creditcards-199x300 Unfortunately, First Data’s Globa Gateway API doesn’t allow for recurring payments. You either have to use their hosted payment pages (not a viable option for most of my clients) OR you have to roll your own so to speak.

Using the TransArmor Token option, it is possible to write your own code for recurring payments. On the initial payment, First Data will store the customer’s credit card and payment information and send back a token. By saving the token to use again later, you can charge the same credit card again at a later date. Here’s how I’ve implemented recurring payments using the Global Gateway E4 API and the TransArmor token:

Step 1 – Set up TransArmor Token in Your First Data Account

You will need to call First Data Support and get them to set your TransArmor token. This is a token that is set on your account and allows the API to send you token information when you make a qualified API call.

Step 2 – The Initial First Data Global Gateway API Call for a Purchase

I called the First Data GGE4 API as usual for a one-time purchase. This will be the first monthly payment. The call was really no different from the other calls I make for one time purchases. To see how I did that, see this article.

Step 3 – Save the TransArmor Token Provided from the First Data GGE4 Transaction

Here is the code I used to get the TransArmor Token:

$data_string = json_decode($result);
if ($data_string) {
    $token = $data_string->transarmor_token;

I then saved the $token to the database along with the credit card type and the credit card expiration date which is needed for any later TransArmor Token calls.

Step 4 – Call the First Data API to Charge the Card again

You can set up a Cron job or use any other script to charge the card again. When it’s time for another charge, I pull the saved data from the database for the TransArmor Token, credit card expiry, and the credit card type. Then I just use the following code:

$url = '';
$data = array("gateway_id" => FD_ID, "password" => FD_PW, "transaction_type" => "00", "amount" =>     $_POST['chargetotal'], "cardholder_name" => $billing_name, "transarmor_token" => $token, "cc_expiry" => $expiration, "credit_card_type" => $card_type);

$data_string= json_encode($data);
$content_type = 'application/json; charset=UTF-8';
$hashtime = gmdate("c");
$content_digest = sha1($data_string);
$api_uri = '/transaction/v14';
$hashstr = "POST\n".$content_type."\n".$content_digest."\n".$hashtime."\n".$api_uri;
$authstr = base64_encode(hash_hmac("sha1",$hashstr,HMAC_KEY,TRUE));

$curl_headers = array('Content-Type:'.$content_type, 'Accept: application/json');
$curl_headers[] = 'Authorization: GGE4_API '.KEY_ID.':'.$authstr;
$curl_headers[] = 'X-GGe4-Date:'.$hashtime;
$curl_headers[] = 'X-GGe4-Content-SHA1:'.$content_digest;

// Initializing curl
$ch = curl_init( $url );
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_headers);

// Getting results
$result = curl_exec($ch);

// Getting jSON result string
$data_string = json_decode($result);
if ($data_string) {
    if ($data_string->bank_resp_code == '100') {
        echo 'Approved!';
        //print receipt
        echo str_replace("\n",'',$data_string->ctr);
    } else {
        // print error message
        echo $data_string->bank_message;
} else {
    echo 'There was an error';

That’s all there is to it! Charge as often as you need! Or until the credit card expires.

14 thoughts on “First Data Global Gateway API – Rolling Your Own Recurring Payments Using TransArmor Token PHP JSON REST Example”

  1. Hi,

    I have getting internal server error after using above code.
    can you help me to solve this error.

  2. I notice that you include the credit card expiration date along with the token. That means you must somehow store the expiration date along with the token, correct? I’m trying to use your code in a Magento environment, but the expiration date seems to not be stored along with the token. I’m wondering if this is a PCi compliance thing.

    1. It may be. I’m not a PCi Compliance expert, but somehow you have to get the expiration date to make the API call.

  3. oasisfleeting

    Cindy, You refer to an earlier article for the first transaction. This earlier article refers to v11 of the gateway and this current article refers to v14. I know that from v12 and further they implemented an hmac hash for security. Are you using a mixture of the two gateway versions or a consistent version?

    Dave, I see expiration month and expiration year both in the sale_payment_transaction table of magento, however they aren’t next to each other. If you do a sample transaction with CC saved form you should see them recorded.

    1. I don’t mix and match on the same site. I’ve implemented this on several sites and I usually use the latest version. The articles were published as I worked on each site, so they may have different versions. I didn’t update some articles in case someone was still using the older versions and needed the help. For new development, I try to always use the latest versions in case there are security patches included in those newer versions.

  4. Hello,

    Is TransArmor Token is always there in response code for any successfully transaction ? I am trying to get it from test credit cards but TransArmor Token will not coming in response code while transaction is successed. I am using this code and I need it to store in my database for recurring payment.

    1. You also have to set the Transarmor Token ID in your First Data Account where you set your API and HMAC keys. For test accounts you can set the token ID to any 4 digit number.

    1. Did you figure this out? Did you follow the steps from this blog post? Did you call First Data and get them to set your TransArmor token?

Leave a Comment

Your email address will not be published. Required fields are marked *