Create or Update Browser Payment Token

Request the gateway to create or update a token that references a source of funds stored with a payment provider such as PayPal.

Use this operation to initiate a browser interaction, in which the payer authorizes you to make subsequent payments against their account. For PayPal, the token wraps a PayPal Billing Agreement. Like all gateway tokens, you can:

use them for subsequent payments (PayPal calls these reference transactions)
have a token repository that includes a mix of tokenized cards, tokenized PayPal and other tokenized accounts
update a token with a different account - for example, your payer moves from PayPal to/from card as their preferred payment method, then you can retain the same token.
Your payment service provider will configure your token repository for you (see How to Configure Tokenization for details). This will determine:

If you can supply the token yourself, or if the gateway will generate one for you.
If you can update a token with a different account.
The form of the token that the gateway will generate. The generated token id is a random number. It begins with a '9' (so that is does not create a valid card number) and passes a Luhn (Mod-10) check.
When the same account is retokenized, whether the gateway return the same token or a new token.

POST https://qnbalahli.test.gateway.mastercard.com/api/rest/version/81 / merchant / {merchantId}

Authentication

This operation requires authentication via one of the following methods:


  • Certificate authentication.
  • Basic HTTP authentication as described at w3.org. Provide 'merchant.<your gateway merchant ID>' in the userid portion and your API password in the password portion.

Request

URL Parameters

{merchantId} Alphanumeric + additional characters REQUIRED

The unique identifier issued to you by your payment provider.


This identifier can be up to 12 characters in length.


Data may consist of the characters 0-9, a-z, A-Z, '-', '_'

Min length: 1 Max length: 40

Fields

apiOperation String = TOKENIZE_BROWSER_PAYMENT FIXED

Any sequence of zero or more unicode characters.

browserPayment REQUIRED

Information required by the gateway to manage interactions with a browser payment provider's website.

browserPayment.paypal OPTIONAL

Additional information you can provide to control the user interaction flow presented to the payer by PayPal.

browserPayment.paypal.agreementConfirmation Enumeration OPTIONAL

Indicates the action that PayPal displays to the payer prior to being redirected back to your website.

This field is only required when requesting a PayPal billing agreement.

Value must be a member of the following list. The values are case sensitive.

AGREE

After the payer has approved the billing agreement and their browser has been returned to your website, you will not process a payment against this billing agreement at that time.

AGREE_AND_PAY

After the payer has approved the billing agreement and their browser has been returned to your website, you will process a payment against this billing agreement.

browserPayment.paypal.displayShippingAddress Boolean OPTIONAL

Indicates whether you want PayPal to display the shipping address to the payer on the PayPal website.

By default, the shipping address is displayed to the payer. For more detailed information about displaying the shipping address on the PayPal website, see PayPal Integration: Display/Override Shipping Address.

JSON boolean values 'true' or 'false'.

browserPayment.paypal.overrideShippingAddress Boolean OPTIONAL

Indicates whether you want to allow the payer to change the shipping address for the payment on the PayPal website.

By default, the payer is allowed to change the shipping address. For more detailed information about the payer overriding the shipping address on the PayPal website, see PayPal Integration: Display/Override Shipping Address.

JSON boolean values 'true' or 'false'.

browserPayment.returnUrl Url REQUIRED

The URL to which you want the payer's browser to be redirected on completing the payment at the payment provider's website.

The same redirect URL will be used by the gateway to redirect the payer's browser irrespective of the success or otherwise of the payment.

Ensure that this is a valid URL according to RFC 1738.

correlationId String OPTIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
session.id ASCII Text REQUIRED

Identifier of the payment session containing values for any of the request fields to be used in this operation.

Values provided in the request will override values contained in the session.

Data consists of ASCII characters

Min length: 31 Max length: 35
shipping OPTIONAL

Information on the shipping address including the contact details of the addressee.

shipping.address OPTIONAL

The address to which this order will be shipped.

shipping.address.city String OPTIONAL

The city portion of the address.

Data can consist of any characters

Min length: 1 Max length: 100
shipping.address.country Upper case alphabetic text OPTIONAL

The 3 letter ISO standard alpha country code of the address.

Data must consist of the characters A-Z

Min length: 3 Max length: 3
shipping.address.postcodeZip Alphanumeric + additional characters OPTIONAL

The post code or zip code of the address.

Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'

Min length: 1 Max length: 10
shipping.address.stateProvince String OPTIONAL

The state or province of the address.

Data can consist of any characters

Min length: 1 Max length: 20
shipping.address.street String OPTIONAL

The first line of the address.

For example, this may be the street name and number, or the Post Office Box details.

Note: The transaction response will contain a concatenation of street and street2 data. If the concatenated value is more than the maximum field length, street2 data will be truncated.

Data can consist of any characters

Min length: 1 Max length: 100
shipping.address.street2 String OPTIONAL

The second line of the address (if provided).

Note: This field will be empty in the transaction response, as street2 data will be concatenated into the street field.

Data can consist of any characters

Min length: 1 Max length: 100
shipping.contact OPTIONAL

Details of the contact person at the address the goods will be shipped to.

shipping.contact.firstName String OPTIONAL

The first name of the person to whom the order is being shipped.

Data can consist of any characters

Min length: 1 Max length: 50
shipping.contact.lastName String OPTIONAL

The last name or surname of the person to whom the order is being shipped.

Data can consist of any characters

Min length: 1 Max length: 50
shipping.origin.postcodeZip Alphanumeric + additional characters OPTIONAL

The post code or zip code of the address the order is shipped from.

Data may consist of the characters 0-9, a-z, A-Z, ' ', '-'

Min length: 1 Max length: 10
sourceOfFunds REQUIRED

Information about the payment type selected by the payer for this payment and the source of the funds.

Depending on the payment type the source of the funds can be a debit or credit card, bank account, or account with a browser payment provider (such as PayPal).

For card payments the source of funds information may be represented by combining one or more of the following: explicitly provided card details, a session identifier which the gateway will use to look up the card details and/or a card token. Precedence rules will be applied in that explicitly provided card details will override session card details which will override card token details. Each of these may represent partial card details, however the combination must result in a full and complete set of card details. See Using Multiple Sources of Card Details for examples.

sourceOfFunds.provided OPTIONAL

Information about the source of funds when it is directly provided (as opposed to via a token or session).

For browser payments, the source of funds details are usually collected from the payer on the payment provider's website and provided to you when you retrieve the transaction details (for a successful transaction). However, for some payment types (such as giropay), you must collect the information from the payer and supply it here.

sourceOfFunds.provided.bancontact OPTIONAL

Additional details related to a Bancontact payment.

sourceOfFunds.provided.bancontact.bankAccountHolder String REQUIRED

The name of the bank account holder for the payer's bank account.

Data can consist of any characters

Min length: 1 Max length: 255
sourceOfFunds.provided.blik OPTIONAL

Additional details related to a BLIK browser payment.

sourceOfFunds.provided.blik.bankAccountHolder String REQUIRED

The name of the bank account holder for the payer's bank account.

Data can consist of any characters

Min length: 1 Max length: 255
sourceOfFunds.provided.epsUeberweisung OPTIONAL

Additional details related to a eps-Überweisung browser payment.

sourceOfFunds.provided.epsUeberweisung.bankAccountCountryCode Alpha REQUIRED

The country where the payer has their bank account.

Provide the ISO 3166 alpha-3 country code for this country.

Data may consist of the characters a-z, A-Z

Min length: 3 Max length: 3
sourceOfFunds.provided.epsUeberweisung.bankAccountHolder String OPTIONAL

The name of the bank account holder for the payer's bank account.

Data can consist of any characters

Min length: 0 Max length: 255
sourceOfFunds.provided.grabPay OPTIONAL

Additional details related to GrabPay browser payment.

sourceOfFunds.provided.grabPay.accountHolder String REQUIRED

The name of the account holder for the payer's GrabPay account.

Data can consist of any characters

Min length: 3 Max length: 100
sourceOfFunds.provided.ideal OPTIONAL

Additional details related to an iDEAL browser payment.

When processing an iDEAL payment you can also provide the payer's bank identification code (ideal.bic),

sourceOfFunds.provided.ideal.bic Alphanumeric OPTIONAL

The international Business Identifier Code (BIC) for the payer's bank account.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 8 Max length: 11
sourceOfFunds.provided.klarnaPayLater OPTIONAL

Additional details related to a Klarna Pay Later payment.

sourceOfFunds.provided.klarnaPayLater.bankAccountCountryCode Upper case alphabetic text REQUIRED

The country where the payer has their bank account.

Provide the ISO 3166 alpha-3 country code for this country.

Data must consist of the characters A-Z

Min length: 3 Max length: 3
sourceOfFunds.provided.klarnaPayNow OPTIONAL

Additional details related to a Klarna Pay Now payment.

sourceOfFunds.provided.klarnaPayNow.bankAccountCountryCode Alpha REQUIRED

The country where the payer has their bank account.

Provide the ISO 3166 alpha-3 country code for this country.

Data may consist of the characters a-z, A-Z

Min length: 3 Max length: 3
sourceOfFunds.provided.openBankingBankTransfer OPTIONAL

Additional details related to Open Banking Bank Transfer.

sourceOfFunds.provided.openBankingBankTransfer.aspspId String REQUIRED

Identifier of the payer's bank, also known as ASPSP (Account Servicing Payment Services Provider)

Data can consist of any characters

Min length: 1 Max length: 256
sourceOfFunds.provided.payU OPTIONAL

Additional details related to a PayU browser payment.

sourceOfFunds.provided.payU.bankAccountCountryCode Alpha REQUIRED

The country where the payer has their bank account.

Provide the ISO 3166 alpha-3 country code for this country.

Data may consist of the characters a-z, A-Z

Min length: 3 Max length: 3
sourceOfFunds.provided.payU.bankAccountHolder String OPTIONAL

The name of the bank account holder for the payer's bank account.

Data can consist of any characters

Min length: 0 Max length: 255
sourceOfFunds.provided.payconiq OPTIONAL

Additional details related to a Payconiq payment.

sourceOfFunds.provided.payconiq.countryCode Alpha REQUIRED

This is the country of the payer's payconiq account.

Provide the ISO 3166 alpha-3 country code for this country.

Data may consist of the characters a-z, A-Z

Min length: 3 Max length: 3
sourceOfFunds.provided.paypal OPTIONAL

Information about the payer's PayPal account.

It is provided to you when the payer successfully makes a payment using PayPal or when you have established a billing agreement with the payer.

sourceOfFunds.provided.paypal.billingAgreement OPTIONAL

Details about the agreement you have established with the payer that allows you to bill the payer's PayPal account for goods or services.

sourceOfFunds.provided.paypal.billingAgreement.cardinality Enumeration REQUIRED

Indicates the number of billing agreements between you and this payer.

Value must be a member of the following list. The values are case sensitive.

MULTIPLE

Indicates that you have multiple billing agreements with this payer. This means that a new agreement ID will be returned in response to each request.

SINGLE

Indicates that you have a single billing agreement with this payer. This means that the same agreement ID will be returned in response to each request.

sourceOfFunds.provided.paypal.billingAgreement.description String OPTIONAL

Your description for the PayPal billing agreement.

This description is displayed to the payer when they are asked to approve the billing agreement.

Data can consist of any characters

Min length: 1 Max length: 255
sourceOfFunds.provided.paypal.billingAgreement.name String OPTIONAL

Your name for the PayPal billing agreement.

Data can consist of any characters

Min length: 1 Max length: 255
sourceOfFunds.provided.paysafecard OPTIONAL

Additional details related to a paysafecard browser payment.

sourceOfFunds.provided.paysafecard.countryCode Alpha REQUIRED

The country where the payer has their bank account.

Provide the ISO 3166 alpha-3 country code for this country.

Data may consist of the characters a-z, A-Z

Min length: 3 Max length: 3
sourceOfFunds.provided.przelewy24 OPTIONAL

Additional details related to a Przelewy24 browser payment.

sourceOfFunds.provided.przelewy24.bankAccountHolder String REQUIRED

The name of the bank account holder for the payer's bank account.

Data can consist of any characters

Min length: 1 Max length: 255
sourceOfFunds.provided.sofort OPTIONAL

Additional details related to a Sofort (Klarna) payment.

sourceOfFunds.provided.sofort.bankAccountCountryCode Upper case alphabetic text OPTIONAL

The country where the payer has their bank account.

Provide the ISO 3166 alpha-3 country code for this country.

Data must consist of the characters A-Z

Min length: 3 Max length: 3
sourceOfFunds.provided.trustly OPTIONAL

Additional details related to a Trustly.

sourceOfFunds.provided.trustly.bankAccountCountryCode Alpha REQUIRED

The country where the payer has their bank account.

Provide the ISO 3166 alpha-3 country code for this country.

Data may consist of the characters a-z, A-Z

Min length: 3 Max length: 3
sourceOfFunds.provided.trustly.bankAccountHolder String REQUIRED

The name of the bank account holder for the payer's bank account.

Data can consist of any characters

Min length: 1 Max length: 255
sourceOfFunds.type Enumeration REQUIRED

The payment method used for this payment.

If you are passing card data (in any form) on the API, then you need to set this value, and also provide the card details in the sourceOfFunds.provided.card group. In the case of digital wallets or device payment methods, you must also populate the order.walletProvider field.

If you are making a payment with a gateway token, then you can leave this field unset, and only populate the sourceOfFunds.token field. However you can set this to CARD if you want to overwrite or augment the token data with a card security code, expiry date, or cardholder name.

Value must be a member of the following list. The values are case sensitive.

ALIPAY

The payer selected the payment method Alipay.

BANCONTACT

The payer selected the payment method Bancontact.

BLIK

The payer selected the payment method BLIK.

BOLETO_BANCARIO

The payer selected the payment method Boleto Bancario.

BROWSER_PAYMENT

The payer selected to pay using a browser payment. Refer to the sourceOfFunds.browserPayment parameter group for additional details.

ENETS

The payer selected the payment method eNETS.

EPS_UEBERWEISUNG

The payer selected the payment method eps-Überweisung.

GIROPAY

The payer selected the payment method giropay.

GRABPAY

The payer selected the payment method GrabPay.

IDEAL

The payer selected the payment method iDEAL.

KLARNA_FINANCING

The payer selected the payment method Klarna financing.

KLARNA_PAY_LATER

The payer selected the payment method Klarna Pay Later.

KLARNA_PAY_NOW

The payer selected the payment method Klarna Pay Now.

MERCADO_PAGO_CHECKOUT

The payer selected the payment method Mercado Pago Checkout.

MULTIBANCO

The payer selected the payment method Multibanco.

OPEN_BANKING_BANK_TRANSFER

The payer selected the payment method Open Banking Bank Transfer.

OXXO

The payer selected the payment method OXXO.

PAYCONIQ

The payer selected the payment method payconiq.

PAYPAL

The payer selected the payment method PayPal.

PAYSAFECARD

The payer selected the payment method paysafecard.

PAYU

The payer selected the payment method PayU.

POLI

The payer selected the payment method POLi.

PRZELEWY24

The payer selected the payment method Przelewy24.

SEPA

The payer selected the payment method SEPA.

SOFORT

The payer selected the payment method Sofortbanking.

TRUSTLY

The payer selected the payment method Trustly.

UNION_PAY

The payer selected the payment method UnionPay.

WECHAT_PAY

The payer selected the payment method WeChatPay.

subMerchant OPTIONAL

Provide these parameters if you are a payment aggregator or facilitator and process payments on behalf of other merchants.

These merchants are referred to as your sub merchants. The sub merchant's details you provide may be displayed on the payer's cardholder statement. The gateway will use separate token repositories for each of your sub merchants

subMerchant.identifier Alphanumeric + additional characters REQUIRED

Your identifier for the sub-merchant.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_', ' ', '&', '+', '!', '$', '.'

Min length: 1 Max length: 100
token Alphanumeric OPTIONAL

The token you supply that you wish to create or update.

You can only supply this value when creating a token if your token repository is configured to support merchant-supplied tokens.

On response, the format of the token depends on the token generation strategy configured for your repository. See Tokenization for more details.

Data may consist of the characters 0-9, a-z, A-Z

Min length: 1 Max length: 40

Response

Fields

browserPayment ALWAYS PROVIDED

Information required by the gateway to manage interactions with a browser payment provider's website.

browserPayment.redirectUrl Url ALWAYS PROVIDED

The URL issued by the gateway to which you must redirect the payer's browser.

Ensure that this is a valid URL according to RFC 1738.

correlationId String CONDITIONAL

A transient identifier for the request, that can be used to match the response to the request.

The value provided is not validated, does not persist in the gateway, and is returned as provided in the response to the request.

Data can consist of any characters

Min length: 1 Max length: 100
merchant Alphanumeric + additional characters ALWAYS PROVIDED

The unique identifier issued to you by your payment provider.

This identifier can be up to 12 characters in length.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_', ' ', '&', '+', '!', '$', '%', '.'

Min length: 1 Max length: 40
response.gatewayCode Enumeration ALWAYS PROVIDED

Summary of the success or otherwise of the operation.

Value must be a member of the following list. The values are case sensitive.

BASIC_VERIFICATION_SUCCESSFUL

The card number format was successfully verified and the card exists in a known range.

EXTERNAL_VERIFICATION_BLOCKED

The external verification was blocked due to risk rules.

EXTERNAL_VERIFICATION_DECLINED

The card details were sent for verification, but were was declined.

EXTERNAL_VERIFICATION_DECLINED_AUTHENTICATION_REQUIRED

The card details were sent for verification, but were declined as authentication required.

EXTERNAL_VERIFICATION_DECLINED_EXPIRED_CARD

The card details were sent for verification, but were declined as the card has expired.

EXTERNAL_VERIFICATION_DECLINED_INVALID_CSC

The card details were sent for verification, but were declined as the Card Security Code (CSC) was invalid.

EXTERNAL_VERIFICATION_PROCESSING_ERROR

There was an error processing the verification.

EXTERNAL_VERIFICATION_SUCCESSFUL

The card details were successfully verified.

NO_VERIFICATION_PERFORMED

The card details were not verified.

result Enumeration ALWAYS PROVIDED

A system-generated high level overall result of the operation.

Value must be a member of the following list. The values are case sensitive.

FAILURE

The operation was declined or rejected by the gateway, acquirer or issuer

PENDING

The operation is currently in progress or pending processing

SUCCESS

The operation was successfully processed

UNKNOWN

The result of the operation is unknown

session.id ASCII Text ALWAYS PROVIDED

Identifier of the payment session containing values for any of the request fields to be used in this operation.

Values provided in the request will override values contained in the session.

Data consists of ASCII characters

Min length: 31 Max length: 35
subMerchant CONDITIONAL

Provide these parameters if you are a payment aggregator or facilitator and process payments on behalf of other merchants.

These merchants are referred to as your sub merchants. The sub merchant's details you provide may be displayed on the payer's cardholder statement. The gateway will use separate token repositories for each of your sub merchants

subMerchant.identifier Alphanumeric + additional characters ALWAYS PROVIDED

Your identifier for the sub-merchant.

Data may consist of the characters 0-9, a-z, A-Z, '-', '_', ' ', '&', '+', '!', '$', '.'

Min length: 1 Max length: 100

Errors

error

Information on possible error conditions that may occur while processing an operation using the API.

error.cause Enumeration

Broadly categorizes the cause of the error.

For example, errors may occur due to invalid requests or internal system failures.

Value must be a member of the following list. The values are case sensitive.

INVALID_REQUEST

The request was rejected because it did not conform to the API protocol.

REQUEST_REJECTED

The request was rejected due to security reasons such as firewall rules, expired certificate, etc.

SERVER_BUSY

The server did not have enough resources to process the request at the moment.

SERVER_FAILED

There was an internal system failure.

error.explanation String

Textual description of the error based on the cause.

This field is returned only if the cause is INVALID_REQUEST or SERVER_BUSY.

Data can consist of any characters

Min length: 1 Max length: 1000
error.field String

Indicates the name of the field that failed validation.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Data can consist of any characters

Min length: 1 Max length: 100
error.supportCode String

Indicates the code that helps the support team to quickly identify the exact cause of the error.

This field is returned only if the cause is SERVER_FAILED or REQUEST_REJECTED.

Data can consist of any characters

Min length: 1 Max length: 100
error.validationType Enumeration

Indicates the type of field validation error.

This field is returned only if the cause is INVALID_REQUEST and a field level validation error was encountered.

Value must be a member of the following list. The values are case sensitive.

INVALID

The request contained a field with a value that did not pass validation.

MISSING

The request was missing a mandatory field.

UNSUPPORTED

The request contained a field that is unsupported.

result Enumeration

A system-generated high level overall result of the operation.

Value must be a member of the following list. The values are case sensitive.

ERROR

The operation resulted in an error and hence cannot be processed.