ACME makes it easy to accept payments from customers that you won't be storing their card on file for.  This is done by generating a single use token with their credit card information and then charging against that token when the customer has confirmed their purchase.

Because both of these calls require you to provide the PaymentKey they need to be made to ACME from your backend.  As the PaymentKey is secret and needs to be protected.

Generating the token

Generating a single use token is done by making an HTTP POST request to /v1/payment/[MerchantId]/tokens/singleuse passing your PaymentKey as a the x-acme-payment-key header.  The body of the request should be a Token Object and the response will be a Token Response Object (see Payments: Token page).  

Example request to get a single use token.

curl -X POST https://sand8-api.acmeticketing.net/v1/payment/[MerchantId]/tokens/singleuse -H 'Content-Type: application/json' -H 'x-acme-payment-key: [PaymentKey]' -d '
"paymentMethod" : "creditCard",
"card" : {
"expirationDate" : {
} }

Making the sale

After the customer has filled their cart and confirmed the order it’s time to make a second call to charge their credit card. This is done by providing the previously obtained token and the amount you want to charge as the body of an HTTP POST request to /v1/payment/[MerchantId]/sale providing your payment key as the 'x-acme-payment-key' header.

Please see Payment: Sale for more details about making a sale.

curl -X POST https://sand8-api.acmeticketing.net/v1/payment/[MerchantId]/sale -H 'Content-Type: application/json' -H 'x-acme-payment-key: [PaymentKey]' -d '{ 
  "token" : "[Previously Acquired Token]",
  "charge" : {
    "amount" : 10.0
} }'

You're done.  You've given sellers the ability to collect payment while keeping a small amount to cover your costs.