Save cards with the Payment Method Tokens API
Last updated: Nov 4th, 9:21am
No transaction is required when payment methods are saved with the Payment Method Tokens API. You can charge payers after a set amount of time. Payers don't need to be present when charged. A common use case is offering a free trial and charging payers after the trial expires.
Know before you code
- This server-side integration uses the Payment Method Tokens API.
- The Payment Method Tokens API supports saving cards and PayPal Wallets.
- Complete the steps in Get started to get the following sandbox account information from the Developer Dashboard:
- Your sandbox account login information
- Your access token
- You must be approved and have your account configured for billing agreements to set up a reference transaction. Contact your account manager for details.
- You'll need an existing advanced credit and debit card payments integration. PayPal must approve your business account for advanced credit and debit card payments.
- The Payment Method Tokens API requires SAQ D PCI Compliance.
Create setup token for card
Create a setup token for cards that have:
- No verification
- Smart authorization
- 3D Secure verification
When saving a card for the first time for a payer, the response to the setup token request returns the customer.id and the setup_token_id.
Tip: For a payer with previously stored payment_sources, pass the PayPal-generated customer.id in the setup token request. Then you can link additional payment_sources to this payer.
Platform - No verification
Setup token for card with no verification
There's usually no transaction when saving a card and creating a setup token. The data passed to the API is only checked for format.
- Sample request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \5 -H "PayPal-Partner-Attribution-Id: BN-CODE" \6 -H "PayPal-Request-Id: REQUEST-ID" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "experience_context": {22 "brand_name": "YourBrandName",23 "locale": "en-US",24 "return_url": "https://example.com/returnUrl",25 "cancel_url": "https://example.com/cancelUrl"26 }27 }28 }29 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKENto your sandbox access token. - Change
PAYPAL-AUTH-ASSERTIONto your PayPal-Auth-Assertion token. - Change
BN-CODEto your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-IDto a set of unique alphanumeric characters such as a time stamp.
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xxorHTTP 200. - The ID of the token in the
idfield. - HATEOAS links:
| Rel | Method | Description |
|---|---|---|
self |
GET |
Make a GET request to this link to retrieve payment source data associated with the setup token ID. |
confirm |
POST |
Make a POST request to generate the payment token using the approved setup token. |
Platform: Smart authorization
Setup token for card with smart authorization
You can use the POST action to run smart authorization against the card. In countries where the issuing banks support it, smart authorization runs a zero-value authorization against the card.
If zero-value authorization is not supported, an authorization for a minimal value in the local currency is requested. Authorizations for minimal amounts aren't automatically voided and create a temporary hold against the payer's card.
To request verification of card data, add the verification_method parameter on the POSTsetup-tokens call.
- Sample request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Authorization: Bearer ACCESS-TOKEN" \3 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \4 -H "PayPal-Partner-Attribution-Id: BN-CODE" \5 -H "PayPal-Request-Id: REQUEST-ID" \6 -H "Content-Type: application/json" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "verification_method": "SCA_WHEN_REQUIRED",22 "experience_context": {23 "brand_name": "YourBrandName",24 "locale": "en-US",25 "return_url": "https://example.com/returnUrl",26 "cancel_url": "https://example.com/cancelUrl"27 }28 }29 }30 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKENto your sandbox access token. - Change
PAYPAL-AUTH-ASSERTIONto your PayPal-Auth-Assertion token. - Change
BN-CODEto your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-IDto a set of unique alphanumeric characters such as a time stamp. - Use the card as the payment source and complete the rest of the source object for your use case and business.
- Pass the
verification_methodparameter to verify card data. - Update the
return_urlvalue with the URL where the payer is redirected after they approve the flow. - Update the
cancel_urlvalue with the URL where the payer is redirected after they cancel the flow.
Pass one of the following verification_method attributes to verify card data:
| Verification Method | Description |
|---|---|
| SCA_WHEN_REQUIRED | Returns a 3D Secure contingency when it is a mandate in the region where you operate. This is the default when neither parameter is explicitly passed. |
SCA_ALWAYS |
Triggers 3D Secure for every transaction. |
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xxorHTTP 200. - Status of
APPROVED. - HATEOAS links:
| Rel | Method | Description |
|---|---|---|
confirm |
POST |
Make a POST request to generate the payment token using the approved setup token. |
self |
GET |
Make a GET request to get information about the temporarily saved payment source associated with the setup token ID. |
If the request and authorization succeed, the setup token is approved and additional parameters are returned in the response.
Platform: 3D Secure verification
Setup token for card with 3D Secure verification
Use 3D Secure authentication to reduce the likelihood of fraud and improve transaction performance with supported cards. In some countries, authorizing a card can trigger a 3D Secure contingency. 3D Secure verification may occur in PSD2 countries, including members of the EU. For 3D Secure verification, pass SCA_ALWAYS or SCA_WHEN_REQUIRED in the payment_source.card.attributes.verification.method field for the create order request. The API response returns the order status as PAYER_ACTION_REQUIRED.
- Create setup token: Platform-3DSecureVerification-Request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \5 -H "PayPal-Partner-Attribution-Id: BN-CODE" \6 -H "PayPal-Request-Id: REQUEST-ID" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "verification_method": "SCA_WHEN_REQUIRED",22 "experience_context": {23 "brand_name": "YourBrandName",24 "locale": "en-US",25 "return_url": "https://example.com/returnUrl",26 "cancel_url": "https://example.com/cancelUrl"27 }28 }29 }30 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKENto your sandbox access token. - Change
PAYPAL-AUTH-ASSERTIONto your PayPal-Auth-Assertion token. - Change
BN-CODEto your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-IDto a set of unique alphanumeric characters such as a time stamp. - Use a card as the payment source and complete the rest of the source object for your use case and business.
- Pass the
verification_methodparameter withSCA_WHEN_REQUIREDto verify card data. - Update the
return_urlvalue with the URL where the payer is redirected after they approve the flow. - Update the
cancel_urlvalue with the URL where the payer is redirected after they cancel the flow.
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xxorHTTP 200. - Status of
PAYER_ACTION_REQUIRED. - HATEOAS links:
| Rel | Method | Description |
|---|---|---|
approve |
GET |
Use this link to take your payer through the card approval flow. |
confirm |
POST |
Make a POST request to use an approved setup token to save the payment method and generate a payment token. |
self |
GET |
Make a GET request to view the state of your setup token and payment method details. |
Merchant - No verification
Setup token for card with no verification
There is usually no transaction when saving a card and creating a setup token. The data passed to the API is checked only for format.
Note: When saving a card for the first time for a payer, the response to the setup token request returns the customer.id and the vault.id. Store the vault.id in your system for future use.
- Sample request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Request-Id: REQUEST-ID" \5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "experience_context": {22 "brand_name": "YourBrandName",23 "locale": "en-US",24 "return_url": "https://example.com/returnUrl",25 "cancel_url": "https://example.com/cancelUrl"26 }27 }28 }29 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKENto your sandbox access token. - Change
PAYPAL-AUTH-ASSERTIONto your PayPal-Auth-Assertion token. - Change
BN-CODEto your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-IDto a set of unique alphanumeric characters such as a time stamp.
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xxorHTTP 200. - The ID of the token is in the
idfield. - HATEOAS links:
| Rel | Method | Description |
|---|---|---|
self |
GET |
Make a GET request to this link to retrieve the payment source data associated with the setup token ID. |
confirm |
POST |
Make a POST request to generate the payment token using the approved setup token. |
Merchant: Smart authorization
Setup token for card with smart authorization
You can use the POST action to run smart authorization against the card. In countries where the issuing banks support it, smart authorization runs a zero-value authorization against the card.
If zero-value authorization is not supported, an authorization for a minimal value in the local currency is requested. Authorizations for minimal amounts aren't automatically voided and create a temporary hold against the payer's card.
To request verification of card data, modify the POST on the setup-tokens call by adding the verification_method parameter:
- Sample request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Authorization: Bearer ACCESS-TOKEN" \3 -H "PayPal-Request-Id: REQUEST-ID" \4 -H "Content-Type: application/json" \5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "verification_method": "SCA_WHEN_REQUIRED",22 "experience_context": {23 "brand_name": "YourBrandName",24 "locale": "en-US",25 "return_url": "https://example.com/returnUrl",26 "cancel_url": "https://example.com/cancelUrl"27 }28 }29 }30 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKENto your sandbox access token. - Change
PAYPAL-AUTH-ASSERTIONto your PayPal-Auth-Assertion token. - Change
BN-CODEto your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-IDto a set of unique alphanumeric characters such as a time stamp. - Use the card as the payment source and complete the rest of the source object for your use case and business.
- Pass the
verification_methodparameter to verify card data. - Update the
return_urlvalue with the URL where the payer is redirected after they approve the flow. - Update the
cancel_urlvalue with the URL where the payer is redirected after they cancel the flow.
Pass one of the following verification_method attributes to verify card data:
| Verification Method | Description |
|---|---|
| SCA_WHEN_REQUIRED | Returns a 3D Secure contingency when it is a mandate in the region where you operate. This is the default when neither parameter is explicitly passed. |
SCA_ALWAYS |
Triggers 3D Secure for every transaction. |
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xxorHTTP 200. - Status of
APPROVED. - HATEOAS links:
| Rel | Method | Description |
|---|---|---|
confirm |
POST |
Make a POST request to generate the payment token using the approved setup token. |
self |
GET |
Make a GET request to get information about the temporarily saved payment source associated with the setup token ID. |
If the request and authorization succeed, the setup token is approved and additional parameters are returned in the response.
Testing AVS and CVV response codes
When running tests in the sandbox, you can generate AVS and CVV response codes.
When testing saved cards in the sandbox, use these test cards.
Set Address Line 1 to the following values to generate an AVS response. Not all AVS codes are supported by all card types:
| Address Line 1 | AVS Response | Visa | Mastercard | American Express | Discover |
|---|---|---|---|---|---|
| AVS_A_971 | A | Yes | Yes | Yes | Yes |
| AVS_B_972 | B | Yes | No | No | No |
| AVS_C_973 | C | Yes | No | No | No |
| AVS_D_974 | D | Yes | No | Yes | No |
| AVS_E_975 | E | No | Yes | Yes | No |
| AVS_F_976 | F | Yes | No | Yes | No |
| AVS_G_977 | G | Yes | No | No | Yes |
| AVS_I_979 | I | Yes | No | No | No |
| AVS_K_981 | K | No | No | Yes | No |
| AVS_L_982 | L | No | No | Yes | No |
| AVS_M_983 | M | Yes | No | Yes | No |
| AVS_N_984 | N | Yes | Yes | Yes | Yes |
| AVS_O_985 | O | No | No | Yes | No |
| AVS_P_986 | P | Yes | No | No | No |
| AVS_R_988 | R | Yes | Yes | Yes | Yes |
| AVS_S_989 | S | Yes | Yes | Yes | Yes |
| AVS_U_991 | U | Yes | Yes | Yes | Yes |
| AVS_W_993 | W | Yes | Yes | Yes | Yes |
| AVS_X_994 | X | Yes | Yes | No | Yes |
| AVS_Y_995 | Y | Yes | Yes | Yes | Yes |
| AVS_Z_996 | Z | Yes | Yes | Yes | Yes |
Set the CVV to the following values to generate a CVV response:
| CVV | CVV response | Description |
|---|---|---|
| 115 | M | CVV2/CVC2/CID Match |
| 116 | N | CVV2/CVC2/CID No Match |
| 120 | P | Not Processed |
| 123 | S | CVV2 should be on the card, but merchant indicated that it was not |
| 125 | U | Unknown/Issuer does not participate |
| 130 | X | Server provider did not respond (default) |
Merchant: 3D Secure verification
Setup token for card with 3D Secure verification
If 3D Secure is required, the POST action to the setup-tokens endpoint returns PAYER_ACTION_REQUIRED.
- Sample request
- Sample response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Request-Id: REQUEST-ID" \5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \7 -d '{8 "payment_source": {9 "card": {10 "number": "4111111111111111",11 "expiry": "2027-02",12 "name": "Firstname Lastname",13 "billing_address": {14 "address_line_1": "2211 N First Street",15 "address_line_2": "17.3.160",16 "admin_area_1": "CA",17 "admin_area_2": "San Jose",18 "postal_code": "95131",19 "country_code": "US"20 },21 "verification_method": "SCA_WHEN_REQUIRED",22 "experience_context": {23 "brand_name": "YourBrandName",24 "locale": "en-US",25 "return_url": "https://example.com/returnUrl",26 "cancel_url": "https://example.com/cancelUrl"27 }28 }29 }30 }'
Modify the code
- Copy the sample request code.
- Change
ACCESS-TOKENto your sandbox access token. - Change
PAYPAL-AUTH-ASSERTIONto your PayPal-Auth-Assertion token. - Change
BN-CODEto your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-IDto a set of unique alphanumeric characters such as a time stamp. - Use a card as the payment source and complete the rest of the source object for your use case and business.
- Pass the
verification_methodparameter withSCA_WHEN_REQUIREDto verify card data. - Update the
return_urlvalue with the URL where the payer is redirected after they approve the flow. - Update the
cancel_urlvalue with the URL where the payer is redirected after they cancel the flow.
Step result
A successful request returns the following:
- An HTTP response code
HTTP 2xxorHTTP 200. - A status of
PAYER_ACTION_REQUIRED. - HATEOAS links:
| Rel | Method | Description |
|---|---|---|
approve |
GET |
Use this link to take your payer through the card approval flow. |
confirm |
POST |
Make a POST request to use an approved setup token to save the underlying payment method and generate a payment token. |
self |
GET |
Make a GET request to view the state of your setup token and payment method details. |
After the payer completes verification, make a POST request on the payment-token endpoint to convert the approved setup token to a payment token.
To retrieve 3D Secure verification data associated with a setup token, make a GET request on a setup-token.
- Sample request
- Sample response
1curl -v -k -X GET 'https://api-m.sandbox.paypal.com/v3/vault/setup-tokens/5C991763VB2781612' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Request-Id: REQUEST-ID" \5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \
Step result
A successful request returns the following:
- HTTP response code of
200 OK. - Status of
APPROVED.
| Parameter | Description |
|---|---|
verification_method |
The verification method value from the request is returned in the response. |
verification_status |
If the card is authorized, the status is VERIFIED. |
authorization |
Details from the authorization are returned in an authorization object. This includes the amount and currency requested, and the AVS and CVV results from the processor response. |
The response will return the Merchant Customer ID information if it was saved in the setup token.
The issuing bank can still issue an authorization if a card fails the AVS and CVV checks. If the card fails the checks, the setup token is created with an APPROVED status and the processor responses are returned to you. The eci_flag parameter of an authentication block indicates that 3D Secure was not completed.
You can choose whether to use a card that did not complete 3D Secure or failed AVS and CVV checks:
- To use the card, make a
POSTrequest on the add-payment-token endpoint and convert the approved setup token to a full payment token. - To reject the card, don't add the payment token or convert it to a full payment token.
Testing with 3D Secure
When running tests in the sandbox, generate a 3D Secure token while creating a setup token and validating a card by using card data from 3D Secure test scenarios.
Create payment token
Use an approved setup token to save the payer's credit or debit card. Then, copy the sample request code to generate a payment token:
- Platform sample API request
- Merchant sample API request
- Sample API response
1curl -v -k -X POST 'https://api-m.sandbox.paypal.com/v3/vault/payment-tokens' \2 -H "Content-Type: application/json" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Request-Id: REQUEST-ID" \5 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \6 -H "PayPal-Partner-Attribution-Id: BN-CODE" \7 -d '{8 "payment_source": {9 "token": {10 "id": "5C991763VB2781612",11 "type": "SETUP_TOKEN"12 }13 }14 }'
Modify the code
- Copy the code sample.
- Change
ACCESS-TOKENto your sandbox access token. - Change
PAYPAL-AUTH-ASSERTIONto your PayPal-Auth-Assertion token. - Change
BN-CODEto your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Change
REQUEST-IDto a set of unique alphanumeric characters such as a time stamp. - Use
tokenas thepayment sourceand complete the rest of the source object for your use case and business. - Use your setup token ID to pass in the payment source parameter and
typeas theSETUP_TOKEN.
Step result
A successful request returns the following:
- An HTTP response code
HTTP 2xxorHTTP 200. - The
IDof the payment token and associated payment method information. - HATEOAS links:
| Rel | Method | Description |
|---|---|---|
self |
GET |
Make a GET request to this link to retrieve data about the saved payment method. |
delete |
DELETE |
Make a DELETE request to delete the payment token from the vault. |
Use saved payment token
After you create a payment method token, use the token instead of the payment method to create a purchase and capture the payment with the Orders API.
You can store a Merchant Customer ID aligned with your system to simplify the mapping of customer information within your system and PayPal. This is an optional field that will return the value shared in the response.
Set the payment_source to specify the payment source type. Set the vault_id to the payment method token you received.
- Platform sample API request
- Merchant sample API request
- Sample API response
1curl -v -X POST ' https://api-m.sandbox.paypal.com/v2/checkout/orders' \2 -H "PayPal-Request-Id: REQUEST-ID" \3 -H "Authorization: Bearer ACCESS-TOKEN" \4 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \5 -H "PayPal-Partner-Attribution-Id: BN-CODE" \6 -H "Content-Type: application/json" \7 -d '{8 "intent": "CAPTURE",9 "purchase_units": [10 {11 "amount": {12 "currency_code": "USD",13 "value": "100.00"14 },15 "payee": {16 "merchant_id": "MERCHANT-ID"17 }18 }19 ],20 "payment_source": {21 "card": {22 "vault_id":"dnbbj3g"23 }24 }25 }'
Modify the code
- Copy the code sample.
- Change
ACCESS-TOKENto your sandbox access token. - Change
PAYPAL-AUTH-ASSERTIONto your PayPal-Auth-Assertion token. - Change
BN-CODEto your PayPal Attribution ID to receive revenue attribution. See Retrieve BN code. - Change
REQUEST-IDto a set of unique alphanumeric characters such as a time stamp. - Use the ID of your payment method token as the
vault.id.
Use payment token on behalf of payer
When the payer isn't present to check out, you can use the payment method token to create an order on behalf of the payer.
1. Retrieve a payer's payment method token
If you stored the payment token the payer created on your site, skip this step.
To make a payment on behalf of the payer, retrieve the payment token they created. You'll need the customer ID that you assigned to this payer when saving the payment method.
- Platform sample API request
- Merchant sample API request
- Sample API response
1curl -v -k -X GET 'https://api-m.sandbox.paypal.com/v3/vault/payment-tokens?customer_id=customer_4029352050' \2 -H "Authorization: Bearer ACCESS-TOKEN" \3 -H "PayPal-Auth-Assertion: PAYPAL-AUTH-ASSERTION" \4 -H "PayPal-Partner-Attribution-Id: BN-CODE" \5 -H "Content-Type: application/json"
Modify the code
- Copy the code sample.
- Change
ACCESS-TOKENto your sandbox access token. - Change
PAYPAL-AUTH-ASSERTIONto your PayPal-Auth-Assertion token. - Change
BN-CODEto your PayPal Attribution ID to receive revenue attribution. To find your BN code, see Code and Credential Reference. - Pass the PayPal-generated
customer_idto retrieve the payment token details associated with the payer. - The response will return the Merchant Customer ID if it was passed during payment token creation.
Step result
A successful request returns the following:
- HTTP response code
HTTP 2xxorHTTP 200. - Payment method details and status for the payment token.
- JSON response body that includes all payment method tokens.
- HATEOAS links:
| Rel | Method | Description |
|---|---|---|
self |
GET |
Make a GET request to this link to retrieve data about the saved payment method. |
delete |
DELETE |
Make a DELETE request to delete the saved payment token. |
2. Use payment method token with checkout
After you get the payment method token ID, you can use a payment method token with checkout to create your order.
Webhooks for saving payment methods
| Event | Trigger | Payment methods |
|---|---|---|
VAULT.PAYMENT-TOKEN.CREATED |
A payment token is created to save a payment method. | Cards and PayPal |
VAULT.PAYMENT-TOKEN.DELETED |
A payment token is deleted. The payer's payment method is no longer saved to the PayPal vault. | Cards and PayPal |
VAULT.PAYMENT-TOKEN.DELETION-INITIATED |
A request to delete a payment token has been submitted to the Payment Method Tokens API. | PayPal |
For more information on webhooks, see webhooks.
See also
- Set up payment buttons
- Advanced credit and debit cards payments
- Errors
- To keep saved cards up to date, see the Real-time account updater