchants/:merchant_public_key. This endpoint will show the data related to your business including the acceptance token as follows:

{
"data": {
// Other business fields
"presigned_acceptance": {
"acceptance_token": "eyJhbGciOiJIUzI1NiJ9.eyJjb250cmFjdF9pZCI6MSwicGVybWFsaW5rIjoiaHR0cHM6Ly93b21waS5jby93cC1jb250ZW50L3VwbG9hZHMvMjAxOS8wOS9URVJNSU5PUy1ZLUNPTkRJQ0lPTkVTLURFLVVTTy1VU1VBUklPUy1XT01QSS5wZGYiLCJmaWxlX2hhc2giOiIzZGNkMGM5OGU3NGFhYjk3OTdjZmY3ODExNzMxZjc3YiIsImppdCI6IjE1ODEwOTIzNjItMzk1NDkiLCJleHAiOjE1ODEwOTU5NjJ9.JwGfnfXsP9fbyOiQXFtQ_7T4r-tjvQrkFx0NyfIED5s",
"permalink": "https://wompi.co/wp-content/uploads/2019/09/TERMINOS-Y-CONDICIONES-DE-USO-USUARIOS-WOMPI.pdf",
"type": "END_USER_POLICY"
}
}
}

In the aforementioned endpoint you will have access to a field with a link to a PDF file showing the contract that your users must read and agree to in order to proceed with their payments. This field is called permalink.

contract example

Step 3: Make sure the user has read and accepted said contract

In this step, you must make sure that the user has explicitly read and agreed to the contract. To achieve this, it's a good idea to place a checkbox field. Once this field is checked it is assumed that the user has read and agreed to the proposed contract.

contract acceptance example

Step 4: Send token

Once the user accepts the contract, you must add the Acceptance Token to the request body in a field called acceptance_token.

For example, when creating a transaction in POST /transactions:

{
"acceptance_token": "eyJhbGciOiJIUzI1NiJ9.eyJjb250cmFjdF9pZCI6MSwicGVybWFsaW5rIjoiaHR0cHM6Ly93b21waS5jby93cC1jb250ZW50L3VwbG9hZHMvMjAxOS8wOS9URVJNSU5PUy1ZLUNPTkRJQ0lPTkVTLURFLVVTTy1VU1VBUklPUy1XT01QSS5wZGYiLCJmaWxlX2hhc2giOiIzZGNkMGM5OGU3NGFhYjk3OTdjZmY3ODExNzMxZjc3YiIsImppdCI6IjE1ODEwOTIzNjItMzk1NDkiLCJleHAiOjE1ODEwOTU5NjJ9.JwGfnfXsP9fbyOiQXFtQ_7T4r-tjvQrkFx0NyfIED5s",
"amount_in_cents": 2500000,
"currency": "COP",
"signature": "37c8407747e595535433ef8f6a811d853cd943046624a0ec04662b17bbf33bf5",
"customer_email": "pepito_perez@email.com",
"reference": "2322er3234ed4",
"payment_method":
{
"type": "NEQUI",
"phone_number": "3107654321"
}
}

NOTE: If you have doubts about how to generate the integrity signature value you can review the following documentation: Generate an integrity signature.

For example, when creating a payment source in POST /payment_sources:

{
"acceptance_token": "eyJhbGciOiJIUzI1NiJ9.eyJjb250cmFjdF9pZCI6MSwicGVybWFsaW5rIjoiaHR0cHM6Ly93b21waS5jby93cC1jb250ZW50L3VwbG9hZHMvMjAxOS8wOS9URVJNSU5PUy1ZLUNPTkRJQ0lPTkVTLURFLVVTTy1VU1VBUklPUy1XT01QSS5wZGYiLCJmaWxlX2hhc2giOiIzZGNkMGM5OGU3NGFhYjk3OTdjZmY3ODExNzMxZjc3YiIsImppdCI6IjE1ODEwOTIzNjItMzk1NDkiLCJleHAiOjE1ODEwOTU5NjJ9.JwGfnfXsP9fbyOiQXFtQ_7T4r-tjvQrkFx0NyfIED5s",
"customer_email": "john_smith@example.com",
"type": "NEQUI",
"token": "nequi_prod_RQkUiuv3lEnDLiSao2Cz0iQLdFlyQOI5"
}