Create or Update Token (with system-generated token)
Request for the gateway to store a payment instrument against a token, where the system generates the token id.
This may include:- credit or debit card details
- gift card details
- ACH bank account details
- PayPal billing agreement details
If the repository is configured for scheme tokenization, the gateway will attempt to generate a scheme token for the stored card details.
Note that the name on the card, billing address details, and customer details are only used by the gateway when submitting the tokenization request to the token service provider. These details are not stored against the gateway token.
If you tokenize card details provided by a payer via their issuer (i.e. push provisioning of scheme tokens), use this operation to supply the reference provided by the issuer for provisioning the scheme token. This reference will be used by the gateway to retrieve the scheme token and card details from the token service provider e.g. MDES.
Authentication Copied to clipboard
This operation requires authentication via one of the following methods:
- Certificate authentication.
-
Basic HTTP authentication as described at
w3.org.
Provide 'merchant.
<your gateway merchant ID>' in the userid portion and your Reporting API password in the password portion.
Request Copied to clipboard
URL Parameters Copied to clipboard
Alphanumeric + additional characters
REQUIRED
The unique identifier issued to you by your payment provider.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
Min length: 1 Max length: 40Fields Copied to clipboard
To view the optional fields, please toggle on the "Show optional" setting.
Details of the payer's billing address.
The payer's billing address.
This data may be used to qualify for better interchange rates on corporate purchase card transactions.
String
The city portion of the address.
Data can consist of any characters
String
The name of the company associated with this address.
Data can consist of any characters
Upper case alphabetic text
The 3 letter ISO standard alpha country code of the address.
Data must consist of the characters A-Z
Alphanumeric + additional characters
The post code or zip code of the address.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
String
The state or province of the address.
Data can consist of any characters
String
The three character ISO 3166-2 country subdivision code for the state or province of the address.
Providing this field might improve your payer experience for 3-D Secure payer authentication.
Data can consist of any characters
String
The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
Data can consist of any characters
String
The second line of the address (if provided).
Data can consist of any characters
String
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
Information about the customer, including their contact details.
Email
The email address of the customer.
The field format restriction ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses.
Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses
String
The customer's first name.
Data can consist of any characters
String
The customer's last or surname.
Data can consist of any characters
Telephone Number
The customer's mobile phone or cell phone number in ITU-T E123 format, for example +1 607 1234 5678
The number consists of:
- ‘+’
- country code (1, 2 or 3 digits)
- ‘space’
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
Telephone Number
The customer's phone number in ITU-T E123 format, for example +1 607 1234 456
The number consists of:
- ‘+’
- country code (1, 2 or 3 digits)
- ‘space’
- national number ( which may embed single spaces characters for readability).
Data consists of '+', country code (1, 2 or 3 digits), 'space', and national number (which may embed single space characters for readability)
String
The tax registration identifier of the customer.
Data can consist of any characters
Information about the device used by the payer for this transaction.
String
The IP address of the device used by the payer, in nnn.nnn.nnn.nnn format.
Data can consist of any characters
Container for fields that control the response returned for the request.
String
Indicates how sensitive data is returned in the response.
Data can consist of any characters
ASCII Text
Identifier of the payment session containing values for any of the request fields to be used in this operation.
Values provided in the request will override values contained in the session.
Data consists of ASCII characters
ASCII Text
Use this field to implement optimistic locking of the session content.
Do this if you make business decisions based on data from the session and wish to ensure that the same data is being used for the request operation.
To use optimistic locking, record session.version when you make your decisions, and then pass that value in session.version when you submit your request operation to the gateway.
If session.version provided by you does not match that stored against the session, the gateway will reject the operation with error.cause=INVALID_REQUEST.
See Making Business Decisions Based on Session Content.
Data consists of ASCII characters
Information on the shipping address including the contact details of the addressee.
These details will only be stored against the token if the request is for storing PayPal billing agreement details.
The address to which this order will be shipped.
String
The city portion of the address.
Data can consist of any characters
Upper case alphabetic text
The 3 letter ISO standard alpha country code of the address.
Data must consist of the characters A-Z
Alphanumeric + additional characters
The post code or zip code of the address.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
String
The state or province of the address.
Data can consist of any characters
String
The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
Data can consist of any characters
String
The second line of the address (if provided).
Data can consist of any characters
Details of the contact person at the address the goods will be shipped to.
String
The first name of the person to whom the order is being shipped.
Data can consist of any characters
String
The last name or surname of the person to whom the order is being shipped.
Data can consist of any characters
Alphanumeric + additional characters
The post code or zip code of the address the order is shipped from.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
Information about the payment type selected by the payer for this payment and the source of the funds.
Depending on the payment type the source of the funds can be a debit or credit card, bank account, or account with a browser payment provider (such as PayPal).
For card payments the source of funds information may be represented by combining one or more of the following: explicitly provided card details, a session identifier which the gateway will use to look up the card details and/or a card token. Precedence rules will be applied in that explicitly provided card details will override session card details which will override card token details. Each of these may represent partial card details, however the combination must result in a full and complete set of card details. See Using Multiple Sources of Card Details for examples.
ASCII Text
The unique serial number assigned by the manufacturer to the terminal device.
Data consists of ASCII characters
Information about the source of funds when it is directly provided (as opposed to via a token or session).
For browser payments, the source of funds details are usually collected from the payer on the payment provider's website and provided to you when you retrieve the transaction details (for a successful transaction). However, for some payment types (such as giropay), you must collect the information from the payer and supply it here.
For ACH payments (sourceOfFunds.type=ACH) you must provide values for all fields within this parameter group, including details about the payers bank account as well as the type of ACH payment.
It is your responsibility to authenticate the payer and obtain authorization from the payer in accordance with the NACHA Operating Rules and Guidelines for the Standard Entry Class (SEC) associated with this payment. For details please refer to https://www.nacha.org/.
Enumeration
An indicator identifying the type of bank account.
- Consumer (checking or savings), or
- Business
For pre-arranged payments (sourceOfFunds.provided.ach.secCode=PPD) retrieve this information from the payer.
If payments were telephone-initiated (sourceOfFunds.provided.ach.secCode=TEL) or internet-initiated (sourceOfFunds.provided.ach.secCode=WEB) you may choose to limit the payer's options (e.g. only support consumer checking accounts), depending on your type of business (e.g. B2C online webshop).
Value must be a member of the following list. The values are case sensitive.
CONSUMER_CHECKING
Consumer Checking Account
CONSUMER_SAVINGS
Consumer Savings Account
CORPORATE_CHECKING
Business Checking Account
String
The name of the bank account holder, as it appears on the account at the receiving financial institution.
Retrieve this information from the payer.
Data can consist of any characters
Alphanumeric + additional characters
The identifier of the bank account at the receiving financial institution.
Retrieve this information from the payer.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-', '/'
Digits
The identifier of the receiving financial institution.
Also known as:
- Routing number,
- Transit number, or
- ABA number
Retrieve this information from the payer.
See also http://en.wikipedia.org/wiki/Routing_transit_number.
Data is a string that consists of the characters 0-9.
Enumeration
Identifies the Standard Entry Class (SEC) code to be sent to the issuer.
The SEC is defined by NACHA and describes the origin and intent of the payment. For details please refer to https://www.nacha.org/.
Value must be a member of the following list. The values are case sensitive.
PPD
An ACH debit or credit payment (B2C) that has been authorized by an authenticated customer in written form (signed or similarly authenticated). PPD is used for pre-arranged payments (e.g. employee payroll, mortgage payments, expense reimbursement).
TEL
An ACH debit payment (B2C) that has been authorized by an authenticated customer via phone. TEL may only be used if a relationship already exists between you and the consumer, or, the consumer initiates the contact with you.
WEB
An ACH debit payment (B2C) that has been authorized by an authenticated customer via the internet or a wireless network.
Details as shown on the card.
Expiry date, as shown on the card.
Digits
REQUIRED
Month, as shown on the card.
Months are numbered January=1, through to December=12.
Data is a number between 1 and 12 represented as a string.
Digits
REQUIRED
Year, as shown on the card.
The Common Era year is 2000 plus this value.
Data is a string that consists of the characters 0-9.
String
The cardholder's name as printed on the card.
Data can consist of any characters
Digits
Credit card number as printed on the card.
Data is a string that consists of the characters 0-9.
Digits
Card verification code, as printed on the back or front of the card or as provided for a card scheme token.
Data is a string that consists of the characters 0-9.
If the payer chose to pay using a gift card, you must submit sourceOfFunds.type=GIFT_CARD and provide the payer's gift card details in this parameter group.
String
Do not provide this field in your request unless instructed to do so by your payment service provider.
The field is required, if your gift card numbers do not use ISO BIN rules and therefore not allowing the gateway to identify the local brand.
Data can consist of any characters
Digits
Card number as printed or embossed on the gift card.
Data is a string that consists of the characters 0-9.
Digits
PIN number for the gift card.
Data is a string that consists of the characters 0-9.
Information about the payer's PayPal account.It is provided to you when the payer successfully makes a payment using PayPal or when you have established a billing agreement with the payer.
Email
The email address of the payer's PayPal account.
Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses
String
The name of the account holder of the payer's PayPal account.
Data can consist of any characters
Details about the agreement you have established with the payer that allows you to bill the payer's PayPal account for goods or services.
Enumeration
REQUIRED
Indicates the number of billing agreements between you and this payer.
Value must be a member of the following list. The values are case sensitive.
MULTIPLE
Indicates that you have multiple billing agreements with this payer. This means that a new agreement ID will be returned in response to each request.
SINGLE
Indicates that you have a single billing agreement with this payer. This means that the same agreement ID will be returned in response to each request.
String
Your description for the PayPal billing agreement.
This description is displayed to the payer when they are asked to approve the billing agreement.
Data can consist of any characters
String
REQUIRED
An identifier provided by PayPal for the billing agreement.
Data can consist of any characters
String
Your name for the PayPal billing agreement.
Data can consist of any characters
String
The unique identifier for the payer assigned by PayPal.
Data can consist of any characters
This holds the PAN in the case where it is encrypted by the terminal using DUKPT key exchange.
Digits
The BIN of the card.
If you provide this, the gateway will check that the decrypted PAN has these leading six digits. If the check fails, the gateway will reject the transaction.
If you do not provided this, the gateway will not perform this check.
Data is a string that consists of the characters 0-9.
String
The P2PE encryption state as determined by the terminal.
INVALID means the terminal detected some form of error in the encryption process. The gateway will decline transactions with INVALID encryption state. This field may be omitted when the value is VALID.
Data can consist of any characters
Hex
The initialization vector supplied by the terminal to seed the encryption of this payload.
Omit this value if the terminal is not using an initialization vector to seed encryption.
Data is hexadecimal encoded
Hex
REQUIRED
The DUKPT key serial number supplied by the terminal.
Data is hexadecimal encoded
Hex
REQUIRED
The DUKPT encrypted payload supplied by the terminal.
Data is hexadecimal encoded
ASCII Text
You only must provide this field if you want the gateway to retrieve a scheme token for card details that your payer has made available to you via their card issuer (i.e. push provisioning of scheme tokens).
Using the identifier provided by the issuer, the gateway will retrieve the scheme token details from the token service provider and store them against the gateway token.
When providing this field, you must not provide card details in the sourceOfFunds.provided.card parameter group, and you must set the sourceOfFunds.type field to CARD.
Data consists of ASCII characters
Alphanumeric
The token you supply that you wish to create or update.
You can only supply this value when creating a token if your token repository is configured to support merchant-supplied tokens.
On response, the format of the token depends on the token generation strategy configured for your repository. See Tokenization for more details.
Data may consist of the characters 0-9, a-z, A-Z
Alphanumeric
The unique identifier assigned to you by the Token Service Provider that you requested a token from for this payment.
This field is mandatory for payments where the Chase Pay wallet was used.
Data may consist of the characters 0-9, a-z, A-Z
Enumeration
REQUIRED
The payment method used for this payment.
If you are passing card data (in any form) on the API, then you need to set this value, and also provide the card details in the sourceOfFunds.provided.card group. In the case of digital wallets or device payment methods, you must also populate the order.walletProvider field.
If you are making a payment with a gateway token, then you can leave this field unset, and only populate the sourceOfFunds.token field. However you can set this to CARD if you want to overwrite or augment the token data with a card security code, expiry date, or cardholder name.
Value must be a member of the following list. The values are case sensitive.
ACH
The payer chose to pay using an electronic fund transfer, to be processed via the Automated Clearing House (ACH) Network. You must provide the payer's bank account details and information about the type of ACH payment under the sourceOfFunds.provided.ach parameter group.
CARD
Use this value for payments that obtained the card details either directly from the card, or from a POS terminal, or from a wallet, or through a device payment method.
GIFT_CARD
Use this value for gift cards.
PAYPAL
The payer selected the payment method PayPal.
Upper case alphabetic text
The currency which should be used for acquirer card verification.
Not required for basic verification.
Data must consist of the characters A-Z
Enumeration
The strategy used to verify the payment instrument details before they are stored.
You only need to specify the verification strategy if you want to override the default value configured for your merchant profile. When the verification strategy is
- BASIC you must also provide the card expiry date in the sourceOfFunds.provided.card.expiry parameter group.
- ACQUIRER you must also provide the card expiry date in the sourceOfFunds.provided.card.expiry parameter group and the currency in the transaction.currency field.
- ACCOUNT_UPDATER you must also provide a currency in the transaction.currency field and the sourceOfFunds parameter group is optional.
- you need to be enabled for Account Updater by your payment service provider.
- you can subsequently inquire about any updates the gateway has made to the token based on the Account Updater response using the RETRIEVE_TOKEN or SEARCH_TOKENS operations.
Used to nominate which type of Verification to use when payment instrument details are stored in the token repository. This setting overrides the default settings in Merchant Manager.
Value must be a member of the following list. The values are case sensitive.
ACCOUNT_UPDATER
The gateway does not perform any validation or verification of the payment details provided, but schedules an Account Updater request to your acquirer to check for any updates to the payment details stored against the token. Once the Account Update request has been executed and indicates that the payment details have changed, the gateway automatically updates the payment details stored against the token or marks the token as invalid.
ACQUIRER
The gateway performs a Web Services API Verify request. Depending on the payment type, you may need to provide additional details to enable the submission of a Verify request.
BASIC
The gateway verifies the syntax and supported ranges of the payment instrument details provided, .e.g for a card it validates the card number format and checks if the card number falls within a valid BIN range.
NONE
The gateway does not perform any validation or verification of the payment instrument details provided.
Response Copied to clipboard
Fields Copied to clipboard
Information on the billing address, including the contact details of the payer.
For card payments, this information may be used by the issuer to verify the payer, so must match the billing address details the payer registered with their issuer.
The payer's billing address.
This data may be used to qualify for better interchange rates on corporate purchase card transactions.
String
The city portion of the address.
Data can consist of any characters
String
The name of the company associated with this address.
Data can consist of any characters
Upper case alphabetic text
The 3 letter ISO standard alpha country code of the address.
Data must consist of the characters A-Z
Alphanumeric + additional characters
The post code or zip code of the address.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
String
The state or province of the address.
Data can consist of any characters
String
The three character ISO 3166-2 country subdivision code for the state or province of the address.
Providing this field might improve your payer experience for 3-D Secure payer authentication.
Data can consist of any characters
String
The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
Data can consist of any characters
String
The second line of the address (if provided).
Data can consist of any characters
String
A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Data can consist of any characters
Information about the customer, including their contact details.
Email
The email address of the customer.
The field format restriction ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses.
Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses
String
The customer's first name.
Data can consist of any characters
String
The customer's last or surname.
Data can consist of any characters
String
The customer's mobile phone or cell phone number in ITU-T E123 format, for example +1 607 1234 5678
The number consists of:
- ‘+’
- country code (1, 2 or 3 digits)
- ‘space’
- national number ( which may embed single spaces characters for readability).
Data can consist of any characters
String
The customer's phone number in ITU-T E123 format, for example +1 607 1234 456
The number consists of:
- ‘+’
- country code (1, 2 or 3 digits)
- ‘space’
- national number ( which may embed single spaces characters for readability).
Data can consist of any characters
String
The tax registration identifier of the customer.
Data can consist of any characters
Information about the device used by the payer for this transaction.
String
The IP address of the device used by the payer, in nnn.nnn.nnn.nnn format.
Data can consist of any characters
ASCII Text
Unique identifier of the token repository.
Token repositories can be shared across merchants; however, a single merchant can be associated with only one token repository at a given time. Every token repository has a corresponding test token repository, which only the merchants with the corresponding test profiles can access. For example, if the repository ID is ABC, the test repository ID will be TestABC. Hence, the system displays an error if you specify a repository ID that starts with 'Test'
Data consists of ASCII characters
Enumeration
Summary of the success or otherwise of the operation.
Value must be a member of the following list. The values are case sensitive.
BASIC_VERIFICATION_SUCCESSFUL
The card number format was successfully verified and the card exists in a known range.
EXTERNAL_VERIFICATION_BLOCKED
The external verification was blocked due to risk rules.
EXTERNAL_VERIFICATION_DECLINED
The card details were sent for verification, but were was declined.
EXTERNAL_VERIFICATION_DECLINED_AUTHENTICATION_REQUIRED
The card details were sent for verification, but were declined as authentication required.
EXTERNAL_VERIFICATION_DECLINED_EXPIRED_CARD
The card details were sent for verification, but were declined as the card has expired.
EXTERNAL_VERIFICATION_DECLINED_INVALID_CSC
The card details were sent for verification, but were declined as the Card Security Code (CSC) was invalid.
EXTERNAL_VERIFICATION_PROCESSING_ERROR
There was an error processing the verification.
EXTERNAL_VERIFICATION_SUCCESSFUL
The card details were successfully verified.
NO_VERIFICATION_PERFORMED
The card details were not verified.
SCHEME_TOKENIZATION_DECLINED
The card details that your payer has made available to you via their card issuer (for push provisioning) could not be tokenized. The request was declined by the token service provider or issuer.
SCHEME_TOKENIZATION_ERROR
The card details that your payer has made available to you via their card issuer (for push provisioning) could not be tokenized. The token service provider returned an error response.
SCHEME_TOKENIZATION_SUCCESSFUL
The card details your payer has made available to you via their card issuer (for push provisioning) were successfully tokenized by the token service provider.
SCHEME_TOKENIZATION_SUCCESSFUL_ADDITIONAL_AUTHENTICATION_REQUIRED
The card details your payer has made available to you via their card issuer (for push provisioning) were successfully tokenized by the token service provider, but the issuer needs to perform additional authentication of the cardholder.
Enumeration
ALWAYS PROVIDED
A system-generated high level overall result of the Save operation.
Value must be a member of the following list. The values are case sensitive.
FAILURE
The operation was declined or rejected by the gateway, acquirer or issuer
PENDING
The operation is currently in progress or pending processing
SUCCESS
The operation was successfully processed
UNKNOWN
The result of the operation is unknown
Where a scheme token is stored against this gateway token, this group contains details about the scheme token, such as the token service provider.
Enumeration
The token service provider of a scheme token for the card details that are stored against the gateway token.
This field is returned once the token service provider can be identified. Note that it does not imply that a scheme token is available for use.
Value must be a member of the following list. The values are case sensitive.
AETS
American Express Token Service
MDES
Mastercard Digital Enablement Service
VTS
Visa Token Service
String
The unique identifier for the scheme token as assigned by the token service provider.
The Mastercard Digital Enablement Service (MDES) calls this 'Token Unique Reference' (TUR).
Data can consist of any characters
Information on the shipping address including the contact details of the addressee.
These details will only be stored against the token if the request is for storing PayPal billing agreement details.
The address to which this order will be shipped.
String
The city portion of the address.
Data can consist of any characters
Upper case alphabetic text
The 3 letter ISO standard alpha country code of the address.
Data must consist of the characters A-Z
Alphanumeric + additional characters
The post code or zip code of the address.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
String
The state or province of the address.
Data can consist of any characters
String
The first line of the address.
For example, this may be the street name and number, or the Post Office Box details.
Data can consist of any characters
String
The second line of the address (if provided).
Data can consist of any characters
Details of the contact person at the address the goods will be shipped to.
String
The first name of the person to whom the order is being shipped.
Data can consist of any characters
String
The last name or surname of the person to whom the order is being shipped.
Data can consist of any characters
Alphanumeric + additional characters
The post code or zip code of the address the order is shipped from.
Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'
Details about the source of the funds for this payment.
The details of the source of funds when they are directly provided as opposed to via a token or session.
For ACH payments (sourceOfFunds.type=ACH) you must provide values for all fields within this parameter group, including details about the payers bank account as well as the type of ACH payment.
It is your responsibility to authenticate the payer and obtain authorization from the payer in accordance with the NACHA Operating Rules and Guidelines for the Standard Entry Class (SEC) associated with this payment. For details please refer to https://www.nacha.org/.
String
The unique identifier of the routing number and bank account at the receiving financial institution.
Retrieve this information from the payer.
Data can consist of any characters
Enumeration
An indicator identifying the type of bank account.
- Consumer (checking or savings), or
- Business
For pre-arranged payments (sourceOfFunds.provided.ach.secCode=PPD) retrieve this information from the payer.
If payments were telephone-initiated (sourceOfFunds.provided.ach.secCode=TEL) or internet-initiated (sourceOfFunds.provided.ach.secCode=WEB) you may choose to limit the payer's options (e.g. only support consumer checking accounts), depending on your type of business (e.g. B2C online webshop).
Value must be a member of the following list. The values are case sensitive.
CONSUMER_CHECKING
Consumer Checking Account
CONSUMER_SAVINGS
Consumer Savings Account
CORPORATE_CHECKING
Business Checking Account
String
The name of the bank account holder, as it appears on the account at the receiving financial institution.
Retrieve this information from the payer.
Data can consist of any characters
Digits
The identifier of the bank account at the receiving financial institution.
By default, the bank account number will be returned in a masked format, for example, xxxxxx0000. If you wish to return unmasked bank account numbers, you must have the requisite permission, set responseControls.sensitiveData, and authenticate your call to the API using certificate authentication. Contact your payment service provider for further information.
Data is a string that consists of the characters 0-9.
Digits
The identifier of the receiving financial institution.
Also known as:
- Routing number,
- Transit number, or
- ABA number
Retrieve this information from the payer.
See also http://en.wikipedia.org/wiki/Routing_transit_number.
Data is a string that consists of the characters 0-9.
Enumeration
Identifies the Standard Entry Class (SEC) code to be sent to the issuer.
The SEC is defined by NACHA and describes the origin and intent of the payment. For details please refer to https://www.nacha.org/.
Value must be a member of the following list. The values are case sensitive.
PPD
An ACH debit or credit payment (B2C) that has been authorized by an authenticated customer in written form (signed or similarly authenticated). PPD is used for pre-arranged payments (e.g. employee payroll, mortgage payments, expense reimbursement).
TEL
An ACH debit payment (B2C) that has been authorized by an authenticated customer via phone. TEL may only be used if a relationship already exists between you and the consumer, or, the consumer initiates the contact with you.
WEB
An ACH debit payment (B2C) that has been authorized by an authenticated customer via the internet or a wireless network.
Details about the card.
Use this parameter group when you have sourced payment details using:
Cards: the card details entered directly or collected using a Point of Sale (POS) terminal.
Device payment methods such as Apple Pay, Android Pay, Samsung Pay or Google Pay.
Digital wallets such as Masterpass, Visa Checkout or Amex Express Checkout.
Card scheme tokens where the card was tokenized using a card scheme tokenization service such as Mastercard Digital Enablement Service (MDES).
Enumeration
ALWAYS PROVIDED
The brand name used to describe the card that is recognized and accepted globally.
For many major card types this will match the scheme name. In some markets, a card may also be co-branded with a local brand that is recognized and accepted within its country/region of origin (see card.localBrand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Value must be a member of the following list. The values are case sensitive.
AMEX
American Express
CHINA_UNIONPAY
China UnionPay
DINERS_CLUB
Diners Club
DISCOVER
Discover
JCB
JCB (Japan Credit Bureau)
LOCAL_BRAND_ONLY
The card does not have a global brand.
MAESTRO
Maestro
MASTERCARD
MasterCard
RUPAY
RuPay
UATP
UATP (Universal Air Travel Plan)
UNKNOWN
The brand of the card used in the transaction could not be identified
VISA
Visa
Digits
ALWAYS PROVIDED
Expiry date as shown on the card in the format MMYY where months are numbered, so that for January MM=01, through to December MM=12 and the Common Era year is 2000 plus the value YY
Data is a string that consists of the characters 0-9.
Enumeration
ALWAYS PROVIDED
The method used by the payer to provide the funds for the payment.
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Value must be a member of the following list. The values are case sensitive.
CHARGE
The payer has a line of credit with the issuer which must be paid off monthly.
CREDIT
The payer has a revolving line of credit with the issuer.
DEBIT
Funds are immediately debited from the payer's account with the issuer.
UNKNOWN
The account funding method could not be determined.
String
The issuer of the card, if known.
WARNING: This information may be incorrect or incomplete – use at your own risk.
Data can consist of any characters
String
The brand name used to describe a card that is recognized and accepted within its country/region of origin.
The card may also be co-branded with a brand name that is recognized and accepted globally (see card.brand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Data can consist of any characters
String
The cardholder's name as printed on the card.
Data can consist of any characters
Masked digits
The account number embossed onto the card.
By default, the card number will be returned in 6.4 masking format, for example, 000000xxxxxx0000.If you wish to return unmasked card numbers, you must have the requisite permission, set responseControls.sensitiveData field to UNMASK, and authenticate your call to the API using certificate authentication.
Data is a string that consists of the characters 0-9, plus 'x' for masking
Enumeration
The organization that owns a card brand and defines operating regulations for its use.
The card scheme also controls authorization and settlement of card transactions among issuers and acquirers.
Value must be a member of the following list. The values are case sensitive.
AMEX
American Express
CHINA_UNIONPAY
China UnionPay
DINERS_CLUB
Diners Club
DISCOVER
Discover
JCB
JCB (Japan Credit Bureau)
MASTERCARD
MasterCard
OTHER
The scheme of the card used in the transaction could not be identified.
RUPAY
RuPay
UATP
UATP (Universal Air Travel Plan)
VISA
Visa
Details as shown on the Gift Card.
Enumeration
ALWAYS PROVIDED
The brand name used to describe the card that is recognized and accepted globally.
For many major card types this will match the scheme name. In some markets, a card may also be co-branded with a local brand that is recognized and accepted within its country/region of origin (see card.localBrand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Value must be a member of the following list. The values are case sensitive.
LOCAL_BRAND_ONLY
The card does not have a global brand.
String
The brand name used to describe a card that is recognized and accepted within its country/region of origin.
The card may also be co-branded with a brand name that is recognized and accepted globally (see card.brand).
You may use this information to support surcharging decisions. This information is gathered from 3rd party sources and may not be accurate in all circumstances.
Data can consist of any characters
Masked digits
The account number embossed onto the card.
By default, the card number will be returned in 6.4 masking format, for example, 000000xxxxxx0000.If you wish to return unmasked card numbers, you must have the requisite permission, set responseControls.sensitiveData field to UNMASK, and authenticate your call to the API using certificate authentication.
Data is a string that consists of the characters 0-9, plus 'x' for masking
Masked digits
PIN number for the gift card.
Data is a string that consists of the characters 0-9, plus 'x' for masking
Enumeration
The organization that owns a card brand and defines operating regulations for its use.
The card scheme also controls authorization and settlement of card transactions among issuers and acquirers.
Value must be a member of the following list. The values are case sensitive.
OTHER
The scheme of the card used in the transaction could not be identified.
Information about the payer's PayPal account.
It is provided to you when the payer successfully makes a payment using PayPal or when you have established a billing agreement with the payer.
Email
The email address of the payer's PayPal account.
Ensures that the email address is longer than 3 characters and adheres to a generous subset of valid RFC 2822 email addresses
String
The name of the account holder of the payer's PayPal account.
Data can consist of any characters
Details about the agreement you have established with the payer that allows you to bill the payer's PayPal account for goods or services.
Enumeration
Indicates the number of billing agreements between you and this payer.
Value must be a member of the following list. The values are case sensitive.
MULTIPLE
Indicates that you have multiple billing agreements with this payer. This means that a new agreement ID will be returned in response to each request.
SINGLE
Indicates that you have a single billing agreement with this payer. This means that the same agreement ID will be returned in response to each request.
String
Your description for the PayPal billing agreement.
This description is displayed to the payer when they are asked to approve the billing agreement.
Data can consist of any characters
String
An identifier provided by PayPal for the billing agreement.
Data can consist of any characters
String
Your name for the PayPal billing agreement.
Data can consist of any characters
String
The unique identifier for the payer assigned by PayPal.
Data can consist of any characters
ASCII Text
You only must provide this field if you want the gateway to retrieve a scheme token for card details that your payer has made available to you via their card issuer (i.e. push provisioning of scheme tokens).
Using the identifier provided by the issuer, the gateway will retrieve the scheme token details from the token service provider and store them against the gateway token.
When providing this field, you must not provide card details in the sourceOfFunds.provided.card parameter group, and you must set the sourceOfFunds.type field to CARD.
Data consists of ASCII characters
Enumeration
The payment method your payer has chosen for this payment.
Value must be a member of the following list. The values are case sensitive.
CARD
The payer selected to pay using a credit or debit card. The payer's card details must be provided.
GIFT_CARD
The payer chose to pay using gift card. The payer's gift card details must be provided under the sourceOfFunds.provided.giftCard parameter group.
PAYPAL
The payer selected the payment method PayPal.
Enumeration
ALWAYS PROVIDED
An indicator of whether or not you can use this token in transaction requests.
Transaction requests using an invalid token are rejected by the gateway.
To change the token status, update the payment details stored against the token. Note that there are limitations on the update functionality depending on how your payment service provider has configured your token repository.
Card Details
A token that contains card details can become invalid in the following cases:
- Scheme Token Provider: If a response or notification from the scheme token provider indicates that the card number for this scheme token has changed and the scheme token is no longer active.
- Recurring Payment Advice: If the acquirer response for a recurring payment indicates that you must not attempt another recurring payment with the card number stored against this token.
- Account Updater: If you are configured for Account Updater and an Account Updater response indicates that the card details are no longer valid.
PayPal Details
A token that contains PayPal payment details becomes invalid when the payer withdraws their consent to the Billing Agreement.
Value must be a member of the following list. The values are case sensitive.
INVALID
The payment details stored against the token have been identified as invalid. The gateway will reject operation payment requests using this token.
VALID
The payment details stored against the token are considered to be valid. The gateway will attempt to process operation requests using this token.
Alphanumeric
On request, supply the token you wish to create or update.
You can only supply this value when creating a token if your token repository is configured to support merchant-supplied tokens.
On response, the format of the token depends on the token generation strategy configured for your repository. See Tokenization for more details.
You will receive a new token in field replacementToken when:
- Your token repository is configured to use a 6.4 Token Generation Strategy, and
- You set request.verificationStrategy = ACCOUNT_UPDATER or you are configured for the Token Maintenance Service functionality, and
- The Account Updater service provided a new account identifier (with a different 6.4 mask).
You should use the new token in future operation requests and delete the old token.
Data may consist of the characters 0-9, a-z, A-Z
Information about the usage of the token.
DateTime
The timestamp indicating the time the token was last updated.
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
Alphanumeric + additional characters
The identifier of the merchant who last updated the token.
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
DateTime
The timestamp indicating the time the token was last used or saved.
An instant in time expressed in ISO8601 date + time format - "YYYY-MM-DDThh:mm:ss.SSSZ"
Enumeration
The strategy used to verify the payment instrument details before they are stored.
You only need to specify the verification strategy if you want to override the default value configured for your merchant profile. When the verification strategy is
- BASIC you must also provide the card expiry date in the sourceOfFunds.provided.card.expiry parameter group.
- ACQUIRER you must also provide the card expiry date in the sourceOfFunds.provided.card.expiry parameter group and the currency in the transaction.currency field.
- ACCOUNT_UPDATER you must also provide a currency in the transaction.currency field and the sourceOfFunds parameter group is optional.
- you need to be enabled for Account Updater by your payment service provider.
- you can subsequently inquire about any updates the gateway has made to the token based on the Account Updater response using the RETRIEVE_TOKEN or SEARCH_TOKENS operations.
Value must be a member of the following list. The values are case sensitive.
ACCOUNT_UPDATER
The gateway does not perform any validation or verification of the payment details provided, but schedules an Account Updater request to your acquirer to check for any updates to the payment details stored against the token. Once the Account Update request has been executed and indicates that the payment details have changed, the gateway automatically updates the payment details stored against the token or marks the token as invalid.
ACQUIRER
The gateway performs a Web Services API Verify request. Depending on the payment type, you may need to provide additional details to enable the submission of a Verify request.
BASIC
The gateway verifies the syntax and supported ranges of the payment instrument details provided, .e.g for a card it validates the card number format and checks if the card number falls within a valid BIN range.
NONE
The gateway does not perform any validation or verification of the payment instrument details provided.
Errors Copied to clipboard
Information on possible error conditions that may occur while processing an operation using the API.
Enumeration
Broadly categorizes the cause of the error.
For example, errors may occur due to invalid requests or internal system failures.
Value must be a member of the following list. The values are case sensitive.
INVALID_REQUEST
The request was rejected because it did not conform to the API protocol.
REQUEST_REJECTED
The request was rejected due to security reasons such as firewall rules, expired certificate, etc.
SERVER_BUSY
The server did not have enough resources to process the request at the moment.
SERVER_FAILED
There was an internal system failure.
String
Textual description of the error based on the cause.
This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.
Data can consist of any characters
String
Indicates the name of the field that failed validation.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.
Data can consist of any characters
String
Indicates the code that helps the support team to quickly identify the exact cause of the error.
This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.
Data can consist of any characters
Enumeration
Indicates the type of field validation error.
This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.
Value must be a member of the following list. The values are case sensitive.
INVALID
The request contained a field with a value that did not pass validation.
MISSING
The request was missing a mandatory field.
UNSUPPORTED
The request contained a field that is unsupported.
Enumeration
A system-generated high level overall result of the operation.
Value must be a member of the following list. The values are case sensitive.
ERROR
The operation resulted in an error and hence cannot be processed.