Save cards with the Payment Method Tokens API
Last updated: Oct 15th, 5:01pm
No transaction is required when payment methods are saved with the Payment Method Tokens API. You can charge payers after a set amount of time. Payers don't need to be present when charged. A common use case is offering a free trial and charging payers after the trial expires.
Availability
Supported countries:
- Australia
- Austria
- Belgium
- Bulgaria
- Canada
- China
- Cyprus
- Czech Republic
- Denmark
- Estonia
- Finland
- France
- Germany
- Hungary
- Ireland
- Italy
- Latvia
- Liechtenstein
- Lithuania
- Luxembourg
- Malta
- Netherlands
- Norway
- Poland
- Portugal
- Romania
- Slovakia
- Slovenia
- Spain
- Sweden
- United Kingdom
- United States
Know before you code
- This server-side integration uses the Payment Method Tokens API.
- The Payment Method Tokens API supports saving cards and PayPal Wallets.
- Complete the steps in Get started to get the following sandbox account information from the Developer Dashboard:
- Your sandbox account login information
- Your access token
- You must be approved and have your account configured for billing agreements to set up a reference transaction. Contact your account manager for details.
- You'll need an existing advanced credit and debit card payments integration. PayPal must approve your business account for advanced credit and debit card payments.
- The Payment Method Tokens API requires SAQ D PCI Compliance.
Create setup token for card
Create a setup token for cards that have:
- No verification
- Smart authorization
- 3D Secure verification
When saving a card for the first time for a payer, the response to the setup token request returns the customer.id
and the setup_token_id
.
Platform - No verification
Setup token for card with no verification
There's usually no transaction when saving a card and creating a setup token. The data passed to the API is only checked for format.
- Sample request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \5 -H "PayPal-Partner-Attribution-Id: BN-CODE" \6 -H "PayPal-Request-Id: REQUEST-ID" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "experience_context": {22 "brand_name": "YourBrandName",23 "locale": "en-US",24 "return_url": "https://example.com/returnUrl",25 "cancel_url": "https://example.com/cancelUrl"26 }27 }28 }29 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKEN
to your sandbox access token. - Change
PAYPAL-AUTH-ASSERTION
to your PayPal-Auth-Assertion token. - Change
BN-CODE
to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-ID
to a set of unique alphanumeric characters such as a time stamp.
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xx
orHTTP 200
. - The ID of the token in the
id
field. - HATEOAS links:
Rel | Method | Description |
---|---|---|
self |
GET |
Make a GET request to this link to retrieve payment source data associated with the setup token ID. |
confirm |
POST |
Make a POST request to generate the payment token using the approved setup token. |
Platform: Smart authorization
Setup token for card with smart authorization
You can use the POST action to run smart authorization against the card. In countries where the issuing banks support it, smart authorization runs a zero-value authorization against the card.
If zero-value authorization is not supported, an authorization for a minimal value in the local currency is requested. Authorizations for minimal amounts aren't automatically voided and create a temporary hold against the payer's card.
To request verification of card data, add the verification_method
parameter on the POST
setup-tokens call.
- Sample request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Authorization: Bearer ACCESS-TOKEN" \3 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \4 -H "PayPal-Partner-Attribution-Id: BN-CODE" \5 -H "PayPal-Request-Id: REQUEST-ID" \6 -H "Content-Type: application/json" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "verification_method": "SCA_WHEN_REQUIRED",22 "experience_context": {23 "brand_name": "YourBrandName",24 "locale": "en-US",25 "return_url": "https://example.com/returnUrl",26 "cancel_url": "https://example.com/cancelUrl"27 }28 }29 }30 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKEN
to your sandbox access token. - Change
PAYPAL-AUTH-ASSERTION
to your PayPal-Auth-Assertion token. - Change
BN-CODE
to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-ID
to a set of unique alphanumeric characters such as a time stamp. - Use the card as the payment source and complete the rest of the source object for your use case and business.
- Pass the
verification_method
parameter to verify card data. - Update the
return_url
value with the URL where the payer is redirected after they approve the flow. - Update the
cancel_url
value with the URL where the payer is redirected after they cancel the flow.
Pass one of the following verification_method
attributes to verify card data:
Verification Method | Description |
---|---|
SCA_WHEN_REQUIRED | Returns a 3D Secure contingency when it is a mandate in the region where you operate. This is the default when neither parameter is explicitly passed. |
SCA_ALWAYS |
Triggers 3D Secure for every transaction. |
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xx
orHTTP 200
. - Status of
APPROVED
. - HATEOAS links:
Rel | Method | Description |
---|---|---|
confirm |
POST |
Make a POST request to generate the payment token using the approved setup token. |
self |
GET |
Make a GET request to get information about the temporarily saved payment source associated with the setup token ID. |
If the request and authorization succeed, the setup token is approved and additional parameters are returned in the response.
Platform: 3D Secure verification
Setup token for card with 3D Secure verification
Use 3D Secure authentication to reduce the likelihood of fraud and improve transaction performance with supported cards. In some countries, authorizing a card can trigger a 3D Secure contingency. 3D Secure verification may occur in PSD2 countries, including members of the EU. For 3D Secure verification, pass SCA_ALWAYS
or SCA_WHEN_REQUIRED
in the payment_source.card.attributes.verification.method
field for the create order request. The API response returns the order status as PAYER_ACTION_REQUIRED
.
- Create setup token: Platform-3DSecureVerification-Request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \5 -H "PayPal-Partner-Attribution-Id: BN-CODE" \6 -H "PayPal-Request-Id: REQUEST-ID" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "verification_method": "SCA_WHEN_REQUIRED",22 "experience_context": {23 "brand_name": "YourBrandName",24 "locale": "en-US",25 "return_url": "https://example.com/returnUrl",26 "cancel_url": "https://example.com/cancelUrl"27 }28 }29 }30 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKEN
to your sandbox access token. - Change
PAYPAL-AUTH-ASSERTION
to your PayPal-Auth-Assertion token. - Change
BN-CODE
to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-ID
to a set of unique alphanumeric characters such as a time stamp. - Use a card as the payment source and complete the rest of the source object for your use case and business.
- Pass the
verification_method
parameter withSCA_WHEN_REQUIRED
to verify card data. - Update the
return_url
value with the URL where the payer is redirected after they approve the flow. - Update the
cancel_url
value with the URL where the payer is redirected after they cancel the flow.
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xx
orHTTP 200
. - Status of
PAYER_ACTION_REQUIRED
. - HATEOAS links:
Rel | Method | Description |
---|---|---|
approve |
GET |
Use this link to take your payer through the card approval flow. |
confirm |
POST |
Make a POST request to use an approved setup token to save the payment method and generate a payment token. |
self |
GET |
Make a GET request to view the state of your setup token and payment method details. |
Merchant - No verification
Setup token for card with no verification
There is usually no transaction when saving a card and creating a setup token. The data passed to the API is checked only for format.
- Sample request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Request-Id: REQUEST-ID" \5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "experience_context": {22 "brand_name": "YourBrandName",23 "locale": "en-US",24 "return_url": "https://example.com/returnUrl",25 "cancel_url": "https://example.com/cancelUrl"26 }27 }28 }29 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKEN
to your sandbox access token. - Change
PAYPAL-AUTH-ASSERTION
to your PayPal-Auth-Assertion token. - Change
BN-CODE
to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-ID
to a set of unique alphanumeric characters such as a time stamp.
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xx
orHTTP 200
. - The ID of the token is in the
id
field. - HATEOAS links:
Rel | Method | Description |
---|---|---|
self |
GET |
Make a GET request to this link to retrieve the payment source data associated with the setup token ID. |
confirm |
POST |
Make a POST request to generate the payment token using the approved setup token. |
Merchant: Smart authorization
Setup token for card with smart authorization
You can use the POST action to run smart authorization against the card. In countries where the issuing banks support it, smart authorization runs a zero-value authorization against the card.
If zero-value authorization is not supported, an authorization for a minimal value in the local currency is requested. Authorizations for minimal amounts aren't automatically voided and create a temporary hold against the payer's card.
To request verification of card data, modify the POST
on the setup-tokens call by adding the verification_method
parameter:
- Sample request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Authorization: Bearer ACCESS-TOKEN" \3 -H "PayPal-Request-Id: REQUEST-ID" \4 -H "Content-Type: application/json" \5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "verification_method": "SCA_WHEN_REQUIRED",22 "experience_context": {23 "brand_name": "YourBrandName",24 "locale": "en-US",25 "return_url": "https://example.com/returnUrl",26 "cancel_url": "https://example.com/cancelUrl"27 }28 }29 }30 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKEN
to your sandbox access token. - Change
PAYPAL-AUTH-ASSERTION
to your PayPal-Auth-Assertion token. - Change
BN-CODE
to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-ID
to a set of unique alphanumeric characters such as a time stamp. - Use the card as the payment source and complete the rest of the source object for your use case and business.
- Pass the
verification_method
parameter to verify card data. - Update the
return_url
value with the URL where the payer is redirected after they approve the flow. - Update the
cancel_url
value with the URL where the payer is redirected after they cancel the flow.
Pass one of the following verification_method
attributes to verify card data:
Verification Method | Description |
---|---|
SCA_WHEN_REQUIRED | Returns a 3D Secure contingency when it is a mandate in the region where you operate. This is the default when neither parameter is explicitly passed. |
SCA_ALWAYS |
Triggers 3D Secure for every transaction. |
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xx
orHTTP 200
. - Status of
APPROVED
. - HATEOAS links:
Rel | Method | Description |
---|---|---|
confirm |
POST |
Make a POST request to generate the payment token using the approved setup token. |
self |
GET |
Make a GET request to get information about the temporarily saved payment source associated with the setup token ID. |
If the request and authorization succeed, the setup token is approved and additional parameters are returned in the response.
Testing AVS and CVV response codes
When running tests in the sandbox, you can generate AVS and CVV response codes.
When testing saved cards in the sandbox, use these test cards.
Set Address Line 1 to the following values to generate an AVS response. Not all AVS codes are supported by all card types:
Address Line 1 | AVS Response | Visa | Mastercard | American Express | Discover |
---|---|---|---|---|---|
AVS_A_971 | A | Yes | Yes | Yes | Yes |
AVS_B_972 | B | Yes | No | No | No |
AVS_C_973 | C | Yes | No | No | No |
AVS_D_974 | D | Yes | No | Yes | No |
AVS_E_975 | E | No | Yes | Yes | No |
AVS_F_976 | F | Yes | No | Yes | No |
AVS_G_977 | G | Yes | No | No | Yes |
AVS_I_979 | I | Yes | No | No | No |
AVS_K_981 | K | No | No | Yes | No |
AVS_L_982 | L | No | No | Yes | No |
AVS_M_983 | M | Yes | No | Yes | No |
AVS_N_984 | N | Yes | Yes | Yes | Yes |
AVS_O_985 | O | No | No | Yes | No |
AVS_P_986 | P | Yes | No | No | No |
AVS_R_988 | R | Yes | Yes | Yes | Yes |
AVS_S_989 | S | Yes | Yes | Yes | Yes |
AVS_U_991 | U | Yes | Yes | Yes | Yes |
AVS_W_993 | W | Yes | Yes | Yes | Yes |
AVS_X_994 | X | Yes | Yes | No | Yes |
AVS_Y_995 | Y | Yes | Yes | Yes | Yes |
AVS_Z_996 | Z | Yes | Yes | Yes | Yes |
Set the CVV to the following values to generate a CVV response:
CVV | CVV response | Description |
---|---|---|
115 | M | CVV2/CVC2/CID Match |
116 | N | CVV2/CVC2/CID No Match |
120 | P | Not Processed |
123 | S | CVV2 should be on the card, but merchant indicated that it was not |
125 | U | Unknown/Issuer does not participate |
130 | X | Server provider did not respond (default) |
Merchant: 3D Secure verification
Setup token for card with 3D Secure verification
If 3D Secure is required, the POST
action to the setup-tokens
endpoint returns PAYER_ACTION_REQUIRED
.
- Sample request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Request-Id: REQUEST-ID" \5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "verification_method": "SCA_WHEN_REQUIRED",22 "experience_context": {23 "brand_name": "YourBrandName",24 "locale": "en-US",25 "return_url": "https://example.com/returnUrl",26 "cancel_url": "https://example.com/cancelUrl"27 }28 }29 }30 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKEN
to your sandbox access token. - Change
PAYPAL-AUTH-ASSERTION
to your PayPal-Auth-Assertion token. - Change
BN-CODE
to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-ID
to a set of unique alphanumeric characters such as a time stamp. - Use a card as the payment source and complete the rest of the source object for your use case and business.
- Pass the
verification_method
parameter withSCA_WHEN_REQUIRED
to verify card data. - Update the
return_url
value with the URL where the payer is redirected after they approve the flow. - Update the
cancel_url
value with the URL where the payer is redirected after they cancel the flow.
Step result
A successful request returns the following:
- An HTTP response code
HTTP 2xx
orHTTP 200
. - A status of
PAYER_ACTION_REQUIRED
. - HATEOAS links:
Rel | Method | Description |
---|---|---|
approve |
GET |
Use this link to take your payer through the card approval flow. |
confirm |
POST |
Make a POST request to use an approved setup token to save the underlying payment method and generate a payment token. |
self |
GET |
Make a GET request to view the state of your setup token and payment method details. |
After the payer completes verification, make a POST
request on the payment-token endpoint to convert the approved setup token to a payment token.
To retrieve 3D Secure verification data associated with a setup token, make a GET
request on a setup-token.
- Sample request
- Sample response
1curl -v -k -X GET 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens/5C991763VB2781612' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Request-Id: REQUEST-ID" \5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \
Step result
A successful request returns the following:
- HTTP response code of
200 OK
. - Status of
APPROVED
.
Parameter | Description |
---|---|
verification_method |
The verification method value from the request is returned in the response. |
verification_status |
If the card is authorized, the status is VERIFIED . |
authorization |
Details from the authorization are returned in an authorization object. This includes the amount and currency requested, and the AVS and CVV results from the processor response. |
The response will return the Merchant Customer ID information if it was saved in the setup token.
The issuing bank can still issue an authorization if a card fails the AVS and CVV checks. If the card fails the checks, the setup token is created with an APPROVED
status and the processor responses are returned to you. The eci_flag
parameter of an authentication block indicates that 3D Secure was not completed.
You can choose whether to use a card that did not complete 3D Secure or failed AVS and CVV checks:
- To use the card, make a
POST
request on the add-payment-token endpoint and convert the approved setup token to a full payment token. - To reject the card, don't add the payment token or convert it to a full payment token.
Testing with 3D Secure
When running tests in the sandbox, generate a 3D Secure token while creating a setup token and validating a card by using card data from 3D Secure test scenarios.
Create payment token
Use an approved setup token to save the payer's credit or debit card. Then, copy the sample request code to generate a payment token:
- Platform sample API request
- Merchant sample API request
- Sample API response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/payment-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Request-Id: REQUEST-ID" \5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \7 -d '{8 "payment_source": {9 "token": {10 "id": "5C991763VB2781612",11 "type": "SETUP_TOKEN"12 }13 }14 }'
Modify the code
- Copy the code sample.
- Change
ACCESS-TOKEN
to your sandbox access token. - Change
PAYPAL-AUTH-ASSERTION
to your PayPal-Auth-Assertion token. - Change
BN-CODE
to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-ID
to a set of unique alphanumeric characters such as a time stamp. - Use
token
as thepayment source
and complete the rest of the source object for your use case and business. - Use your setup token ID to pass in the payment source parameter and
type
as theSETUP_TOKEN
.
Step result
A successful request returns the following:
- An HTTP response code
HTTP 2xx
orHTTP 200
. - The
ID
of the payment token and associated payment method information. - HATEOAS links:
Rel | Method | Description |
---|---|---|
self |
GET |
Make a GET request to this link to retrieve data about the saved payment method. |
delete |
DELETE |
Make a DELETE request to delete the payment token from the vault. |
Use saved payment token
After you create a payment method token, use the token instead of the payment method to create a purchase and capture the payment with the Orders API.
You can store a Merchant Customer ID aligned with your system to simplify the mapping of customer information within your system and PayPal. This is an optional field that will return the value shared in the response.
Set the payment_source
to specify the payment source type. Set the vault_id
to the payment method token you received.
- Platform sample API request
- Merchant sample API request
- Sample API response
1curl -v -X POST ' https://api-m.sandbox.paypal.com/v2/checkout/orders' \2 -H "PayPal-Request-Id: REQUEST-ID" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \5 -H "PayPal-Partner-Attribution-Id: BN-CODE" \6 -H "Content-Type: application/json" \7 -d '{8 "intent": "CAPTURE",9 "purchase_units": [10 {11 "amount": {12 "currency_code": "USD",13 "value": "100.00"14 },15 "payee": {16 "merchant_id": "MERCHANT-ID"17 }18 }19 ],20 "payment_source": {21 "card": {22 "vault_id":"dnbbj3g"23 }24 }25 }'
Modify the code
- Copy the code sample.
- Change
ACCESS-TOKEN
to your sandbox access token. - Change
PAYPAL-AUTH-ASSERTION
to your PayPal-Auth-Assertion token. - Change
BN-CODE
to your PayPal Attribution ID to receive revenue attribution. See Retrieve BN code. - Change
REQUEST-ID
to a set of unique alphanumeric characters such as a time stamp. - Use the ID of your payment method token as the
vault.id
.
Use payment token on behalf of payer
When the payer isn't present to check out, you can use the payment method token to create an order on behalf of the payer.
1. Retrieve a payer's payment method token
If you stored the payment token the payer created on your site, skip this step.
To make a payment on behalf of the payer, retrieve the payment token they created. You'll need the customer ID that you assigned to this payer when saving the payment method.
- Platform sample API request
- Merchant sample API request
- Sample API response
1curl -v -k -X GET 'https://api-m.sandbox.paypal.com/v3/vault/payment-tokens?customer_id=customer_4029352050' \2 -H "Authorization: Bearer ACCESS-TOKEN" \3 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \4 -H "PayPal-Partner-Attribution-Id: BN-CODE" \5 -H "Content-Type: application/json"
Modify the code
- Copy the code sample.
- Change
ACCESS-TOKEN
to your sandbox access token. - Change
PAYPAL-AUTH-ASSERTION
to your PayPal-Auth-Assertion token. - Change
BN-CODE
to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Pass the PayPal-generated
customer_id
to retrieve the payment token details associated with the payer. - The response will return the Merchant Customer ID if it was passed during payment token creation.
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xx
orHTTP 200
. - Payment method details and status for the payment token.
- JSON response body that includes all payment method tokens.
- HATEOAS links:
Rel | Method | Description |
---|---|---|
self |
GET |
Make a GET request to this link to retrieve data about the saved payment method. |
delete |
DELETE |
Make a DELETE request to delete the saved payment token. |
2. Use payment method token with checkout
After you get the payment method token ID, you can use a payment method token with checkout to create your order.
Webhooks for saving payment methods
Event | Trigger | Payment methods |
---|---|---|
VAULT.PAYMENT-TOKEN.CREATED |
A payment token is created to save a payment method. | Cards and PayPal |
VAULT.PAYMENT-TOKEN.DELETED |
A payment token is deleted. The payer's payment method is no longer saved to the PayPal vault. | Cards and PayPal |
VAULT.PAYMENT-TOKEN.DELETION-INITIATED |
A request to delete a payment token has been submitted to the Payment Method Tokens API. | PayPal |
For more information on webhooks, see webhooks.
See also
- Set up payment buttons
- Advanced credit and debit cards payments
- Errors
- To keep saved cards up to date, see the Real-time account updater