MasterCard Payment Gateway API Reference: Operations -
Version 3,
Protocol: REST-JSON

Save card

Request to store a card for later retrieval via token. If a Unique Token repository is used, the card details are stored or updated against the provided token. If no token is provided, one is generated.

If a Unique Card Number repository is used and the card details have not previously been stored, a new system-generated token is used, otherwise the existing token is updated with the card details (the card number cannot be changed).

URL https://ap-gateway.mastercard.com/api/rest/version/3/merchant/{merchantid}/token/{tokenid}
HTTP Method PUT
Authentication This operation requires authentication via one of the following methods:
  • Certificate authentication.
  • Basic HTTP authentication as described at w3.org. To authenticate to the API, leave the userid portion (to the left of the colon) blank and fill the password section with the API password provided to you.

Request Parameters

action.tokenOperation  String =SAVE FIXED

Existence
FIXED
Fixed value
SAVE
Validation Rules
Any sequence of zero or more unicode characters.
XSD type
string

card   = COMPULSORY

Fixed value

card.expiry   = COMPULSORY

Expiry date, as shown on the card.
Fixed value

card.expiry.month  Digits = COMPULSORY

Month, as shown on the card.
Months are numbered January=1, through to December=12.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a number between 1 and 12 represented as a string.
JSON type
String

card.expiry.year  Digits = COMPULSORY

Year, as shown on the card.
The Common Era year is 2000 plus this value.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
2
maximum length
2

card.number  Digits = COMPULSORY

Credit card number as printed on the card.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
9
maximum length
19

action.tokenOperation  String =SAVE FIXED

Existence
FIXED
Fixed value
SAVE
Validation Rules
Any sequence of zero or more unicode characters.
XSD type
string

card   = COMPULSORY

Fixed value

card.bankAccountType  Enumeration = OPTIONAL

The type of bank account the cardholder wishes to use for the transaction.
For example, Savings or Check.
Existence
OPTIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
CHECK
SAVINGS

card.expiry   = COMPULSORY

Expiry date, as shown on the card.
Fixed value

card.expiry.month  Digits = COMPULSORY

Month, as shown on the card.
Months are numbered January=1, through to December=12.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a number between 1 and 12 represented as a string.
JSON type
String

card.expiry.year  Digits = COMPULSORY

Year, as shown on the card.
The Common Era year is 2000 plus this value.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
2
maximum length
2

card.issueNumber  Digits = OPTIONAL

Issue number, as embossed on the card.
For cards such as Maestro.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
1
maximum length
2

card.number  Digits = COMPULSORY

Credit card number as printed on the card.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
9
maximum length
19

card.securityCode  Digits = OPTIONAL

Card verification code, as printed on the back or front of the card.
Existence
OPTIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
3
maximum length
4

card.start   = OPTIONAL

Start date, as shown on the card.
Fixed value

card.start.month  Digits = COMPULSORY

Month, as shown on the card.
Months are numbered January=1, through to December=12.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a number between 1 and 12 represented as a string.
JSON type
String

card.start.year  Digits = COMPULSORY

Year, as shown on the card.
The Common Era year is 2000 plus this value.
Existence
COMPULSORY
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
2
maximum length
2

correlationId  String = OPTIONAL

A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Existence
OPTIONAL
Fixed value
Validation Rules
Data can consist of any characters
XSD type
string
minimum length
1
maximum length
100

transaction.currency  Upper case alphabetic text = OPTIONAL

The currency which should be used for acquirer card verification.
Not required for basic verification.
Existence
OPTIONAL
Fixed value
Validation Rules
Data must consist of the characters A-Z
JSON type
String
minimum length
3
maximum length
3

{merchantid}  Alphanumeric + additional characters COMPULSORY

Your identifier issued to you by your provider.
Existence
COMPULSORY
Validation Rules
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
XSD type
string
minimum length
1
maximum length
40

{tokenid}  Alphanumeric COMPULSORY

Uniquely identifies a card and associated details.
A value of "generated" indicates that the system should generate the token for the caller. The token must always be "generated" when performing stores with a Unique Card Number repository."generated" is not valid for retrieve operations.
Existence
COMPULSORY
Validation Rules
Data may consist of the characters 0-9, a-z, A-Z
XSD type
string
minimum length
1
maximum length
40

Response Parameters

card   = Always Provided

Fixed value

card.number  Masked digits = Always Provided

The account number embossed onto the card with your masking settings applied or 6.4 whichever is more restrictive e.g. 000000xxxxxx0000.
Existence
Always Provided
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9, plus 'x' for masking
JSON type
String
minimum length
9
maximum length
19

card.type  Enumeration = Always Provided

Card type of the supplied card.
Existence
Always Provided
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
AMEX
AMEX_PURCHASE_CARD
BANAMEX_COSTCO
CARNET
CARTE_BANCAIRE
COSTCO_MEMBER_CREDIT
DINERS_CLUB
DISCOVER
EBT
ELO
FARMERS_CARD
JCB
LASER
MAESTRO
MASTERCARD
MASTERCARD_PURCHASE_CARD
OTHER
PRIVATE_LABEL_CARD
Q_CARD
RUPAY
SORIANA
TRUE_REWARDS
UATP
VISA
VISA_DEBIT
VISA_PURCHASE_CARD

merchant  Alphanumeric + additional characters = Always Provided

Your identifier issued to you by your provider.
Existence
Always Provided
Fixed value
Validation Rules
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
JSON type
String
minimum length
1
maximum length
40

response.gatewayCode  Enumeration = Always Provided

Summary of the success or otherwise of the proposed operation.
Existence
Always Provided
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
ABORTED
Transaction aborted by card holder
ACQUIRER_SYSTEM_ERROR
Acquirer system error occurred processing the transaction
APPROVED
Transaction Approved
AUTHENTICATION_FAILED
Payer authentication failed
BLOCKED
Transaction blocked due to Risk or 3D Secure blocking rules
CANCELLED
Transaction cancelled by card holder
DECLINED
The requested operation was not successful. For example, a payment was declined by issuer or payer authentication was not able to be successfully completed.
DECLINED_AVS
Transaction declined due to address verification
DECLINED_AVS_CSC
Transaction declined due to address verification and card security code
DECLINED_CSC
Transaction declined due to card security code
DECLINED_DO_NOT_CONTACT
Transaction declined - do not contact issuer
DECLINED_PAYMENT_PLAN
Transaction declined due to payment plan
DEFERRED_TRANSACTION_RECEIVED
Deferred transaction received and awaiting processing
DUPLICATE_BATCH
Transaction declined due to duplicate batch
EXCEEDED_RETRY_LIMIT
Transaction retry limit exceeded
EXPIRED_CARD
Transaction declined due to expired card
INSUFFICIENT_FUNDS
Transaction declined due to insufficient funds
INVALID_CSC
Invalid card security code
LOCK_FAILURE
Order locked - another transaction is in progress for this order
NOT_ENROLLED_3D_SECURE
Card holder is not enrolled in 3D Secure
NOT_SUPPORTED
Transaction type not supported
PENDING
Transaction is pending
REFERRED
Transaction declined - refer to issuer
SUBMITTED
The transaction has successfully been created in the gateway. It is either awaiting submission to the acquirer or has been submitted to the acquirer but the gateway has not yet received a response about the success or otherwise of the payment.
SYSTEM_ERROR
Internal system error occurred processing the transaction
TIMED_OUT
The gateway has timed out the request to the acquirer because it did not receive a response. You can handle the transaction as a declined transaction. Where possible the gateway will attempt to reverse the transaction.
UNKNOWN
The transaction has been submitted to the acquirer but the gateway was not able to find out about the success or otherwise of the payment. If the gateway subsequently finds out about the success of the payment it will update the response code.
UNSPECIFIED_FAILURE
Transaction could not be processed

result  Enumeration = Always Provided

A system-generated high level overall result of the transaction/operation.
Existence
Always Provided
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
FAILURE
The operation was declined or rejected by the gateway, acquirer or issuer
PENDING
The operation is currently in progress or pending processing
SUCCESS
The operation was successfully processed
UNKNOWN
The result of the operation is unknown

card   = Always Provided

Fixed value

card.bankAccountType  Enumeration = CONDITIONAL

The type of bank account the cardholder wishes to use for the transaction.
For example, Savings or Check.
Existence
CONDITIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
CHECK
SAVINGS

card.cardSequenceNumber  Digits = CONDITIONAL

The card sequence number for transactions where the data is read through a chip on the EMV card.
Existence
CONDITIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
3
maximum length
3

card.expiry   = CONDITIONAL

The expiry date as it appears on the card.
Fixed value

card.expiry.month  Digits = Always Provided

Month, as shown on the card.
Months are numbered January=1, through to December=12.
Existence
Always Provided
Fixed value
Validation Rules
Data is a number between 1 and 12 represented as a string.
JSON type
String

card.expiry.year  Digits = Always Provided

Year, as shown on the card.
The Common Era year is 2000 plus this value.
Existence
Always Provided
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
2
maximum length
2

card.issueNumber  Digits = CONDITIONAL

The issue number embossed onto the card, for cards such as Maestro.
Existence
CONDITIONAL
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
0
maximum length
2

card.number  Masked digits = Always Provided

The account number embossed onto the card with your masking settings applied or 6.4 whichever is more restrictive e.g. 000000xxxxxx0000.
Existence
Always Provided
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9, plus 'x' for masking
JSON type
String
minimum length
9
maximum length
19

card.securityCodePresence  Alphanumeric = CONDITIONAL

The code used to indicate the existence of the Card Security Code value.
Existence
CONDITIONAL
Fixed value
Validation Rules
Data may consist of the characters 0-9, a-z, A-Z
JSON type
String
minimum length
1
maximum length
2

card.start   = CONDITIONAL

The start date as it appears on the card.
Fixed value

card.start.month  Digits = Always Provided

Month, as shown on the card.
Months are numbered January=1, through to December=12.
Existence
Always Provided
Fixed value
Validation Rules
Data is a number between 1 and 12 represented as a string.
JSON type
String

card.start.year  Digits = Always Provided

Year, as shown on the card.
The Common Era year is 2000 plus this value.
Existence
Always Provided
Fixed value
Validation Rules
Data is a string that consists of the characters 0-9.
JSON type
String
minimum length
2
maximum length
2

card.token  Alphanumeric = CONDITIONAL

Uniquely identifies a card and associated details.
May be the token provided by the merchant, or a system-generated value. A system-generated token is 16 digits long, starts with 9, and is in the format of 9nnnnnnnnnnnnnnC, where n represents any number, and C represents a check digit such that the token will conform to the Luhn algorithm.
Existence
CONDITIONAL
Fixed value
Validation Rules
Data may consist of the characters 0-9, a-z, A-Z
JSON type
String
minimum length
1
maximum length
40

card.type  Enumeration = Always Provided

Card type of the supplied card.
Existence
Always Provided
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
AMEX
AMEX_PURCHASE_CARD
BANAMEX_COSTCO
CARNET
CARTE_BANCAIRE
COSTCO_MEMBER_CREDIT
DINERS_CLUB
DISCOVER
EBT
ELO
FARMERS_CARD
JCB
LASER
MAESTRO
MASTERCARD
MASTERCARD_PURCHASE_CARD
OTHER
PRIVATE_LABEL_CARD
Q_CARD
RUPAY
SORIANA
TRUE_REWARDS
UATP
VISA
VISA_DEBIT
VISA_PURCHASE_CARD

correlationId  String = CONDITIONAL

A transient identifier for the request, that can be used to match the response to the request.
The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.
Existence
CONDITIONAL
Fixed value
Validation Rules
Data can consist of any characters
XSD type
string
minimum length
1
maximum length
100

merchant  Alphanumeric + additional characters = Always Provided

Your identifier issued to you by your provider.
Existence
Always Provided
Fixed value
Validation Rules
Data may consist of the characters 0-9, a-z, A-Z, '-', '_'
JSON type
String
minimum length
1
maximum length
40

response.acquirerCode  ASCII Text = CONDITIONAL

Value as generated by the acquirer that summarizes the success or otherwise of the proposed operation.
Existence
CONDITIONAL
Fixed value
Validation Rules
Data consists of ASCII characters
JSON type
String
minimum length
1
maximum length
100

response.acquirerMessage  ASCII Text = CONDITIONAL

The response from the acquirer in the text form.
This field is used in addition to response.acquirerCode for some acquirers where additional information needs to be communicated. For example, contact details to allow the merchant to contact the issuer directly to seek authorisation for the transaction.
Existence
CONDITIONAL
Fixed value
Validation Rules
Data consists of ASCII characters
JSON type
String
minimum length
1
maximum length
255

response.cardSecurityCode   = CONDITIONAL

Fixed value

response.cardSecurityCode.acquirerCode  ASCII Text = CONDITIONAL

The acquirer CSC response code generated by the card issuing institution.
Existence
CONDITIONAL
Fixed value
Validation Rules
Data consists of ASCII characters
JSON type
String
minimum length
1
maximum length
100

response.cardSecurityCode.gatewayCode  Enumeration = CONDITIONAL

The card security code result generated to indicate whether the data supplied matches the data held by the cardholder's issuing bank.
Existence
CONDITIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
MATCH
Valid or matched.
NOT_PRESENT
Merchant indicated CSC not present on card.
NOT_PROCESSED
Not processed.
NOT_SUPPORTED
Card issuer is not registered and/or certified
NO_MATCH
Invalid or not matched.

response.gatewayCode  Enumeration = Always Provided

Summary of the success or otherwise of the proposed operation.
Existence
Always Provided
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
ABORTED
Transaction aborted by card holder
ACQUIRER_SYSTEM_ERROR
Acquirer system error occurred processing the transaction
APPROVED
Transaction Approved
AUTHENTICATION_FAILED
Payer authentication failed
BLOCKED
Transaction blocked due to Risk or 3D Secure blocking rules
CANCELLED
Transaction cancelled by card holder
DECLINED
The requested operation was not successful. For example, a payment was declined by issuer or payer authentication was not able to be successfully completed.
DECLINED_AVS
Transaction declined due to address verification
DECLINED_AVS_CSC
Transaction declined due to address verification and card security code
DECLINED_CSC
Transaction declined due to card security code
DECLINED_DO_NOT_CONTACT
Transaction declined - do not contact issuer
DECLINED_PAYMENT_PLAN
Transaction declined due to payment plan
DEFERRED_TRANSACTION_RECEIVED
Deferred transaction received and awaiting processing
DUPLICATE_BATCH
Transaction declined due to duplicate batch
EXCEEDED_RETRY_LIMIT
Transaction retry limit exceeded
EXPIRED_CARD
Transaction declined due to expired card
INSUFFICIENT_FUNDS
Transaction declined due to insufficient funds
INVALID_CSC
Invalid card security code
LOCK_FAILURE
Order locked - another transaction is in progress for this order
NOT_ENROLLED_3D_SECURE
Card holder is not enrolled in 3D Secure
NOT_SUPPORTED
Transaction type not supported
PENDING
Transaction is pending
REFERRED
Transaction declined - refer to issuer
SUBMITTED
The transaction has successfully been created in the gateway. It is either awaiting submission to the acquirer or has been submitted to the acquirer but the gateway has not yet received a response about the success or otherwise of the payment.
SYSTEM_ERROR
Internal system error occurred processing the transaction
TIMED_OUT
The gateway has timed out the request to the acquirer because it did not receive a response. You can handle the transaction as a declined transaction. Where possible the gateway will attempt to reverse the transaction.
UNKNOWN
The transaction has been submitted to the acquirer but the gateway was not able to find out about the success or otherwise of the payment. If the gateway subsequently finds out about the success of the payment it will update the response code.
UNSPECIFIED_FAILURE
Transaction could not be processed

response.risk   = CONDITIONAL

Fixed value

response.risk.gatewayCode  Enumeration = CONDITIONAL

The overall result of risk assessment returned by the Payment Gateway for each authorization or pay transaction.
Existence
CONDITIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
ACCEPT
Order accepted
NOT_CHECKED
Merchant risk rules were not checked and system rules did not reject the Order
REJECT
Order rejected
REVIEW
Order marked for review
SYSTEM_REJECT
Order rejected due to system rule

response.risk.reversalTransactionResult  Enumeration = CONDITIONAL

The result of order reversal for each authorization or pay transaction that occurred due to risk assessment.
Orders rejected after the financial transaction due to risk assessment are automatically reversed by the system.
Existence
CONDITIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
FAIL
The attempt to Backout failed.
NOT_APPLICABLE
Backout was not possible (eg backout not supported)
OKAY
The attempt to Backout succeeded.

response.risk.reviewResult  Enumeration = CONDITIONAL

The decision made when the overall risk result returns Review.
Existence
CONDITIONAL
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
NOT_REQUIRED
No review required
ORDER_CANCELLED
The order has been cancelled and a reversal transaction was attempted
ORDER_RELEASED
The order has been released for processing
PENDING
A decision to release/cancel the order is pending

result  Enumeration = Always Provided

A system-generated high level overall result of the transaction/operation.
Existence
Always Provided
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
FAILURE
The operation was declined or rejected by the gateway, acquirer or issuer
PENDING
The operation is currently in progress or pending processing
SUCCESS
The operation was successfully processed
UNKNOWN
The result of the operation is unknown

error   = CONDITIONAL

Information on possible error conditions that may occur while processing an operation using the API.
Fixed value

error.cause  Enumeration = CONDITIONAL

Broadly categorizes the cause of the error.
For example, errors may occur due to invalid requests or internal system failures.
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
INVALID_REQUEST
The request was rejected because it did not conform to the API protocol.
REQUEST_REJECTED
The request was rejected due to security reasons such as firewall rules, expired certificate, etc.
SERVER_BUSY
The server did not have enough resources to process the request at the moment.
SERVER_FAILED
There was an internal system failure.

error.explanation  String = CONDITIONAL

Textual description of the error based on the cause.
This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
1000

error.supportCode  String = CONDITIONAL

Indicates the code that helps the support team to quickly identify the exact cause of the error.
This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.
Fixed value
Validation Rules
Data can consist of any characters
JSON type
String
minimum length
1
maximum length
100

result  Enumeration = CONDITIONAL

A system-generated high level overall result of the operation.
Fixed value
Validation Rules
JSON type
String
Value must be a member of the following list. The values are case sensitive.
ERROR
The operation resulted in an error and hence cannot be processed.

Copyright © 2023 MasterCard