APIs
/
Payments API
/
Use Cases
/
Card payment and store a card

Last Updated: 26 March 2025 | Change Log

Card payment and store a card

Provide the card details in an API request or use our Checkout SDK for low PCI hosted card fields. Save those card details for future custom initiated transactions (CIT).

The request must contain:

  • customerAgreement.type = cardOnFile - used to indicate the customer has agreed to storing their card for the purpose of future Customer Initiated Transactions
  • customerAgreement.storedCardUsage = first

If PSD2/SCA or other regional mandates apply you should follow the steps for enabling 3DS

Optionally:

  • tokenCreation.type = worldpay - include if you're storing the card as a Worldpay Token

Whilst you can use a Network Token, it is not yet possible to create a network token as part of the payments API flow. You can create a network token using a separate request to the Access Tokens API as well as provision the network token cryptogram each time its used.

Important: You must have agreement from your customer to store their card details.

Collect the card details and send an API request with these details to the payments resource.

Request

Response
application/json

Example of an authorized response. Use the action settlePayment to complete the transaction

  • 3DS is not enabled
  • includes fraud and token objects
{
  "outcome": "authorized",
  "transactionReference": "Memory265-13/08/1876",
  "issuer": {
    "authorizationCode": "675725"
  },
  "riskFactors": [
    {
      "risk": "notChecked",
      "type": "cvc"
    },
    {
      "risk": "notChecked",
      "detail": "address",
      "type": "avs"
    },
    {
      "risk": "notChecked",
      "detail": "postcode",
      "type": "avs"
    }
  ],
  "fraud": {
    "outcome": "lowRisk",
    "score": 44.6
  },
  "token": {
    "href": "https://try.access.worldpay.com/tokens/eyJrIjoxLCJkIjoiRVl3SDBtNnpEVmVTR3UzRUV3VEJEVDExTkxuVDVydXNiREdLR01hUXUwVT0ifQ",
    "tokenId": "9968110159504301628",
    "tokenExpiryDateTime": "2024-04-11T15:59:23Z",
    "cardNumber": "4000********1000",
    "cardHolderName": "test",
    "cardExpiry": {
      "year": 2035,
      "month": 5
    },
    "bin": "400000",
    "fundingType": "debit",
    "countryCode": "GB",
    "schemeReference": "060720116005060",
    "conflicts": {
      "conflictsExpiryDateTime": "2024-07-04T06:40:32.310316518Z",
      "paymentInstrument": {
        "cardHolderName": "John Snow"
      }
    }
  },
  "paymentInstrument": {
    "type": "card/plain+masked",
    "cardBin": "400000",
    "lastFour": "1000",
    "countryCode": "GB",
    "expiryDate": {
      "year": 2035,
      "month": 5
    },
    "cardBrand": "mastercard",
    "fundingType": "debit",
    "category": "consumer",
    "issuerName": "BANK LIMITED",
    "paymentAccountReference": "3001DBT34Q41D6J7PFC5W0UACOT4C"
  },
  "_links": {
    "self": {
      "href": "https://try.access.worldpay.com/api/payments/eyJrIjoiazNhYjYzMiIsImxpbmtWZXJzaW9uIjoiNS4wLjAifQ%3D%3D.sN%3Ag8wd64bwkbrp0md%2BbPxcanBnk2zLdsIqSa1pR99GeDrCwEtsymFb5gQw9WlrStDTK3eIWPy93y%3A7njc4649JSrU7%2BvFDl1J36%2BcwOkX0lW4Z%2BfnZKMutoUGX3m1%3AmZ%2BxHZ9nDpadu%2BBh7pRyJwnWeiSFTlqKvbrBxNm3HV0xann55pFjZ7qi4DNGZtx9zW6eOLVNOsPL6ecsn3Dp377s7pWRQKSZJKSFIJvAisP8cBzFPzqireuqfCu5ojcm60gRSsqS3glurO24RJkg5SrpRjgY6g7ca8uoA7tKDk9OVOIwORF5sGPHSSGMa2bEl2lMUkAANoWclQHiGzxWQQ%3AAwSoo6RsrBugbhEp0K8HxZkfVrqy4oVlW8FdQ7kIuZOH78i6pPLzArc%2BOtMdnU%3ArZ%3AVhRHFzbbwymcuTiRbNw%3D"
    }
  },
  "_actions": {
    "cancelPayment": {
      "href": "https://try.access.worldpay.com/api/payments/eyJrIjoiazNhYjYzMiIsImxpbmtWZXJzaW9uIjoiNS4wLjAifQ%3D%3D.sN%3Ag8wd64bwkbrp0md%2BbPxcanBnk2zLdsIqSa1pR99GeDrCwEtsymFb5gQw9WlrStDTK3eIWPy93y%3A7njc4649JSrU7%2BvFDl1J36%2BcwOkX0lW4Z%2BfnZKMutoUGX3m1%3AmZ%2BxHZ9nDpadu%2BBh7pRyJwnWeiSFTlqKvbrBxNm3HV0xann55pFjZ7qi4DNGZtx9zW6eOLVNOsPL6ecsn3Dp377s7pWRQKSZJKSFIJvAisP8cBzFPzqireuqfCu5ojcm60gRSsqS3glurO24RJkg5SrpRjgY6g7ca8uoA7tKDk9OVOIwORF5sGPHSSGMa2bEl2lMUkAANoWclQHiGzxWQQ%3AAwSoo6RsrBugbhEp0K8HxZkfVrqy4oVlW8FdQ7kIuZOH78i6pPLzArc%2BOtMdnU%3ArZ%3AVhRHFzbbwymcuTiRbNw%3D/cancellations",
      "method": "POST"
    },
    "settlePayment": {
      "href": "https://try.access.worldpay.com/api/payments/eyJrIjoiazNhYjYzMiIsImxpbmtWZXJzaW9uIjoiNS4wLjAifQ%3D%3D.sN%3Ag8wd64bwkbrp0md%2BbPxcanBnk2zLdsIqSa1pR99GeDrCwEtsymFb5gQw9WlrStDTK3eIWPy93y%3A7njc4649JSrU7%2BvFDl1J36%2BcwOkX0lW4Z%2BfnZKMutoUGX3m1%3AmZ%2BxHZ9nDpadu%2BBh7pRyJwnWeiSFTlqKvbrBxNm3HV0xann55pFjZ7qi4DNGZtx9zW6eOLVNOsPL6ecsn3Dp377s7pWRQKSZJKSFIJvAisP8cBzFPzqireuqfCu5ojcm60gRSsqS3glurO24RJkg5SrpRjgY6g7ca8uoA7tKDk9OVOIwORF5sGPHSSGMa2bEl2lMUkAANoWclQHiGzxWQQ%3AAwSoo6RsrBugbhEp0K8HxZkfVrqy4oVlW8FdQ7kIuZOH78i6pPLzArc%2BOtMdnU%3ArZ%3AVhRHFzbbwymcuTiRbNw%3D/settlements",
      "method": "POST"
    },
    "partiallySettlePayment": {
      "href": "https://try.access.worldpay.com/api/payments/eyJrIjoiazNhYjYzMiIsImxpbmtWZXJzaW9uIjoiNS4wLjAifQ%3D%3D.sN%3Ag8wd64bwkbrp0md%2BbPxcanBnk2zLdsIqSa1pR99GeDrCwEtsymFb5gQw9WlrStDTK3eIWPy93y%3A7njc4649JSrU7%2BvFDl1J36%2BcwOkX0lW4Z%2BfnZKMutoUGX3m1%3AmZ%2BxHZ9nDpadu%2BBh7pRyJwnWeiSFTlqKvbrBxNm3HV0xann55pFjZ7qi4DNGZtx9zW6eOLVNOsPL6ecsn3Dp377s7pWRQKSZJKSFIJvAisP8cBzFPzqireuqfCu5ojcm60gRSsqS3glurO24RJkg5SrpRjgY6g7ca8uoA7tKDk9OVOIwORF5sGPHSSGMa2bEl2lMUkAANoWclQHiGzxWQQ%3AAwSoo6RsrBugbhEp0K8HxZkfVrqy4oVlW8FdQ7kIuZOH78i6pPLzArc%2BOtMdnU%3ArZ%3AVhRHFzbbwymcuTiRbNw%3D/partialSettlements",
      "method": "POST"
    }
  }
}

View the full API Request schema

Enable additional features

Feature
Description
Details
Fraud assessmentPrevent fraudulent transactions.How to enable
3DS authenticationShift Liability to the issuer / for EEA countries this is required as part of SCA compliance.How to enable
Auto SettlementRequest that payment authorizations are automatically sent for settlement (sometimes referred to as "capture").How to enable
Financial Services
(MCC 6012 / 6051)		If you provide financial services, debt repayment, or consumer bill payments, you should supply additional details in the authorization request for compliance reasons.How to enable

Response

Flow differences

API responses differ based on the features you have enabled:

  • If 3DS is enabled you will receive a 3dsDeviceDataRequired outcome and additionally, if prompted by the card issuer, a 3dsChallenged response.

  • If FraudSight is enabled, you can receive a fraudHighRisk response, stopping the transaction.

  • If settlement.auto is set to true, the outcome will be sentForSettlement. If set to false it will be authorized with an addtional settlement action required.

    • If any of the AVS/CVC response riskFactors are marked as notMatched the payment will be sentForCancellation automatically.

See sequence diagrams to get a clear overview.

Payment response

The payment response contains the following details:

  • riskFactors (avs/cvc) - if billing address & cvc are provided, these details are checked against the customer's issuing bank
  • refusal code and description which gives additional context on the refusal
  • 3DS authentication details - details on the 3DS authentication outcome (e.g. challenged)
  • fraud assessment details - details on the fraud assessment outcome (e.g. lowRisk, review)
  • Worldpay token creation - details of the card tokenized and the token href itself
  • paymentInstrument - details of the paymentInstrument used

View the full API Response schema