Embedded Account Capture - Ingo Payments Developer Hub

Ingo Payments · Embedded Account Capture

Capture accounts. Zero PCI scope.

Drop-in iFrame SDK. Card data never touches your servers. Ingo returns a reusable token.

Embedded Account Capture is a PCI-compliant drop-in iFrame SDK that handles recipient account tokenization inside a secure hosted session. Your server makes one API call to create a session and receives an authorized_url. Your client application mounts the iFrame SDK using that URL, and the recipient enters their account details directly into Ingo’s hosted environment — card data, bank account numbers, and payment credentials never pass through your servers. When the recipient completes the flow, Ingo fires a TOKEN_SUCCESS event containing a customer_account_token. That token is then used with any IngoPay verify or process call to initiate a disbursement or debit.

How It Works

Session Create

Your server calls the Session Management API with the recipient’s information. Ingo establishes a secure, point-in-time session and returns an authorized_url valid for 30 seconds. This server-side call is the only step that requires HMAC-SHA512 authentication.

Create Session

SDK Initialization

Include the Ingo SDK script in your page, call IngoInstantPayments.create() to attach it to a DOM element, then call mount(authorizedUrl, fundingDestination) to launch the iFrame. The SDK handles the full recipient-facing UI — account entry, verification, and confirmation — inside the hosted session.

Account Tokenization

The recipient enters their account details inside Ingo’s hosted iFrame. Ingo runs your configured identity and account verification checks, and on success fires a TOKEN_SUCCESS event containing the customer_account_token. No payment credentials are exposed to your application at any point.

Use the Token with IngoPay

The customer_account_token returned by the SDK passes directly into any IngoPay process or debit call — no additional verify step required. The token never expires and can be reused for future transactions without re-running the iFrame flow. If your product mix includes the Banking Platform, include the ledger routing object in the IngoPay call to direct the transaction to the correct entity’s ledger; otherwise no additional fields are needed beyond the token.

Using Your Token with IngoPay

The customer_account_token from Embedded Account Capture is interchangeable with any token produced by the IngoPay verify endpoint. Use it directly in IngoPay process calls to push funds, or in IngoPay debit calls to pull funds — across every payment type the iFrame supports. Supported payment types:

Payment Type	Push	Pull
Debit Card	✓	✓
Credit Card	✓	—
Bank Account (ACH)	✓	✓
BillPay	✓	—
PayPal	✓	—
Venmo	Coming Soon	—

Push Funds to an Account

Use your token to disburse to card, ACH, PayPal, BillPay, and more via the IngoPay process endpoint.

Pull Funds from an Account

Use your token to debit a card or bank account via the IngoPay debit process endpoint.

​How It Works