Skip to content

Last Updated: 15 July 2025 | Change Log

Store a card during the payment

Make a card payment and store those card details for future Customer Initiated Transactions (CIT).

The request must contain:

"customerAgreement": {
    "type": "cardOnFile",  // used to indicate the customer has agreed to storing their card (future CIT)
    "storedCardUsage": "first" // the first in the series
},

To avoid the PCI implications of storing card numbers in most cases you will want to create a Worldpay token for future use.

"tokenCreation": {
    "type": "worldpay" // include if you're storing the card as a Worldpay Token
},

If PSD2/SCA or other regional mandates apply you should follow the steps for enabling 3DS

Whilst you can use a Network Token, it is not yet possible to create a network token as part of the payments API flow. You can create a network token using a separate request to the Access Tokens API as well as provision the network token cryptogram each time its used.

Important: You must have agreement from your customer to store their card details.

1. Integration Type

Apply card details directly in our Payments API, or use our PCI-compliant Checkout SDK to create a session

Collect the card details and send an API request with these details to the payments resource.

2. Basic Request

application/json

Card payment using a plain card number that will also create a Worldpay Token for use with future customer initiated transactions (CIT)

{ "transactionReference": "Memory265-13/08/1876", "merchant": { "entity": "default" }, "instruction": { "method": "card", "paymentInstrument": { "type": "plain", "cardHolderName": "Sherlock Holmes", "cardNumber": "4000000000001091", "expiryDate": { "month": 5, "year": 2035 }, "cvc": "123" }, "tokenCreation": { "type": "worldpay" }, "customerAgreement": { "type": "cardOnFile", "storedCardUsage": "first" }, "narrative": { "line1": "trading name" }, "value": { "currency": "GBP", "amount": 42 } } }

3. Add additional features

In most cases you will need to add some additional features such as 3DS, auto settlement or a risk assessment

4. Response

Features that change the API flow

Certain features add additional requests and responses:

  • 3DS - you will receive a 201 - 3dsDeviceDataRequired as well as the possibility of an issuer challenge
  • FraudSight - you may receive a 201 - fraudHighRisk outcome, stopping the payment
  • Auto Settlement - automatic 202 - sentForSettlement following authorization.
    • If any of the AVS/CVC response riskFactors are marked as notMatched the payment will be sentForCancellation automatically by default but can be disabled.
application/json
No response example