m2pfintech
API LibraryAft Pull

Pull Funds from Card (AFT)

Debit funds from a customer's card (Account Funding Transaction). Visa Direct only.

⚠️ Important: The response from this API indicates only whether the request was accepted or a 3DS challenge is required. Do not rely on this response to determine final transaction status. Always call GET /Yappay/txn-manager/v2/fetch/{externalTransactionId} to confirm the final txnStatus (e.g., PAYMENT_SUCCESS, PAYMENT_FAILURE) after the 3DS flow completes.

3DS Authentication Modes

This endpoint supports two 3DS flows depending on who performs authentication:

Mode 1 — Platform-Managed 3DS (method: THREE_DS)

Submit the request with authentication.method: "THREE_DS" and omit cavv/eci. The platform initiates the 3DS challenge and returns an htmlContent field containing an HTML form that must be rendered in the customer's browser to complete authentication. Once the customer completes the challenge, resubmit the transaction with the CAVV/ECI received.

Mode 2 — Partner-Provided CAVV/ECI

Complete 3DS externally (via your own 3DS provider) and submit the resulting cavv and eci in the authentication block. Omit method or leave it empty.

Token Types (tokenType)

  • "01" — M2P-generated card token (PCI DSS tokenized by M2P)
  • "02" — Network-generated card token (e.g., MDES/VTS network token)
  • "03" — Clear card number (partner is PCI DSS compliant)

Use Cases

  • PPI/wallet loading
  • Prepaid card top-up
  • Account funding
POST
/direct/pull

Authorization

BasicAuth
AuthorizationBasic <token>

Partner credentials (username/password) provisioned during onboarding

In: header

Request Body

application/json

tokenType*string

Indicates what is passed in payer.cardNumber:

  • "01" — M2P-generated card token (PCI DSS tokenized by M2P)
  • "02" — Network-generated card token (e.g., MDES/VTS network token)
  • "03" — Clear card number (partner is PCI DSS certified)
Value in"01" | "02" | "03"
productId*string

Product identifier for tracking and pool balance management

business*string

Partner/business entity identifier provisioned during onboarding

networkType*string

Must be VISA — Mastercard does not support AFT pull

Value in"VISA"
payer*

Customer whose card is being debited

payee*

Partner or PPI account receiving the pulled funds

transaction*

Transaction details

authentication*

3DS authentication configuration. Populate this block based on your authentication mode:

Mode 1 — Platform-managed 3DS (method: THREE_DS): Set only method: "THREE_DS". The platform performs 3DS authentication and returns an htmlContent challenge page. Do not include cavv or eci.

Mode 2 — Partner-provided CAVV/ECI: Provide cavv and eci from your own 3DS flow. Optionally include threeDsToken.

Response Body

application/json

application/json

application/json

curl -X POST "https://secure.yappay.in/Yappay/direct/pull" \  -H "Content-Type: application/json" \  -d '{    "payer": {      "cardNumber": "4012001037141112",      "expiryDate": "2027-12",      "cvv": "840",      "name": "Sender 1",      "email": "sender@example.com",      "phone": "",      "address": {        "line1": "123 Main St",        "city": "Dubai",        "state": "DB",        "postalCode": "00000",        "countryCode": "784"      },      "browserInfo": {        "browserJavascriptEnabled": "",        "browserJavaEnabled": "",        "browserAcceptHeader": "",        "browserIP": "",        "browserLanguage": "",        "browserColorDepth": "",        "browserScreenHeight": "",        "browserScreenWidth": "",        "browserTZ": "",        "browserUserAgent": "",        "deviceFingerprint": ""      }    },    "payee": {      "cardNumber": "4761089730000001",      "name": "Recipient 1"    },    "transaction": {      "amount": 100.5,      "currency": "USD",      "externalTransactionId": "EXT-M2P-340",      "txnType": "AFT_PULL",      "redirectURL": "https://example.com/redirect",      "description": "",      "international": false    },    "authentication": {      "cavv": "000203016912340000000FA08400317500000000",      "threeDsToken": "12345678901234567890123456789012",      "eci": "5",      "method": "THREE_DS"    },    "business": "M2P",    "tokenType": "03",    "productId": "GENERAL",    "networkType": "VISA"  }'

{
  "result": {
    "txId": null,
    "retrivalReferenceNo": null,
    "authCode": null,
    "action": null,
    "responseCode": null,
    "externalTransactionId": "EXT-M2P-340",
    "corporateBalance": null,
    "threeDSRequired": true,
    "htmlContent": "<html><body><form id=redirectForm action=https://acs.example.com/challenge method=post><input type=hidden name=creq value=eyJtZXNzYWdlVHlwZSI6IkNSZXEifQ></form><script>document.getElementById('redirectForm').submit()</script></body></html>",
    "redirectUrl": null
  },
  "exception": null,
  "pagination": null
}

{
  "result": null,
  "error": {
    "errorCode": "VALIDATION_ERROR",
    "shortMessage": "Invalid request",
    "detailMessage": "recipientPan is required",
    "fieldErrors": [
      "recipientPan: must not be blank"
    ]
  }
}
{
  "result": null,
  "error": {
    "errorCode": "INTERNAL_ERROR",
    "shortMessage": "Internal server error",
    "detailMessage": "An unexpected error occurred. Please contact support."
  }
}

Sequence Flows

Step-by-step sequence diagrams for all major CardPay transaction flows

Reverse AFT Pull Transaction POST

Reverse a previously successful AFT pull transaction. **Requirements**: - Must be submitted within 24 hours of original transaction - Only for Visa Direct AFT transactions - Provide original RRN (Retrieval Reference Number)