If the merchant adheres to the requirements of PCI DSS SAQ-A-EP, card details may be added to the checkout, authorize, and/or openContract request in the card query string parameter, separate from the main request body. Consequently, the card details are not included in the signature calculation. Card details may also be passed to Reach via the Stash request.
| Field | Type | Required | Notes |
|---|---|---|---|
| Number | string | Yes | The card number, without punctuation or whitespace. |
| Name | string | Yes | The name of the cardholder as it appears on the card. |
| Expiry | object | Yes | The expiration date of the card. |
| > Year | integer | Yes | The expiry year, unabbreviated (ex. 2020). |
| > Month | integer | Yes | The expiry month, 1-12. |
| VerificationCode | string | Yes | The card verification code. Although these are typically digits, leading zeros are significant so this must be transmitted as a string. |