**Last updated**: 11 November 2025 | [**Change log**](/products/card-payments/changelog/) # Take repeat card payments New API version This documentation is for version 7 of the Card Payments API. If you're using [version 6](/products/card-payments/v6/authorize-a-payment), you can find information on how to upgrade in our [migration guide](/products/card-payments/v7-migration-guide). Take repeat card payments using our Card Payments API. ## Merchant Initiated Transactions You can take payments without the active participation of the customer according to an agreement previously made with the cardholder. These are known as Merchant Initiated Transactions (MITs). `POST` to our `merchantInitiatedTransactions` endpoint to authorize a payment. The requests below contain all the **mandatory** fields needed for a successful authorization request. `POST` `https://try.access.worldpay-bsh.securedataplatform.com/cardPayments/merchantInitiatedTransactions` Note Click the tabs below to see all the mandatory fields for all supported `paymentInstrument` parameters. Merchant Initiated Transaction request body: Card { "transactionReference": "Memory265-13/08/1876", "merchant": { "entity": "default" }, "instruction": { "requestAutoSettlement": { "enabled": false }, "narrative": { "line1": "Mind Palace" }, "value": { "currency": "GBP", "amount": 250 }, "paymentInstrument": { "type": "card/plain", "cardNumber": "4444333322221111", "expiryDate": { "month": 5, "year": 2035 } }, "customerAgreement": { "type": "subscription", "schemeReference": "000000000000020005060720116005061" } } } Token { "transactionReference": "Memory265-13/08/1876", "merchant": { "entity": "default" }, "instruction": { "requestAutoSettlement": { "enabled": false }, "narrative": { "line1": "Mind Palace" }, "value": { "currency": "GBP", "amount": 250 }, "paymentInstrument": { "type": "card/token", "href": "https://try.access.worldpay-bsh.securedataplatform.com/tokens/{}" }, "customerAgreement": { "type": "subscription", "schemeReference": "000000000000020005060720116005061" } } } Network token { "transactionReference": "Memory265-13/08/1876", "merchant": { "entity": "default" }, "instruction": { "requestAutoSettlement": { "enabled": false }, "narrative": { "line1": "Mind Palace" }, "value": { "currency": "GBP", "amount": 250 }, "paymentInstrument": { "type": "card/networkToken", "tokenNumber": "4444333322221111", "expiryDate": { "month": 5, "year": 2035 } }, "customerAgreement": { "type": "subscription", "schemeReference": "000000000000020005060720116005061" } } } Apple Pay decrypted { "transactionReference": "Memory265-13/08/1876", "merchant": { "entity": "default" }, "instruction": { "requestAutoSettlement": { "enabled": false }, "narrative": { "line1": "Mind Palace" }, "value": { "currency": "GBP", "amount": 250 }, "paymentInstrument": { "type": "card/networkToken+applepay", "tokenNumber": "4444333322221111", "expiryDate": { "month": 5, "year": 2035 } }, "customerAgreement": { "type": "subscription", "schemeReference": "000000000000020005060720116005061" } } } Google Pay decrypted { "transactionReference": "Memory265-13/08/1876", "merchant": { "entity": "default" }, "instruction": { "requestAutoSettlement": { "enabled": false }, "narrative": { "line1": "Mind Palace" }, "value": { "currency": "GBP", "amount": 650 }, "paymentInstrument": { "type": "card/networkToken+googlepay", "tokenNumber": "4444333322221111", "expiryDate": { "month": 5, "year": 2035 } }, "customerAgreement": { "type": "subscription", "schemeReference": "123456789" } } } Important Before taking a Merchant Initiated Transaction, you must obtain prior agreement with the cardholder to [store a card](/products/card-payments/authorize-a-payment#store-a-card). Note You can use mobile wallets to process Merchant Initiated Transactions either: * by decrypting them yourself, or * by using the wallet payload that was converted into a Worldpay Token during the initial Customer Initiated Transaction ### Schema (parameters) ### Enable additional features Account Updater Reduce declines and improve your customer's experience by automatically retrieving updated card details in real time. Airline data Supply detailed airline itinerary data to achieve several cost and efficiency benefits. Co-branded cards Take payments from cards that carry multiple card brands. Corporate purchasing data (level 2 / 3) Submit additional order, tax, and line item data in your payment authorization and settlement requests where your customer is using a commercial or purchasing card. Financial Services (MCC 6012/6051) Supply additional mandatory data if you offer financial services, debt repayments, or consumer bill payments. Funding Transactions (AFT) Take Account Funding Transactions (AFTs) to pull funds from a card account to another destination. Latin America payments Take payments in Latin America, including regional installment plan options, combo cards, and supplying customer document references. Partial authorizations Accept authorizations for partial amounts. View all features ## Response Best practice Access Worldpay returns a `WP-CorrelationId` in the headers of service responses. We **highly recommend** you log this. The `WP-CorrelationId` is used by us to examine individual service requests. ### Successful payment You receive: * an HTTP code `201` * an `"outcome": "authorized"` or `"Sent for Settlement"` * a `paymentId` - a unique identifier generated by us for a single payment. Generated at authorization, and maintained through successive payment actions * a `commandId` - a unique identifier generated by us for a single instance of an interaction (command) with our API * risk factors (only returned if issuer identifies conflict) * an [exemption result and reason](#exemptions) (only if you supplied a risk profile to request an [SCA exemption](/products/sca-exemptions)) * an issuer authorization code * links to [cancel](/products/card-payments/manage-payments#cancel-an-authorization), [settle](/products/card-payments/manage-payments#settle-an-authorization), [partially settle](/products/card-payments/manage-payments#partially-settle-an-authorization) or [query your payment](/products/card-payments/query-a-payment) * a `paymentInstrument` #### `paymentInstrument` The `"paymentInstrument"` object is returned if we are able to provide information related to the underlying card used in the authorization request. Note that if the `paymentInstrument` object is returned, there is no guarantee that each field listed below will be returned with every transaction. | Parameter | Description | | --- | --- | | `paymentInstrument.type` | The type of paymentInstrument. E.g.: `card/plain+masked``card/network+masked``card/network` | | `paymentInstrument.brand` | The card brand. Sometimes referred to as the network or scheme. E.g.: `visa``mastercard``amex` | | `paymentInstrument.cardBin` | The card bin. E.g.: `444433` this may contain the `*` character. | | `paymentInstrument.lastFour` | The last four digits of the card. E.g.: `1111` this may contain the `*` character, where the card number is less than 16 digits. | | `paymentInstrument.expiryDate.month` | The card expiry month. E.g.: `11` | | `paymentInstrument.expiryDate.year` | The card expiry year. E.g.: `2025` | | `paymentInstrument.fundingType` | How the card is funded. E.g.: `credit``debit``prepaid``deferredDebit``chargeCard` | | `paymentInstrument.category` | Whether the card is classed as a consumer card or a card for commercial use. E.g.: `consumer``commercial` | | `paymentInstrument.countryCode` | The alpha-2 ISO-3166 country code that the card was issued in. May return `"N/A"` where the country is unknown. E.g.: `GB` | | `paymentInstrument.issuerName` | The name of the card issuer. E.g.: `Some Issuer PLC.` | | `paymentInstrument.paymentAccountReference` | The payment account reference (PAR) is a non-financial reference that uniquely identifies the underlying cardholder account. This allows you to correlate payments made with differing instruments (e.g. "`card/plain"` and `"card/wallet+applepay"`), where the same account funds the transaction. A PAR cannot be used to initiate a payment. E.g.: `ABC123DEF456GHI789JKL123MNO45` | | `paymentInstrument.debitNetwork` | The debit network that the transaction was routed through. Returned optionally for subscribing merchants. See our [API reference](/products/card-payments/openapi/other/authorize#other/authorize/t=response&c=201&path=&d=0/paymentinstrument/debitnetwork) for all possible values. | ### Refused payment You receive: * an HTTP code `201` * an `"outcome": "refused"` * a `paymentId` - a unique identifier generated by us for a single payment. Generated at authorization, and maintained through successive payment actions * a `commandId` - a unique identifier generated by us for a single instance of an interaction (command) with our API * a `refusalCode` containing either our standard [refusal codes](/products/reference/refusal-response) or the [rawCode](/products/reference/refusal-response/scheme-codes) (if enabled) * a `refusalDescription` which gives additional context on the refusal * an [advice code](/products/reference/refusal-response#refusal-advice-codes) (only if returned by the card scheme and acquirer) * risk factors (only returned if issuer identifies conflict) * a `paymentInstrument` #### Example response Card/Token { "outcome": "authorized", "paymentId": "pay-fh47sbnaKR28AuocN28x0", "commandId": "cmdfHx982Nbhsklg91hsvlrv0", "riskFactors": [ { "type": "cvc", "risk": "notSupplied" }, { "type": "avs", "risk": "notChecked", "detail": "address" }, { "type": "avs", "risk": "notChecked", "detail": "postcode" } ], "issuer": { "authorizationCode": "12345A" }, "scheme": { "reference": "060720116005060" }, "paymentInstrument": { "type": "card/plain+masked", "cardBin": "444433", "lastFour": "1111", "category": "consumer", "expiryDate": { "month": 5, "year": 2035 }, "cardBrand": "visa", "fundingType": "credit", "issuerName": "Some Issuer PLC", "paymentAccountReference": "Q1HJZ28RKA1EBL470G9XYG90R5D3E" }, "_links": { "cardPayments:cancel": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/authorizations/cancellations/eyJrIjoiazNhYjYzMiI=" }, "cardPayments:partialCancel": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/authorizations/cancellations/partials/eyJrIjoiazNhYjYzMiJ9" }, "cardPayments:settle": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/settlements/full/eyJrIjoiazNhYjYzMiI=" }, "cardPayments:partialSettle": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/settlements/partials/eyJrIjoiazNhYjYzMiI=" }, "cardPayments:events": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/events/eyJrIjoiazNhYjYzMiI=" }, "curies": [ { "name": "cardPayments", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/cardPayments/{rel}", "templated": true } ] } } Network Token { "outcome": "authorized", "paymentId": "pay3N_87du2Sj-3HndV826xn0", "commandId": "cmdwZ5y_rSV1VmjD6CpgCuXG0", "riskFactors": [ { "type": "cvc", "risk": "notSupplied" }, { "type": "avs", "risk": "notMatched", "detail": "address" }, { "type": "avs", "risk": "notChecked", "detail": "postcode" } ], "issuer": { "authorizationCode": "12345A" }, "scheme": { "reference": "060720116005060" }, "paymentInstrument": { "type": "card/network", "cardBin": "444433", "expiryDate": { "month": 5, "year": 2035 }, "paymentAccountReference": "Q1HJZ28RKA1EBL470G9XYG90R5D3E" }, "_links": { "cardPayments:cancel": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/authorizations/cancellations/eyJrIjoiazNhYjYzMiI" }, "cardPayments:partialCancel": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/authorizations/cancellations/partials/eyJrIjoiazNhYjYzMiJ9" }, "cardPayments:settle": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/settlements/full/eyJrIjoiazNhYjYzMiI" }, "cardPayments:partialSettle": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/settlements/partials/eyJrIjoiazNhYjYzMiI" }, "cardPayments:events": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/events/eyJrIjoiazNhYjYzMiI" }, "curies": [ { "name": "cardPayments", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/cardPayments/{rel}", "templated": true } ] } } Refusal { "outcome": "refused", "paymentId": "pay29GnajUy2fBzC9552U_1b0", "commandId": "cmd9xmr5cSNtUulYlYW8kbY80", "refusalCode": "83", "refusalDescription": "Fraud/Security related reasons", "riskFactors": [ { "type": "riskProfile", "risk": "verificationFailed" }, { "type": "cvc", "risk": "notMatched" }, { "type": "avs", "risk": "notMatched", "detail": "address" }, { "type": "avs", "risk": "notChecked", "detail": "postcode" } ] } Account Updater { "outcome": "authorized", "paymentId": "pay28NdG68sv-13_sDcu5Bwt0", "commandId": "cmd8hJcb20_sh2-sbRjx88wL0", "riskFactors": [ { "type": "cvc", "risk": "notSupplied" }, { "type": "avs", "risk": "notChecked", "detail": "address" }, { "type": "avs", "risk": "notChecked", "detail": "postcode" } ], "issuer": { "authorizationCode": "12345A" }, "scheme": { "reference": "060720116005060" }, "updatedPaymentInstrument": { "cardBin": "491183", "lastFour": "0000", "expiryDate": { "month": 9, "year": 2031 }, "cardBrand": "visa", "fundingType": "credit", "accountUpdaterMessage": "The account number was changed", "type": "card/plain+masked" }, "paymentInstrument": { "type": "card/plain+masked", "cardBin": "444433", "lastFour": "1111", "category": "consumer", "expiryDate": { "month": 5, "year": 2023 }, "cardBrand": "visa", "fundingType": "credit", "issuerName": "Some Issuer PLC", "paymentAccountReference": "Q1HJZ28RKA1EBL470G9XYG90R5D3E" }, "_links": { "cardPayments:cancel": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/authorizations/cancellations/eyJrIjoiazNhYjYzMiI=" }, "cardPayments:partialCancel": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/authorizations/cancellations/partials/eyJrIjoiazNhYjYzMiJ9" }, "cardPayments:settle": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/settlements/full/eyJrIjoiazNhYjYzMiI=" }, "cardPayments:partialSettle": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/settlements/partials/eyJrIjoiazNhYjYzMiI=" }, "cardPayments:events": { "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/events/eyJrIjoiazNhYjYzMiI=" }, "curies": [ { "name": "cardPayments", "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/cardPayments/{rel}", "templated": true } ] } } You can use the `payments:settle` action link to [settle the payment](/products/card-payments/manage-payments#settle-an-authorization) straight away. Alternatively you can cache the response and use the link to settle the payment later. Note In case of an error, you can get further information in our [error reference](/products/reference/worldpay-error-responses). #### `riskFactors` To reduce the probability of processing a fraudulent payment, supply your customer's billing address and cvc in your [authorization request](#complete-authorization-request-schema). We check this with your customer's issuing bank and include any conflicts in our response. The `riskFactors` array is returned **only if** there is a risk associated with the authorization request. The `riskFactors` array returns an object for `avs`, `cvc` or `riskProfile` **only if** this information was included in the authorization request **and** if any risk was identified. The table below describes the response parameters: | Parameter | Description | | --- | --- | | `riskFactors.type` | Returns `avs`, `cvc` or `riskProfile` | | `riskFactors.detail` | For `avs` only. Returns `postcode` or `address` | | `riskFactors.risk` | Returns `notChecked`, `notMatched`, `notSupplied` or `verificationFailed` | #### Next steps [Settle a payment](/products/card-payments/manage-payments#settle-an-authorization) [Refund a payment](/products/card-payments/manage-payments#fully-refund-an-authorization) [Cancel a payment](/products/card-payments/manage-payments#cancel-an-authorization) [Reverse a payment](/products/card-payments/manage-payments#reverse-an-authorization)