Create a payment method

You can use this operation to create either a payment method associated with a specific customer account, or an orphan payment method that is not associated with any customer account.

To view the applicable fields for each payment method type, select the payment method type from the type list. The following types of the payment methods are supported:

CreditCard - Credit card payment method.
CreditCardReferenceTransaction - Credit Card Reference Transaction. See Supported payment methods for payment gateways that support this type of payment method.
ACH - ACH payment method.
SEPA - Single Euro Payments Area.
Betalingsservice - Direct Debit DK.
Autogiro - Direct Debit SE.
Bacs - Direct Debit UK.
Becs - Direct Entry AU.
Becsnz - Direct Debit NZ.
PAD - Pre-Authorized Debit.
PayPalCP - PayPal Commerce Platform payment method. Use this type if you are using a PayPal Commerce Platform Gateway instance.
PayPalEC - PayPal Express Checkout payment method. Use this type if you are using a PayPal Payflow Pro Gateway instance.
PayPalNativeEC - PayPal Native Express Checkout payment method. Use this type if you are using a PayPal Express Checkout Gateway instance.
PayPalAdaptive - PayPal Adaptive payment method. Use this type if you are using a PayPal Adaptive Payment Gateway instance.
AdyenApplePay - Apple Pay on Adyen Integration v2.0. See Set up Adyen Apple Pay for details.
AdyenGooglePay - Google Pay on Adyen Integration v2.0. See Set up Adyen Google Pay for details.
GooglePay - Google Pay on Chase Paymentech Orbital gateway integration. See Set up Google Pay on Chase for details.

The fields marked as required must be specified when creating non-tokenized payment methods. For more information about the required fields for the tokenization of payment methods, see Create tokenized payment methods with existing tokens or account information.

Request

header Parameters

Idempotency-Key	string <= 255 characters Specify a unique idempotency key if you want to perform an idempotent POST or PATCH request. Do not use this header in other request types. With this header specified, the Zuora server can identify subsequent retries of the same request using this value, which prevents the same operation from being performed multiple times by accident.
Accept-Encoding	string Include the `Accept-Encoding: gzip` header to compress responses as a gzipped file. It can significantly reduce the bandwidth required for a response. If specified, Zuora automatically compresses responses that contain over 1000 bytes of data, and the response contains a `Content-Encoding` header with the compression algorithm so that your client can decompress it.
Content-Encoding	string Include the `Content-Encoding: gzip` header to compress a request. With this header specified, you should upload a gzipped file for the request payload instead of sending the JSON payload.
Authorization	string The value is in the `Bearer {token}` format where {token} is a valid OAuth token generated by calling Create an OAuth token.
Zuora-Track-Id	string <= 64 characters A custom identifier for tracing the API call. If you set a value for this header, Zuora returns the same value in the response headers. This header enables you to associate your system process identifiers with Zuora API calls, to assist with troubleshooting in the event of an issue. The value of this field must use the US-ASCII character set and must not include any of the following characters: colon (`:`), semicolon (`;`), double quote (`"`), and quote (`'`).
Zuora-Entity-Ids	string An entity ID. If you have Zuora Multi-entity enabled and the OAuth token is valid for more than one entity, you must use this header to specify which entity to perform the operation in. If the OAuth token is only valid for a single entity, or you do not have Zuora Multi-entity enabled, you should not set this header.
Zuora-Org-Ids	string Comma separated IDs. If you have Zuora Multi-Org enabled, you can use this header to specify which orgs to perform the operation in. If you do not have Zuora Multi-Org enabled, you should not set this header. The IDs must be a sub-set of the user's accessible orgs. If you specify an org that the user does not have access to, the operation fails. If the header is not set, the operation is performed in scope of the user's accessible orgs.

Request Body schema: application/json
required

type required	string Type of the payment method. The following types of the payment methods are supported: `CreditCard` `CreditCardReferenceTransaction` `ACH` `SEPA` `Betalingsservice` `Autogiro` `Bacs` `Becs` `Becsnz` `PAD` `PayPalCP` `PayPalEC` `PayPalNativeEC` `PayPalAdaptive` `AdyenApplePay` `AdyenGooglePay` `GooglePay` To view the schema and example applicable to a specific payment method type, select the corresponding option from the following list. CreditCard
required	object (cardHolderInfo) Container for cardholder information. The nested `cardHolderName` field is required.
cardMaskNumber	string The masked card number. Currently, this field is only supported on certain integrations. See this article for more information.
cardNumber required	string Credit card number.
cardType required	string The type of the credit card. Possible values include `Visa`, `MasterCard`, `AmericanExpress`, `Discover`, `JCB`, and `Diners`. For more information about credit card types supported by different payment gateways, see Supported Payment Gateways.
checkDuplicated	boolean Indicates whether the duplication check is performed when you create a new credit card payment method. The default value is `false`. With this field set to `true`, Zuora will check all active payment methods associated with the same billing account to ensure that no duplicate credit card payment methods are created. An error is returned if a duplicate payment method is found. The following fields are used for the duplication check: `cardHolderName` `expirationMonth` `expirationYear` `creditCardMaskNumber`. It is the masked credit card number generated by Zuora. For example, `**********1234`. This field is being deprecated.** To achieve the same purpose, use the `processingOptions` > `checkDuplicated` field of the payment method object.
expirationMonth required	integer One or two digit expiration month (1-12) of the credit card.
expirationYear required	integer Four-digit expiration year of the credit card.
identityNumber	string The identity number of the cardholder. This field is required for Credit Card payment methods in certain countries such as Brazil.
mitConsentAgreementRef	string <= 128 characters Specifies your reference for the stored credential consent agreement that you have established with the customer. Only applicable if you set the `mitProfileAction` field.
mitConsentAgreementSrc	string Required if you set the `mitProfileAction` field. Specifies how the consent agreement has been established with the customer. The allowed value is `External`. If you do not specify the `mitProfileAction` field, Zuora will automatically create a stored credential profile for the payment method, with the default value `External` set to this field. Value: "External"
mitNetworkTransactionId	string <= 128 characters Specifies the ID of a network transaction. Only applicable if you set the `mitProfileAction` field to `Persist`.
mitProfileAction	string Specifies how Zuora creates and activates the stored credential profile. `Activate` - Use this value if you are creating the stored credential profile after receiving the customer's consent. Zuora will create the stored credential profile then send a cardholder-initiated transaction (CIT) to the payment gateway to validate the stored credential profile. If the CIT succeeds, the status of the stored credential profile will be `Active`. If the CIT does not succeed, Zuora will not create a stored credential profile. If the payment gateway does not support the stored credential transaction framework, the status of the stored credential profile will be `Agreed`. `Persist` - Use this value if the stored credential profile represents a stored credential profile in an external system. The status of the payment method's stored credential profile will be `Active`. If you do not specify this field, Zuora will automatically create a stored credential profile for the payment method, with the default value `Activate` set to this field. Enum: "Activate" "Persist"
mitProfileAgreedOn	string <date> The date on which the profile is agreed. The date format is `yyyy-mm-dd`.
mitProfileType	string Required if you set the `mitProfileAction` field. Indicates the type of the stored credential profile to process recurring or unsecheduled transactions. If you do not specify the `mitProfileAction` field, Zuora will automatically create a stored credential profile for the payment method, with the default value `Recurring` set to this field. Enum: "Recurring" "Unscheduled"
screeningAmount	number <decimal> For Chase Paymentech Orbital Gateway integrations, if the Safetech Fraud service is enabled, use this field to pass in the amount used for fraud screening for Credit Card validation transactions. Two-decimal amount is supported. If the `screeningAmount` field is not specified, the authorization amount is used for fraud screening.
securityCode	string CVV or CVV2 security code of the credit card. To ensure PCI compliance, this value is not stored and cannot be queried.
	object To create tokenized payment methods, pass in the existing token information through the fields in this container. Currently, this field is only supported on certain integrations. See this article for more information.
tokenize	boolean Default: false Specify `true` to tokenize the payment method with the card information. Currently, this field is only supported on certain integrations. See this article for more information.
	object The container of the mandate information for the payment method.
	object The container for payment method processing options.
accountKey	string The customer account ID such as `2x92c0f859b0480f0159d3a4a6ee5bb6` or the customer account number such as `A02855638`. To create an orphan payment method that is not associated with any customer account, you can skip this field. As soon as the account information is available, associate the payment method with an account through the Update a payment method operation.
authGateway	string Internal ID of the payment gateway that Zuora will use to authorize the payments that are made with the payment method. If you do not set this field, Zuora will use one of the following payment gateways instead: The default payment gateway of the customer account that owns the payment method, if the `accountKey` field is set. The default payment gateway of your Zuora tenant, if the `accountKey` field is not set.
currencyCode	string The currency used for payment method authorization.
	object The field used to pass gateway-specific parameters and parameter values. The fields supported by gateways vary. For more information, see the Overview topic of each gateway integration in Zuora Knowledge Center. Zuora sends all the information that you specified to the gateway. If you specify any unsupported gateway option parameters, they will be ignored without error prompts.
ipAddress	string The IPv4 or IPv6 information of the user when the payment method is created or updated. Some gateways use this field for fraud prevention. If this field is passed to Zuora, Zuora directly passes it to gateways. If the IP address length is beyond 45 characters, a validation error occurs. For validating SEPA payment methods on Stripe v2, this field is required.
makeDefault	boolean Default: false Specifies whether the payment method will be the default payment method of the customer account that owns the payment method. Only applicable if the `accountKey` field is set. When you set this field to `true`, make sure the payment method is supported by the default payment gateway.
skipValidation	boolean Default: false Specify whether to skip the validation of the information through the payment gateway. For example, when migrating your payment methods, you can set this field to `true` to skip the validation.
property name* additional property	any Custom fields of the payment method. The name of each custom field has the form `customField__c`. Custom field names are case sensitive. See Manage Custom Fields for more information.

Responses

200

500

Internal Server Error

4XX

Request Errors

post/v1/payment-methods

Request samples

Payload
cURL

application/json

{"accountKey": "8ad09be48db5aba7018db604776d4854",
"type": "CreditCard",
"cardType": "Visa",
"cardNumber": "4111111111111111",
"expirationMonth": 12,
"expirationYear": 2028,
"cardHolderInfo": {"cardHolderName": "Amy Lawrence"
}
}

Response samples

application/json

{"id": "2c92a09650a7a80a0150ab50a5b746bd",
"success": true
}