If the merchant adheres to the requirements of PCI DSS SAQ-A-EP, card details may be added to the checkout, authorize, and/or openContract request in the card query string parameter, separate from the main request body. Consequently, the card details are not included in the signature calculation. Card details may also be passed to Reach via the Stash request.
| Field | Type | Required | Notes |
|---|---|---|---|
| Number | string | Yes | The card number, without punctuation or whitespace. |
| Name | string | Yes | The name of the cardholder as it appears on the card. |
| Expiry | object | Yes | The expiration date of the card. |
| > Year | integer | Yes | The expiry year, unabbreviated (ex. 2020). |
| > Month | integer | Yes | The expiry month, 1-12. |
| VerificationCode | string | No | The card verification code. Although these are typically digits, leading zeros are significant so this must be transmitted as a string. This may be omitted only if PreviousNetworkPaymentReference is specified. |
| PreviousNetworkPaymentReference | string | No | If the card details are from a vault, the card network payment reference (e.g. VISA transaction id) of a previous payment using the same card. This can be used in lieu of a VerificationCode. |