Create or Update Browser Payment Token

Request the gateway to create or update a token that references a source of funds stored with a payment provider such as PayPal.

Use this operation to initiate a browser interaction, in which the payer authorizes you to make subsequent payments against their account. For PayPal, the token wraps a PayPal Billing Agreement. Like all gateway tokens, you can:

use them for subsequent payments (PayPal calls these reference transactions)
have a token repository that includes a mix of tokenized cards, tokenized PayPal and other tokenized accounts
update a token with a different account - for example, your payer moves from PayPal to/from card as their preferred payment method, then you can retain the same token.
Your payment service provider will configure your token repository for you (see How to Configure Tokenization for details). This will determine:

If you can supply the token yourself, or if the gateway will generate one for you.
If you can update a token with a different account.
The form of the token that the gateway will generate. The generated token id is a random number. It begins with a '9' (so that is does not create a valid card number) and passes a Luhn (Mod-10) check.
When the same account is retokenized, whether the gateway return the same token or a new token.

POST https://na.gateway.mastercard.com/api/rest/version/53 / merchant / {merchantId}

Authentication Copied to clipboard

This operation requires authentication via one of the following methods:


  • Certificate authentication.
  • Basic HTTP authentication as described at w3.org. Provide 'merchant.<your gateway merchant ID>' in the userid portion and your Reporting API password in the password portion.

Request Copied to clipboard

URL Parameters Copied to clipboard

{merchantId} Copied to clipboard Alphanumeric + additional characters REQUIRED

The unique identifier issued to you by your payment provider.


Data may consist of the characters 0-9, a-z, A-Z, '-', '_'

Min length: 1 Max length: 40

Fields Copied to clipboard

apiOperation Copied to clipboard String = TOKENIZE_BROWSER_PAYMENT FIXED

Any sequence of zero or more unicode characters.

browserPayment Copied to clipboard REQUIRED

Information required by the gateway to manage interactions with a browser payment provider's website.

browserPayment.paypal Copied to clipboard

Additional information you can provide to control the user interaction flow presented to the payer by PayPal.

browserPayment.paypal.agreementConfirmation Copied to clipboard Enumeration

Indicates the action that PayPal displays to the payer prior to being redirected back to your website.

This field is only required when requesting a PayPal billing agreement.

Value must be a member of the following list. The values are case sensitive.

AGREE

After the payer has approved the billing agreement and their browser has been returned to your website, you will not process a payment against this billing agreement at that time.

AGREE_AND_PAY

After the payer has approved the billing agreement and their browser has been returned to your website, you will process a payment against this billing agreement.

browserPayment.paypal.displayShippingAddress Copied to clipboard Boolean

Indicates whether you want PayPal to display the shipping address to the payer on the PayPal website.

By default, the shipping address is displayed to the payer. For more detailed information about displaying the shipping address on the PayPal website, see PayPal Integration: Display/Override Shipping Address.

JSON boolean values 'true' or 'false'.

browserPayment.paypal.overrideShippingAddress Copied to clipboard Boolean

Indicates whether you want to allow the payer to change the shipping address for the payment on the PayPal website.

By default, the payer is allowed to change the shipping address. For more detailed information about the payer overriding the shipping address on the PayPal website, see PayPal Integration: Display/Override Shipping Address.

JSON boolean values 'true' or 'false'.

browserPayment.returnUrl Copied to clipboard Url REQUIRED

The URL to which you want the payer's browser to be redirected on completing the payment at the payment provider's website.

The same redirect URL will be used by the gateway to redirect the payer's browser irrespective of the success or otherwise of the payment.

Ensure that the URL begins with 'https' and is longer than 11 characters.

correlationId Copied to clipboard String

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
session.id Copied to clipboard ASCII Text REQUIRED

Identifier of the payment session containing values for any of the request fields to be used in this operation.

Values provided in the request will override values contained in the session.

Data consists of ASCII characters

Min length: 31 Max length: 35
shipping Copied to clipboard

Information on the shipping address including the contact details of the addressee.

shipping.address Copied to clipboard

The address to which this order will be shipped.

shipping.address.city Copied to clipboard String

The city portion of the address.

Data can consist of any characters

Min length: 1 Max length: 100
shipping.address.country Copied to clipboard Upper case alphabetic text

The 3 letter ISO standard alpha country code of the address.

Data must consist of the characters A-Z

Min length: 3 Max length: 3
shipping.address.postcodeZip Copied to clipboard Alphanumeric + additional characters

The post code or zip code of the address.

Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'

Min length: 1 Max length: 10
shipping.address.stateProvince Copied to clipboard String

The state or province of the address.

Data can consist of any characters

Min length: 1 Max length: 20
shipping.address.street Copied to clipboard String

The first line of the address.

For example, this may be the street name and number, or the Post Office Box details.

Data can consist of any characters

Min length: 1 Max length: 100
shipping.address.street2 Copied to clipboard String

The second line of the address (if provided).

Data can consist of any characters

Min length: 1 Max length: 100
shipping.contact Copied to clipboard

Details of the contact person at the address the goods will be shipped to.

shipping.contact.firstName Copied to clipboard String

The first name of the person to whom the order is being shipped.

Data can consist of any characters

Min length: 1 Max length: 50
shipping.contact.lastName Copied to clipboard String

The last name or surname of the person to whom the order is being shipped.

Data can consist of any characters

Min length: 1 Max length: 50
shipping.origin.postcodeZip Copied to clipboard Alphanumeric + additional characters

The post code or zip code of the address the order is shipped from.

Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'

Min length: 1 Max length: 10
sourceOfFunds Copied to clipboard REQUIRED

Information about the payment type selected by the payer for this payment and the source of the funds.

Depending on the payment type the source of the funds can be a debit or credit card, bank account, or account with a browser payment provider (such as PayPal).

For card payments the source of funds information may be represented by combining one or more of the following: explicitly provided card details, a session identifier which the gateway will use to look up the card details and/or a card token. Precedence rules will be applied in that explicitly provided card details will override session card details which will override card token details. Each of these may represent partial card details, however the combination must result in a full and complete set of card details. See Using Multiple Sources of Card Details for examples.

sourceOfFunds.provided Copied to clipboard

Information about the source of funds when it is directly provided (as opposed to via a token or session).

For browser payments, the source of funds details are usually collected from the payer on the payment provider's website and provided to you when you retrieve the transaction details (for a successful transaction). However, for some payment types (such as giropay), you must collect the information from the payer and supply it here.

sourceOfFunds.provided.ideal Copied to clipboard

Additional details related to an iDEAL browser payment.

When processing an iDEAL payment you can also provide the payer's bank identification code (ideal.bic),

sourceOfFunds.provided.ideal.bic Copied to clipboard Alphanumeric

The international Business Identifier Code (BIC) for the payer's bank account.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 8 Max length: 11
sourceOfFunds.provided.paypal Copied to clipboard

Information about the payer's PayPal account.

It is provided to you when the payer successfully makes a payment using PayPal or when you have established a billing agreement with the payer.

sourceOfFunds.provided.paypal.billingAgreement Copied to clipboard

Details about the agreement you have established with the payer that allows you to bill the payer's PayPal account for goods or services.

sourceOfFunds.provided.paypal.billingAgreement.cardinality Copied to clipboard Enumeration REQUIRED

Indicates the number of billing agreements between you and this payer.

Value must be a member of the following list. The values are case sensitive.

MULTIPLE

Indicates that you have multiple billing agreements with this payer. This means that a new agreement ID will be returned in response to each request.

SINGLE

Indicates that you have a single billing agreement with this payer. This means that the same agreement ID will be returned in response to each request.

sourceOfFunds.provided.paypal.billingAgreement.description Copied to clipboard String

Your description for the PayPal billing agreement.

This description is displayed to the payer when they are asked to approve the billing agreement.

Data can consist of any characters

Min length: 1 Max length: 255
sourceOfFunds.provided.paypal.billingAgreement.name Copied to clipboard String

Your name for the PayPal billing agreement.

Data can consist of any characters

Min length: 1 Max length: 255
sourceOfFunds.type Copied to clipboard Enumeration REQUIRED

The payment method used for this payment.

If you are passing card data (in any form) on the API, then you need to set this value, and also provide the card details in the sourceOfFunds.provided.card group. In the case of digital wallets or device payment methods, you must also populate the order.walletProvider field.

If you are making a payment with a gateway token, then you can leave this field unset, and only populate the sourceOfFunds.token field. However you can set this to CARD if you want to overwrite or augment the token data with a card security code, expiry date, or cardholder name.

Value must be a member of the following list. The values are case sensitive.

ALIPAY

The payer selected the payment method Alipay.

BOLETO_BANCARIO

The payer selected the payment method Boleto Bancario.

ENETS

The payer selected the payment method eNETS.

GIROPAY

The payer selected the payment method giropay.

IDEAL

The payer selected the payment method iDEAL.

KLARNA

The payer selected the payment method Klarna.

OXXO

The payer selected the payment method OXXO.

PAYPAL

The payer selected the payment method PayPal.

POLI

The payer selected the payment method POLi.

SEPA

The payer selected the payment method SEPA.

SOFORT

The payer selected the payment method Sofortbanking.

UNION_PAY

The payer selected the payment method UnionPay.

WECHAT_PAY

The payer selected the payment method WeChatPay.

token Copied to clipboard Alphanumeric

The token you supply that you wish to create or update.

You can only supply this value when creating a token if your token repository is configured to support merchant-supplied tokens.

On response, the format of the token depends on the token generation strategy configured for your repository. See Tokenization for more details.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 40

Response Copied to clipboard

Fields Copied to clipboard

browserPayment Copied to clipboard ALWAYS PROVIDED

Information required by the gateway to manage interactions with a browser payment provider's website.

browserPayment.redirectUrl Copied to clipboard Url ALWAYS PROVIDED

The URL issued by the gateway to which you must redirect the payer's browser.

Ensure that the URL begins with 'https' and is longer than 11 characters.

correlationId Copied to clipboard String

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
merchant Copied to clipboard Alphanumeric + additional characters ALWAYS PROVIDED

The unique identifier issued to you by your payment provider.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_', ' ', '&', '+', '!', '$', '%', '.'

Min length: 1 Max length: 40
response.gatewayCode Copied to clipboard Enumeration ALWAYS PROVIDED

Summary of the success or otherwise of the operation.

Value must be a member of the following list. The values are case sensitive.

BASIC_VERIFICATION_SUCCESSFUL

The card number format was successfully verified and the card exists in a known range.

EXTERNAL_VERIFICATION_BLOCKED

The external verification was blocked due to risk rules.

EXTERNAL_VERIFICATION_DECLINED

The card details were sent for verification, but were was declined.

EXTERNAL_VERIFICATION_DECLINED_AUTHENTICATION_REQUIRED

The card details were sent for verification, but were declined as authentication required.

EXTERNAL_VERIFICATION_DECLINED_EXPIRED_CARD

The card details were sent for verification, but were declined as the card has expired.

EXTERNAL_VERIFICATION_DECLINED_INVALID_CSC

The card details were sent for verification, but were declined as the Card Security Code (CSC) was invalid.

EXTERNAL_VERIFICATION_PROCESSING_ERROR

There was an error processing the verification.

EXTERNAL_VERIFICATION_SUCCESSFUL

The card details were successfully verified.

NO_VERIFICATION_PERFORMED

The card details were not verified.

result Copied to clipboard Enumeration ALWAYS PROVIDED

A system-generated high level overall result of the operation.

Value must be a member of the following list. The values are case sensitive.

FAILURE

The operation was declined or rejected by the gateway, acquirer or issuer

PENDING

The operation is currently in progress or pending processing

SUCCESS

The operation was successfully processed

UNKNOWN

The result of the operation is unknown

session.id Copied to clipboard ASCII Text ALWAYS PROVIDED

Identifier of the payment session containing values for any of the request fields to be used in this operation.

Values provided in the request will override values contained in the session.

Data consists of ASCII characters

Min length: 31 Max length: 35

Errors Copied to clipboard

error Copied to clipboard

Information on possible error conditions that may occur while processing an operation using the API.

error.cause Copied to clipboard Enumeration

Broadly categorizes the cause of the error.

For example, errors may occur due to invalid requests or internal system failures.

Value must be a member of the following list. The values are case sensitive.

INVALID_REQUEST

The request was rejected because it did not conform to the API protocol.

REQUEST_REJECTED

The request was rejected due to security reasons such as firewall rules, expired certificate, etc.

SERVER_BUSY

The server did not have enough resources to process the request at the moment.

SERVER_FAILED

There was an internal system failure.

error.explanation Copied to clipboard String

Textual description of the error based on the cause.

This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.

Data can consist of any characters

Min length: 1 Max length: 1000
error.field Copied to clipboard String

Indicates the name of the field that failed validation.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Data can consist of any characters

Min length: 1 Max length: 100
error.supportCode Copied to clipboard String

Indicates the code that helps the support team to quickly identify the exact cause of the error.

This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.

Data can consist of any characters

Min length: 1 Max length: 100
error.validationType Copied to clipboard Enumeration

Indicates the type of field validation error.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Value must be a member of the following list. The values are case sensitive.

INVALID

The request contained a field with a value that did not pass validation.

MISSING

The request was missing a mandatory field.

UNSUPPORTED

The request contained a field that is unsupported.

result Copied to clipboard Enumeration

A system-generated high level overall result of the operation.

Value must be a member of the following list. The values are case sensitive.

ERROR

The operation resulted in an error and hence cannot be processed.