Skip to content
APIs/Payments/
/
Store a card

Last Updated: 15 July 2025 | Change Log

Store a card during the payment

Make a card payment and store those card details for future Customer Initiated Transactions (CIT).

The request must contain:

"customerAgreement": {
    "type": "cardOnFile",  // used to indicate the customer has agreed to storing their card (future CIT)
    "storedCardUsage": "first" // the first in the series
},

To avoid the PCI implications of storing card numbers in most cases you will want to create a Worldpay token for future use.

"tokenCreation": {
    "type": "worldpay" // include if you're storing the card as a Worldpay Token
},

If PSD2/SCA or other regional mandates apply you should follow the steps for enabling 3DS

Whilst you can use a Network Token, it is not yet possible to create a network token as part of the payments API flow. You can create a network token using a separate request to the Access Tokens API as well as provision the network token cryptogram each time its used.

Important: You must have agreement from your customer to store their card details.

1. Integration type

Apply card details directly in our Payments API, or use our PCI-compliant Checkout SDK to create a session

Collect the card details and send an API request with these details to the payments resource.

2. Basic request

application/json

Card payment using a plain card number that will also create a Worldpay Token for use with future customer initiated transactions (CIT)

{
  "transactionReference": "Memory265-13/08/1876",
  "merchant": {
    "entity": "default"
  },
  "instruction": {
    "method": "card",
    "paymentInstrument": {
      "type": "plain",
      "cardHolderName": "Sherlock Holmes",
      "cardNumber": "4000000000001091",
      "expiryDate": {
        "month": 5,
        "year": 2035
      },
      "cvc": "123"
    },
    "tokenCreation": {
      "type": "worldpay"
    },
    "customerAgreement": {
      "type": "cardOnFile",
      "storedCardUsage": "first"
    },
    "narrative": {
      "line1": "trading name"
    },
    "value": {
      "currency": "GBP",
      "amount": 42
    }
  }
}

View the full API Request schema

3. Add additional features

In most cases you will need to add some additional features such as 3DS, auto settlement or a risk assessment

3DS Authentication

Perform 3DS authentication for liability shift and/or SCA compliance. An issuer based risk assessment with identity check.

Enterprise
Worldpay eCommerce

SCA Exemptions

Ask for an SCA Exemption to be applied automatically.


Enterprise

Risk Assessment

We assess the payment for fraud before proceeding with authorization.

Enterprise
Worldpay eCommerce

Auto Settlement

Automatically settle a payment following the authorization.


Enterprise
Worldpay eCommerce

Account Funding Transactions (AFT)

Transfer funds from a card account to another destination, rather than for the provision of goods or services.

Enterprise

Financial Service (MCC 6012/6051)

For domestic Financial Services providers (MCC 6012) based in the Visa Europe Region, you must supply this additional data.

Enterprise

Latin America Installments

Fulfill a one-time installment charge, to allow the customer's acquirer bank collecting the payments over time.

Enterprise

Payment Facilitator

Facilitate transactions on behalf of your sub-merchants.



Enterprise

MOTO transactions

Take Mail Order/ Telephone Orders on behalf of your customers.

Enterprise
Worldpay eCommerce

Account Updater

Automatically update card details to prevent declines due to expired or changed cards.

Enterprise

4. Response

Features that change the API flow

Certain features add additional requests and responses:

  • 3DS - you will receive a 201 - 3dsDeviceDataRequired as well as the possibility of an issuer challenge
  • FraudSight - you may receive a 201 - fraudHighRisk outcome, stopping the payment
  • Auto Settlement - automatic 202 - sentForSettlement following authorization.
    • If any of the AVS/CVC response riskFactors are marked as notMatched the payment will be sentForCancellation automatically by default but can be disabled.
Response
application/json

Example of an authorized response. Use the action settlePayment to complete the transaction

{
  "outcome": "authorized",
  "transactionReference": "Memory265-13/08/1876",
  "schemeReference": "060720116005060",
  "issuer": {
    "authorizationCode": "675725"
  },
  "riskFactors": [
    {
      "risk": "notChecked",
      "type": "cvc"
    },
    {
      "risk": "notChecked",
      "detail": "address",
      "type": "avs"
    },
    {
      "risk": "notChecked",
      "detail": "postcode",
      "type": "avs"
    }
  ],
  "paymentInstrument": {
    "type": "card/plain+masked",
    "cardBin": "400000",
    "lastFour": "1000",
    "countryCode": "GB",
    "expiryDate": {
      "year": 2035,
      "month": 5
    },
    "cardBrand": "mastercard",
    "fundingType": "debit",
    "category": "consumer",
    "issuerName": "BANK LIMITED",
    "paymentAccountReference": "3001DBT34Q41D6J7PFC5W0UACOT4C"
  },
  "_links": {
    "self": {
      "href": "https://try.access.worldpay.com/api/payments/eyJrIjoiazNhYjYzMiIsImxpbmtWZXJzaW9uIjoiNS4wLjAifQ%3D%3D.sN%3Ag8wd64bwkbrp0md%2BbPxcanBnk2zLdsIqSa1pR99GeDrCwEtsymFb5gQw9WlrStDTK3eIWPy93y%3A7njc4649JSrU7%2BvFDl1J36%2BcwOkX0lW4Z%2BfnZKMutoUGX3m1%3AmZ%2BxHZ9nDpadu%2BBh7pRyJwnWeiSFTlqKvbrBxNm3HV0xann55pFjZ7qi4DNGZtx9zW6eOLVNOsPL6ecsn3Dp377s7pWRQKSZJKSFIJvAisP8cBzFPzqireuqfCu5ojcm60gRSsqS3glurO24RJkg5SrpRjgY6g7ca8uoA7tKDk9OVOIwORF5sGPHSSGMa2bEl2lMUkAANoWclQHiGzxWQQ%3AAwSoo6RsrBugbhEp0K8HxZkfVrqy4oVlW8FdQ7kIuZOH78i6pPLzArc%2BOtMdnU%3ArZ%3AVhRHFzbbwymcuTiRbNw%3D"
    }
  },
  "_actions": {
    "cancelPayment": {
      "href": "https://try.access.worldpay.com/api/payments/eyJrIjoiazNhYjYzMiIsImxpbmtWZXJzaW9uIjoiNS4wLjAifQ%3D%3D.sN%3Ag8wd64bwkbrp0md%2BbPxcanBnk2zLdsIqSa1pR99GeDrCwEtsymFb5gQw9WlrStDTK3eIWPy93y%3A7njc4649JSrU7%2BvFDl1J36%2BcwOkX0lW4Z%2BfnZKMutoUGX3m1%3AmZ%2BxHZ9nDpadu%2BBh7pRyJwnWeiSFTlqKvbrBxNm3HV0xann55pFjZ7qi4DNGZtx9zW6eOLVNOsPL6ecsn3Dp377s7pWRQKSZJKSFIJvAisP8cBzFPzqireuqfCu5ojcm60gRSsqS3glurO24RJkg5SrpRjgY6g7ca8uoA7tKDk9OVOIwORF5sGPHSSGMa2bEl2lMUkAANoWclQHiGzxWQQ%3AAwSoo6RsrBugbhEp0K8HxZkfVrqy4oVlW8FdQ7kIuZOH78i6pPLzArc%2BOtMdnU%3ArZ%3AVhRHFzbbwymcuTiRbNw%3D/cancellations",
      "method": "POST"
    },
    "settlePayment": {
      "href": "https://try.access.worldpay.com/api/payments/eyJrIjoiazNhYjYzMiIsImxpbmtWZXJzaW9uIjoiNS4wLjAifQ%3D%3D.sN%3Ag8wd64bwkbrp0md%2BbPxcanBnk2zLdsIqSa1pR99GeDrCwEtsymFb5gQw9WlrStDTK3eIWPy93y%3A7njc4649JSrU7%2BvFDl1J36%2BcwOkX0lW4Z%2BfnZKMutoUGX3m1%3AmZ%2BxHZ9nDpadu%2BBh7pRyJwnWeiSFTlqKvbrBxNm3HV0xann55pFjZ7qi4DNGZtx9zW6eOLVNOsPL6ecsn3Dp377s7pWRQKSZJKSFIJvAisP8cBzFPzqireuqfCu5ojcm60gRSsqS3glurO24RJkg5SrpRjgY6g7ca8uoA7tKDk9OVOIwORF5sGPHSSGMa2bEl2lMUkAANoWclQHiGzxWQQ%3AAwSoo6RsrBugbhEp0K8HxZkfVrqy4oVlW8FdQ7kIuZOH78i6pPLzArc%2BOtMdnU%3ArZ%3AVhRHFzbbwymcuTiRbNw%3D/settlements",
      "method": "POST"
    },
    "partiallySettlePayment": {
      "href": "https://try.access.worldpay.com/api/payments/eyJrIjoiazNhYjYzMiIsImxpbmtWZXJzaW9uIjoiNS4wLjAifQ%3D%3D.sN%3Ag8wd64bwkbrp0md%2BbPxcanBnk2zLdsIqSa1pR99GeDrCwEtsymFb5gQw9WlrStDTK3eIWPy93y%3A7njc4649JSrU7%2BvFDl1J36%2BcwOkX0lW4Z%2BfnZKMutoUGX3m1%3AmZ%2BxHZ9nDpadu%2BBh7pRyJwnWeiSFTlqKvbrBxNm3HV0xann55pFjZ7qi4DNGZtx9zW6eOLVNOsPL6ecsn3Dp377s7pWRQKSZJKSFIJvAisP8cBzFPzqireuqfCu5ojcm60gRSsqS3glurO24RJkg5SrpRjgY6g7ca8uoA7tKDk9OVOIwORF5sGPHSSGMa2bEl2lMUkAANoWclQHiGzxWQQ%3AAwSoo6RsrBugbhEp0K8HxZkfVrqy4oVlW8FdQ7kIuZOH78i6pPLzArc%2BOtMdnU%3ArZ%3AVhRHFzbbwymcuTiRbNw%3D/partialSettlements",
      "method": "POST"
    }
  }
}

View the full API Response schema