WePay

The /credit_card API calls

The "credit card" object represents a user's credit card and can be used to tokenize credit cards. The following calls let you create, view, and modify "credit card" objects on WePay:

PCI Compliance

While WePay CC Tokenization API greatly reduces the scope of PCI Compliance and increases your security, you're still required to be compliant with the Payment Card Industry Data Security Standards (PCI-DSS) and the Payment Application Data Security Standards (PA-DSS) whenever applicable.

If you don't want to deal with PCI compliance, we recommend that you use our iframe checkout. See the charge a customer tutorial.

Use of the CC Tokenization feature will require special approval from WePay. Please apply for approval on your application's dashboard.

Credit Card States

The "credit card" object has the following states and possible state transitions:

new
The credit card was just created by the application.
authorized
The credit card has been authorized either with an immediate charge or the /credit_card/authorize call. You can use the credit_card_id to charge this card in the future.
expired
The credit card was created but you did not charge the card or call /credit_card/authorize within 30 minutes.
deleted
The credit card has been deleted.
invalid
You tried to charge or authorize the card but the response we received indicated that the card is completely invalid and can never be charged (ex, billing address check (AVS) failure).

API Credit Card State Diagram

/credit_card

This call allows you to lookup the details of the a credit card that you have tokenized.

Arguments:

Parameter Required Type Description
client_id Yes Integer (64 bits) The ID for your API application. You can find it on your application's dashboard.
client_secret Yes String (255 chars) The secret for your API application. You can find it on your application's dashboard.
credit_card_id Yes Integer (64 bits) The unique ID of the credit_card you want to look up.

Example:

{
  "client_id":12345
  "client_secret":"asbasf2341",
  "credit_card_id":235810395803
}

Response:

Response Type Description
credit_card_id Integer (64 bits) The unique ID of the credit_card.
credit_card_name String (255 chars) The string that identifies the credit_card such as MasterCard xxxxxx4769.
state String (255 chars) The state that the credit card is in.
user_name String (255 chars) The name on the card (ie "Bob Smith").
email String (255 chars) The email address of the user who owns the card.
create_time Integer (64 bits) The unixtime when the credit_card was created.
input_source String (255 chars) The input source of the credit card. Possible values are card_keyed, card_swiped, google_wallet and card_transfer.
reference_id String (255 chars) The unique reference ID of the credit_card.
expiration_month Integer (32 bits) The expiration month on the credit card.
expiration_year Integer (32 bits) The expiration year on the credit card.
last_four String (4 chars) The last four digits of the credit card number.

Example:

{
  "credit_card_id":235810395803,
  "credit_card_name":"MasterCard xxxxxx4769",
  "state":"new",
  "user_name":"Bob Smith",
  "email":"bob.smith@example.com",
  "create_time":1367958263,
  "input_source":"card_keyed",
  "reference_id":"123abc",
  "expiration_month": 4,
  "expiration_year": 2020,
  "last_four": "4769"
}

/credit_card/create

This call allows you to pass credit card information and receive back a credit_card_id. You will then be able to use that credit_card_id on the /checkout/create call to execute a payment immediately with that credit card (similar to how the preapproval_id on /checkout/create works). Note that you will need to call the /checkout/create call or the /credit_card/authorize call within 30 minutes or the credit card object will expire.

Note: If you pass an access_token on this call, the credit card will be added to the user associated with that access_token. If you want to do a guest payment (ie the payer is not registered on WePay), then do not pass an access_token.

Note: User contact information (especially e-mail) is key for risk analysis, so please make sure you provide the actual end-user contact information.

Arguments:

Parameter Required Type Description
client_id Yes Integer (64 bits) The ID for your API application. You can find it on your app dashboard.
cc_number Yes String (255 chars) The number on the credit card.
cvv Yes Integer (32 bits) The CVV (AKA card security code, CVV2, CVC etc) on the card.
expiration_month Yes Integer (32 bits) The expiration month on the credit card.
expiration_year Yes Integer (32 bits) The expiration year on the credit card.
user_name Yes String (255 chars) The full name of the user that the card belongs to.
email Yes String (255 chars) Valid email address of the user the card belongs to. If the e-mail belongs to the merchant, the API partner, or is invalid, the transaction may be canceled for risk reasons.
address Yes Address Structure The billing address on the card (a valid JSON object, not a JSON serialized string).
original_ip No String (16 chars) The IP address of the user this card belongs to. This should be sent if you are not using WePay's Javascript library.
original_device No String (255 chars) The user-agent (for web) or the IMEI (for mobile) of the user this card belongs to. This should be sent if you are not using WePay's Javascript library.
reference_id No String (255 chars) The unique reference ID of the credit_card.

Example:

{
  "client_id":187493,
  "user_name":"Bob Smith",
  "email":"test@example.com",
  "cc_number":"5496198584584769",
  "cvv":"123",
  "expiration_month":4,
  "expiration_year":2020,
  "address":
  {
    "address1":"test",
    "city":"test",
    "state":"CA",
    "country":"US",
    "zip":"94025"
  }
}

Response:

Response Type Description
credit_card_id Integer (64 bits) The unique ID of the credit_card.
state String (255 chars) The state that the credit card is in.

Example:

{
  "credit_card_id":235810395803,
  "state":"new"
}

/credit_card/authorize

You should only use this call if you are not going to immediately make the /checkout/create call with the credit_card_id. This call will authorize the card and let you use it at a later time or date (for crowdfunding, subscriptions, etc). If you don't call /credit_card/authorize or /checkout/create within 30 minutes then the credit card object will expire.

Arguments:

Parameter Required Type Description
client_id Yes Integer (64 bits) The ID for your API application. You can find it on your app dashboard.
client_secret Yes String (255 chars) The secret for your API application. You can find it on your app dashboard.
credit_card_id Yes Integer (64 bits) The unique ID of the credit_card you want to authorize.

Example:

{
  "client_id":12345
  "client_secret":"asbasf2341",
  "credit_card_id":235810395803
}

Response:

Response Type Description
credit_card_id Integer (64 bits) The unique ID of the credit_card.
credit_card_name String (255 chars) The string that identifies the credit_card such as MasterCard xxxxxx4769.
state String (255 chars) The state that the credit card is in.
user_name String (255 chars) The name on the card (ie "Bob Smith").
email String (255 chars) The email address of the user who owns the card.
create_time Integer (64 bits) The unixtime when the credit_card was created.
input_source String (255 chars) The input source of the credit card. Possible values are card_keyed, card_swiped, google_wallet and card_transfer.
reference_id String (255 chars) The unique reference ID of the credit_card.

Example:

{
  "credit_card_id":235810395803,
  "credit_card_name":"MasterCard xxxxxx4769",
  "state":"new",
  "user_name":"Bob Smith",
  "email":"bob.smith@example.com",
  "create_time":1367958263,
  "input_source":"card_keyed",
  "reference_id":"123abc"
}

/credit_card/find

Search through tokenized credit cards.

Arguments:

Parameter Required Type Description
client_id Yes Integer (64 bits) The ID for your API application. You can find it on your app dashboard.
client_secret Yes String (255 chars) The secret for your API application. You can find it on your app dashboard.
reference_id No String (255 chars) The reference ID of the credit_card you want to find.
limit No Integer (64 bits) The maximum number of results you want returned. Defaults to 50.
start No Integer (64 bits) The start position for your search (default 0)..
sort_order No String (255 chars) Sort the results of the search by time created. Use 'DESC' for most recent to least recent. Use 'ASC' for least recent to most recent. Defaults to 'DESC'.

Example:

{
  "client_id":12345
  "client_secret":"asbasf2341",
  "reference_id":"abc123"
}

Response:

An array of credit_cards matching the search parameters. Each element of the array will include the same data as returned from the /credit_card call.

/credit_card/delete

Delete the credit card when you don't need it anymore. Note that you won't be able to use this card to make payments any more.

Arguments:

Parameter Required Type Description
client_id Yes Integer (64 bits) The ID for your API application. You can find it on your app dashboard.
client_secret Yes String (255 chars) The secret for your API application. You can find it on your app dashboard.
credit_card_id Yes Integer (64 bits) The unique ID of the credit_card you want to delete.

Example:

{
  "client_id":12345
  "client_secret":"asbasf2341",
  "credit_card_id":235810395803
}

Response:

Response Type Description
credit_card_id Integer (64 bits) The unique ID of the credit_card.
state String (255 chars) The state that the credit card is in.

Example:

{
  "credit_card_id":235810395803,
  "state":"deleted"
}