Retrieve Token

Request to retrieve the payment details saved against the specified token.

POST https://na.gateway.mastercard.com/api/nvp/version/59

Authentication Copied to clipboard

This operation requires authentication via one of the following methods:


  • Certificate authentication.
  • To authenticate to the API two additional NVP parameters must be supplied in the request. Provide 'merchant.<your gateway merchant ID>' in the apiUsername field and your API password in the apiPassword field.

Request Copied to clipboard

Fields Copied to clipboard

apiOperation Copied to clipboard String = RETRIEVE_TOKEN FIXED

Any sequence of zero or more unicode characters.

correlationId Copied to clipboard String OPTIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
merchant Copied to clipboard Alphanumeric + additional characters REQUIRED

The unique identifier issued to you by your payment provider.

This identifier can be up to 12 characters in length.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_'

Min length: 1 Max length: 40
responseControls Copied to clipboard OPTIONAL

Container for fields that control the response returned for the request.

responseControls.sensitiveData Copied to clipboard String OPTIONAL

Indicates how sensitive data is returned in the response.

Data can consist of any characters

Min length: 1 Max length: 50
token Copied to clipboard Alphanumeric OPTIONAL

Uniquely identifies a card and associated details.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 40

Response Copied to clipboard

Fields Copied to clipboard

correlationId Copied to clipboard String CONDITIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
repositoryId Copied to clipboard ASCII Text CONDITIONAL

The unique identifier of the token repository associated with the merchant.

Data consists of ASCII characters

Min length: 1 Max length: 16
result Copied to clipboard Enumeration ALWAYS PROVIDED

A system-generated high level overall result of the transaction/operation.

Value must be a member of the following list. The values are case sensitive.

FAILURE

The operation was declined or rejected by the gateway, acquirer or issuer

PENDING

The operation is currently in progress or pending processing

SUCCESS

The operation was successfully processed

UNKNOWN

The result of the operation is unknown

shipping Copied to clipboard CONDITIONAL

Information on the shipping address including the contact details of the addressee.

shipping.address Copied to clipboard CONDITIONAL

The address to which the goods contained in this order are being shipped.

This data may be used to qualify for better interchange rates on corporate purchase card transactions.

shipping.address.city Copied to clipboard String CONDITIONAL

The city portion of the address.

Data can consist of any characters

Min length: 1 Max length: 100
shipping.address.country Copied to clipboard Upper case alphabetic text CONDITIONAL

The 3 letter ISO standard alpha country code of the address.

Data must consist of the characters A-Z

Min length: 3 Max length: 3
shipping.address.postcodeZip Copied to clipboard Alphanumeric + additional characters CONDITIONAL

The post code or zip code of the address.

Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'

Min length: 1 Max length: 10
shipping.address.source Copied to clipboard Enumeration CONDITIONAL

How you obtained the shipping address.

Value must be a member of the following list. The values are case sensitive.

ADDRESS_ON_FILE

Order shipped to an address that you have on file.

NEW_ADDRESS

Order shipped to an address provided by the payer for this transaction.

shipping.address.stateProvince Copied to clipboard String CONDITIONAL

The state or province of the address.

Data can consist of any characters

Min length: 1 Max length: 20
shipping.address.stateProvinceCode Copied to clipboard String CONDITIONAL

The three character ISO 3166-2 country subdivision code for the state or province of the address.

Providing this field might improve your payer experience for 3-D Secure payer authentication.

Data can consist of any characters

Min length: 1 Max length: 3
shipping.address.street Copied to clipboard String CONDITIONAL

The first line of the address.

For example, this may be the street name and number, or the Post Office Box details.

Data can consist of any characters

Min length: 1 Max length: 100
shipping.address.street2 Copied to clipboard String CONDITIONAL

The second line of the address (if provided).

Data can consist of any characters

Min length: 1 Max length: 100
shipping.address.sameAsBilling Copied to clipboard Enumeration CONDITIONAL

Indicates whether the shipping address provided is the same as the payer's billing address.

Provide this value if you are not providing the full shipping and billing addresses, but you can affirm that they are the same or different.

The default value for this field is:

SAME - if the shipping and billing address are supplied, and all fields are the same (ignoring non-alphanumerics).
DIFFERENT - if the shipping and billing address are supplied, and at least one field is different (ignoring non-alphanumerics).
UNKNOWN - either shipping address or billing address is absent.

Value must be a member of the following list. The values are case sensitive.

DIFFERENT

The shipping and billing addresses are different.

SAME

The shipping and billing addresses are the same.

UNKNOWN

It is not known if the shipping and billing addresses are the same.

shipping.contact Copied to clipboard CONDITIONAL

Details of the contact person at the address the goods will be shipped to.

shipping.contact.firstName Copied to clipboard String CONDITIONAL

The first name of the person to whom the order is being shipped.

Data can consist of any characters

Min length: 1 Max length: 50
shipping.contact.lastName Copied to clipboard String CONDITIONAL

The last name or surname of the person to whom the order is being shipped.

Data can consist of any characters

Min length: 1 Max length: 50
sourceOfFunds Copied to clipboard CONDITIONAL

Details about the source of the funds for this payment.

sourceOfFunds.provided Copied to clipboard CONDITIONAL

The details of the source of funds when they are directly provided as opposed to via a token or session.

sourceOfFunds.provided.ach Copied to clipboard CONDITIONAL

For ACH payments (sourceOfFunds.type=ACH) you must provide values for all fields within this parameter group, including details about the payers bank account as well as the type of ACH payment.

It is your responsibility to authenticate the payer and obtain authorization from the payer in accordance with the NACHA Operating Rules and Guidelines for the Standard Entry Class (SEC) associated with this payment. For details please refer to https://www.nacha.org/.

sourceOfFunds.provided.ach.accountIdentifier Copied to clipboard String CONDITIONAL

The unique identifier of the routing number and bank account at the receiving financial institution.

Retrieve this information from the payer.

Data can consist of any characters

Min length: 19 Max length: 27
sourceOfFunds.provided.ach.accountType Copied to clipboard Enumeration CONDITIONAL

An indicator identifying the type of bank account.

  • Consumer (checking or savings), or
  • Business

For pre-arranged payments (sourceOfFunds.provided.ach.secCode=PPD) retrieve this information from the payer.

If payments were telephone-initiated (sourceOfFunds.provided.ach.secCode=TEL) or internet-initiated (sourceOfFunds.provided.ach.secCode=WEB) you may choose to limit the payer's options (e.g. only support consumer checking accounts), depending on your type of business (e.g. B2C online webshop).

Value must be a member of the following list. The values are case sensitive.

CONSUMER_CHECKING

Consumer Checking Account

CONSUMER_SAVINGS

Consumer Savings Account

CORPORATE_CHECKING

Business Checking Account

sourceOfFunds.provided.ach.bankAccountHolder Copied to clipboard String CONDITIONAL

The name of the bank account holder, as it appears on the account at the receiving financial institution.

Retrieve this information from the payer.

Data can consist of any characters

Min length: 1 Max length: 28
sourceOfFunds.provided.ach.bankAccountNumber Copied to clipboard Digits CONDITIONAL

The identifier of the bank account at the receiving financial institution.

Retrieve this information from the payer.

Data is a string that consists of the characters 0-9.

Min length: 9 Max length: 17
sourceOfFunds.provided.ach.routingNumber Copied to clipboard Digits CONDITIONAL

The identifier of the receiving financial institution.

Also known as:

  • Routing number,
  • Transit number, or
  • ABA number

Retrieve this information from the payer.

See also http://en.wikipedia.org/wiki/Routing_transit_number.

Data is a string that consists of the characters 0-9.

Min length: 9 Max length: 9
sourceOfFunds.provided.ach.secCode Copied to clipboard Enumeration CONDITIONAL

Identifies the Standard Entry Class (SEC) code to be sent to the issuer.

The SEC is defined by NACHA and describes the origin and intent of the payment. For details please refer to https://www.nacha.org/.

Value must be a member of the following list. The values are case sensitive.

PPD

An ACH debit or credit payment (B2C) that has been authorized by an authenticated customer in written form (signed or similarly authenticated). PPD is used for pre-arranged payments (e.g. employee payroll, mortgage payments, expense reimbursement).

TEL

An ACH debit payment (B2C) that has been authorized by an authenticated customer via phone. TEL may only be used if a relationship already exists between you and the consumer, or, the consumer initiates the contact with you.

WEB

An ACH debit payment (B2C) that has been authorized by an authenticated customer via the internet or a wireless network.

sourceOfFunds.provided.card Copied to clipboard CONDITIONAL

Details about the card.

Use this parameter group when you have sourced payment details using:
Cards: the card details entered directly or collected using a Point of Sale (POS) terminal.
Device payment methods such as Apple Pay, Android Pay, Samsung Pay or Google Pay.
Digital wallets such as Masterpass, Visa Checkout or Amex Express Checkout.
Card scheme tokens where the card was tokenized using a card scheme tokenization service such as Mastercard Digital Enablement Service (MDES).

sourceOfFunds.provided.card.brand Copied to clipboard Enumeration ALWAYS PROVIDED

The brand name used to describe the card that is recognized and accepted globally.

For many major card types this will match the scheme name. In some markets, a card may also be co-branded with a local brand that is recognized and accepted within its country/region of origin (see card.localBrand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.

Value must be a member of the following list. The values are case sensitive.

AMEX

American Express

CHINA_UNIONPAY

China UnionPay

DINERS_CLUB

Diners Club

DISCOVER

Discover

JCB

JCB (Japan Credit Bureau)

LOCAL_BRAND_ONLY

The card does not have a global brand.

MAESTRO

Maestro

MASTERCARD

MasterCard

RUPAY

RuPay

UATP

UATP (Universal Air Travel Plan)

UNKNOWN

The brand of the card used in the transaction could not be identified

VISA

Visa

sourceOfFunds.provided.card.expiry Copied to clipboard Digits ALWAYS PROVIDED

Expiry date as shown on the card in the format MMYY where months are numbered, so that for January MM=01, through to December MM=12 and the Common Era year is 2000 plus the value YY

Data is a string that consists of the characters 0-9.

Min length: 4 Max length: 4
sourceOfFunds.provided.card.fundingMethod Copied to clipboard Enumeration ALWAYS PROVIDED

The method used by the payer to provide the funds for the payment.

You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.

Value must be a member of the following list. The values are case sensitive.

CHARGE

The payer has a line of credit with the issuer which must be paid off monthly.

CREDIT

The payer has a revolving line of credit with the issuer.

DEBIT

Funds are immediately debited from the payer's account with the issuer.

UNKNOWN

The account funding method could not be determined.

sourceOfFunds.provided.card.issuer Copied to clipboard String CONDITIONAL

The issuer of the card, if known.

WARNING: This information may be incorrect or incomplete – use at your own risk.

Data can consist of any characters

Min length: 0 Max length: 255
sourceOfFunds.provided.card.localBrand Copied to clipboard String CONDITIONAL

The brand name used to describe a card that is recognized and accepted within its country/region of origin.

The card may also be co-branded with a brand name that is recognized and accepted globally (see card.brand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.

Data can consist of any characters

Min length: 3 Max length: 50
sourceOfFunds.provided.card.number Copied to clipboard Masked digits CONDITIONAL

The account number embossed onto the card.

By default, the card number will be returned in 6.4 masking format, for example, 000000xxxxxx0000.If you wish to return unmasked card numbers, you must have the requisite permission, set responseControls.sensitiveData field to UNMASK, and authenticate your call to the API using certificate authentication.

Data is a string that consists of the characters 0-9, plus 'x' for masking

Min length: 9 Max length: 19
sourceOfFunds.provided.card.scheme Copied to clipboard Enumeration CONDITIONAL

The organization that owns a card brand and defines operating regulations for its use.

The card scheme also controls authorization and settlement of card transactions among issuers and acquirers.

Value must be a member of the following list. The values are case sensitive.

AMEX

American Express

CHINA_UNIONPAY

China UnionPay

DINERS_CLUB

Diners Club

DISCOVER

Discover

JCB

JCB (Japan Credit Bureau)

MASTERCARD

MasterCard

OTHER

The scheme of the card used in the transaction could not be identified.

RUPAY

RuPay

UATP

UATP (Universal Air Travel Plan)

VISA

Visa

sourceOfFunds.provided.giftCard Copied to clipboard CONDITIONAL

Details as shown on the Gift Card.

sourceOfFunds.provided.giftCard.brand Copied to clipboard Enumeration ALWAYS PROVIDED

The brand name used to describe the card that is recognized and accepted globally.

For many major card types this will match the scheme name. In some markets, a card may also be co-branded with a local brand that is recognized and accepted within its country/region of origin (see card.localBrand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.

Value must be a member of the following list. The values are case sensitive.

LOCAL_BRAND_ONLY

The card does not have a global brand.

sourceOfFunds.provided.giftCard.localBrand Copied to clipboard String CONDITIONAL

The brand name used to describe a card that is recognized and accepted within its country/region of origin.

The card may also be co-branded with a brand name that is recognized and accepted globally (see card.brand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.

Data can consist of any characters

Min length: 1 Max length: 50
sourceOfFunds.provided.giftCard.number Copied to clipboard Masked digits CONDITIONAL

The account number embossed onto the card.

By default, the card number will be returned in 6.4 masking format, for example, 000000xxxxxx0000.If you wish to return unmasked card numbers, you must have the requisite permission, set responseControls.sensitiveData field to UNMASK, and authenticate your call to the API using certificate authentication.

Data is a string that consists of the characters 0-9, plus 'x' for masking

Min length: 9 Max length: 19
sourceOfFunds.provided.giftCard.pin Copied to clipboard Masked digits CONDITIONAL

PIN number for the gift card.

Data is a string that consists of the characters 0-9, plus 'x' for masking

Min length: 4 Max length: 8
sourceOfFunds.provided.giftCard.scheme Copied to clipboard Enumeration CONDITIONAL

The organization that owns a card brand and defines operating regulations for its use.

The card scheme also controls authorization and settlement of card transactions among issuers and acquirers.

Value must be a member of the following list. The values are case sensitive.

OTHER

The scheme of the card used in the transaction could not be identified.

sourceOfFunds.provided.paypal Copied to clipboard CONDITIONAL

Information about the payer's PayPal account.

It is provided to you when the payer successfully makes a payment using PayPal or when you have established a billing agreement with the payer.

sourceOfFunds.provided.paypal.accountEmail Copied to clipboard Email CONDITIONAL

The email address of the payer's PayPal account.

Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses

sourceOfFunds.provided.paypal.accountHolder Copied to clipboard String CONDITIONAL

The name of the account holder of the payer's PayPal account.

Data can consist of any characters

Min length: 1 Max length: 255
sourceOfFunds.provided.paypal.billingAgreement Copied to clipboard CONDITIONAL

Details about the agreement you have established with the payer that allows you to bill the payer's PayPal account for goods or services.

sourceOfFunds.provided.paypal.billingAgreement.cardinality Copied to clipboard Enumeration CONDITIONAL

Indicates the number of billing agreements between you and this payer.

Value must be a member of the following list. The values are case sensitive.

MULTIPLE

Indicates that you have multiple billing agreements with this payer. This means that a new agreement ID will be returned in response to each request.

SINGLE

Indicates that you have a single billing agreement with this payer. This means that the same agreement ID will be returned in response to each request.

sourceOfFunds.provided.paypal.billingAgreement.description Copied to clipboard String CONDITIONAL

Your description for the PayPal billing agreement.

This description is displayed to the payer when they are asked to approve the billing agreement.

Data can consist of any characters

Min length: 1 Max length: 255
sourceOfFunds.provided.paypal.billingAgreement.id Copied to clipboard String CONDITIONAL

An identifier provided by PayPal for the billing agreement.

Data can consist of any characters

Min length: 1 Max length: 100
sourceOfFunds.provided.paypal.billingAgreement.name Copied to clipboard String CONDITIONAL

Your name for the PayPal billing agreement.

Data can consist of any characters

Min length: 1 Max length: 255
sourceOfFunds.provided.paypal.payerId Copied to clipboard String CONDITIONAL

The unique identifier for the payer assigned by PayPal.

Data can consist of any characters

Min length: 1 Max length: 13
sourceOfFunds.type Copied to clipboard Enumeration CONDITIONAL

The payment method your payer has chosen for this payment.

Value must be a member of the following list. The values are case sensitive.

CARD

The payer selected to pay using a credit or debit card. The payer's card details must be provided.

GIFT_CARD

The payer chose to pay using gift card. The payer's gift card details must be provided under the sourceOfFunds.provided.giftCard parameter group.

PAYPAL

The payer selected the payment method PayPal.

status Copied to clipboard Enumeration ALWAYS PROVIDED

An indicator of whether or not you can use this token in transaction requests.

Transaction requests using an invalid token are rejected by the gateway.

To change the token status, update the payment details stored against the token. Note that there are limitations on the update functionality depending on how your payment service provider has configured your token repository.

Card Details

A token that contains card details can become invalid in the following cases:

  • Scheme Token Provider: If a response or notification from the scheme token provider indicates that the card number for this scheme token has changed and the scheme token is no longer active.
  • Recurring Payment Advice: If the acquirer response for a recurring payment indicates that you must not attempt another recurring payment with the card number stored against this token.
  • Account Updater: If you are configured for Account Updater and an Account Updater response indicates that the card details are no longer valid.


PayPal Details

A token that contains PayPal payment details becomes invalid when the payer withdraws their consent to the Billing Agreement.

Value must be a member of the following list. The values are case sensitive.

INVALID

The payment details stored against the token have been identified as invalid. The gateway will reject operation payment requests using this token.

VALID

The payment details stored against the token are considered to be valid. The gateway will attempt to process operation requests using this token.

token Copied to clipboard Alphanumeric CONDITIONAL

On request, supply the token you wish to create or update.

You can only supply this value when creating a token if your token repository is configured to support merchant-supplied tokens.

On response, the format of the token depends on the token generation strategy configured for your repository. See Tokenization for more details.

You will receive a new token in field replacementToken when:

  • Your token repository is configured to use a 6.4 Token Generation Strategy, and
  • You set request.verificationStrategy = ACCOUNT_UPDATER or you are configured for the Token Maintenance Service functionality, and
  • The Account Updater service provided a new account identifier (with a different 6.4 mask).


You should use the new token in future operation requests and delete the old token.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 40
usage Copied to clipboard ALWAYS PROVIDED

Information about the usage of the token.

usage.lastUpdated Copied to clipboard DateTime CONDITIONAL

The timestamp indicating the time the token was last updated.

An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"

usage.lastUpdatedBy Copied to clipboard Alphanumeric + additional characters CONDITIONAL

If the token was last updated by a merchant, the identifier of the merchant is provided.

If the token was last updated by the Token Maintenance Service, the field will not be provided in the response.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_'

Min length: 1 Max length: 40
usage.lastUsed Copied to clipboard DateTime CONDITIONAL

The timestamp indicating the time the token was last used or saved.

An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"

verificationStrategy Copied to clipboard Enumeration CONDITIONAL

The strategy used to verify the payment instrument details before they are stored.

You only need to specify the verification strategy if you want to override the default value configured for your merchant profile. When the verification strategy is

  • BASIC you must also provide the card expiry date in the sourceOfFunds.provided.card.expiry parameter group.
  • ACQUIRER you must also provide the card expiry date in the sourceOfFunds.provided.card.expiry parameter group and the currency in the transaction.currency field.
  • ACCOUNT_UPDATER you must also provide a currency in the transaction.currency field and the sourceOfFunds parameter group is optional.
To use this operation to request an account update
  • you need to be enabled for Account Updater by your payment service provider.
  • you can subsequently inquire about any updates the gateway has made to the token based on the Account Updater response using the RETRIEVE_TOKEN or SEARCH_TOKENS operations.
As a result of an account update the payment details stored against the token may be updated or the token may be marked as invalid. Any updates made to the payment details respect the token management strategy configured for your token repository. For example, if the token repository is configured with a token generation strategy of Preserve 6.4 and an account update indicates that the card number has changed, the token is marked as invalid. You can no longer use an invalid token and must ask your payer for new payment details.

Value must be a member of the following list. The values are case sensitive.

ACQUIRER

The gateway performs a Web Services API Verify request. Depending on the payment type, you may need to provide additional details to enable the submission of a Verify request.

BASIC

The gateway verifies the syntax and supported ranges of the payment instrument details provided, .e.g for a card it validates the card number format and checks if the card number falls within a valid BIN range.

NONE

The gateway does not perform any validation or verification of the payment instrument details provided.

Errors Copied to clipboard

error Copied to clipboard

Information on possible error conditions that may occur while processing an operation using the API.

error.cause Copied to clipboard Enumeration

Broadly categorizes the cause of the error.

For example, errors may occur due to invalid requests or internal system failures.

Value must be a member of the following list. The values are case sensitive.

INVALID_REQUEST

The request was rejected because it did not conform to the API protocol.

REQUEST_REJECTED

The request was rejected due to security reasons such as firewall rules, expired certificate, etc.

SERVER_BUSY

The server did not have enough resources to process the request at the moment.

SERVER_FAILED

There was an internal system failure.

error.explanation Copied to clipboard String

Textual description of the error based on the cause.

This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.

Data can consist of any characters

Min length: 1 Max length: 1000
error.field Copied to clipboard String

Indicates the name of the field that failed validation.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Data can consist of any characters

Min length: 1 Max length: 100
error.supportCode Copied to clipboard String

Indicates the code that helps the support team to quickly identify the exact cause of the error.

This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.

Data can consist of any characters

Min length: 1 Max length: 100
error.validationType Copied to clipboard Enumeration

Indicates the type of field validation error.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Value must be a member of the following list. The values are case sensitive.

INVALID

The request contained a field with a value that did not pass validation.

MISSING

The request was missing a mandatory field.

UNSUPPORTED

The request contained a field that is unsupported.

result Copied to clipboard Enumeration

A system-generated high level overall result of the operation.

Value must be a member of the following list. The values are case sensitive.

ERROR

The operation resulted in an error and hence cannot be processed.