Create a credit card payment method

Note: This legacy API operation is no longer under active development. For more features, it is strongly recommended to use the Create a payment method operation.

You can create a credit card payment method for a customer account or an orphan credit card payment method that is not associated with any customer account.

This API call is CORS Enabled. Use client-side JavaScript to invoke the call.

If you use this operation to create credit card payment methods instead of using the iFrame of Hosted Payment Pages, you are subject to PCI-compliance audit requirements.

Request
header Parameters
Idempotency-Key
string <= 255 characters

Specify a unique idempotency key if you want to perform an idempotent POST or PATCH request. Do not use this header in other request types.

With this header specified, the Zuora server can identify subsequent retries of the same request using this value, which prevents the same operation from being performed multiple times by accident.

Accept-Encoding
string

Include the Accept-Encoding: gzip header to compress responses as a gzipped file. It can significantly reduce the bandwidth required for a response.

If specified, Zuora automatically compresses responses that contain over 1000 bytes of data, and the response contains a Content-Encoding header with the compression algorithm so that your client can decompress it.

Content-Encoding
string

Include the Content-Encoding: gzip header to compress a request. With this header specified, you should upload a gzipped file for the request payload instead of sending the JSON payload.

Authorization
string

The value is in the Bearer {token} format where {token} is a valid OAuth token generated by calling Create an OAuth token.

Zuora-Track-Id
string <= 64 characters

A custom identifier for tracing the API call. If you set a value for this header, Zuora returns the same value in the response headers. This header enables you to associate your system process identifiers with Zuora API calls, to assist with troubleshooting in the event of an issue.

The value of this field must use the US-ASCII character set and must not include any of the following characters: colon (:), semicolon (;), double quote ("), and quote (').

Zuora-Entity-Ids
string

An entity ID. If you have Zuora Multi-entity enabled and the OAuth token is valid for more than one entity, you must use this header to specify which entity to perform the operation in. If the OAuth token is only valid for a single entity, or you do not have Zuora Multi-entity enabled, you do not need to set this header.

Request Body schema: application/json
required
accountKey
string

ID of the customer account. To create an orphan payment method that is not associated with any customer account, you can skip this field. As soon as the account information is available, associate the payment method with an account through the Update a payment method operation.

object (cardHolderInfo)

Container for cardholder information. If provided, Zuora will only use this information for this card. Otherwise, Zuora will use the account''s existing bill-to contact information for this card.

creditCardNumber
required
string

Credit card number, a string of up to 16 characters. This field can only be set when creating a new payment method; it cannot be queried or updated.

creditCardType
required
string

The type of the credit card.

Possible values include Visa, MasterCard, AmericanExpress, Discover, JCB, and Diners. For more information about credit card types supported by different payment gateways, see Supported Payment Gateways.

defaultPaymentMethod
boolean

Specify true to make this card the default payment method; otherwise, omit this parameter to keep the current default payment method.

expirationMonth
required
integer

One or two digits expiration month (1-12).

expirationYear
required
integer

Four-digit expiration year.

object

The field used to pass gateway-specific parameters and parameter values.

Zuora sends all the information that you specified to the gateway. If you specify any unsupported gateway option parameters, they will be ignored without error prompts.

mitConsentAgreementRef
string <= 128 characters

Specifies your reference for the stored credential consent agreement that you have established with the customer. Only applicable if you set the mitProfileAction field.

mitConsentAgreementSrc
string

Required if you set the mitProfileAction field. If you do not specify the mitProfileAction field, Zuora will automatically create a stored credential profile for the payment method, with the default value External set to this field.

Value: "External"
mitNetworkTransactionId
string <= 128 characters

Specifies the ID of a network transaction. Only applicable if you set the mitProfileAction field to Persist.

mitProfileAction
string

Specifies how Zuora creates and activates a stored credential profile. If you do not specify this field, Zuora will automatically create a stored credential profile for the payment method, with the default value Activate set to this field.

Enum: "Activate" "Persist"
mitProfileAgreedOn
string <date>

The date on which the profile is agreed. The date format is yyyy-mm-dd.

mitProfileType
string

Required if you set the mitProfileAction field. Indicates the type of the stored credential profile to process recurring or unsecheduled transactions. If you do not specify the mitProfileAction field, Zuora will automatically create a stored credential profile for the payment method, with the default value Recurring set to this field.

Enum: "Recurring" "Unscheduled"
numConsecutiveFailures
integer <int32> [ 0 .. 100 ]

The number of consecutive failed payments for this payment method. It is reset to 0 upon successful payment.

securityCode
string

The CVV or CVV2 security code for the credit card or debit card. Only required if changing expirationMonth, expirationYear, or cardHolderName. To ensure PCI compliance, this value isn't stored and can't be queried.

property name*
additional property
any

Custom fields of the payment method. The name of each custom field has the form customField__c. Custom field names are case sensitive. See Manage Custom Fields for more information.

Responses
200
post/v1/payment-methods/credit-cards
Request samples
application/json
{
  • "accountKey": "8ad09be48db5aba7018db604776d4854",
  • "creditCardType": "Visa",
  • "creditCardNumber": "4111111111111111",
  • "expirationMonth": 10,
  • "expirationYear": 2021
}
Response samples
application/json
{
  • "paymentMethodId": "2c92c8f83dcbd8b1013dcce1d6a60",
  • "success": true
}