My Profile_


The Moneris Hosted Tokenization (HT) was designed as a solution for online e-commerce merchants that do not wish to handle credit card numbers directly on their websites but want to have the ability to fully customize their checkout page appearance. When a HT transaction is initiated, the Moneris Gateway will present and display on the merchant’s behalf, a single text box on the checkout page. The cardholder can then securely enter their credit card information into the text box. Upon submission of the payment information on the check out page the Moneris Gateway will return a temporary token representing the credit card number to the merchant. This token would then be used in an API call to process a financial transaction directly with Moneris to charge the card. Upon receiving a response to the financial transaction, the merchant would then generate a receipt and allow the cardholder to continue on with the online shopping experience.

Hosted Tokenization Setup Steps

Hosted Tokenization – You will need to follow these steps.

  1. Login to your Moneris Gateway Merchant Resource Centre:
  2. Click on ‘Admin on the menu.
  3. Click on ‘Hosted Tokenization’ in the sub-menu.
  4. Enter the source domain page. This is the address of the main outer page that sends the transaction to Moneris.
  5. Click the button “Create Profile”
  6. Make a note of the Profile ID that gets generated since this will need to be included in your HTML iFrame code.
  7. Do the required development as outlined here
  8. Test your solution in the test environment
  9. Activate your production store
  10. Create and configure your product Hosted Tokenization store in the production Merchant Resource Centre
  11. Make the necessary changes to move your solution from the test environment into production

Getting a Temporary Token

To get a temporary token you will need to send a request to Moneris from within an IFrame. A sample code is illustrated below. Note that the Profile ID in the HTML link below will need to be replaced with your own Profile ID, which you can configure the MRC as described here.  Also, the src and postMessage URL will need to be updated to the appropriate QA or production URL listed in the table below.


Canada Code Sample

                <title> Outer Frame - Merchant Page</title>


                                function doMonerisSubmit()
                                                var monFrameRef = document.getElementById('monerisFrame').contentWindow;
//change link according to table above 
                                                return false;

                                var respMsg = function(e) 
                                                var respData = eval("(" + + ")");
                                                document.getElementById("monerisResponse").innerHTML = e.origin + " SENT " + " - " +
respData.responseCode + "-" + respData.dataKey + "-" + respData.errorMessage;
                                                document.getElementById("monerisFrame").style.display = 'none';

                                window.onload = function() 
                                                if (window.addEventListener) 
                                                                window.addEventListener ("message", respMsg, false);
                                                                if (window.attachEvent) 
                                                                window.attachEvent("onmessage", respMsg);

<div>This is the outer page</div>

<div id=monerisResponse></div>

<iframe id=monerisFrame src=;&css_textbox=border-width:2px;&css_textbox_pan=width:140px;&enable_exp=1&css_textbox_exp=width:40px;&enable_cvd=1&css_textbox_cvd=width:40px&enable_exp_formatting=1&enable_cc_formatting=1 frameborder='0' width="200px" height="200px"></iframe>


<input type=button onClick=doMonerisSubmit() value="submit iframe">



Mandatory Variables

Variable Name



Required - Provided by the Hosted Tokenization profile configuration tool in the MRC.


Required - CSS applied to the body.  By default margin and padding is set to 0.


Required - CSS applied to all text boxes in general.


Optional variables

Variable Name



Recommended - Forces form to only accept message of 'tokenize'.


Optional - CSS applied to the pan text box specifically.


Optional - Must be set to 1 for expiry date text box to be displayed (Format: MMYY)


Optional - CSS applied to the expiry date text box specifically.


Optional - Must be set to 1 for CVD text box to be displayed


Optional - CSS applied to the CVD text box specifically.


Optional – 0 for no labels, 1 for traditional labels, 2 for place holder labels.


Optional – CSS for input labels


Optional – CSS for card number label


Optional – CSS for expiry date label


Optional – CSS for CVD label


Optional – text for card number label (default is “Card Number”)


Optional – text for expiry date label (default is “Expiry Date”)


Optional – text for CVD label (default is “CVD”)


Optional - Formatting applied to expiry date field to display a slash between month and year (Format: MM/YY). Must be set to 1 to enable formatting.


Optional - Formatting applied to credit card number based on the card type (Format: Visa - 4242 4242 4242 4242, MC - 5454 5454 5454 5454, Amex - 333 666666 55555)


Response Fields

The response will be returned as JSON.  It will contain 4 arguments:


Indication whether the page-loading or card-submission was successful or why it failed.  Please note, if expiry text box or CVD text box are enabled, the returned responseCode value will be in the form of a list (e.g. [“944”,”943”]), since there may be more than one failure.  For example, in the case where both the card number entered and expiry date are invalid.  If only the card number text box is displayed, the responseCode will be returned in the form of a string.


Description of failure (This is a very generic description – see “responseCode Definitions” below for specific error code results).


BIN range of the submitted card number.  Provides merchant ability to determine the card type and perform any card-specific processing.


Tokenized card number.  This is what is used with the Vault API transaction

Response Code Definitions


Successful creation of temporary token


Invalid profile id (on tokenization request)


Error generating token


Invalid Profile ID, or source URL


Card data is invalid (not numeric, fails mod10, we will remove spaces)


Invalid expiration date (mmyy, must be current month or in the future)


Invalid CVD data (not 3-4 digits)


Forwarding a temporary token to your payment processing page

This section describes how to receive the response from the Hosted Tokenization page containing the temporary token. 

Canada Code Sample

var respMsg = function(e) 
                                    var respData = eval("(" + + ")");
                                    document.getElementById("monerisResponse").innerHTML = e.origin + " SENT " + " - " + respData.responseCode + "-" + respData.dataKey + "-" + respData.errorMessage;
                                    document.getElementById("monerisFrame").style.display = 'none';
// your token will be in the field: respData.dataKey
// from this point in the Javascript you can have more code that posts the token to another page that will actually process the payment.

Processing The Payment

To charge the card using the temporary token you will need to send the temporary token to a page on your site that implements the Moneris Vault API.

For more details on the Vault API please refer to VAULT API. The following are examples of transactions that can be performed with your token:

    • Purchase with Vault (API | Batch)
    • Pre-Authorization with Vault (API | Batch)
    • Card Verification with Vault (API)
    • Vault Add Token (API)