Add a Debit Card

Overview

You can provide the ability for workers to receive disbursements directly at a debit card, instead of the Branch Wallet, by embedding the Branch-customized TabaPay SSO Card Widget. This will let a worker securely input card details, returning a token to access the card without storing PII.

Implementation

  1. Ensure security when adding a debit card by having workers login using Multi-Factor Authentication
  2. Add HTML to contain the Card Widget iFrame:
<div><iframe id="card-widget"></iframe></div>
  1. Add JavaScript to load the Card Widget into the iFrame
    1. Production URL: https://direct-embed.branchapp.com/card-widget.html
    2. Sandbox URL: https://direct-embed-sandbox.branchapp.com/card-widget.html
// The URL below is for the Branch Sandbox, choose the production or sandbox URL accordingly  
var iFrameURL = "https://direct-embed-sandbox.branchapp.com/card-widget.html";  
document.getElementById("card-widget").src = iFrameURL;
  1. Create a JavaScript function to extract the Card Widget iFrame data upon completion
function extractCardWidgetData( event ) {  
  if ( event.data != "Close" ) {  
    if ( event.data.slice( 0, 7 ) == "Error: " ) {  
			// Error  
    } else {  
      var asData = event.data.split( "|" );  
      if ( asData.length == 9 ) {  
        // asData[ 0 ] contains the First Name  
        // asData[ 1 ] contains the Last Name  
        // asData[ 2 ] contains the Card BIN+Last4  
        // asData[ 3 ] contains the expiration in YYYYMM format  
        // asData[ 4 ] contains the token  
        // asData[ 5 ] contains the address  
        // asData[ 6 ] contains the city  
        // asData[ 7 ] contains the state 2 char ISO code  
        // asData[ 8 ] contains the zip code

        // Call Branch "Add External Card for Employee" endpoint using extracted data here  
      } else {  
        // Data Error  
      }  
    }  
  } else {  
    // Close or Cancel  
  }  
}
  1. Use JavaScript to bind the data extraction function to a listener on the Card Widget iFrame completion event
window.addEventListener( "message", extractCardWidgetData, false );
  1. Call the Branch Add External Card endpoint inside the listener function, supplied with the extracted worker details

Testing Cards

  • Enter sample card numbers from here to test the functionality of extractCardWidgetData
  • Card type must be debit for a successful response
  • Using a CVV of 999 will generate an invalid CVV response

Example Card Widget iFrame - Sandbox