Search Overlay


The scenarios below describe some of the main ways in which merchants use the Customer Vault API with Paysafe.

Scenario 1: Recurring Payments Service

­Typically used by merchants who offer repeat billing and subscription-based services.

In this scenario the merchant uses the Customer Vault API to set up a new customer profile and add customer address and card details to the profile.

When a card is added to a customer's profile, Paysafe returns a unique token that can be used for future payments linked to that card.

Whenever the merchant wants to process a payment for the cardholder, they make an authorization request using the Card Payments API. The request includes the token for the card being used to make the payment, plus the amount to be authorized.

We recommend that you verify the payment method before creating a Customer profile (for example, obtain an initial pre-authorization on the card to check it is valid). This step is not shown in the scenario above.

Scenario 2: Mobile Device Payments/Apple Pay Tokenization Service

Typically used by merchants who offer customers payments via mobile and smart phone devices (both Android and iOS are supported).

The user enters card details on the mobile app. The Android mobile app collects the payment and order data and sends it to the Paysafe Customer Vault API, which returns a single-use token to the mobile device (the token is valid for 15 minutes, after which it expires). This single-use token is sent to the merchant server, from which a purchase request is sent to Paysafe Card Payments API using a server-to-server API call.

If desired, the user profile can be saved for future requests. In this case, the merchant server sends the single-use token to the Paysafe Customer Vault API and in return receives a reusable, permanent payment token that is stored on the merchant's server. For details of creating a profile using a single-use token, click here.

Scenario 3: Using the Hosted Payments API with Customer Vault

Used by merchants who do not have the required level of PCI-DSS Compliance to collect or store customer card details on their systems.

The merchant uses the Hosted Payments API to process the initial purchase order, including the profile object, to create a customer profile with the order. The cardholder payment details are collected by Paysafe. Once authorized, details are stored in the Customer Vault and Paysafe will return a payment token, which can be used for subsequent payments.

For subsequent orders, the merchant can use the Card Payments API to process the payment by including the token in the purchase request.