A Card object represents a credit or debit card. It contains many useful pieces of information about the card but importantly, it does not contain the full card number and CVC (which are kept securely in the ProcessOut Vault). However, you can use the card for a single payment by creating a card token with it. If you want to use the card for multiple payments, then you can use the card token to create a reusable customer token. Note that once you have used the card token either for a payment or to create a customer token, the card token becomes invalid, and you cannot use it further.
You can use the expires_soon field of the Card object to identify cards that will become invalid in the near future. When we detect that a card is about to expire, we will also fire an event to notify your webhook endpoint. You might respond by prompting the customer to supply a new payment card, for example.
Card object
List of fields
While the card object may seem to contain many parameters, only a handful are useful to merchants. Other may be used under specific scenarios as ProcessOut is fully transparent with the data it gathers. The following list contains most parameters that may be useful to merchants
| Field | Type | Description |
|---|---|---|
| id | string readonly | String value that uniquely identifies the card. |
| project_id | string readonly | Project that the card belongs to. |
| name | string | Cardholder’s name. Maximum 255 characters long |
| address1 | string | First line of cardholder’s address. Maximum 255 characters long |
| address2 | string | Second line of cardholder’s address. Maximum 255 characters long |
| city | string | City of cardholder’s address. Maximum 255 characters long |
| state | string | State or county of cardholder’s address. Maximum 255 characters long |
| country_code | string readonly | Country code of cardholder’s address. Must be a valid ISO 3166 country code with 2 characters |
| zip | string | ZIP code of cardholder’s address. Maximum 16 characters long |
| ip_address | string | IP address of the cardholder Must be a valid IP address |
| metadata | object | Metadata related to the card, in the form of key-value pairs (string - string). |
| preferred_scheme | string | Preferred scheme defined by the Customer. This gets priority when processing the Transaction. |
| scheme | string readonly | Scheme of the card, such as Visa or Mastercard. |
| co_scheme | string readonly | Co-scheme of the card, such as Carte Bancaire. |
| type | string readonly | Card type (debit, credit, deferred debit, prepaid, charge or unknown). |
| bank_name | string readonly | Name of the card’s issuing bank. |
| brand | string readonly | Brand of the card, such as Electron, Classic or Gold. |
| category | string readonly | Card category (consumer, commercial, business, corporate, governement or probably-consumer). |
| iin | string readonly | Issuer identification number. Corresponds to the first 6 or 8 digits of the main card number. By default, your project will be configured with 8 digits, compliant with PCI specification |
| last_4_digits | string readonly | Last 4 digits of the card. |
| fingerprint | string readonly | Hash value that remains the same for this card even if it is tokenized several times. Note that this value is different for each project and cannot be used for payment. |
| exp_month | integer | Month of the expiration date. |
| exp_year | integer | Year of the expiration date. |
| cvc_check | string readonly | CVC check status. Can be: - pending: The check was not verified yet- unavailable: The request has been sent, but no response has been received (typically, the issuer or acquirer isn't compatible)- unknown: We couldn't verify the status- failed: The CVC check has failed (CVC invalid)- passed: The CVC check has succeeded (CVC valid) |
| avs_check | string readonly | AVS check status. Can be: - pending: The check was not verified yet- unavailable: The request has been sent, but no response has been received (typically, the issuer or acquirer isn't compatible)- unknown: We couldn't verify the status- failed: The AVS check has failed- failed-name: The AVS check has failed because the name is invalid- failed-address: The AVS check has failed because the address is invalid- failed-postal: The AVS check has failed because the postal code is invalid- failed-address-passed-postal: The AVS check has failed because the address is invalid, but the postal code is valid- failed-postal-passed-address: The AVS check has failed because the postal code is invalid, but the address is valid- passed: The AVS check has succeeded |
| token_type | string readonly | Contains the name of a third party tokenization method (such as applepay), if one was used or null otherwise. |
| used | boolean readonly | Denotes whether or not this card has been assigned to a Customer Token or has been successfully authorized. This field is tied with has_been_authorized, depending on its value:If has_been_authorized is null:- used=true means that this card can't be assigned to a Customer Token, nor can it be used to authorize using this card as the source- used=false/null means that this card can be assigned to a Customer Token or can be used to authorize using this card as the sourceIf has_been_authorized is not null:- used=true means that this card can't be used to authorize using this card as the source- used=false/null means that this card can be used to authorize using this card as the source |
| has_been_authorized | boolean readonly | Denotes whether or not this card has been successfully authorized. - true: This card can't be assigned to a Customer Token- false: This card can be assigned to a Customer Token- null: Refer to the used field description |
| sandbox | boolean readonly | Denotes whether or not this card was created in the sandbox testing environment. |
| created_at | datetime readonly | Date and time when this card was created. |
The billing address of the
Cardwill be overwritten with the billing address of the invoice, if it is set during transaction processing (except for the card country code, which is automatically derived from the card number). In order of priority, ProcessOut uses the invoice billing address, then theCardbilling address, before falling back to theCustomerbilling address if no other address is available.
JSON object
{
"card": {
"project_id": "proj_IFCgGTmyClrgTOzsschN1y7GJttHVQ7S",
"update_type": null,
"update_reason_code": null,
"scheme": "visa",
"co_scheme": null,
"preferred_scheme": null,
"type": "debit",
"bank_name": "REVOLUT LIMITED",
"brand": "visa infinite",
"category": "consumer",
"iin": "41659815",
"last_4_digits": "4111",
"fingerprint": "5543c446bbacd7ab48f22e1fe0e4d88e590ba37ecb9ab2cfd3f7e7269bd194e7",
"exp_month": 12,
"exp_year": 2027,
"cvc_check": "passed",
"avs_check": "passed",
"checks": {
"cvc_check": "passed",
"cvc_check_reason": null,
"avs_check": "passed",
"avs_postal_check": "passed",
"avs_postal_check_reason": null,
"avs_street_check": "passed",
"avs_street_check_reason": null,
"avs_name_check": "passed",
"avs_name_check_reason": null
},
"token_type": null,
"name": "Pierre L",
"address1": "133 rue Lamarck",
"address2": null,
"city": "Paris",
"state": "Ile de France",
"country_code": "FR",
"zip": "75018",
"ip_address": "1.2.3.4",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Safari/605.1.15",
"header_accept": "*/*",
"app_color_depth": 24,
"app_java_enabled": false,
"app_language": "en-US",
"app_screen_height": 900,
"app_screen_width": 1440,
"app_timezone_offset": -60,
"header_referer": "https://js.processout.com/",
"expires_soon": false,
"metadata": {},
"used": true,
"has_been_authorized": false,
"sandbox": true,
"created_at": "2023-04-24T11:27:12.943960085Z",
"updated_at": "2023-04-24T11:27:12.943960014Z",
"id": "card_iyBjJk4tClg445emITDYv6paTXZDgwsP",
"cvc_tokenized": true,
"tokenization_method": null,
"payment_source_detail": null
},
"success": true
}