Card Forwarding
Card forwarding enables one-click purchase by reusing the customer's vaulted payment method from their primary transaction. The integration leverages the partner's PSP Forward API to securely transmit card details to Rokt's PCI-compliant endpoint, where the charge is processed with the Rokt Catalog brand as MoR.
Sequence overviewDirect link to Sequence overview
- Customer clicks "Buy Now" on the Rokt placement within the confirmation page.
- Rokt sends an API request to the partner's backend, signaling that the customer has initiated a purchase and their stored payment details are needed.
- The partner looks up the payment method using the
partnerpaymentreferenceattribute passed during SDK initialization. - The partner calls the PSP's Forward API to forward the customer's raw PAN, billing address, and (if available) CVV to Rokt's destination endpoint.
- Rokt's PCI-compliant endpoint receives the card details, creates a secure non-persistent token, and processes the charge with the brand as MoR.
- Rokt returns the result. The placement displays the confirmation state.
Payment sharing APIDirect link to Payment sharing API
Partners must build and expose a server-side API endpoint that Rokt can call to initiate the payment forwarding process.
Example requestDirect link to Example request
POST /v1/initiate-payment-sharing
Authorization: Bearer <OAUTH_TOKEN>
{
"customerIdentifiers": {
"email": "john.smith@example.com"
},
"partnerPaymentReference": "ORDER_67890",
"destination": "COM.ROKT.CATALOG"
}
Required fieldsDirect link to Required fields
| Field | Type | Description |
|---|---|---|
| partnerPaymentReference | String | The payment reference passed as an SDK attribute, used to look up the vaulted payment method. |
| destination | String | Type of request. Use "COM.ROKT.CATALOG" for Shoppable Ads. |
| customerIdentifiers | Object | Optional additional identifiers (e.g., customerId) for extra security validation. |
IMPORTANT: Restrict this API endpoint to Rokt's static IP addresses. Rokt will provide a list of IPs to be whitelisted. Use OAuth 2.0 with short-lived tokens for authentication.
Forward API setupDirect link to Forward API setup
Configure your PSP's Forward API to forward card data to Rokt:
- Destination configuration: Create a new Forward API destination (config) pointing to Rokt's PCI-compliant endpoint. In production, submit a JSON config file to your PSP for review and approval. Rokt will provide the destination URL and required headers.
- API permissions: Ensure your PSP account has Forward API access enabled. Production usage is subject to eligibility - contact your PSP Account Manager.
Response formatDirect link to Response format
The response from the partner API must include the full body returned by the PSP's Forward API:
{
"status": 200,
"headers": { "Content-Type": "application/json" },
"body": {
"body-from-psp": "..."
},
"request-time": 150
}