Access Worldpay
/
Take repeat payments
/
Take a card on file payment

Last Updated: 09 April 2024 | Change Log

Take a card on file payment

Use our CardOnFile resource to authorize a CardOnFile payment.

What are Card on File payments?

Card on File payments are made by the cardholder using the payment instrument details that have already been stored, such as one-click or in-app purchases. They differ from recurring payments as they don't follow a schedule and are not initiated by the merchant. A Card on File payment is an example of a Cardholder Initiated Transaction (CIT).

CardOnFile request

POST your CardOnFile request to the payments:cardonFileAuthorize action link received in your successful oneTime intelligent or dynamicOneTime verification.

CardOnFile example request

POST https://try.access.worldpay.com/payments/authorizations/cardonFile/{resource}

Note

Click the tabs below to see all the mandatory fields for all supported paymentInstrument parameters.

CardOnFile request body:

  1. Card
  2. Token
  3. Checkout with CVC
{
    "transactionReference": "unique-transactionReference",
    "merchant": {
        "entity": "default"
    },
    "instruction": {
        "narrative": {
            "line1": "trading name"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "type": "card/plain",
            "cardHolderName": "John Appleseed",
            "cardNumber": "4444333322221111",
            "cardExpiryDate": {
                "month": 5,
                "year": 2035
            }
        }
    }
}

Parameter descriptions

ParameterRequiredDescription
transactionReferenceA unique reference generated by you that is used to identify a payment throughout its lifecycle. See transaction reference format, for more details and the best practices.
merchantAn object that contains information about the merchant.
merchant.entityDirect your payment to assist with billing, reporting and reconciliation. This is mandatory for Authentication and Queries.
Contact your Implementation Manager for more details.
instructionAn object that contains all the information related to the payment.
instruction.narrativeThe text that appears on your customer's statement. Used to identify the merchant.
See narrative format for more details and the best practices.
narrative.line1The first line of the narrative which appears on your customer's statement (24 character max. If character is not supported it is replaced with a space.).
See [narrative line1](/products/access/reference/formatting.md#narrative-line1 format) for more details.
value.currencyThe 3 digit currency code.
See list of supported currencies.
value.amountThe payment amount. This is a whole number with an exponent e.g. if exponent is two, 250 is 2.50. You can find the relevant exponent in our currency table.
instruction.paymentInstrumentAn object that contains the payment type and details.
To use "tokens" as a paymentInstrument you must first create a token. To use "checkout with CVC" as paymentInstrument you must first use our checkout SDK and create a token.

Optional parameters

Optional parameters and descriptions
ParameterRequiredDescription
narrative.line2Additional details about the payment e.g. order number, telephone number.
paymentInstrument.billingAddressAn object containing the billing address information. If included you must send at least:
  • address1
  • city
  • countryCode
  • postalCode
This is used for Address Verification Service (AVS). Our API checks the submitted AVS to see if it matches the address registered with the issuing bank. If the address supplied does not match the registered address it means that the payment carries additional risk.
merchant.mccYou can apply a merchant category code (mcc) to an individual request. You can only provide an mcc if we have enabled the dynamic mcc feature during boarding. If enabled but not provided, merchant.mcc defaults to a configured value. For more information contact your Relationship Manager.
paymentInstrument.cvcCVC is a unique set of 3 or 4 numbers on the back of the card. Our API checks to see if the CVC supplied matches the CVC held by the issuing bank.
merchant.paymentFacilitatorAn object containing Payment Facilitator information. If required you must send:
  • pfId
  • isoId
  • subMerchant.merchantId
  • subMerchant.postalcode
  • subMerchant.street
  • subMerchant.city
  • subMerchant.countryCode
This information is required for every card on file request only if you are a Payment Facilitator. You can find more formatting information here.

The requests below contain all the mandatory and optional fields needed for a successful card on file request.

Full card on file request body

  1. Card complete request
  2. Token complete request
  3. Checkout with CVC
{
    "transactionReference": "unique-transactionReference",
    "merchant": {
        "entity": "default",
        "mcc": "1234",
        "paymentFacilitator": {
            "pfId": "12345",
            "isoId": "12345",
            "subMerchant": {
                "name": "John",
                "merchantId": "12345",
                "postalCode": "SW1 1AA",
                "street": "Regent Street",
                "city": "London",
                "countryCode": "GB"
            }
        }
    },
    "instruction": {
        "narrative": {
            "line1": "trading name",
            "line2": "order number"
        },
        "value": {
            "currency": "GBP",
            "amount": 250
        },
        "paymentInstrument": {
            "cvc": "123",
            "billingAddress": {
                "address1": "Worldpay",
                "address2": "1 Milton Road",
                "address3": "The Science Park",
                "postalCode": "CB4 0WE",
                "city": "Cambridge",
                "state": "Cambridgeshire",
                "countryCode": "GB"
            },
            "type": "card/plain",
            "cardHolderName": "John Appleseed",
            "cardNumber": "4444333322221111",
            "cardExpiryDate": {
                "month": 5,
                "year": 2035
            }
        },
        "intent": "instalment"
    }
}

Card on file response

Successful payment

You receive:

  • an HTTP code 201
  • an "outcome": "authorized"
  • an issuer response code
  • links to settle , partially settle or query your payment
  • an authorization link for the next payment in your recurring agreement

Refused payment

You receive:

  • an HTTP code 201
  • an "outcome": "refused"
  • an issuer response code
  • a description which gives additional context on the refusal

Example response

  1. Card/Token
  2. Card/Token complete response
  3. Checkout with CVC
{
    "outcome": "authorized",
    "issuer": {
        "authorizationCode": "0"
    },
    "scheme": {
        "reference": "1260019172"
    },
    "_links": {
        "payments:cancel": {
            "href": "https://try.access.worldpay.com/payments/authorizations/cancellations/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:settle": {
            "href": "https://try.access.worldpay.com/payments/settlements/full/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:partialSettle": {
            "href": "https://try.access.worldpay.com/payments/settlements/partials/eyJrIjoiazNhYjYzMiJ9"
        },
        "payments:events": {
            "href": "https://try.access.worldpay.com/payments/events/eyJrIjoiazNhYjYzMiJ9"
        },
        "curies": [{
            "name": "payments",
            "href": "https://try.access.worldpay.com/rels/payments/{rel}",
            "templated": true
        }],
        "payments:CardOnFileAuthorize": {
            "href": "https://try.access.worldpay.com/payments/authorizations/CardOnFile/eyJrIjoiazNhYjYzMiJ9"
        }
    }
}

You must always store and use the link returned in the payments:CardOnFileAuthorize action link to authorize your next CardOnFile payment.


Next steps

Refund a payment