Last Updated: 16 July 2025 | Change Log
Use our card on file resource to authorize a payment with a digital wallet.
Note
You must integrate with Google Pay or Apple Pay before you can submit repeat wallet payments to our Payments API.
- The customer is actively participating in making a payment at the point of authorization using card details you have previously stored/ intend to store
- Does not follow a schedule
- Requires explicit permission from the customer to store the card on their account for use in a “one-click” model
- Sometimes referred to as Customer Initiated Transactions (CIT)
Read more about card on file mandates here.
POST your initial card on file authorizations to our payments:cardOnFileAuthorize action link resource received in your query the payments root resource request.
POST https://try.access.worldpay.com/payments/authorizations/cardOnFile
cardOnFile authorization request body
{
"transactionReference": "Memory265-13/08/1876",
"merchant": {
"entity": "default"
},
"instruction": {
"narrative": {
"line1": "Mind Palace Ltd"
},
"value": {
"currency": "GBP",
"amount": 250
},
"paymentInstrument": {
"type": "card/wallet+applepay",
"walletToken": "{\"version\": \"EC_v1\",\"data\": \"kdHd..GQ==\",\"signature\": \"MIAGCSqGSIb3DQEH...AAA\",\"header\": {\"transactionId\": \"d3b28af..f8\",\"ephemeralPublicKey\": \"MFkwE..Q==\",\"publicKeyHash\": \"dxCK..6o=\"}}"
}
}
}| Parameter | Required | Description |
|---|---|---|
transactionReference | ✅ | A unique reference generated by you that is used to identify a payment throughout its lifecycle. See transaction reference format, for more details and the best practices. |
merchant | ✅ | An object that contains information about the merchant. |
merchant.entity | ✅ | Direct your payment to assist with billing, reporting and reconciliation. This is mandatory for authentication and queries. Contact your Implementation Manager for more details. |
instruction | ✅ | An object that contains all the information related to the payment. |
instruction.narrative | ✅ | The text that appears on your customer's statement. Used to identify the merchant. See narrative format for more details and best practices. |
narrative.line1 | ✅ | The first line of the narrative which appears on your customer's statement (24 characters max. If character is not supported it is replaced with a space.). See narrative line1 format for more details. |
instruction.value | ✅ | An object that contains information about the value of the payment. |
value.currency | ✅ | The three digit currency code. See list of supported currencies. |
value.amount | ✅ | The payment amount. This is a whole number with an exponent e.g. if exponent is two, 250 is 2.50. You can find the relevant exponent in our currency table. |
instruction.paymentInstrument | ✅ | An object that contains the payment type and details. You must integrate with Apple Pay first to use the card/wallet+applepay paymentInstrument. |
Optional parameters and descriptions
| Parameter | Required | Description |
|---|---|---|
instruction.intent | ❌ | A parameter detailing the reason for this particular repeat agreement. Possible value:
|
narrative.line2 | ❌ | Additional details about the payment e.g. order number, telephone number. |
The requests below contain all the mandatory and optional fields needed for a successful card on file authorization request.
{
"transactionReference": "Memory265-13/08/1876",
"merchant": {
"entity": "default"
},
"instruction": {
"intent": "instalment",
"narrative": {
"line1": "Mind Palace Ltd",
"line2": "Memory265-13/08/1876"
},
"value": {
"currency": "GBP",
"amount": 1000
},
"paymentInstrument": {
"type": "card/wallet+applepay",
"walletToken": "{\"version\": \"EC_v1\",\"data\": \"kdHd..GQ==\",\"signature\": \"MIAGCSqGSIb3DQEH...AAA\",\"header\": {\"transactionId\": \"d3b28af..f8\",\"ephemeralPublicKey\": \"MFkwE..Q==\",\"publicKeyHash\": \"dxCK..6o=\"}}",
"billingAddress": {
"address1": "221B Baker Street",
"address2": "Marylebone",
"address3": "Westminster",
"postalCode": "NW1 6XE",
"city": "London",
"state": "Greater London",
"countryCode": "GB"
}
}
}
}{
"transactionReference": "Memory265-13/08/1876",
"merchant": {
"entity": "default"
},
"instruction": {
"narrative": {
"line1": "Mind Palace Ltd"
},
"value": {
"currency": "GBP",
"amount": 250
},
"paymentInstrument": {
"type": "card/wallet+applepay",
"walletToken": "{
\"version\": \"EC_v1\",
\"data\": \"kdHd..GQ==\",
\"signature\": \"MIAGCSqGSIb3DQEH...AAA\",
\"header\": {
\"transactionId\": \"d3b28af..f8\",
\"ephemeralPublicKey\": \"MFkwE..Q==\",
\"publicKeyHash\": \"dxCK..6o=\"
}
}"
}
}
}Best Practice
Access Worldpay returns a WP-correlationId in the headers of service responses. We highly recommend you log this. The WP-correlationId is used by us to examine individual service requests.
You receive:
- an HTTP code
201 - an
"outcome": "authorized" - risk factors (only returned if issuer identifies conflict)
- a scheme reference
- a
paymentInstrumentdetailing brand information about the card that was used - links to cancel, settle, partially settle or track payment events
- an authorization link for the next card on file payment in your repeat payment agreement
- an authorization link for the next recurring payment in your repeat payment agreement
- a token link, you must use for all subsequent payments in your repeat payment agreement
You receive:
- an HTTP code
201 - an
"outcome": "refused" - a refusal code
- a
descriptionwhich gives additional context on the refusal - risk factors (only returned if issuer identifies conflict)
- a
paymentInstrument
{
"outcome": "authorized",
"riskFactors": [{
"risk": "not_checked",
"detail": "postcode",
"type": "avs"
},
{
"risk": "not_checked",
"detail": "address",
"type": "avs"
}
],
"scheme": {
"reference": "schemeReference"
},
"paymentInstrument": {
"type": "card/network+masked",
"card": {
"number": {
"bin": "444433",
"last4Digits": "1111",
"dpan": "4444333322221111"
},
"countryCode": "GB",
"expiryDate": {
"month": 6,
"year": 2021
},
"brand": "visa",
"fundingType": "debit",
"issuer": {
"name": "VALID_ISSUER"
},
"paymentAccountReference": "somePAR"
}
},
"_links": {
"payments:cancel": {
"href": "https://try.access.worldpay.com/payments/authorizations/cancellations/eyJrIjoiazUyOTVhMSIsImxpbmtWZXJzaW9uIjoiMy4wLjAifQ==.7uyuNo1ShOgM5rTwStg86LXzb0a2wdLW1lwX:DIQ2Ecrp4gw65VLnHmjsAVqzpa2NcwixaBb2p8R2x5NPXdRpybJ2ndKlbkNOc9gj+ruN20iaTdYqv2FNgB3ZAw3g+yyUMUlQDFD8DU++ZswXpUQe8YTBHmTP8zHQUXrSORn9IaI6kzJnMu2HWwEJOqKnWLvRCMy:fr4ptatJJrmRVON8WTjisJL:sd3TJ9uDcO:gD+q+Q01y++Mzop0k8y3bDcnNBpsG:8xf4uKGGYO3EcAWA=="
},
"payments:settle": {
"href": "https://try.access.worldpay.com/payments/settlements/full/eyJrIjoiazUyOTVhMSIsImxpbmtWZXJzaW9uIjoiMy4wLjAifQ==.7uyuNo1ShOgM5rTwStg86LXzb0a2wdLW1lwX:DIQ2Ecrp4gw65VLnHmjsAVqzpa2NcwixaBb2p8R2x5NPXdRpybJ2ndKlbkNOc9gj+ruN20iaTdYqv2FNgB3ZAw3g+yyUMUlQDFD8DU++ZswXpUQe8YTBHmTP8zHQUXrSORn9IaI6kzJnMu2HWwEJOqKnWLvRCMy:fr4ptatJJrmRVON8WTjisJL:sd3TJ9uDcO:gD+q+Q01y++Mzop0k8y3bDcnNBpsG:8xf4uKGGYO3EcAWA=="
},
"payments:partialSettle": {
"href": "https://try.access.worldpay.com/payments/settlements/partials/eyJrIjoiazUyOTVhMSIsImxpbmtWZXJzaW9uIjoiMy4wLjAifQ==.7uyuNo1ShOgM5rTwStg86LXzb0a2wdLW1lwX:DIQ2Ecrp4gw65VLnHmjsAVqzpa2NcwixaBb2p8R2x5NPXdRpybJ2ndKlbkNOc9gj+ruN20iaTdYqv2FNgB3ZAw3g+yyUMUlQDFD8DU++ZswXpUQe8YTBHmTP8zHQUXrSORn9IaI6kzJnMu2HWwEJOqKnWLvRCMy:fr4ptatJJrmRVON8WTjisJL:sd3TJ9uDcO:gD+q+Q01y++Mzop0k8y3bDcnNBpsG:8xf4uKGGYO3EcAWA=="
},
"payments:events": {
"href": "https://try.access.worldpay.com/payments/events/eyJrIjoiazUyOTVhMSIsImxpbmtWZXJzaW9uIjoiMy4wLjAifQ==.7uyuNo1ShOgM5rTwStg86LXzb0a2wdLW1lwX:DIQ2Ecrp4gw65VLnHmjsAVqzpa2NcwixaBb2p8R2x5NPXdRpybJ2ndKlbkNOc9gj+ruN20iaTdYqv2FNgB3ZAw3g+yyUMUlQDFD8DU++ZswXpUQe8YTBHmTP8zHQUXrSORn9IaI6kzJnMu2HWwEJOqKnWLvRCMy:fr4ptatJJrmRVON8WTjisJL:sd3TJ9uDcO:gD+q+Q01y++Mzop0k8y3bDcnNBpsG:8xf4uKGGYO3EcAWA=="
},
"payments:cardOnFileAuthorize": {
"href": "https://try.access.worldpay.com/payments/authorizations/cardOnFile/eyJrIjoiazUyOTVhMSIsImxpbmtWZXJzaW9uIjoiMS4wLjAifQ==.R6PzeBs1kC+VT5dtn2WKHquYi:0CPtdsTmoC0CiPjw6CkE+Ujvons6ZVs+R2JwUJmXAx1+34Kz67cP9hSVZNkQ=="
},
"payments:recurringAuthorize": {
"href": "https://try.access.worldpay.com/payments/authorizations/recurring/eyJrIjoiazUyOTVhMSIsImxpbmtWZXJzaW9uIjoiMS4wLjAifQ==.R6PzeBs1kC+VT5dtn2WKHquYi:0CPtdsTmoC0CiPjw6CkE+Ujvons6ZVs+R2JwUJmXAx1+34Kz67cP9hSVZNkQ=="
},
"tokens:token": {
"href": "https://access.worldpay.com/tokens/linkData"
},
"curies": [{
"name": "payments",
"href": "https://try.access.worldpay.com/rels/payments/{rel}",
"templated": true
}]
}
}You can use the payments:settle action link to settle the payment straight away. Alternatively you can cache the response and use the link to settle the payment later.
Next Steps
Take a subsequent recurring payment with the token you have received in your card on file response.