Save card

Request to store a card for later retrieval via token. If a Unique Token repository is used, the card details are stored or updated against the provided token. If no token is provided, one is generated.

If a Unique Card Number repository is used and the card details have not previously been stored, a new system-generated token is used, otherwise the existing token is updated with the card details (the card number cannot be changed).

POST https://test-gateway.mastercard.com/api/nvp/version/3

Authentication Copied to clipboard

This operation requires authentication via one of the following methods:


  • Certificate authentication.
  • API password. An additional NVP parameter, apiPassword, must be supplied in the request containing your password for using the API.

Request Copied to clipboard

Fields Copied to clipboard

action.tokenOperation Copied to clipboard String = SAVE FIXED

Any sequence of zero or more unicode characters.

apiOperation Copied to clipboard String = MANAGE_CARD FIXED

Any sequence of zero or more unicode characters.

card Copied to clipboard REQUIRED
card.bankAccountType Copied to clipboard Enumeration OPTIONAL

The type of bank account the cardholder wishes to use for the transaction.

For example, Savings or Check.

Value must be a member of the following list. The values are case sensitive.

CHECK
SAVINGS
card.expiry Copied to clipboard REQUIRED

Expiry date, as shown on the card.

card.expiry.month Copied to clipboard Digits REQUIRED

Month, as shown on the card.

Months are numbered January=1, through to December=12.

Data is a number between 1 and 12 represented as a string.

card.expiry.year Copied to clipboard Digits REQUIRED

Year, as shown on the card.

The Common Era year is 2000 plus this value.

Data is a string that consists of the characters 0-9.

Min length: 2 Max length: 2
card.issueNumber Copied to clipboard Digits OPTIONAL

Issue number, as embossed on the card.

For cards such as Maestro.

Data is a string that consists of the characters 0-9.

Min length: 1 Max length: 2
card.number Copied to clipboard Digits REQUIRED

Credit card number as printed on the card.

Data is a string that consists of the characters 0-9.

Min length: 9 Max length: 19
card.securityCode Copied to clipboard Digits OPTIONAL

Card verification code, as printed on the back or front of the card.

Data is a string that consists of the characters 0-9.

Min length: 3 Max length: 4
card.start Copied to clipboard OPTIONAL

Start date, as shown on the card.

card.start.month Copied to clipboard Digits REQUIRED

Month, as shown on the card.

Months are numbered January=1, through to December=12.

Data is a number between 1 and 12 represented as a string.

card.start.year Copied to clipboard Digits REQUIRED

Year, as shown on the card.

The Common Era year is 2000 plus this value.

Data is a string that consists of the characters 0-9.

Min length: 2 Max length: 2
card.token Copied to clipboard Alphanumeric OPTIONAL

Uniquely identifies a card and associated details.

A value of "generated" indicates that the system should generate the token for the caller. The token must always be "generated" when performing stores with a Unique Card Number repository."generated" is not valid for retrieve operations.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 40
correlationId Copied to clipboard String OPTIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
merchant Copied to clipboard Alphanumeric + additional characters REQUIRED

Your identifier issued to you by your provider.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_'

Min length: 1 Max length: 40
transaction.currency Copied to clipboard Upper case alphabetic text OPTIONAL

The currency which should be used for acquirer card verification.

Not required for basic verification.

Data must consist of the characters A-Z

Min length: 3 Max length: 3

Response Copied to clipboard

Fields Copied to clipboard

card Copied to clipboard ALWAYS PROVIDED
card.bankAccountType Copied to clipboard Enumeration CONDITIONAL

The type of bank account the cardholder wishes to use for the transaction.

For example, Savings or Check.

Value must be a member of the following list. The values are case sensitive.

CHECK
SAVINGS
card.cardSequenceNumber Copied to clipboard Digits CONDITIONAL

The card sequence number for transactions where the data is read through a chip on the EMV card.

Data is a string that consists of the characters 0-9.

Min length: 3 Max length: 3
card.expiry Copied to clipboard CONDITIONAL

The expiry date as it appears on the card.

card.expiry.month Copied to clipboard Digits ALWAYS PROVIDED

Month, as shown on the card.

Months are numbered January=1, through to December=12.

Data is a number between 1 and 12 represented as a string.

card.expiry.year Copied to clipboard Digits ALWAYS PROVIDED

Year, as shown on the card.

The Common Era year is 2000 plus this value.

Data is a string that consists of the characters 0-9.

Min length: 2 Max length: 2
card.issueNumber Copied to clipboard Digits CONDITIONAL

The issue number embossed onto the card, for cards such as Maestro.

Data is a string that consists of the characters 0-9.

Min length: 0 Max length: 2
card.number Copied to clipboard Masked digits ALWAYS PROVIDED

The account number embossed onto the card with your masking settings applied or 6.4 whichever is more restrictive e.g. 000000xxxxxx0000.

Data is a string that consists of the characters 0-9, plus 'x' for masking

Min length: 9 Max length: 19
card.securityCodePresence Copied to clipboard Alphanumeric CONDITIONAL

The code used to indicate the existence of the Card Security Code value.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 2
card.start Copied to clipboard CONDITIONAL

The start date as it appears on the card.

card.start.month Copied to clipboard Digits ALWAYS PROVIDED

Month, as shown on the card.

Months are numbered January=1, through to December=12.

Data is a number between 1 and 12 represented as a string.

card.start.year Copied to clipboard Digits ALWAYS PROVIDED

Year, as shown on the card.

The Common Era year is 2000 plus this value.

Data is a string that consists of the characters 0-9.

Min length: 2 Max length: 2
card.token Copied to clipboard Alphanumeric CONDITIONAL

Uniquely identifies a card and associated details.

May be the token provided by the merchant, or a system-generated value. A system-generated token is 16 digits long, starts with 9, and is in the format of 9nnnnnnnnnnnnnnC, where n represents any number, and C represents a check digit such that the token will conform to the Luhn algorithm.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 40
card.type Copied to clipboard Enumeration ALWAYS PROVIDED

Card type of the supplied card.

Value must be a member of the following list. The values are case sensitive.

AMEX
AMEX_PURCHASE_CARD
BANAMEX_COSTCO
CARNET
CARTE_BANCAIRE
COSTCO_MEMBER_CREDIT
DINERS_CLUB
DISCOVER
EBT
ELO
FARMERS_CARD
JCB
LASER
MAESTRO
MASTERCARD
MASTERCARD_PURCHASE_CARD
OTHER
PRIVATE_LABEL_CARD
Q_CARD
RUPAY
SORIANA
TRUE_REWARDS
UATP
VISA
VISA_DEBIT
VISA_PURCHASE_CARD
correlationId Copied to clipboard String CONDITIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
merchant Copied to clipboard Alphanumeric + additional characters ALWAYS PROVIDED

Your identifier issued to you by your provider.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_'

Min length: 1 Max length: 40
response.acquirerCode Copied to clipboard ASCII Text CONDITIONAL

Value as generated by the acquirer that summarizes the success or otherwise of the proposed operation.

Data consists of ASCII characters

Min length: 1 Max length: 100
response.acquirerMessage Copied to clipboard ASCII Text CONDITIONAL

The response from the acquirer in the text form.

This field is used in addition to response.acquirerCode for some acquirers where additional information needs to be communicated. For example, contact details to allow the merchant to contact the issuer directly to seek authorisation for the transaction.

Data consists of ASCII characters

Min length: 1 Max length: 255
response.cardSecurityCode Copied to clipboard CONDITIONAL
response.cardSecurityCode.acquirerCode Copied to clipboard ASCII Text CONDITIONAL

The acquirer CSC response code generated by the card issuing institution.

Data consists of ASCII characters

Min length: 1 Max length: 100
response.cardSecurityCode.gatewayCode Copied to clipboard Enumeration CONDITIONAL

The card security code result generated to indicate whether the data supplied matches the data held by the cardholder's issuing bank.

Value must be a member of the following list. The values are case sensitive.

MATCH

Valid or matched.

NOT_PRESENT

Merchant indicated CSC not present on card.

NOT_PROCESSED

Not processed.

NOT_SUPPORTED

Card issuer is not registered and/or certified

NO_MATCH

Invalid or not matched.

response.gatewayCode Copied to clipboard Enumeration ALWAYS PROVIDED

Summary of the success or otherwise of the proposed operation.

Value must be a member of the following list. The values are case sensitive.

ABORTED

Transaction aborted by card holder

ACQUIRER_SYSTEM_ERROR

Acquirer system error occurred processing the transaction

APPROVED

Transaction Approved

AUTHENTICATION_FAILED

Payer authentication failed

BLOCKED

Transaction blocked due to Risk or 3D Secure blocking rules

CANCELLED

Transaction cancelled by card holder

DECLINED

The requested operation was not successful. For example, a payment was declined by issuer or payer authentication was not able to be successfully completed.

DECLINED_AVS

Transaction declined due to address verification

DECLINED_AVS_CSC

Transaction declined due to address verification and card security code

DECLINED_CSC

Transaction declined due to card security code

DECLINED_DO_NOT_CONTACT

Transaction declined - do not contact issuer

DECLINED_PAYMENT_PLAN

Transaction declined due to payment plan

DEFERRED_TRANSACTION_RECEIVED

Deferred transaction received and awaiting processing

DUPLICATE_BATCH

Transaction declined due to duplicate batch

EXCEEDED_RETRY_LIMIT

Transaction retry limit exceeded

EXPIRED_CARD

Transaction declined due to expired card

INSUFFICIENT_FUNDS

Transaction declined due to insufficient funds

INVALID_CSC

Invalid card security code

LOCK_FAILURE

Order locked - another transaction is in progress for this order

NOT_ENROLLED_3D_SECURE

Card holder is not enrolled in 3D Secure

NOT_SUPPORTED

Transaction type not supported

PENDING

Transaction is pending

REFERRED

Transaction declined - refer to issuer

SYSTEM_ERROR

Internal system error occurred processing the transaction

TIMED_OUT

The gateway has timed out the request to the acquirer because it did not receive a response. You can handle the transaction as a declined transaction. Where possible the gateway will attempt to reverse the transaction.

UNKNOWN

The transaction has been submitted to the acquirer but the gateway was not able to find out about the success or otherwise of the payment. If the gateway subsequently finds out about the success of the payment it will update the response code.

UNSPECIFIED_FAILURE

Transaction could not be processed

response.risk Copied to clipboard CONDITIONAL
response.risk.gatewayCode Copied to clipboard Enumeration CONDITIONAL

The overall result of risk assessment returned by the Payment Gateway for each authorization or pay transaction.

Value must be a member of the following list. The values are case sensitive.

ACCEPT

Order accepted

NOT_CHECKED

Merchant risk rules were not checked and system rules did not reject the Order

REJECT

Order rejected

REVIEW

Order marked for review

SYSTEM_REJECT

Order rejected due to system rule

response.risk.reversalTransactionResult Copied to clipboard Enumeration CONDITIONAL

The result of order reversal for each authorization or pay transaction that occurred due to risk assessment.

Orders rejected after the financial transaction due to risk assessment are automatically reversed by the system.

Value must be a member of the following list. The values are case sensitive.

FAIL

The attempt to Backout failed.

NOT_APPLICABLE

Backout was not possible (eg backout not supported)

OKAY

The attempt to Backout succeeded.

response.risk.reviewResult Copied to clipboard Enumeration CONDITIONAL

The decision made when the overall risk result returns Review.

Value must be a member of the following list. The values are case sensitive.

NOT_REQUIRED

No review required

ORDER_CANCELLED

The order has been cancelled and a reversal transaction was attempted

ORDER_RELEASED

The order has been released for processing

PENDING

A decision to release/cancel the order is pending

result Copied to clipboard Enumeration ALWAYS PROVIDED

A system-generated high level overall result of the transaction/operation.

Value must be a member of the following list. The values are case sensitive.

FAILURE

The operation was declined or rejected by the gateway, acquirer or issuer

PENDING

The operation is currently in progress or pending processing

SUCCESS

The operation was successfully processed

UNKNOWN

The result of the operation is unknown

Errors Copied to clipboard

error Copied to clipboard

Information on possible error conditions that may occur while processing an operation using the API.

error.cause Copied to clipboard Enumeration

Broadly categorizes the cause of the error.

For example, errors may occur due to invalid requests or internal system failures.

Value must be a member of the following list. The values are case sensitive.

INVALID_REQUEST

The request was rejected because it did not conform to the API protocol.

REQUEST_REJECTED

The request was rejected due to security reasons such as firewall rules, expired certificate, etc.

SERVER_BUSY

The server did not have enough resources to process the request at the moment.

SERVER_FAILED

There was an internal system failure.

error.explanation Copied to clipboard String

Textual description of the error based on the cause.

This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.

Data can consist of any characters

Min length: 1 Max length: 1000
error.supportCode Copied to clipboard String

Indicates the code that helps the support team to quickly identify the exact cause of the error.

This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.

Data can consist of any characters

Min length: 1 Max length: 100
result Copied to clipboard Enumeration

A system-generated high level overall result of the operation.

Value must be a member of the following list. The values are case sensitive.

ERROR

The operation resulted in an error and hence cannot be processed.