Save cards with the Payment Method Tokens API

Current

Last updated: Oct 15th, 5:01pm

No transaction is required when payment methods are saved with the Payment Method Tokens API. You can charge payers after a set amount of time. Payers don't need to be present when charged. A common use case is offering a free trial and charging payers after the trial expires.

Availability

Supported countries:

  • Australia
  • Austria
  • Belgium
  • Bulgaria
  • Canada
  • China
  • Cyprus
  • Czech Republic
  • Denmark
  • Estonia
  • Finland
  • France
  • Germany
  • Hungary
  • Ireland
  • Italy
  • Latvia
  • Liechtenstein
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Norway
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • United Kingdom
  • United States

Know before you code

  • This server-side integration uses the Payment Method Tokens API.
  • The Payment Method Tokens API supports saving cards and PayPal Wallets.
  • Complete the steps in Get started to get the following sandbox account information from the Developer Dashboard:
    • Your sandbox account login information
    • Your access token
  • You must be approved and have your account configured for billing agreements to set up a reference transaction. Contact your account manager for details.
  • You'll need an existing advanced credit and debit card payments integration. PayPal must approve your business account for advanced credit and debit card payments.
  • The Payment Method Tokens API requires SAQ D PCI Compliance.
1

Create setup token for card

Create a setup token for cards that have:

  • No verification
  • Smart authorization
  • 3D Secure verification

When saving a card for the first time for a payer, the response to the setup token request returns the customer.id and the setup_token_id.

Platform - No verification

Setup token for card with no verification

There's usually no transaction when saving a card and creating a setup token. The data passed to the API is only checked for format.

  1. Sample request
  2. Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \
2 -H "Content-Type: application/json" \
3 -H "Authorization: Bearer ACCESS-TOKEN" \
4 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \
5 -H "PayPal-Partner-Attribution-Id: BN-CODE" \
6 -H "PayPal-Request-Id: REQUEST-ID" \
7 -d '{
8 "payment_source": {
9 "card": {
10 "number": "4111111111111111",
11 "expiry": "2027-02",
12 "name": "Firstname Lastname",
13 "billing_address": {
14 "address_line_1": "2211 N First Street",
15 "address_line_2": "17.3.160",
16 "admin_area_1": "CA",
17 "admin_area_2": "San Jose",
18 "postal_code": "95131",
19 "country_code": "US"
20 },
21 "experience_context": {
22 "brand_name": "YourBrandName",
23 "locale": "en-US",
24 "return_url": "https://example.com/returnUrl",
25 "cancel_url": "https://example.com/cancelUrl"
26 }
27 }
28 }
29 }'

Modify the code

  1. Copy the sample request code.
  2. Change ACCESS-TOKEN to your sandbox access token.
  3. Change PAYPAL-AUTH-ASSERTION to your PayPal-Auth-Assertion token.
  4. Change BN-CODE to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference.
  5. Change REQUEST-ID to a set of unique alphanumeric characters such as a time stamp.

Step result

A successful request returns the following:

  • HTTP response code HTTP 2xx or HTTP 200.
  • The ID of the token in the id field.
  • HATEOAS links:
Rel Method Description
self GET Make a GET request to this link to retrieve payment source data associated with the setup token ID.
confirm POST Make a POST request to generate the payment token using the approved setup token.

Platform: Smart authorization

Setup token for card with smart authorization

You can use the POST action to run smart authorization against the card. In countries where the issuing banks support it, smart authorization runs a zero-value authorization against the card.

If zero-value authorization is not supported, an authorization for a minimal value in the local currency is requested. Authorizations for minimal amounts aren't automatically voided and create a temporary hold against the payer's card.

To request verification of card data, add the verification_method parameter on the POSTsetup-tokens call.

  1. Sample request
  2. Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \
2 -H "Authorization: Bearer ACCESS-TOKEN" \
3 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \
4 -H "PayPal-Partner-Attribution-Id: BN-CODE" \
5 -H "PayPal-Request-Id: REQUEST-ID" \
6 -H "Content-Type: application/json" \
7 -d '{
8 "payment_source": {
9 "card": {
10 "number": "4111111111111111",
11 "expiry": "2027-02",
12 "name": "Firstname Lastname",
13 "billing_address": {
14 "address_line_1": "2211 N First Street",
15 "address_line_2": "17.3.160",
16 "admin_area_1": "CA",
17 "admin_area_2": "San Jose",
18 "postal_code": "95131",
19 "country_code": "US"
20 },
21 "verification_method": "SCA_WHEN_REQUIRED",
22 "experience_context": {
23 "brand_name": "YourBrandName",
24 "locale": "en-US",
25 "return_url": "https://example.com/returnUrl",
26 "cancel_url": "https://example.com/cancelUrl"
27 }
28 }
29 }
30 }'

Modify the code

  1. Copy the sample request code.
  2. Change ACCESS-TOKEN to your sandbox access token.
  3. Change PAYPAL-AUTH-ASSERTION to your PayPal-Auth-Assertion token.
  4. Change BN-CODE to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference.
  5. Change REQUEST-ID to a set of unique alphanumeric characters such as a time stamp.
  6. Use the card as the payment source and complete the rest of the source object for your use case and business.
  7. Pass the verification_method parameter to verify card data.
  8. Update the return_url value with the URL where the payer is redirected after they approve the flow.
  9. Update the cancel_url value with the URL where the payer is redirected after they cancel the flow.

Pass one of the following verification_method attributes to verify card data:

Verification Method Description
SCA_WHEN_REQUIRED Returns a 3D Secure contingency when it is a mandate in the region where you operate. This is the default when neither parameter is explicitly passed.
SCA_ALWAYS Triggers 3D Secure for every transaction.

Step result

A successful request returns the following:

  • HTTP response code HTTP 2xx or HTTP 200.
  • Status of APPROVED.
  • HATEOAS links:
Rel Method Description
confirm POST Make a POST request to generate the payment token using the approved setup token.
self GET Make a GET request to get information about the temporarily saved payment source associated with the setup token ID.

If the request and authorization succeed, the setup token is approved and additional parameters are returned in the response.

Platform: 3D Secure verification

Setup token for card with 3D Secure verification

Use 3D Secure authentication to reduce the likelihood of fraud and improve transaction performance with supported cards. In some countries, authorizing a card can trigger a 3D Secure contingency. 3D Secure verification may occur in PSD2 countries, including members of the EU. For 3D Secure verification, pass SCA_ALWAYS or SCA_WHEN_REQUIRED in the payment_source.card.attributes.verification.method field for the create order request. The API response returns the order status as PAYER_ACTION_REQUIRED.

  1. Create setup token: Platform-3DSecureVerification-Request
  2. Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \
2 -H "Content-Type: application/json" \
3 -H "Authorization: Bearer ACCESS-TOKEN" \
4 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \
5 -H "PayPal-Partner-Attribution-Id: BN-CODE" \
6 -H "PayPal-Request-Id: REQUEST-ID" \
7 -d '{
8 "payment_source": {
9 "card": {
10 "number": "4111111111111111",
11 "expiry": "2027-02",
12 "name": "Firstname Lastname",
13 "billing_address": {
14 "address_line_1": "2211 N First Street",
15 "address_line_2": "17.3.160",
16 "admin_area_1": "CA",
17 "admin_area_2": "San Jose",
18 "postal_code": "95131",
19 "country_code": "US"
20 },
21 "verification_method": "SCA_WHEN_REQUIRED",
22 "experience_context": {
23 "brand_name": "YourBrandName",
24 "locale": "en-US",
25 "return_url": "https://example.com/returnUrl",
26 "cancel_url": "https://example.com/cancelUrl"
27 }
28 }
29 }
30 }'

Modify the code

  1. Copy the sample request code.
  2. Change ACCESS-TOKEN to your sandbox access token.
  3. Change PAYPAL-AUTH-ASSERTION to your PayPal-Auth-Assertion token.
  4. Change BN-CODE to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference.
  5. Change REQUEST-ID to a set of unique alphanumeric characters such as a time stamp.
  6. Use a card as the payment source and complete the rest of the source object for your use case and business.
  7. Pass the verification_method parameter with SCA_WHEN_REQUIRED to verify card data.
  8. Update the return_url value with the URL where the payer is redirected after they approve the flow.
  9. Update the cancel_url value with the URL where the payer is redirected after they cancel the flow.

Step result

A successful request returns the following:

  • HTTP response code HTTP 2xx or HTTP 200.
  • Status of PAYER_ACTION_REQUIRED.
  • HATEOAS links:
Rel Method Description
approve GET Use this link to take your payer through the card approval flow.
confirm POST Make a POST request to use an approved setup token to save the payment method and generate a payment token.
self GET Make a GET request to view the state of your setup token and payment method details.

Merchant - No verification

Setup token for card with no verification

There is usually no transaction when saving a card and creating a setup token. The data passed to the API is checked only for format.

  1. Sample request
  2. Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \
2 -H "Content-Type: application/json" \
3 -H "Authorization: Bearer ACCESS-TOKEN" \
4 -H "PayPal-Request-Id: REQUEST-ID" \
5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \
6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \
7 -d '{
8 "payment_source": {
9 "card": {
10 "number": "4111111111111111",
11 "expiry": "2027-02",
12 "name": "Firstname Lastname",
13 "billing_address": {
14 "address_line_1": "2211 N First Street",
15 "address_line_2": "17.3.160",
16 "admin_area_1": "CA",
17 "admin_area_2": "San Jose",
18 "postal_code": "95131",
19 "country_code": "US"
20 },
21 "experience_context": {
22 "brand_name": "YourBrandName",
23 "locale": "en-US",
24 "return_url": "https://example.com/returnUrl",
25 "cancel_url": "https://example.com/cancelUrl"
26 }
27 }
28 }
29 }'

Modify the code

  1. Copy the sample request code.
  2. Change ACCESS-TOKEN to your sandbox access token.
  3. Change PAYPAL-AUTH-ASSERTION to your PayPal-Auth-Assertion token.
  4. Change BN-CODE to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference.
  5. Change REQUEST-ID to a set of unique alphanumeric characters such as a time stamp.

Step result

A successful request returns the following:

  • HTTP response code HTTP 2xx or HTTP 200.
  • The ID of the token is in the id field.
  • HATEOAS links:
Rel Method Description
self GET Make a GET request to this link to retrieve the payment source data associated with the setup token ID.
confirm POST Make a POST request to generate the payment token using the approved setup token.

Merchant: Smart authorization

Setup token for card with smart authorization

You can use the POST action to run smart authorization against the card. In countries where the issuing banks support it, smart authorization runs a zero-value authorization against the card.

If zero-value authorization is not supported, an authorization for a minimal value in the local currency is requested. Authorizations for minimal amounts aren't automatically voided and create a temporary hold against the payer's card.

To request verification of card data, modify the POST on the setup-tokens call by adding the verification_method parameter:

  1. Sample request
  2. Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \
2 -H "Authorization: Bearer ACCESS-TOKEN" \
3 -H "PayPal-Request-Id: REQUEST-ID" \
4 -H "Content-Type: application/json" \
5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \
6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \
7 -d '{
8 "payment_source": {
9 "card": {
10 "number": "4111111111111111",
11 "expiry": "2027-02",
12 "name": "Firstname Lastname",
13 "billing_address": {
14 "address_line_1": "2211 N First Street",
15 "address_line_2": "17.3.160",
16 "admin_area_1": "CA",
17 "admin_area_2": "San Jose",
18 "postal_code": "95131",
19 "country_code": "US"
20 },
21 "verification_method": "SCA_WHEN_REQUIRED",
22 "experience_context": {
23 "brand_name": "YourBrandName",
24 "locale": "en-US",
25 "return_url": "https://example.com/returnUrl",
26 "cancel_url": "https://example.com/cancelUrl"
27 }
28 }
29 }
30 }'

Modify the code

  1. Copy the sample request code.
  2. Change ACCESS-TOKEN to your sandbox access token.
  3. Change PAYPAL-AUTH-ASSERTION to your PayPal-Auth-Assertion token.
  4. Change BN-CODE to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference.
  5. Change REQUEST-ID to a set of unique alphanumeric characters such as a time stamp.
  6. Use the card as the payment source and complete the rest of the source object for your use case and business.
  7. Pass the verification_method parameter to verify card data.
  8. Update the return_url value with the URL where the payer is redirected after they approve the flow.
  9. Update the cancel_url value with the URL where the payer is redirected after they cancel the flow.

Pass one of the following verification_method attributes to verify card data:

Verification Method Description
SCA_WHEN_REQUIRED Returns a 3D Secure contingency when it is a mandate in the region where you operate. This is the default when neither parameter is explicitly passed.
SCA_ALWAYS Triggers 3D Secure for every transaction.

Step result

A successful request returns the following:

  • HTTP response code HTTP 2xx or HTTP 200.
  • Status of APPROVED.
  • HATEOAS links:
Rel Method Description
confirm POST Make a POST request to generate the payment token using the approved setup token.
self GET Make a GET request to get information about the temporarily saved payment source associated with the setup token ID.

If the request and authorization succeed, the setup token is approved and additional parameters are returned in the response.

Testing AVS and CVV response codes

When running tests in the sandbox, you can generate AVS and CVV response codes.

When testing saved cards in the sandbox, use these test cards.

Set Address Line 1 to the following values to generate an AVS response. Not all AVS codes are supported by all card types:

Address Line 1 AVS Response Visa Mastercard American Express Discover
AVS_A_971 A Yes Yes Yes Yes
AVS_B_972 B Yes No No No
AVS_C_973 C Yes No No No
AVS_D_974 D Yes No Yes No
AVS_E_975 E No Yes Yes No
AVS_F_976 F Yes No Yes No
AVS_G_977 G Yes No No Yes
AVS_I_979 I Yes No No No
AVS_K_981 K No No Yes No
AVS_L_982 L No No Yes No
AVS_M_983 M Yes No Yes No
AVS_N_984 N Yes Yes Yes Yes
AVS_O_985 O No No Yes No
AVS_P_986 P Yes No No No
AVS_R_988 R Yes Yes Yes Yes
AVS_S_989 S Yes Yes Yes Yes
AVS_U_991 U Yes Yes Yes Yes
AVS_W_993 W Yes Yes Yes Yes
AVS_X_994 X Yes Yes No Yes
AVS_Y_995 Y Yes Yes Yes Yes
AVS_Z_996 Z Yes Yes Yes Yes

Set the CVV to the following values to generate a CVV response:

CVV CVV response Description
115 M CVV2/CVC2/CID Match
116 N CVV2/CVC2/CID No Match
120 P Not Processed
123 S CVV2 should be on the card, but merchant indicated that it was not
125 U Unknown/Issuer does not participate
130 X Server provider did not respond (default)

Merchant: 3D Secure verification

Setup token for card with 3D Secure verification

If 3D Secure is required, the POST action to the setup-tokens endpoint returns PAYER_ACTION_REQUIRED.

  1. Sample request
  2. Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \
2 -H "Content-Type: application/json" \
3 -H "Authorization: Bearer ACCESS-TOKEN" \
4 -H "PayPal-Request-Id: REQUEST-ID" \
5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \
6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \
7 -d '{
8 "payment_source": {
9 "card": {
10 "number": "4111111111111111",
11 "expiry": "2027-02",
12 "name": "Firstname Lastname",
13 "billing_address": {
14 "address_line_1": "2211 N First Street",
15 "address_line_2": "17.3.160",
16 "admin_area_1": "CA",
17 "admin_area_2": "San Jose",
18 "postal_code": "95131",
19 "country_code": "US"
20 },
21 "verification_method": "SCA_WHEN_REQUIRED",
22 "experience_context": {
23 "brand_name": "YourBrandName",
24 "locale": "en-US",
25 "return_url": "https://example.com/returnUrl",
26 "cancel_url": "https://example.com/cancelUrl"
27 }
28 }
29 }
30 }'

Modify the code

  1. Copy the sample request code.
  2. Change ACCESS-TOKEN to your sandbox access token.
  3. Change PAYPAL-AUTH-ASSERTION to your PayPal-Auth-Assertion token.
  4. Change BN-CODE to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference.
  5. Change REQUEST-ID to a set of unique alphanumeric characters such as a time stamp.
  6. Use a card as the payment source and complete the rest of the source object for your use case and business.
  7. Pass the verification_method parameter with SCA_WHEN_REQUIRED to verify card data.
  8. Update the return_url value with the URL where the payer is redirected after they approve the flow.
  9. Update the cancel_url value with the URL where the payer is redirected after they cancel the flow.

Step result

A successful request returns the following:

  • An HTTP response code HTTP 2xx or HTTP 200.
  • A status of PAYER_ACTION_REQUIRED.
  • HATEOAS links:
Rel Method Description
approve GET Use this link to take your payer through the card approval flow.
confirm POST Make a POST request to use an approved setup token to save the underlying payment method and generate a payment token.
self GET Make a GET request to view the state of your setup token and payment method details.

After the payer completes verification, make a POST request on the payment-token endpoint to convert the approved setup token to a payment token.

To retrieve 3D Secure verification data associated with a setup token, make a GET request on a setup-token.

  1. Sample request
  2. Sample response
1curl -v -k -X GET 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens/5C991763VB2781612' \
2 -H "Content-Type: application/json" \
3 -H "Authorization: Bearer ACCESS-TOKEN" \
4 -H "PayPal-Request-Id: REQUEST-ID" \
5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \
6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \

Step result

A successful request returns the following:

  • HTTP response code of 200 OK.
  • Status of APPROVED.
Parameter Description
verification_method The verification method value from the request is returned in the response.
verification_status If the card is authorized, the status is VERIFIED.
authorization Details from the authorization are returned in an authorization object. This includes the amount and currency requested, and the AVS and CVV results from the processor response.

The response will return the Merchant Customer ID information if it was saved in the setup token.

The issuing bank can still issue an authorization if a card fails the AVS and CVV checks. If the card fails the checks, the setup token is created with an APPROVED status and the processor responses are returned to you. The eci_flag parameter of an authentication block indicates that 3D Secure was not completed.

You can choose whether to use a card that did not complete 3D Secure or failed AVS and CVV checks:

  • To use the card, make a POST request on the add-payment-token endpoint and convert the approved setup token to a full payment token.
  • To reject the card, don't add the payment token or convert it to a full payment token.

Testing with 3D Secure

When running tests in the sandbox, generate a 3D Secure token while creating a setup token and validating a card by using card data from 3D Secure test scenarios.

2

Create payment token

Use an approved setup token to save the payer's credit or debit card. Then, copy the sample request code to generate a payment token:

  1. Platform sample API request
  2. Merchant sample API request
  3. Sample API response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/payment-tokens' \
2 -H "Content-Type: application/json" \
3 -H "Authorization: Bearer ACCESS-TOKEN" \
4 -H "PayPal-Request-Id: REQUEST-ID" \
5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \
6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \
7 -d '{
8 "payment_source": {
9 "token": {
10 "id": "5C991763VB2781612",
11 "type": "SETUP_TOKEN"
12 }
13 }
14 }'

Modify the code

  1. Copy the code sample.
  2. Change ACCESS-TOKEN to your sandbox access token.
  3. Change PAYPAL-AUTH-ASSERTION to your PayPal-Auth-Assertion token.
  4. Change BN-CODE to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference.
  5. Change REQUEST-ID to a set of unique alphanumeric characters such as a time stamp.
  6. Use token as the payment source and complete the rest of the source object for your use case and business.
  7. Use your setup token ID to pass in the payment source parameter and type as the SETUP_TOKEN.

Step result

A successful request returns the following:

  • An HTTP response code HTTP 2xx or HTTP 200.
  • The ID of the payment token and associated payment method information.
  • HATEOAS links:
Rel Method Description
self GET Make a GET request to this link to retrieve data about the saved payment method.
delete DELETE Make a DELETE request to delete the payment token from the vault.
3

Use saved payment token

After you create a payment method token, use the token instead of the payment method to create a purchase and capture the payment with the Orders API.

You can store a Merchant Customer ID aligned with your system to simplify the mapping of customer information within your system and PayPal. This is an optional field that will return the value shared in the response.

Set the payment_source to specify the payment source type. Set the vault_id to the payment method token you received.

  1. Platform sample API request
  2. Merchant sample API request
  3. Sample API response
1curl -v -X POST ' https://api-m.sandbox.paypal.com/v2/checkout/orders' \
2 -H "PayPal-Request-Id: REQUEST-ID" \
3 -H "Authorization: Bearer ACCESS-TOKEN" \
4 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \
5 -H "PayPal-Partner-Attribution-Id: BN-CODE" \
6 -H "Content-Type: application/json" \
7 -d '{
8 "intent": "CAPTURE",
9 "purchase_units": [
10 {
11 "amount": {
12 "currency_code": "USD",
13 "value": "100.00"
14 },
15 "payee": {
16 "merchant_id": "MERCHANT-ID"
17 }
18 }
19 ],
20 "payment_source": {
21 "card": {
22 "vault_id":"dnbbj3g"
23 }
24 }
25 }'

Modify the code

  1. Copy the code sample.
  2. Change ACCESS-TOKEN to your sandbox access token.
  3. Change PAYPAL-AUTH-ASSERTION to your PayPal-Auth-Assertion token.
  4. Change BN-CODE to your PayPal Attribution ID to receive revenue attribution. See Retrieve BN code.
  5. Change REQUEST-ID to a set of unique alphanumeric characters such as a time stamp.
  6. Use the ID of your payment method token as the vault.id.

Use payment token on behalf of payer

When the payer isn't present to check out, you can use the payment method token to create an order on behalf of the payer.

1. Retrieve a payer's payment method token

If you stored the payment token the payer created on your site, skip this step.

To make a payment on behalf of the payer, retrieve the payment token they created. You'll need the customer ID that you assigned to this payer when saving the payment method.

  1. Platform sample API request
  2. Merchant sample API request
  3. Sample API response
1curl -v -k -X GET 'https://api-m.sandbox.paypal.com/v3/vault/payment-tokens?customer_id=customer_4029352050' \
2 -H "Authorization: Bearer ACCESS-TOKEN" \
3 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \
4 -H "PayPal-Partner-Attribution-Id: BN-CODE" \
5 -H "Content-Type: application/json"

Modify the code

  1. Copy the code sample.
  2. Change ACCESS-TOKEN to your sandbox access token.
  3. Change PAYPAL-AUTH-ASSERTION to your PayPal-Auth-Assertion token.
  4. Change BN-CODE to your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference.
  5. Pass the PayPal-generated customer_id to retrieve the payment token details associated with the payer.
  6. The response will return the Merchant Customer ID if it was passed during payment token creation.

Step result

A successful request returns the following:

  • HTTP response code HTTP 2xx or HTTP 200.
  • Payment method details and status for the payment token.
  • JSON response body that includes all payment method tokens.
  • HATEOAS links:
Rel Method Description
self GET Make a GET request to this link to retrieve data about the saved payment method.
delete DELETE Make a DELETE request to delete the saved payment token.

2. Use payment method token with checkout

After you get the payment method token ID, you can use a payment method token with checkout to create your order.

Webhooks for saving payment methods

Event Trigger Payment methods
VAULT.PAYMENT-TOKEN.CREATED A payment token is created to save a payment method. Cards and PayPal
VAULT.PAYMENT-TOKEN.DELETED A payment token is deleted. The payer's payment method is no longer saved to the PayPal vault. Cards and PayPal
VAULT.PAYMENT-TOKEN.DELETION-INITIATED A request to delete a payment token has been submitted to the Payment Method Tokens API. PayPal

For more information on webhooks, see webhooks.

See also

We use cookies to improve your experience on our site. May we use marketing cookies to show you personalized ads? Manage all cookies