The PayTabs SDK makes the integration with the PayTabs payment gateway very easy by providing a ready-made payment screen that handles the card entry, billing & shipping information, and completes the missing details.


Currently, the PayTabs Mobile SDK saved card method "startPaymentWithSavedCards" which handles and manages customer's saved cards for the SDK side, is deprecated for security concerns to prevent storing the tokens on the client side (app or customer device) and will be removed from all PayTabs Mobile SDKs in November 2024.


If you are using the Mobile SDK save card method "startPaymentWithSavedCards", you can use the same feature through your backend by storing the card's tokens on your server instead to prevent any security breach. 

In this article, we will walk you through a workaround on how this could be done by following the below steps: 


  1. First of all, you need to configure an IPN on your PayTabs profile to receive the post payment notification, which is a transaction's full details after it is successfully completed. For more details on how to configure this, please check out our solution article, How to configure Instant Payment notification (IPN)?.

  2. Then, you will give your customers the option to save their bank card according to your business needs. This is mostly done through the "save_card" option, which's name could vary from SDK to another.

    For more details about how to tokenize/recurring via PayTabs Mobile SDKs, please check the following: Android, iOS, Flutter, React Native, Cordova, Ionic, and Xamarin

  3. If the customer accepts this willingly, then you can tokenize/save the customer's bank card details, through any of the following scenarios:

    For more details about how to tokenize/recurring via PayTabs Mobile SDKs, please check the following: Android, iOS, Flutter, React Native, Cordova, Ionic, and Xamarin
    • While the customer is making any payment, you can show the option to save the card used within the payment.

    • A standalone option for customers to save their bank card details. In this scenario, you will ask the merchant to make one authorized transaction with a minimum amount, like 1 USD (or any currency), and then after performing an authorized transaction, you can refund/void the transaction amount to the customer if you wish.


  4. After a successful authorized transaction, you will receive the transaction details through the IPN endpoint you have configured in the first step. In which you will find the token, as well as the transition masked card number, schema, and expiry date to be saved on your server side against this customer identifier. Below where you can find the needed data:



    API Response (IPN)
    SDK Response
    TokenThrough the token parameter:

    "token": "2C4654BE67A3E530C6BF90FF65877DBB",
    Through the PaymentSdkTransactionDetails.token:

    "JfN1DVwqMqrr716fkP11EVj2iYOBSE9b"
    Token Type: AlphaNum32Format
    Masked Card NumberThrough the payment_description parameter within the payment_info object:

    "payment_description": "4000 00## #### 0002",

      },


    Through the paymentDescription parameter within the PaymentSdkTransactionDetails.paymentInfo? object:

    "4111 11## #### 1111"
    Card SchemaThrough the card_scheme parameter within the payment_info object:

     "payment_info":
       "card_scheme": "Visa",

      },

    Through the cardScheme parameter within the PaymentSdkTransactionDetails.paymentInfo? object:

    "Visa"
    Card Expiry DateThrough the expiryMonth and  expiryYear parameters within the payment_info object:

      "payment_info": {

        "expiryMonth": 12,

        "expiryYear": 2024

      },

    Through the expiryMonth and expiryYear parameters within the PaymentSdkTransactionDetails.paymentInfo? object.


    For more details about the API response, please check the solution article Sample IPNs Response Payload, and for the PayTabs Mobile SDK handling response AndroidiOSFlutterReact Native, CordovaIonic, and Xamarin



  5. Once your customer comes back to pay again, through his identifier,, you can show him the stored/saved cards on your backend to empower him to choose one. All the data will be displayed in this list already retrieved in the step before this:


  6. If the customer chooses to use the saved card, you will request that your server make the direct recurring transaction using the saved token. For more details, please check our solution article 3.3.4 Hosted Payment Page APIs | Token Based Transactions | Recurring Payments, or you may do a recurring payment via the SDK.

    However, we highly recommend performing the transaction itself on your server side, and never pass the token to your mobile application for more security.

    We highly recommend that you save the transaction details on your server and securely fetch this data if needed.