If you adhere to the requirements of PCI DSS SAQ-A-EP, you may add card details to the checkout, authorize, and/or openContract request in the card query string parameter, separate from the main request body. Consequently, the signature calculation does not include the card details. You can also pass card details to Reach via the Stash request.
Field | Type | Required | Notes |
---|---|---|---|
Number | string | Yes | The card number, without punctuation or whitespace. |
Name | string | Yes | The cardholder's name as it appears on the card. |
Expiry | object | Yes | The expiration date of the card. |
> Year | integer | Yes | The expiration year is unabbreviated (e.g., 2020). |
> Month | integer | Yes | The expiry month, 1-12. |
VerificationCode | string | No | The card verification code. Although these are typically digits, leading zeros are significant, so this must be transmitted as a string. You may omit the verification code only if you specify the PreviousNetworkPaymentReference. |
PreviousNetworkPaymentReference | string | No | Suppose the card details are from a vault. In that case, you can use the card network payment reference (e.g., VISA transaction ID) of a previous payment using the same card instead of a VerificationCode. |