Newman's Personal Motorcade


    3.0.1 • Public • Published

    Mastercard Hosted Session Facade

    You're probably here because you went to implement the Mastercard (TNS) session.js API in your app and encountered of their API. "Why," you ask, "would they think a callback registered on a config object being called by a completely unrelated global method is a good idea? Surely there's a better way?"

    Perhaps you wish that you could ask for a card session, and get a Promise back that might resolve to a valid session, or reject on an invalid session.

    Ssh. It's ok. Just use this facade. Don't fret. Don't look into the lib folder, because this is an ugly, ugly hack. But it works reliably. And you can keep writing your modern javascript code without twisting your brain around a tortured API.

    Supported Environments and Dependencies

    Mastercard's session.js is a browser API that works via injected iframes. So this facade will also only work in a browser. It's also a javascript module, so you will need a module builder. I've tested this with webpack, but since the distribution is transpiled you should be able to use it with your packer of choice.

    No matter what module environment you choose, your destination will need to support ES6 Promises, since this facade relies on them heavily. Many browsers already natively support Promises, but if a target browser you support does not you'll need to include a polyfill.


    Unfortunately, Mastercard's session.js does not return Access-Control-Allow-Origin headers when you request the script for your merchant ID. This means this library is unable to dynamically append the Mastercard script for you, for reasons of CORS restrictions.

    You must append a script tag containing your own Mastercard session.js script, e.g.

    <script src="<MERCHANT_ID>/session.js" />
    <script src="myCodeBundle.js" />


    npm i mastercard-hosted-session --save-dev


    Import the library, and initialise the module with the merchant ID supplied to you by Mastercard, and the config you'd normally pass to the PaymentSession.configure method. Do not pass the callbacks methods on your config object, since the facade configures those for you.

    The initialisation function returns a Promise that will resolve a Hosted Session facade, initialised against the form specified by the config fields.

    The example below uses Promises directly, but since a Promise is a Promise you can happily use the async function style if your environment or transpilation tool support them.

    const getHostedSession = require('mastercard-hosted-session')
      fields: {
        card: {
          number: '#card-number',
          securityCode: '#security-code',
          expiryMonth: '#expiry-month',
          expiryYear: '#expiry-year'
      frameEmbeddingMitigation: ['csp'],
      interaction: {
        displayControl: {
          formatCard: 'EMBOSSED',
          invalidFieldCharacters: 'ALLOW'
    }).then(hostedSession => {
      // hostedSession is a facade that has one public function: `sezzionize`
      return hostedSession.sessionize()
    }).then((result) => {
      console.log(result.status) // e.g. 'ok' or 'fields_in_error'
      console.log( // e.g. SESSION001212312123123123
      console.log(result.sourceOfFunds.provided.card.brand) // e.g 'MASTERCARD'
    }).catch(error => {
      // The facade rejects with HostedSessionError
      // if the script fails to append, or fails to sessionise.


    npm i mastercard-hosted-session

    DownloadsWeekly Downloads






    Unpacked Size

    20.3 kB

    Total Files


    Last publish


    • avatar