On This Page
Customer-Initiated Transactions with Credentials on
File
A customer-initiated transaction (CIT) is a transaction initiated by the customer. There
are two types of CITs:
- Customer transactions during which the credentials are stored for futurecustomer-initiated transactions.
- Customer transactions during which the credentials are stored for futuremerchant-initiated transactions.
Customers can initiate a CIT at a merchant payment terminal, through an online purchase
transaction, or by making a purchase using a previously stored credential. When storing
cardholder data for a CIT, you must also include 3-D Secure authentication credentials
to ensure that the CIT can successfully process. Authentication credentials can be
stored for future use with the card credentials by doing a non-payment authentication
(NPA).
Business Center
Business Center
You can create a new customer-initiated transaction in the
Business Center
by
going to the One-Time Payments section and requesting a new authorization. When you
have entered the customer's information, you can store the customer's credentials
with the customer's permission in the Payment Information section. By doing so, you
can perform merchant-initiated transactions for payments that the customer has
pre-approved. For more information on how to perform a MIT in the
Business Center
,
see Merchant-Initiated No-Show Transactions with PAN.Storing Customer Credentials with a CIT and PAN
Before you can perform a merchant-initiated transaction (MIT) or a customer-initiated
transaction (CIT) with credentials-on-file (COF), you must store the customer's
credentials for later use. Further, before you can store the user's credentials, you
must get the customer's consent to store their private information. This is also known
as establishing a relationship with the customer.
Endpoint
Production:
POST
https://api.cybersource.com
/pts/v2/paymentsTest:
POST
https://apitest.cybersource.com
/pts/v2/paymentsRequired Fields for Storing Customer Credentials During a CIT
Use these required fields for storing customer credentials during a customer-initiated
transaction.
IMPORTANT
When relaxed requirements for address data and the expiration date are being used, not all fields
in this list are required. It is your responsibility to determine whether your
account is enabled to use this feature and which fields are required. For details
about relaxed requirements, see Relaxed Requirements for Address Data and Expiration Date in Payment Transactions.
- Set the value totrue.
REST Example: Storing Customer Credentials During a CIT
Request
{ "processingInformation": { "authorizationOptions": { "initiator": { "credentialStoredOnFile": "true" } } }, "orderInformation": { "billTo": { "firstName": "John", "lastName": "Doe", "address1": "201 S. Division St.", "postalCode": "48104-2201", "locality": "Ann Arbor", "administrativeArea": "MI", "country": "US", "email": "test@cybs.com", "phoneNumber": "5554327113" }, "amountDetails": { "totalAmount": "100.00", "currency": "USD" } }, "paymentInformation": { "card": { "expirationYear": "2031", "number": "4111xxxxxxxxxxxx", "expirationMonth": "12" } } }
Response to a Successful Request
{ "_links": { "authReversal": { "method": "POST", "href": "/pts/v2/payments/6528187198946076303004/reversals" }, "self": { "method": "GET", "href": "/pts/v2/payments/6528187198946076303004" }, "capture": { "method": "POST", "href": "/pts/v2/payments/6528187198946076303004/captures" } }, "clientReferenceInformation": { "code": "1652818719876" }, "id": "6528187198946076303004", "orderInformation": { "amountDetails": { "authorizedAmount": "100.00", "currency": "USD" } }, "paymentAccountInformation": { "card": { "type": "001" } }, "paymentInformation": { "tokenizedCard": { "type": "001" }, "card": { "type": "001" } }, "pointOfSaleInformation": { "terminalId": "111111" }, "processorInformation": { "approvalCode": "888888", "networkTransactionId": "123456789619999", "transactionId": "123456789619999", "responseCode": "100", "avs": { "code": "X", "codeRaw": "I1" } }, "reconciliationId": "63165088Z3AHV91G", "status": "AUTHORIZED", "submitTimeUtc": "2022-05-17T20:18:40Z" }
Storing Customer Credentials with a CIT and TMS
TMS
Before you can perform a merchant-initiated transaction (MIT) or a customer-initiated
transaction (CIT) with credentials-on-file (COF), you must get the customer's consent to store their payment credentials. This is also known as establishing a relationship with the customer. After you have their consent, you can store their payment credentials for later use.
Creating a TMS Token
TMS
TokenWhen sending the initial CIT, you can create a
TMS
token to
store the customer's credentials for the subsequent MITs. To create a TMS
token, include the
processingInformation.actionTokenTypes
field in the
authorization request. Set the field to one of these values based on the TMS
token type you want to create: - Customer
- Customer tokens store one or more customer payment instrument tokens and shipping address tokens.
- Including a customer token in subsequent MITs eliminates the need to include billing information, card information, and the previous transaction's ID.
- "processingInformation": { "actionTokenTypes": [ "customer" ]
- For more information about thisTMStoken type, see Customer Tokens in the.Token Management ServiceDeveloper Guide
- Payment Instrument
- Payment instrument tokens store an instrument identifier token, card information, and billing information. Payment instruments are not linked to a customer token. Including a payment instrument in subsequent MITs eliminates the need to include billing information, card information, and the previous transaction's ID.
- "processingInformation": { "actionTokenTypes": [ "paymentInstrument" ]
- For more information about thisTMStoken type, see Payment Instrument Token in the.Token Management ServiceDeveloper Guide
- Instrument Identifier
- Instrument identifier tokens store a PAN. Including an instrument identifier in subsequent MITs eliminates the need to include a PAN and the previous transaction's ID.
- "processingInformation": { "actionTokenTypes": [ "instrumentIdentifier" ]
- For more information about this TMS token type, see Instrument Identifier Token in the.Token Management ServiceDeveloper Guide
- Instrument Identifier, Payment Instrument, and Customer Identifier
- You can also create multipleTMStoken types in the same authorization. This example includes an instrument identifier, a payment instrument, and a customer token in the same authorization:
- "processingInformation": { "actionTokenTypes": [ "instrumentIdentifier", "paymentInstrument", "customer" ]
Endpoint
Production:
POST
https://api.cybersource.com
/pts/v2/paymentsTest:
POST
https://apitest.cybersource.com
/pts/v2/paymentsRequired Fields for Storing Customer Credentials with a
CIT and TMS
TMS
IMPORTANT
When relaxed requirements for address data and the expiration date are being used, not all fields
in this list are required. It is your responsibility to determine whether your
account is enabled to use this feature and which fields are required. For details
about relaxed requirements, see Relaxed Requirements for Address Data and Expiration Date in Payment Transactions.
- Set the value toTOKEN_CREATE
- Set to one or more of these values:
- customer
- instrumentIdentifier
- paymnentInstrument
REST Example: Storing Customer Credentials with a CIT and
TMS
TMS
Request
{ "processingInformation": { "actionList": [ "TOKEN_CREATE" ], "actionTokenTypes": [ "instrumentIdentifier" ] }, "paymentInformation": { "card": { "number": "4111111111111111", "expirationMonth": "12", "expirationYear": "2031", "securityCode": "123" } }, "orderInformation": { "amountDetails": { "totalAmount": "102.21", "currency": "USD" }, "billTo": { "firstName": "John", "lastName": "Doe", "address1": "1 Market St", "locality": "san francisco", "administrativeArea": "CA", "postalCode": "94105", "country": "US", "email": "test@cybs.com", "phoneNumber": "4158880000" } } }
Response to a Successful Request
{ "_links": { "authReversal": { "method": "POST", "href": "/pts/v2/payments/6972267090226779103955/reversals" }, "self": { "method": "GET", "href": "/pts/v2/payments/6972267090226779103955" }, "capture": { "method": "POST", "href": "/pts/v2/payments/6972267090226779103955/captures" } }, "clientReferenceInformation": { "code": "TC50171_3" }, "id": "6972267090226779103955", "orderInformation": { "amountDetails": { "authorizedAmount": "102.21", "currency": "USD" } }, "paymentAccountInformation": { "card": { "type": "001" } }, "paymentInformation": { "tokenizedCard": { "type": "001" }, "card": { "type": "001" } }, "pointOfSaleInformation": { "terminalId": "111111" }, "processorInformation": { "paymentAccountReferenceNumber": "V0010013022298169667504231315", "approvalCode": "888888", "networkTransactionId": "123456789619999", "transactionId": "123456789619999", "responseCode": "100", "avs": { "code": "X", "codeRaw": "I1" } }, "reconciliationId": "62506622XNMR6Q1Y", "status": "AUTHORIZED", "submitTimeUtc": "2023-10-13T19:51:49Z", "tokenInformation": { "instrumentidentifierNew": false, "instrumentIdentifier": { "state": "ACTIVE", "id": "7010000000016241111" } } }
Retrieving Stored Customer Credentials During a
CIT
After customers store their credentials on file, you can retrieve these credentials to
use with subsequent transactions.
Endpoint
Production:
POST
https://api.cybersource.com
/pts/v2/paymentsTest:
POST
https://apitest.cybersource.com
/pts/v2/paymentsRequired Fields for Retrieving Customer Credentials During a Customer-Initiated
Transaction
Use these required fields to retrieve customer credentials during a customer-initiated
transaction.
IMPORTANT
When relaxed requirements for address data and the expiration date are being used, not all fields
in this list are required. It is your responsibility to determine whether your
account is enabled to use this feature and which fields are required. For details
about relaxed requirements, see Relaxed Requirements for Address Data and Expiration Date in Payment Transactions.
- orderInformation.billTo.firstName
- Set field totrue.
Card-Specific Required Field for Retrieving Customer Credentials During a CIT
Discover
Discover requires the authorization amount from the original transaction in addition
to the above required fields.
- processingInformation.authorizationOptions.initiator.merchantInitiatedTransaction. originalAuthorizedAmount
REST Example: Retrieving Customer Credentials During a CIT
Request
{ "processingInformation": { "authorizationOptions": { "initiator": { "storedCredentialUsed": "true" } } }, "orderInformation": { "billTo": { "firstName": "John", "lastName": "Doe", "address1": "201 S. Division St.", "postalCode": "48104-2201", "locality": "Ann Arbor", "administrativeArea": "MI", "country": "US", "email": "test@cybs.com", "phoneNumber": "5554327113" }, "amountDetails": { "totalAmount": "100.00", "currency": "USD", "originalAmount": "100" // Discover card Only } }, "paymentInformation": { "card": { "expirationYear": "2031", "number": "4111xxxxxxxxxxxx", "expirationMonth": "12" } }, "processorInformation": { "transactionId": "12345678961000" } }
Response to a Successful Request
}, "paymentAccountInformation": { "card": { "type": "002" } }, "paymentInformation": { "tokenizedCard": { "type": "002" }, "card": { "type": "002" } }, "pointOfSaleInformation": { "terminalId": "111111" }, "processorInformation": { "approvalCode": "888888", "authIndicator": "1", "networkTransactionId": "123456789619999", "transactionId": "123456789619999", "responseCode": "100", "avs": { "code": "X", "codeRaw": "I1" } }, "reconciliationId": "63740353A3AJ2NSH", "status": "AUTHORIZED", "submitTimeUtc": "2022-05-20T19:13:06Z" }