Hello Clever’s Card API lets you accept credit and debit card payments, with full support for 3DS2 authentication, delayed capture, refunds, voids, and card tokenisation for repeat customers. You can integrate using the JavaScript SDK for a client-side drop-in UI, or via server-to-server (S2S) requests for full backend control.

Integration modes

SDK Integration

Client-side JavaScript SDK for web and mobile. Supports USD and AUD. Hello Clever renders the card input UI — no PCI scope on your frontend.

Server-to-Server (S2S)

Submit raw card data from your PCI DSS-compliant server directly to the Card API. AUD only. Full control over the authorisation and capture flow.

Authentication

The Card API uses app-id and secret-key as request headers — not a Bearer token.
Retrieve your app-id and secret-key from the Merchant Portal. See Integration Keys.

Payment lifecycle

1

Create a charge

Submit card details (S2S) or use the SDK to collect them. The API returns an authorisation result.
2

Handle 3DS if required

If the card requires 3DS authentication, the response includes a 3ds_url. Redirect your customer to this URL. After authentication, the customer returns to your return_url.
3

Capture the payment

If you set capture: false, explicitly call the capture endpoint when you’re ready to collect funds. If capture: true, the payment is captured automatically on authorisation.
4

Refund or void

Issue full or partial refunds after capture, or void a payment that hasn’t been captured yet.

Card token reuse

When a payment reaches authorised status, Hello Clever returns a token object (e.g. tok_dfe1988a1ffc...). Save this token to charge the same customer in future without re-entering card details. See Card Tokenisation.

Webhook notifications

Card payment status changes are delivered to your configured webhook endpoint. Subscribe to events like authorised, received, failed, and return_received. See Webhooks for the full event reference and payload schema.