Last Updated: 28 February 2024 | Change Log
Get started with our Verified Tokens API
Make yourself familiar with our API Principles to ensure a resilient integration.
Set your headers
Setting your headers is an important part of an API request. The headers represent the meta-data associated with your API request.
Authorization : {your_credentials} Content-Type : application/vnd.worldpay.verified-tokens-v3.hal+json Accept : application/vnd.worldpay.verified-tokens-v3.hal+json
| Header | Description |
|---|---|
Authorization | We use the Authorization header to identify and authenticate you within Access Worldpay. You must use the Authorization header for any request you send to our Verified Tokens API, unless you are using client certificate authentication over TLS. If you must use this, read our reference guide on Authenticating with SSL/TLS. |
Content-Type | We require the Content-Type header if the request you're sending includes a request body, and if the HTTP method is a POST or a PUT. |
Accept | We use the Accept header to identify which version of our Verified Tokens API you are using. You must use the Accept header for any request you send to our Verified Tokens API. |
If you're using both the Content-Type and Accept headers, they must match.
Replace {your_credentials} with your base64-encoded Basic Auth username and password. To get your Access Worldpay credentials contact your Implementation Manager.
Next Steps
We have reviewed our API Principle approach and consider our resources stable and unlikely to change. This means you can skip querying the root resource for a quicker integration and POST directly to the API resource
If you do want to discover all available resources, you can expand the below section "Query the root resource" for further steps.
Query the root resource
Our APIs guide you by providing you with links to the next available actions.
To discover and start using our APIs you can query the root resource first. This returns the available resources within Access Worldpay.
Request
GET https://try.access.worldpay.com/
No request body is needed for this request.
Response
You receive all our available API resources in the response.
{ "_links": { "payments:authorize": { "href": "https://try.access.worldpay.com/payments/authorizations" }, "service:payments": { "href": "https://try.access.worldpay.com/payments" }, "service:sessions": { "href": "https://try.access.worldpay.com/sessions" }, "service:tokens": { "href": "https://try.access.worldpay.com/tokens" }, "service:verifications/accounts": { "href": "https://try.access.worldpay.com/verifications/accounts" }, "service:verifications/customers/3ds": { "href": "https://try.access.worldpay.com/verifications/customers/3ds" }, "service:verifiedTokens": { "href": "https://try.access.worldpay.com/verifiedTokens" }, "service:fraudsight": { "href": "https://try.access.worldpay.com/fraudsight" }, "service:exemptions": { "href": "https://try.access.worldpay.com/exemptions" }, "service:payouts": { "href": "https://try.access.worldpay.com/payouts" }, "service:payments/alternative/direct": { "href": "https://try.access.worldpay.com/payments/alternative/direct" }, "service:payments/alternative/action/paypal": { "href": "https://try.access.worldpay.com/payments/alternative/action/paypal" }, "service:payments/alternative/action/ideal": { "href": "https://try.access.worldpay.com/payments/alternative/action/ideal" }, "service:payouts/accounts": { "href": "https://try.access.worldpay.com/payouts/accounts" }, "service:payouts/events": { "href": "https://try.access.worldpay.com/payouts/events" }, "service:moneyTransfers": { "href": "https://try.access.worldpay.com/moneyTransfers" }, "service:foreignExchange": { "href": "https://try.access.worldpay.com/foreignExchange" }, "service:accounts/statements": { "href": "https://try.access.worldpay.com/accounts/statements" }, "service:accounts/balance": { "href": "https://try.access.worldpay.com/accounts/balance" }, "service:accounts/transfer": { "href": "https://try.access.worldpay.com/accounts/transfer" }, "curies": [ { "href": "https://try.access.worldpay.com/rels/payments/{rel}", "name": "payments", "templated": true } ] } }
Action links and URI resources
When integrating into Access Worldpay, we strongly recommend that you get the URI resource links from the action links. Do not hard code the URI resource links, they could change and break your integration.
What is an action link?
An action link is a parameter where the URI link to the resource is stored.
What is a URI resource link?
A URI resource link is the link to the resource you send your requests to.
Query the Verified Tokens root resource
Query the service:verifiedTokens resource which gives you links to your next available actions and resources for our Verified Tokens API.
The request
GET https://try.access.worldpay.com/verifiedTokens
No request body is needed for this request.
The response
You receive all our available API resources in the response.
{ "_links": { "verifiedTokens:cardOnFile": { "href": "https://try.access.worldpay.com/verifiedTokens/cardOnFile" }, "verifiedTokens:oneTime": { "href": "https://try.access.worldpay.com/verifiedTokens/oneTime" }, "verifiedTokens:sessions": { "href": "https://try.access.worldpay.com/verifiedTokens/sessions" }, "resourceTree": { "href": "https://try.access.worldpay.com/rels/verifiedTokens/resourceTree.json" }, "curies": [ { "href": "https://try.access.worldpay.com/rels/verifiedTokens/{rel}.json", "name": "verifiedTokens", "templated": true } ] } }
Resources
| Resources | Description |
|---|---|
verifiedTokens:cardOnFile | Create a Verified Token that you use to take card on file payments. Card on file payments are payments made by the customer using payment instrument details that have already been stored. |
verifiedTokens:sessions | Used by the Access Checkout SDK to create a session. |
DNS Whitelisting
Whitelist the following URLs:
https://try.access.worldpay.com/https://access.worldpay.com/
Please ensure you use DNS whitelisting not explicit IP whitelisting.
Link Caching
When you make a request within Access Worldpay, you should always cache the response returned.
Next steps