# Create a credit card payment method Note: This legacy API operation is no longer under active development. For more features, it is strongly recommended to use the Create a payment method operation. You can create a credit card payment method for a customer account or an orphan credit card payment method that is not associated with any customer account. This API call is CORS Enabled. Use client-side JavaScript to invoke the call. If you use this operation to create credit card payment methods instead of using the iFrame of Hosted Payment Pages, you are subject to PCI-compliance audit requirements. Endpoint: POST /v1/payment-methods/credit-cards Version: 2025-12-17 ## Header parameters: - `Idempotency-Key` (string) Specify a unique idempotency key if you want to perform an idempotent POST or PATCH request. Do not use this header in other request types. With this header specified, the Zuora server can identify subsequent retries of the same request using this value, which prevents the same operation from being performed multiple times by accident. - `Accept-Encoding` (string) Include the Accept-Encoding: gzip header to compress responses as a gzipped file. It can significantly reduce the bandwidth required for a response. If specified, Zuora automatically compresses responses that contain over 1000 bytes of data, and the response contains a Content-Encoding header with the compression algorithm so that your client can decompress it. - `Content-Encoding` (string) Include the Content-Encoding: gzip header to compress a request. With this header specified, you should upload a gzipped file for the request payload instead of sending the JSON payload. - `Authorization` (string) The value is in the Bearer {token} format where {token} is a valid OAuth token generated by calling Create an OAuth token. - `Zuora-Track-Id` (string) A custom identifier for tracing the API call. If you set a value for this header, Zuora returns the same value in the response headers. This header enables you to associate your system process identifiers with Zuora API calls, to assist with troubleshooting in the event of an issue. The value of this field must use the US-ASCII character set and must not include any of the following characters: colon (:), semicolon (;), double quote ("), and quote ('). - `Zuora-Entity-Ids` (string) An entity ID. If you have Zuora Multi-entity enabled and the OAuth token is valid for more than one entity, you must use this header to specify which entity to perform the operation in. If the OAuth token is only valid for a single entity, or you do not have Zuora Multi-entity enabled, you do not need to set this header. ## Request fields (application/json): - `accountKey` (string) ID of the customer account. To create an orphan payment method that is not associated with any customer account, you can skip this field. As soon as the account information is available, associate the payment method with an account through the [Update a payment method](https://developer.zuora.com/v1-api-reference/api/operation/PUT_PaymentMethod/) operation. Example: "8ad09be48db5aba7018db604776d4854" - `cardHolderInfo` (object) Container for cardholder information. If provided, Zuora will only use this information for this card. Otherwise, Zuora will use the account''s existing bill-to contact information for this card. - `cardHolderInfo.addressLine1` (string) First address line, 255 characters or less. - `cardHolderInfo.addressLine2` (string) Second address line, 255 characters or less. - `cardHolderInfo.cardHolderName` (string, required) The card holder's full name as it appears on the card, e.g., "John J Smith", 50 characters or less. - `cardHolderInfo.city` (string) City, 40 characters or less. - `cardHolderInfo.country` (string) Country, must be a valid country name or abbreviation. - `cardHolderInfo.email` (string) Card holder's email address, 80 characters or less. - `cardHolderInfo.phone` (string) Phone number, 40 characters or less. - `cardHolderInfo.state` (string) State; must be a valid state name or 2-character abbreviation. - `cardHolderInfo.zipCode` (string) Zip code, 20 characters or less. - `creditCardNumber` (string, required) Credit card number, a string of up to 16 characters. This field can only be set when creating a new payment method; it cannot be queried or updated. Example: "4111111111111111" - `creditCardType` (string, required) The type of the credit card. Possible values include Visa, MasterCard, AmericanExpress, Discover, JCB, and Diners. For more information about credit card types supported by different payment gateways, see [Supported Payment Gateways](https://knowledgecenter.zuora.com/CB_Billing/M_Payment_Gateways/Supported_Payment_Gateways). Example: "Visa" - `defaultPaymentMethod` (boolean) Specify true to make this card the default payment method; otherwise, omit this parameter to keep the current default payment method. - `expirationMonth` (integer, required) One or two digits expiration month (1-12). Example: 10 - `expirationYear` (integer, required) Four-digit expiration year. Example: 2021 - `gatewayOptions` (object) The field used to pass gateway-specific parameters and parameter values. Zuora sends all the information that you specified to the gateway. If you specify any unsupported gateway option parameters, they will be ignored without error prompts. - `gatewayOptions.key` (string) The name of a gateway-specific parameter. - `gatewayOptions.value` (string) The value of the gateway-specific parameter. - `mitConsentAgreementRef` (string) Specifies your reference for the stored credential consent agreement that you have established with the customer. Only applicable if you set the mitProfileAction field. - `mitConsentAgreementSrc` (string) Required if you set the mitProfileAction field. If you do not specify the mitProfileAction field, Zuora will automatically create a stored credential profile for the payment method, with the default value External set to this field. Enum: "External" - `mitNetworkTransactionId` (string) Specifies the ID of a network transaction. Only applicable if you set the mitProfileAction field to Persist. - `mitProfileAction` (string) Specifies how Zuora creates and activates a stored credential profile. If you do not specify this field, Zuora will automatically create a stored credential profile for the payment method, with the default value Activate set to this field. Enum: "Activate", "Persist" - `mitProfileAgreedOn` (string) The date on which the profile is agreed. The date format is yyyy-mm-dd. - `mitProfileType` (string) Required if you set the mitProfileAction field. Indicates the type of the stored credential profile to process recurring or unsecheduled transactions. If you do not specify the mitProfileAction field, Zuora will automatically create a stored credential profile for the payment method, with the default value Recurring set to this field. Enum: "Recurring", "Unscheduled" - `numConsecutiveFailures` (integer) The number of consecutive failed payments for this payment method. It is reset to 0 upon successful payment. - `securityCode` (string) The CVV or CVV2 security code for the credit card or debit card. Only required if changing expirationMonth, expirationYear, or cardHolderName. To ensure PCI compliance, this value isn't stored and can't be queried. ## Response 200 fields (application/json): - `paymentMethodId` (string) ID of the newly-created payment method. - `success` (boolean) Returns true if the request was processed successfully.