New API Version | Last Updated: 25 July 2024 | Change Log
Verify a customer's account
To verify your customer's account, you must send a verifications request to one of our supported resources.
Intelligent verification
With an Intelligent verification, Worldpay chooses the amount to use in the verification.
Intelligent verification request
You can POST your intelligent verification request to one of these resources:
oneTime intelligent verification
For a oneTime verification, POST your request to the verifications:oneTime action link received in your query the verifications root resource request.
POST https://try.access.worldpay.com/verifications/accounts/intelligent/oneTime
cardOnFile intelligent verification
cardOnFile payments are initiated by the customer using the payment instrument details that have already been stored.
For a cardOnFile verification, POST your request to the verifications:cardOnFile action link received in your query the verifications root resource request to become Cardholder Initiated Transaction (CIT) compliant.
POST https://try.access.worldpay.com/verifications/accounts/intelligent/cardOnFile
Example request body
Intelligent verification for cardOnFile and oneTime requests:
{ "transactionReference": "{uniqueTransactionReference}", "currency": "GBP", "merchant": { "entity": "default" }, "paymentInstrument": { "type": "card/plain", "cvc": "321", "cardHolderName": "John Appleseed", "cardNumber": "4444333322221111", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "Worldpay", "countryCode": "GB", "postalCode": "CB4 0WE", "city": "Cambridge" } } }
Only use the Intelligent verification request with paymentFacilitator if you are a payment facilitator.
Descriptions of your intelligent verification request parameters:
| Parameter | Required | Description |
|---|---|---|
currency | ✅ | The 3-digit currency code. See list of supported currencies. |
transactionReference | ✅ | A unique reference generated by you that is used to identify a payment throughout its lifecycle. See transaction reference format, for more details and the best practices. |
paymentInstrument | ✅ | An object that contains your customer's payment details. |
paymentInstrument.cardHolderName | ✅ | An object that contains your customer's name. |
paymentInstrument.cardNumber | ✅ | An object that contains your customer's payment card number. |
paymentInstrument.type | ✅ | An object that contains your customer's payment type, card/plain. |
paymentInstrument.verificationAddress | ❌ | An object containing the verification address information. If included you must send at least:
|
paymentInstrument.cardExpiryDate | ✅ | An object that contains your customer's payment card expiry date. |
paymentInstrument.cvc | ❌ | CVC is a unique set of 3 or 4 numbers on the back of your customer's card. Including the CVC in your request increases the chances of the verification request outcome being verified. Our API checks to see if the CVC supplied matches the CVC held by the issuing bank. |
merchant | ✅ | An object that contains information about the merchant. |
merchant.entity | ✅ | Direct your verification to assist with billing, reporting and reconciliation. This is mandatory for verifications. For more information contact your Relationship Manager or Implementation Manager. |
merchant.mcc | ❌ | A Merchant Category Code (mcc) can be applied to an individual request. An mcc can only be provided if the dynamic mcc feature has been enabled during boarding. If enabled but not provided, merchant.mcc defaults to a configured value. For more information contact your Relationship Manager or Implementation Manager. |
merchant.paymentFacilitator | ❌ | An object containing your payment facilitator information. If required you must send:
|
recipient | ❌ | An object that contains the details of the recipient of the payment.
Recommendation We highly recommend you supply this, if your MCC is 6012 or 6051. Sending this field ensures you remain PSD2 compliant and avoid potential acquirer refusals. |
Dynamic verification
Our Dynamic verifications service gives you granular control over the amount that is used for verification.
Dynamic verification request
You can POST your verification request to one of these resources :
dynamicOneTime verification
For a dynamicOneTime verification, POST your request to the verifications:dynamicOneTime action link received in your query the verifications root resource request.
POST https://try.access.worldpay.com/verifications/accounts/dynamic/oneTime
dynamicCardOnFile verification
cardOnFile payments are initiated by the customer using the payment instrument details that have already been stored.
For a dynamicCardOnFile verification, POST your request to the verifications:dynamicCardOnFile action link received in your query the verifications root resource request to become Cardholder Initiated Transaction (CIT) compliant.
POST https://try.access.worldpay.com/verifications/accounts/dynamic/cardOnFile
Example request body
Dynamic verification for cardOnFile and oneTime requests:
{ "transactionReference": "unique-transactionReference", "merchant": { "entity": "default" }, "instruction": { "value": { "currency": "GBP", "amount": 20 }, "paymentInstrument": { "type": "card/plain", "cvc": "321", "cardHolderName": "John Appleseed", "cardNumber": "4444333322221111", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "Worldpay", "countryCode": "GB", "postalCode": "CB4 0WE", "city": "Cambridge" } } } }
Only use the Dynamic verification request with paymentFacilitator if you are a payment facilitator.
Descriptions of your dynamic verification request parameters:
| Parameter | Required | Description |
|---|---|---|
instruction | ✅ | An object that contains all the information related to the payment. |
value.currency | ✅ | The 3-digit currency code. See list of supported currencies. |
value.amount | ✅ | The payment amount. This is a whole number with an exponent e.g. if exponent is two, 250 is 2.50. You can find the relevant exponent in our currency table. |
transactionReference | ✅ | A unique reference generated by you that is used to identify a payment throughout its lifecycle. See transaction reference format, for more details and the best practices. |
paymentInstrument | ✅ | An object that contains your customer's payment details. |
paymentInstrument.cardHolderName | ✅ | An object that contains your customer's name. |
paymentInstrument.cardNumber | ✅ | An object that contains your customer's payment card number. |
paymentInstrument.type | ✅ | An object that contains your customer's payment type, card/plain. |
paymentInstrument.verificationAddress | ❌ | An object containing the verification address information. If included you must send at least:
|
paymentInstrument.cardExpiryDate | ✅ | An object that contains your customer's payment card expiry date. |
paymentInstrument.cvc | ❌ | CVC is a unique set of 3 or 4 numbers on the back of your customer's card. Including the CVC in your request increases the chances of the verification request outcome being verified. Our API checks to see if the CVC supplied matches the CVC held by the issuing bank. |
merchant | ✅ | An object that contains information about the merchant. |
merchant.entity | ✅ | Direct your verification to assist with billing, reporting and reconciliation. This is mandatory for verifications. For more information contact your Relationship Manager. |
merchant.mcc | ❌ | A Merchant Category Code (mcc) can be applied to an individual request. An mcc can only be provided if the dynamic mcc feature has been enabled during boarding. If enabled but not provided, merchant.mcc defaults to a configured value. For more information contact your Relationship Manager. |
merchant.paymentFacilitator | ❌ | An object containing your payment facilitator information. If required you must send:
|
recipient | ❌ | An object that contains the details of the recipient of the payment.
Recommendation We highly recommend you supply this, if your MCC is 6012 or 6051. Sending this field ensures you remain PSD2 compliant and avoid potential acquirer refusals. |
3DS
You can optionally submit 3DS parameters for intelligent and dynamic verification requests.
To get the customer authentication object you must complete an authentication request using our 3DS API.
Intelligent verification request examples
{ "transactionReference": "{uniqueTransactionReference}", "currency": "GBP", "merchant": { "entity": "default", "mcc": "6012", "paymentFacilitator": { "pfId": "12345678901", "isoId": "4101", "subMerchant": { "merchantId": "873674903278364", "name": "Example Shop", "street": "123 Street", "state": "CA", "city": "San Francisco", "countryCode": "840", "postalCode": "94101", "taxId": "987-65-4321", "telephone": "800-555-9999", "email": "contact@example.com" } } }, "paymentInstrument": { "type": "card/plain", "cvc": "321", "cardHolderName": "John Appleseed", "cardNumber": "4444333322221111", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "Worldpay", "countryCode": "GB", "postalCode": "CB4 0WE", "city": "Cambridge" } }, "customer": { "authentication": { "version": "1.0.2", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } }
Dynamic verification request examples
{ "transactionReference": "unique-transactionReference", "merchant": { "entity": "default", "mcc": "6012", "paymentFacilitator": { "pfId": "12345678901", "isoId": "4101", "subMerchant": { "merchantId": "873674903278364", "name": "Example Shop", "street": "123 Street", "state": "CA", "city": "San Francisco", "countryCode": "840", "postalCode": "94101", "taxId": "987-65-4321", "telephone": "800-555-9999", "email": "contact@example.com" } } }, "instruction": { "value": { "currency": "GBP", "amount": 20 }, "paymentInstrument": { "type": "card/plain", "cvc": "321", "cardHolderName": "John Appleseed", "cardNumber": "4444333322221111", "cardExpiryDate": { "month": 5, "year": 2035 }, "verificationAddress": { "address1": "Worldpay", "countryCode": "GB", "postalCode": "CB4 0WE", "city": "Cambridge" } } }, "customer": { "authentication": { "version": "1.0.2", "type": "3DS", "eci": "05", "authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=", "transactionId": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } }
The descriptions of parameters from your 3DS authorization request
| Parameter | Required | Description |
|---|---|---|
customer | ✅ | An object containing the result of your customer's verification. For more details see 3DS verification. |
authentication.type | ✅ | 3DS |
authentication.version | ✅ | The version of 3DS used to process the transaction. For 3DS1 - 1.0.2For 3DS2 - 2.1.0 or 2.2.0 Note Required for Mastercard's Identity Check transactions in Authorization. |
authentication.eci | ✅ | Electronic Commerce Indicator (ECI). Indicates the outcome of the 3DS verification.
|
authentication.authenticationValue | ✅ | A cryptographic value that provides evidence of the outcome of a 3DS verification.
authentication.authenticationValue is required if authentication.eci value is 01, 02 or 05For version 3DS2: authentication.authenticationValue is required if authentication.eci value is 01, 02, 05 or 06.authentication.authenticationValue must be 28 digits max and must be base64-encoded. |
authentication.transactionId | ✅ | Required, if authentication.eci value is 01, 02, 05 or 06.A unique authentication transaction identifier, generated by the issuer. For version 3DS1: transactionId must be base64-encoded and 28 digits in length.For version 3DS2: transactionId must be a UUID and 36 characters in length. |
Apple Pay decrypted
You can optionally submit Apple Pay decrypted parameters for intelligent and dynamic cardOnFile requests.
Verification request example:
{ "currency":"EUR", "paymentInstrument":{ "type":"card/networkToken+applepay", "cardHolderName":"Joe Bloggs", "cardExpiryDate":{ "month":1, "year":2019 }, "dpan":"4444333322221111" }, "merchant":{ "entity":"default" }, "transactionReference":"transactionReference", "customer":{ "authentication":{ "type":"card/networkToken", "eci":"05", "authenticationValue":"MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" } }, "recipient": { "accountReference": "azAZ0123", "lastName": "Moriarty", "address": { "postalCode": "DH1 3LE" }, "dateOfBirth": { "day": 1, "month": 2, "year": 2000 } } }
The descriptions of parameters from your Apple Pay decrypted authorization request
| Parameter | Required | Description |
|---|---|---|
paymentInstrument.type | ✅ | An object that contains your customer's payment type; card/networkToken+applepay. |
paymentInstrument.dpan | ✅ | An object that contains the device primary account number. |
customer | ✅ | An object containing the authentication information required for Apple Pay decrypted. |
authentication.type | ✅ | card/networkToken |
authentication.eci | ❌ | Electronic Commerce Indicator (ECI). Indicates the value contained in the Apple Pay decrypted response. |
authentication.authenticationValue | ✅ | A cryptographic value that provides evidence of the outcome of a Apple Pay decrypted verification. |
We currently don't return action links in our response for this paymentInstrument. This is still under development. You can use our payments:migrateCardOnFileAuthorize action link to take a payment in the meantime.
Verifications response
The response is the same for both an Intelligent or Dynamic verification.
You receive:
- a
201HTTP response code - a verification
outcome(eitherverifiedornot verified) - riskFactors
- a
paymentInstrument
The paymentInstrument contains the paymentInstrument.type sent in the request at minimum. If you wish to receive more card metadata this must be enabled. For more information contact your Implementation Manager.
{ "outcome": "verified", "checkedAt": "2018-09-01T10:37:36.923Z", "riskFactors": [{ "risk": "matched", "type": "cvc" }, { "risk": "matched", "detail": "postcode", "type": "avs" }, { "risk": "matched", "detail": "address", "type": "avs" } ], "_links": { "verifications:verification": { "href": "https://try.access.worldpay.com/verifications/accounts/{resource}" }, "curies": [{ "name": "verifications", "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}", "templated": true }] } }
The parameter checkedAt contains a timestamp showing when the verification was performed, and the location of the verification for future access.
If you receive an outcome of not verified it means that your customer has failed the verification. We strongly recommend that you refuse the payment made with that payment instrument.
| Action Link (resources) | Description |
|---|---|
verifications:verification | The link to the outcome of your verification request. |
payments:recurringAuthorize | A subsequent payment in a recurring agreement. This resource is only returned as a result of a successful verifications:cardOnFile, verifications:dynamicCardOnFile or payments:migrateRecurringAuthorize request. |
payments:cardOnFileAuthorize | A subsequent payment in a card on file agreement. This resource is only returned as a result of a successful verifications:cardOnFile, verifications:dynamicCardOnFile or payments:migrateCardOnFileAuthorize request. |
payments:recurringSale | A subsequent payment in a recurring agreement. This resource is only returned as a result of a successful verifications:cardOnFile or verifications:dynamicCardOnFile request. |
Risk Factors
We recommend you supply cvc and verificationAddress to increase probability of a successful verification.
The table below describes the response parameters:
| Parameter | Description |
|---|---|
riskFactors.type | Returns avs or cvc |
riskFactors.detail | For avs only.Returns postcode or address |
riskFactors.risk | Returns not_checked, not_matched, not_supplied or matched |
Payment Instrument
We only return the paymentInstrument card metadata if you are enabled for this feature.
The table below describes the response parameters:
| Parameter | Description |
|---|---|
paymentInstrument.type | Returns the paymentInstrument.type provided in your request. Can be either card/plain or card/tokenized. |
paymentInstrument.card | An object containing all the additional metadata for the card/token provided in the request. |
paymentInstrument.card.number | An object containing the bin and last4Digits of the card. |
paymentInstrument.card.countryCode | The country code of the card issuer. |
paymentInstrument.card.expiryDate | An object that contains your customer's payment card expiry date. |
paymentInstrument.card.brand | The card scheme, e.g. visa or mastercard. |
paymentInstrument.card.fundingType | Can be either debit, credit, chargeCard, prepaid, or deferredDebit. |
paymentInstrument.card.issuer.name | The name of the card issuer. |
paymentInstrument.card.category | Can be either consumer or commercial. |
paymentInstrument.card.paymentAccountReference | The unique reference associated with the card PAN. |
Location storing
You must store the returned location information. Failing to store the location information means the outcome of the verification is lost. You are not able to query a historic verification.
The location is stored in the href of the verifications:verification action link received on your verifications response.
We recommend you store all responses.
Query a historic verification
To query a historic verification, submit a query to the location returned in your initial response.
Query verifications request
GET https://try.access.worldpay.com/verifications/accounts/{resource}
You can query the location that was returned in the initial response to retrieve the outcome of the initial verification. You can only get the location from the initial response.
Query verifications response
In your response is a 200 HTTP response code and the historic outcome of the verification.
outcome:
verifiednot verified
{ "outcome": "verified", "checkedAt": "2018-09-01T10:37:36.923Z", "riskFactors": [{ "risk": "matched", "type": "cvc" }, { "risk": "matched", "detail": "postcode", "type": "avs" }, { "risk": "matched", "detail": "address", "type": "avs" } ], "_links": { "verifications:verification": { "href": "https://try.access.worldpay.com/verifications/accounts/{resource}" }, "curies": [{ "name": "verifications", "href": "https://try.access.worldpay.com/rels/verifications/accounts/{rel}", "templated": true }] } }
Verifications are accurate at the time of the initial request. Sending another intelligent or dynamic verification request may return different results.