Create a Payment Instrument

Create a payment instrument. If such payment card, bank account or alternative payment instrument already exists then it is updated instead.

SecuritySecretApiKey or JWT
Request
Request Body schema: application/json

PaymentInstrument resource.

Any of:
customerId
required
string (CustomerId) <= 50 characters

The customer resource ID. Defaults to UUID v4.

token
required
string

Payment token ID.

customFields
object (ResourceCustomFields)
Default: {}

Custom Fields list as a map {"custom field name": "custom field value", ...}. The format must follow the saved format (see Custom Fields section for the formats).

useAsBackup
boolean
Default: false

Allow using this payment instrument as a backup for invoice payment retries.

Responses
201

Payment instrument was created.

Response Headers
Location
string <uri>

The location of the related resource.

Example: "https://api.rebilly.com/example"
Response Schema: application/json
id
string <= 50 characters

The payment instrument ID.

method
string

The method of payment instrument.

status
string

Payment instrument status. When an instrument is active it means it has been used at least once for an approved transaction. To remove an instrument from being in use, set it as deactivated (see the deactivation endpoint).

Enum: "active" "inactive" "expired" "deactivated" "verification-needed"
fingerprint
string

A unique value to identify the payment instrument regardless of variable values. It contains alphanumeric values.

bin
string <bin>

The card's bin (the PAN's first 6 digits).

last4
string

The PAN's last 4 digits.

expYear
integer

Card's expiration year.

expMonth
integer

Card's expiration month.

brand
string

Payment Card brand.

Enum: "Visa" "MasterCard" "American Express" "Discover" "Maestro" "Solo" "Electron" "JCB" "Voyager" "Diners Club" … 4 more
bankCountry
string

Payment instrument bank country.

bankName
string

Payment instrument bank name.

object

The billing address.

firstName
string or null <= 45 characters ^[\w\s\-\pL,.']+$

The contact first name.

lastName
string or null <= 45 characters ^[\w\s\-\pL,.']+$

The contact last name.

organization
string or null <= 255 characters ^[\w\s\-\pL,.'&]+$

The contact organization.

address
string or null <= 60 characters ^[\w\s\-\/\pL,.#;:()']+$

The contact street address.

address2
string or null <= 60 characters ^[\w\s\-\/\pL,.#;:()']+$

The contact street address (second line).

city
string or null <= 45 characters ^[\w\s\-\pL,.']+$

The contact city.

region
string or null <= 45 characters ^[\w\s\-\/\pL,.#;:()']+$

The contact region (state).

country
string or null <= 2 characters ^[A-Z]{2}$

The contact country ISO Alpha-2 code.

postalCode
string or null <= 10 characters ^[\w\s\-]+$

The contact postal code.

Array of objects (ContactPhoneNumbers)

The list of phone numbers.

Array
label
required
string <= 45 characters

The phone label.

value
required
string <= 50 characters

The phone value.

primary
boolean

True if phone is primary.

Array of objects (ContactEmails)

The list of emails.

Array
label
required
string <= 45 characters

The email label.

value
required
string <email> <= 255 characters

The email value.

primary
boolean

True if email is primary.

dob
string or null <date>

The contact's date of birth in ISO-8601 format (yyyy-mm-dd).

jobTitle
string or null <= 255 characters ^[\w\s\-\/\pL,.#;:()']+$

The contact's job title.

hash
string <= 40 characters

A hash that can be used to compare multiple contacts for identical attribute values.

useAsBackup
boolean
Default: false

Allow using this payment instrument as a backup for invoice payment retries.

billingPortalUrl
string

URL to the billing portal where the card can be updated.

createdTime
string <date-time>

Payment instrument created time.

updatedTime
string <date-time> (UpdatedTime)

Read-only timestamp updates when the resource is updated.

customFields
object (ResourceCustomFields)
Default: {}

Custom Fields list as a map {"custom field name": "custom field value", ...}. The format must follow the saved format (see Custom Fields section for the formats).

customerId
string (CustomerId) <= 50 characters

The customer resource ID. Defaults to UUID v4.

stickyGatewayAccountId
string or null

Sticky gateway account ID. All future payments will be processed by this gateway account.

expirationReminderTime
string or null <date-time>

Time expiration reminder event will be triggered.

expirationReminderNumber
integer or null

Number of expiration reminder events triggered.

object

Payment instrument reference data.

property name*
additional property
string
digitalWallet
string or null

Digital wallet type.

Enum: "Apple Pay" "Google Pay"
object (Risk metadata)

Risk metadata used for 3DS and risk scoring.

ipAddress
string <ipv4 or ipv6>

The customer's IP.

fingerprint
string <= 50 characters

The fingerprint.

object (HttpHeaders)

The HTTP headers.

property name*
additional property
string
object (Browser data)

Browser data used for 3DS and risk scoring.

colorDepth
required
integer [ 1 .. 48 ]

The browser's color depth in bits per pixel obtained using the screen.colorDepth property.

isJavaEnabled
required
boolean

Whether Java is enabled in a browser or not. Value is returned from the navigator.javaEnabled property.

language
required
string <= 8 characters

The browser's language settings returned from the navigator.language property.

screenWidth
required
integer [ 0 .. 65535 ]

The browser's screen width returned from the screen.width property.

screenHeight
required
integer [ 0 .. 65535 ]

The browser's screen height returned from the screen.height property.

timeZoneOffset
required
integer [ -1410 .. 1410 ]

The browser's time zone offset in minutes from UTC. A positive offset indicates the local time is behind UTC, and negative is ahead. Can find it with (new Date()).getTimezoneOffset() property.

object (Extra data)

Third party data used for risk scoring.

kountFraudSessionId
string [ 10 .. 32 ]

Alpha-numeric fraudSessionId as provided by the Kount SDK.

payPalMerchantSessionId
string [ 1 .. 64 ]

MerchantSessionID as generated by the PayPal Fraudnet SDK.

threatMetrixSessionId
string [ 1 .. 128 ] [a-zA-Z0-9_-]+

A temporary identifier that is unique to the visitor's session and passed to ThreatMetrix.

isProxy
boolean

True if customer's ip address is related to proxy.

isVpn
boolean

True if customer's ip address is related to VPN.

isTor
boolean

True if customer's ip address is related to TOR.

isHosting
boolean

True if customer's ip address is related to hosting.

vpnServiceName
string

VPN service name, if available.

isp
string

Internet Service Provider name, if available.

country
string <= 2 characters

Country ISO Alpha-2 code for specified ipAddress.

region
string

Region for specified ipAddress.

city
string

City for specified ipAddress.

latitude
number <double>

Latitude for specified ipAddress.

longitude
number <double>

Longitude for specified ipAddress.

postalCode
string <= 10 characters

Postal code for specified ipAddress.

timeZone
string

Time zone for specified ipAddress.

accuracyRadius
integer

Accuracy radius for specified ipAddress (kilometers).

distance
integer

Distance between IP Address and Billing Address geolocation (kilometers).

hasMismatchedBillingAddressCountry
boolean

True if the billing address country and geo-IP address are not the same.

hasMismatchedBankCountry
boolean

True if the bank country and geo-IP address are not the same.

hasMismatchedTimeZone
boolean

True if the browser time zone and IP address associated time zone are not the same.

hasMismatchedHolderName
boolean

True if the customer's name from billing address and from customer's primary address are not the same.

hasFakeName
boolean

True if the holder name seems fake.

isHighRiskCountry
boolean

True if geo-IP country or the customer's billing country is considered a high risk country.

paymentInstrumentVelocity
integer

Number of transactions for this payment instrument (based on fingerprint) in the last 24 hours.

deviceVelocity
integer

Number of transactions for this device (based on fingerprint) in the last 24 hours.

ipVelocity
integer

Number of transactions for this ip address in the last 24 hours.

emailVelocity
integer

Number of transactions for this email address in the last 24 hours.

billingAddressVelocity
integer

Number of transactions for this billing address in the last 24 hours.

score
integer

Risk score computed per all the factors.

Array of Self (object) or CustomerLink (object) or AuthTransactionLink (object) or ApprovalUrlLink (object) non-empty

The links related to resource.

Array (non-empty)
Any of:
href
required
string

The link URL.

rel
required
string

The link type.

Value: "self"
Array of AuthTransactionEmbed (object) or CustomerEmbed (object) non-empty

Any embedded objects available that are requested by the expand querystring parameter.

Array (non-empty)
Any of:

Auth Transaction object.

object (Transaction)
303

Payment instrument was updated.

401

Unauthorized access, invalid credentials were used.

403

Access forbidden.

422

Invalid data was sent.

post/payment-instruments
Request samples
application/json
{
  • "customerId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "token": "string",
  • "customFields": {
    },
  • "useAsBackup": false
}
Response samples
application/json
{
  • "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "method": "payment-card",
  • "status": "active",
  • "fingerprint": "string",
  • "bin": "string",
  • "last4": "string",
  • "expYear": 0,
  • "expMonth": 0,
  • "brand": "Visa",
  • "bankCountry": "string",
  • "bankName": "string",
  • "billingAddress": {
    },
  • "useAsBackup": false,
  • "billingPortalUrl": "string",
  • "createdTime": "2019-08-24T14:15:22Z",
  • "updatedTime": "2019-08-24T14:15:22Z",
  • "customFields": {
    },
  • "customerId": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
  • "stickyGatewayAccountId": "string",
  • "expirationReminderTime": "2019-08-24T14:15:22Z",
  • "expirationReminderNumber": 0,
  • "referenceData": {
    },
  • "digitalWallet": "Apple Pay",
  • "riskMetadata": {
    },
  • "_links": [
    ],
  • "_embedded": [
    ]
}