API ReferenceSign In

Creating Charges

Last updated 04/05/2021

This section assumes you've already implemented a solution for collecting and tokenizing your customers' cards. If you haven't, see Collecting Card Details before proceeding.

Xendit.js and your payment form alone do not create a charge. Combined, Xendit.js and the HTML form fulfill the first half of the payment process, but server-side code is also necessary to complete the workflow.

Once the token has been successfully created with either Xendit.js or mobile SDK, it must be submitted to your server where the card can be charged.

  • After tokenization, the payment form should have a hidden field with the token ID, at which point the form should be submitted using JavaScript (as a reminder, the form's submission was prevented earlier so the script could wait for Xendit to tokenize the card details).
  • All of the form's data will be sent as a POST request to the URL in the form's action. If you have other form elements, such as the user's email address, that will be submitted as usual.

After you've securely collected and tokenized your customer's card details using Xendit.js or mobile SDK, you can charge the card.

  • Unlike collection, which occurs in the browser, charge attempts are made from your server, normally using our client library.
  • On your server, grab the Xendit token in the POST parameters submitted by your form. From there, it's one simple API call to charge the card:
curl https://api.xendit.co/credit_card_charges -X POST \
  -u xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==: \
  -d external_id=your-external-id \
  -d token_id=your-token-id \
  -d amount=17000

    $options['secret_api_key'] = "xnd_development_O46JfOtygef9kMNsK+ZPGT+ZZ9b3ooF4w3Dn+R1k+2fT/7GlCAN3jg==";

    $xenditPHPClient = new XenditClientXenditPHPClient($options);

    $external_id = "your-external-id";
    $token_id = "your-token-id";
    $amount = 17000; // Amount must match what was passed to createToken in the browser

    $response = $xenditPHPClient->captureCreditCardPayment($external_id, $token_id, $amount);

Be sure to use your Secret API key instead of your Public API key here.

That's it! If the charge creation request succeeds, the card has been successfully charged.

For full API references you can check our API Reference .

Test Card Numbers

These test card numbers work only in development (test) mode.

  • If no expiry date is provided, you can use any date after today's date
  • If the CVN/CVV is required and not provided, you can use any 3-digit combination
Card BrandBankNumber
VisaBRI4000 0000 0000 0002
VisaBNI4365 0237 8115 5828
VisaBCA4472 4299 6831 3785
VisaXendit4111 1111 1111 1111
MasterCardBRI5104 5821 7994 9459
MasterCardBNI5426 4045 6410 9386
MasterCardBCA5413 2258 5638 7173
MasterCardXendit5200 0000 0000 0007
JCBBRI3565 1052 0569 5297
JCBBNI3565 2427 2869 5395
JCBBCA3562 8025 5872 3915
JCBXendit3569 9600 1008 3758

Testing - Simulating Failed Charges

In Development mode, you can use these magic amounts to simulate failure responses when you create a charge. Enter in one of the amounts listed here as the amount to be charged.

EXPIRED_CARDThe card you are trying to capture is expired.10051
CARD_DECLINEDThe card you are trying to capture has been declined by the issuing bank.10052
PROCESSOR_ERRORThe charge failed because there's an integration issue between the card processor and the bank.10053
INSUFFICIENT_BALANCEThe card you are trying to capture does not have enough balance to complete the capture.10054
STOLEN_CARDThe card you are trying to capture has been marked as stolen.10055
INACTIVE_CARDThe card you are trying to capture is inactive.10056
TEMPORARY_SYSTEM_ERRORThere is a temporary system error when the charge attempt happens.10057
CAPTURE_AMOUNT_LIMIT_ERRORThe amount capture is either below the minimum limit or above the maximum limit.10058

Next Steps


Still have more questions? We're always happy to help however we can. Shoot us an email or talk to us in live chat.