- Australia
- Austria
- Belgium
- Bulgaria
- Canada
- China
- Cyprus
- Czech Republic
- Denmark
- Estonia
- Finland
- France
- Germany
- Hong Kong
- Hungary
- Ireland
- Italy
- Japan
- Latvia
- Liechtenstein
- Lithuania
- Luxembourg
- Malta
- Netherlands
- Norway
- Poland
- Portugal
- Romania
- Singapore
- Slovakia
- Slovenia
- Spain
- Sweden
- United Kingdom
- United States
Save cards with the Payment Method Tokens API
CurrentLast updated: November 7th 2023, @ 9:47:43 am
No transaction is required when payment methods are saved with the Payment Method Tokens API. You can charge payers after a set amount of time. Payers don't need to be present when charged. A common use case is offering a free trial and charging payers after the trial expires.
Availability
Know before you code
- This server-side integration uses the Payment Method Tokens REST API.
- The Payment Method Tokens API supports saving cards and PayPal Wallets.
- Complete the steps in Get started to get the following sandbox account information from the Developer Dashboard:
- Your sandbox account login information
- Your access token
- You'll need an existing advanced credit and debit card payments integration. PayPal must approve your business account for advanced credit and debit card payments.
- The Payment Method Tokens API requires SAQ D PCI Compliance.
1. Set up your account to save payments
Set up your sandbox and live business accounts to save payment methods:
- Log in to the Developer Dashboard.
- Under REST API apps, select your app name.
- Under Sandbox App Settings > App Feature Options, check Accept payments.
- Expand Advanced options. Confirm that Vault is selected.
2. Create setup token for card
Create a setup token for cards that have:
- No verification
- Smart authorization
- 3D Secure verification
When saving a card for the first time for a payer, the response to the setup token request returns the customer.id and the setup_token_id.
Tip: For a payer with previously stored
payment_sources, pass the PayPal-generatedcustomer.idin the setup token request. Then you can link additionalpayment_sourcesto this payer.
- No verification
- Smart authorization
- 3D Secure
Setup token for card with no verification
There's usually no transaction when saving a card and creating a setup token. The data passed to the API is checked only for format.
Sample API request
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Request-Id: REQUEST-ID" \5 -d '{6 "payment_source": {7 "card": {8 "number": "4111111111111111",9 "expiry": "2027-02",10 "name": "Firstname Lastname",11 "billing_address": {12 "address_line_1": "2211 N First Street",13 "address_line_2": "17.3.160",14 "admin_area_1": "CA",15 "admin_area_2": "San Jose",16 "postal_code": "95131",17 "country_code": "US"18 },19 "experience_context": {20 "brand_name": "YourBrandName",21 "locale": "en-US",22 "return_url": "https://example.com/returnUrl",23 "cancel_url": "https://example.com/cancelUrl"24 }25 }26 }27 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKENto your sandbox access token. - Change
REQUEST-IDto a unique alphanumeric set of characters, for example, a time stamp.
Step result
A successful request returns the following:
- An HTTP response code of
200or201. Returns200for an idempotent request. - The ID of the token in the
idfield. - HATEOAS links:
| Rel | Method | Description |
|---|---|---|
self | GET | Make a GET request to this link to retrieve payment source data associated with the setup token ID. |
confirm | POST | Make a POST request to generate the payment token using the approved setup token. |
Sample API response
1{2 "id": "5C991763VB2781612",3 "customer": {4 "id": "customer_4029352050"5 },6 "status": "APPROVED",7 "payment_source": {8 "card": {9 "last_digits": "1111",10 "expiry": "2027-02",11 "name": "Firstname Lastname",12 "billing_address": {13 "address_line_1": "2211 N First Street",14 "address_line_2": "17.3.160",15 "admin_area_2": "San Jose",16 "admin_area_1": "CA",17 "postal_code": "95131",18 "country_code": "US"19 }20 }21 },22 "links": [23 {24 "href": "https://api-m.sandbox.paypal.com/v3/vault/setup-tokens/5C991763VB2781612",25 "rel": "self",26 "method": "GET",27 "encType": "application/json"28 },29 {30 "href": "https://api-m.sandbox.paypal.com/v3/vault/payment-tokens",31 "rel": "confirm",32 "method": "POST",33 "encType": "application/json"34 }35 ]36}
3. Create payment token
Use an approved setup token to save the payer's credit or debit card. Then, copy the sample request code to generate a payment token:
Sample API request
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/payment-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Request-Id: REQUEST-ID" \5 -d '{6 "payment_source": {7 "token": {8 "id": "5C991763VB2781612",9 "type": "SETUP_TOKEN"10 }11 }12 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKENto your sandbox access token. - Change
REQUEST-IDto a unique alphanumeric set of characters such as a time stamp. - Use
tokenas thepayment sourceand complete the rest of the source object as appropriate for your use case and business. - Use your setup token ID to pass in the payment source parameter and
typeas theSETUP_TOKEN.
Step result
A successful request results in the following:
- HTTP response code
HTTP 2xxorHTTP 200. IDof the payment token and the associated payment method information.- HATEOAS links:
| Rel | Method | Description |
|---|---|---|
self | GET | Make a GET request to this link to retrieve data about the saved method. |
delete | DELETE | Make a DELETE request to delete the saved payment token. |
Sample API response
1{2 "id": "dnbbj3g",3 "customer": {4 "id": "customer_4029352050"5 },6 "payment_source": {7 "card": {8 "last_digits": "1111",9 "name": "Firstname Lastname",10 "expiry": "2027-02",11 "brand": "VISA",12 "billing_address": {13 "address_line_1": "2211 N First Street",14 "address_line_2": "17.3.160",15 "admin_area_2": "San Jose",16 "admin_area_1": "CA",17 "postal_code": "95131",18 "country_code": "US",19 }20 }21 },22 "links": [23 {24 "href": "https://api-m.sandbox.paypal.com/v3/vault/payment-tokens/dnbbj3g",25 "rel": "self",26 "method": "GET",27 "encType": "application/json"28 },29 {30 "href": "https://api-m.sandbox.paypal.com/v3/vault/payment-tokens/dnbbj3g",31 "rel": "delete",32 "method": "DELETE",33 "encType": "application/json"34 }35 ]36}
4. Use saved payment token
After you create a payment method token, use the token instead of the payment method to create a purchase and capture the payment with the Orders API.
You can store a Merchant Customer ID aligned with your system to simplify the mapping of customer information within your system and PayPal. This is an optional field that will return the value shared in the response.
Set the payment_source to specify the payment source type. Set the vault_id to the payment method token you received.
Sample API request with payment token associated with card
Copy the following code sample and modify it.
1curl -v -k -X POST ' https://api-m.sandbox.paypal.com/v2/checkout/orders' \2 -H "PayPal-Request-Id: REQUEST-ID" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "Content-Type: application/json" \5 -d '{6 "intent": "CAPTURE",7 "purchase_units": [8 {9 "amount": {10 "currency_code": "USD",11 "value": "100.00"12 }13 }14 ],15 "payment_source": {16 "card": {17 "vault_id":"dnbbj3g"18 }19 }20 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKENto your sandbox access token. - Change
REQUEST-IDto a set of unique alphanumeric characters such as a time stamp. - For
vault_id, enter the ID of your payment method token.
Sample API response
1{2 "id": "5O190127TN364715T",3 "status": "COMPLETED",4 "payment_source": {5 "card": {6 "brand": "VISA",7 "last_digits": "1111"8 }9 }10 "purchase_units": [11 {12 "reference_id": "d9f80740-38f0-11e8-b467-0ed5f89f718b",13 "payments": {14 "captures": [15 {16 "id": "3C679366HH908993F",17 "status": "COMPLETED",18 "amount": {19 "currency_code": "USD",20 "value": "100.00"21 },22 "seller_protection": {23 "status": "NOT_ELIGIBLE"24 },25 "final_capture": true,26 "seller_receivable_breakdown": {27 "gross_amount": {28 "currency_code": "USD",29 "value": "100.00"30 },31 "paypal_fee": {32 "currency_code": "USD",33 "value": "3.00"34 },35 "net_amount": {36 "currency_code": "USD",37 "value": "97.00"38 }39 },40 "create_time": "2022-01-01T21:20:49Z",41 "update_time": "2022-01-01T21:20:49Z",42 "links": [43 {44 "href": "https://api-m.sandbox.paypal.com/v2/payments/captures/3C679366HH908993F",45 "rel": "self",46 "method": "GET"47 },48 {49 "href": "https://api-m.sandbox.paypal.com/v2/payments/captures/3C679366HH908993F/refund",50 "rel": "refund",51 "method": "POST"52 },53 {54 "href": "https://api-m.sandbox.paypal.com/v2/checkout/orders/5O190127TN364715T",55 "rel": "up",56 "method": "GET"57 }58 ]59 }60 ]61 }62 }63 ],64 "links": [65 {66 "href": "https://api-m.sandbox.paypal.com/v2/checkout/orders/5O190127TN364715T",67 "rel": "self",68 "method": "GET"69 }70 ]71}
Use payment token on behalf of payer
When the payer isn't present to check out, you can use the payment method token to create an order on behalf of the payer.
1. Retrieve a payer's payment method token
If you stored the payment token the payer created on your site, skip this step.
To make a payment on behalf of the payer, retrieve the payment token they created. You'll need the customer ID that you assigned to this payer when saving the payment method.
Sample API request
API endpoint used: Payment tokens
1curl -v -k -X GET 'https://api-m.sandbox.paypal.com/v3/vault/payment-tokens?customer_id=customer_4029352050' \2 -H 'Authorization: Bearer ACCESS-TOKEN' \3 -H 'Content-Type: application/json'
Modify the code
- Copy the code sample.
- Change
ACCESS-TOKENto your sandbox access token. - Pass the PayPal-generated
customer.idto retrieve the payment token details associated with the payer. - If stored in the payment token, the response will return the Merchant Customer ID.
Sample API response
1{2 "customer": {3 "id": "customer_4029352050"4 },5 "payment_tokens": [6 {7 "id": "dnbbj3g",8 "customer": {9 "id": "customer_4029352050"10 },11 "payment_source": {12 "card": {13 "name": "Firstname Lastname",14 "last_digits": "1111",15 "brand": "VISA",16 "expiry": "2027-02",17 "billing_address": {18 "address_line_1": "2211 N First Street",19 "address_line_2": "17.3.160",20 "admin_area_2": "San Jose",21 "admin_area_1": "CA",22 "postal_code": "95131",23 "country_code": "US",24 }25 }26 },27 "links": [28 {29 "href": "https://api-m.sandbox.paypal.com/v3/vault/payment-tokens/dnbbj3g",30 "rel": "self",31 "method": "GET",32 "encType": "application/json"33 },34 {35 "href": "https://api-m.sandbox.paypal.com/v3/vault/payment-tokens/dnbbj3g",36 "rel": "delete",37 "method": "DELETE",38 "encType": "application/json"39 }40 ]41 }42 ],43 "links": [44 {45 "href": "https://api-m.sandbox.paypal.com/v3/vault/payment-tokens?pageNumber=1&totalRequired=false&customer_id=customer_4029352050&pageSizeInternal=5",46 "rel": "self",47 "method": "GET",48 "encType": "application/json"49 },50 {51 "href": "https://api-m.sandbox.paypal.com/v3/vault/payment-tokens?pageNumber=1&totalRequired=false&customer_id=customer_4029352050&pageSizeInternal=5",52 "rel": "first",53 "method": "GET",54 "encType": "application/json"55 },56 {57 "href": "https://api-m.sandbox.paypal.com/v3/vault/payment-tokens?pageNumber=1&totalRequired=false&customer_id=customer_4029352050&pageSizeInternal=5",58 "rel": "last",59 "method": "GET",60 "encType": "application/json"61 }62 ]63}
Step result
A successful request results in the following:
- An HTTP response code of
200 OK. - Payment method details and status for given payment token.
- HATEOAS links:
| Rel | Method | Description |
|---|---|---|
self | GET | Make a GET request to this link to retrieve data about the saved method. |
delete | DELETE | Make a DELETE request to delete the payment token. |
2. Use payment method token with checkout
After you get the payment method token ID, you can use a payment method token with checkout to create your order.
Webhooks
| Event | Trigger | Payment methods |
|---|---|---|
VAULT.PAYMENT-TOKEN.CREATED | A payment token is created to save a payment method. | Cards and PayPal |
VAULT.PAYMENT-TOKEN.DELETED | A payment token is deleted. The payer's payment method is no longer saved to the PayPal vault. | Cards and PayPal |
VAULT.PAYMENT-TOKEN.DELETION-INITIATED | A request to delete a payment token has been submitted to the Payment Method Tokens API. | PayPal |
For more information on webhooks, see webhooks.
Next steps
- Test and go live with this integration.
- Process credit and debit cards with your live PayPal account by completing production onboarding.
- Remember to swap the credentials and API URL from sandbox to production when going live with your integration.
- You can get a payment token, list all payment tokens, delete a payment token, and more with the Payment Method Tokens API.
See also
- Set up payment buttons
- Advanced credit and debit cards payments
- Real-time account updater to keep saved cards up-to-date