Docs Home
Dev Essentials
PaymentsCommerceCustomersStaffMerchants
Publish
Release notes

Docs

Docs Home
Dev Essentials
Payments
Commerce
Customers
Staff
Merchants
Publish
Release notes
Overview
Build a Tip Report
Split an Online Payment
Build a Sales Report
Delayed Capture
Partial Payments
Statement Descriptions
ACH Bank Transfer Payment
Afterpay and Clearpay Payments
Cash App Payments
Cash Payments
External Payments
House Accounts
Collect Application Fees
Update Payment and Tip Amounts
Retrieve Payments
Troubleshoot
Webhooks
Refund Payments
Refund a Payment with an App Fee
Retrieve Refunds
Webhooks
Process Disputes
Test in the Sandbox
Quickstart
Take Payments
POS App Pairing with Square Terminal
Dismiss Terminal Checkouts and Refunds
Monitor Square Terminals
Manage Terminal Actions
Save Card on File
Check Device Information
Print or Issue Receipts
Customize the Idle Screen
Confirmation Screen
Signature Capture Screen
Data Collection Screen
Menu Selection List Screen
QR Code Screen
Link and Dismiss Actions
Refund Interac Payments
Take E-Money Payments
Take PayPay QR Code Payments
Authorize the Mobile Payments SDK
Pair and Manage Card Readers
Take a Payment
Offline Payments
Handling Errors
Authorize the Mobile Payments SDK
Pair and Manage Card Readers
Take a Payment
Offline Payments
Configure for Square Stand
Handling Errors
Migrate from Reader SDK
Get Credentials
Configure the Sample Application
Take a Cash Payment
Customize the Checkout Amount
Take a Credit Card Payment
How It Works
Build on Android
Build on iOS
Connect a Contactless Reader
Charge a Card on File
Save a Card on File
Configure on iOS for Square Stand
Deauthorize Reader SDK
Capture a Transaction
Delay the Capture of Payments
Configure APK Splits
Update to New Reader SDK Version
Flutter Plugin
React Native Plugin
How It Works
Build on Android
Build on iOS
Build on Mobile Web
Find Your Android Fingerprint
Use the API in Offline Mode
Add an Alert Dialog Helper Class
Accept E-Money Payments
Accept PayPay Payments
Mobile Web Technical Reference
Payments API Integration
Clone the Quickstart Project Template
Add the SDK to the Web Client
Verify the Payment
Add Strong Customer Authentication
Deploy the Application
Take a Card Payment
Apple Pay
Google Pay
Digital Wallet Payment Requests
ACH Bank Transfer
Afterpay
Cash App Pay
Take a Gift Card Payment
Take Partial Payments
Customize the Card Entry Form
Verify the Buyer
Store Card on File with SCA
Charge Card on File with SCA
Charge and Store Card on File with SCA
Set up the Client
Deploy the Server
Install the SDK
Build on Android
Build on iOS
Google Pay
Apple Pay
Enable SRC for Android
Enable SRC for iOS
Localize an Application
Gift Card Payments
Flutter Plugin
React Native Plugin
Customize the Payment Entry Form
Connect to a Backend Service
Remove the Postal Code Requirement
Troubleshoot
How It Works
Verify Buyer
Quick Pay Checkout
Square Order Checkout
Subscription Plan Checkout
Checkout Settings
Checkout Configurations
Manage Checkout
Guidelines and Limitations
Subscription Plans and Variations
Manage Subscriptions
Subscription Actions and Events
Pause, Resume, or Cancel Subscriptions
Subscription Billing and Invoices
Swap Subscription Plan Variations
Create and Publish Invoices
Retrieve, List, or Search Invoices
Create or Delete Invoice Attachments
Update Invoices
Cancel or Delete Invoices
Pay or Refund Invoices
Walkthrough: Create and Publish Invoices
Cards
Manage Cards
Create a Card on File from Payment ID
Create a Card on File and a Payment
Create a Shared Card on File and Make a Payment
List Payouts
Get Payout
List Payout Entries
Bank Accounts
How It Works
Build with Mobile Authorization
Get Authorization Code on Command Line
Payment Methods by Country
Payments Pricing
Strong Customer Authentication
Payment Minimums

/

Payments

Cards API

Applies to: Cards API | Customers API | Payments API | Web Payments SDK | In-App Payments SDK

Use the Cards API to save credit or debit card information for future card-on-file payments.

Overview
Requirements and limitations
How the API works
Network tokenization
Link to section

Overview

Storing cards on file makes it easy for sellers to take payments — especially for recurring subscriptions and invoices — and for buyers to make payments. In addition to storing cards in a seller account, the Cards API can be used to retrieve card information, disable cards, or store shared cards in a developer account for payments to different sellers.

Watch the following video tutorial for an introduction to the Cards API and then continue reading for an in-depth overview.

Important

Always ask customers for permission before saving their card information. For example, include a checkbox in your purchase flow that customers can select to specify that they want to save their card information for future purchases.

Linking cards on file without obtaining customer permission can result in your application being disabled without notice.

Link to section

Requirements and limitations

  • The Square seller account must be enabled for card processing to create a card on file.
  • Applications using OAuth must have the following permissions to manage stored cards:
    • PAYMENTS_WRITE to create or disable cards.
    • PAYMENTS_READ to retrieve cards.
  • When a card stored in a Square developer account is used to make payments to a seller, the following permissions are required:
    • PAYMENTS_WRITE_SHARED_ONFILE to pay with a shared card.
    • CUSTOMERS_WRITE to create a customer in the seller account.
  • The Cards API cannot create a card on file using Apple Pay or Google Pay payment tokens.
  • The Cards API cannot store, retrieve, or manage Square gift cards. Square gift cards are managed using the Gift Cards API and Gift Card Activities API. For more information, see Manage Square Gift Cards on File.
Link to section

How the API works

The Cards API is used to store a buyer's credit card or debit card in a Square account. Cards are typically stored in a seller account for payments to that seller only, but the Cards API also supports storing shared cards in a developer account for payments to different sellers.

To store a card on file in a seller account, call the CreateCard endpoint and provide:

  • Card information, such as the card holder's name and billing address.
  • The customer ID obtained using the Customers API to retrieve an existing customer or create a new customer.
  • A payment token generated using the Web Payments SDK or In-App Payments SDK, or the ID of a recent payment created using the Payments API.

After the card is stored on file, the card ID is used for payments to the seller account. You can call the ListCards endpoint to retrieve the cards on file for a customer.

When you send a CreateCard request, the Cards API confirms that the card is valid by initiating a $0 verification against the card. The verification process doesn't remove any money from the cardholder's account. If the verification process fails, CreateCard returns an error. The verification process can fail for several reasons, including:

  • An incorrect card account number or CVV number.
  • The expiration date has passed.
  • The account associated with the card is closed or in bad standing.

If the stored card is suspended or expires after it has been stored, the Cards API automatically updates the status of the stored card. When an automatic update happens, your application is notified as long as it has subscribed to the card.automatically_updated webhook event.

Note

POS applications can use the Terminal API to save cards on file. For more information, see Save a Card on File with the Terminal API.

Link to section

Store a card on file from a payment token

To create a card on file with a payment token source, you must generate a payment token using the Web Payments SDK or In-App Payments SDK. To see an example that uses the Web Payments SDK to get a payment token and store a card, see Card on File with SCA.

Provide the card token in the Cards API CreateCard request to create a card on file for a customer in the seller Square account.

The OAuth access token you use in the CreateCard call must be issued for the same application ID that you used in the application that generated the card token.

Link to section

Store a card on file from a payment ID

You can store a card on file if you have a card Payment object whose source was keyed in or the card was present. A card on file cannot be used as a source. In this case, retrieve the Payment object and fill the source_id value with the Payment.id. The card that is keyed in for the payment is now stored on file for the customer who made the payment.

A request to create a card on file from a payment ID must meet the following conditions:

  • The payment ID must be on a credit or debit card successfully authorized within the last 24 hours.
  • A card on file is saved with the postal code from the payment ID if the postal code isn't provided with the CreateCard call.
  • If a postal code is provided in the CreateCard call, it must match the postal code of the payment ID.
  • The payment ID can be used to create only one card on file.
  • The payment ID and the card to be stored must be on the same seller account.
  • A payment ID from a developer-shared card on file cannot be used to duplicate a card on file on the target seller account.
  • A new card on file cannot be created using a payment ID authorized from an existing card on file.
Link to section

Store and charge a card on behalf of a seller account

A third-party developer can store cards on file in their own Square developer account for the customers of the Square sellers who use the third-party application.

Cards stored by a third-party application can be used for any other seller on the application. These are known as shared cards and enable a customer to save a card in the application once and use it with any other seller on the application.

For example, the third-party application you develop might be used by many different food sellers. When a customer wants to pay for a pie from one of the Square sellers on your application (such as Bob's Online Pizza Orders), the customer is prompted once to store the payment card with the seller's Square account. The customer can then use the card for purchases from any other Square seller that uses your application (such as Hometown Pies To Go or Rafael's Tacos to Your Door).

Developers put the cards on file for their own developer account and sellers grant the developer permission to create payments on the seller account using the developer stored card.

Link to section

Network tokenization

Network tokenization replaces a MasterCard or Visa payment card primary account number (PAN) and other card information with a token provided by the card issuer. When a tokenized card is used for a payment, the Cards API provides the network token to the card network as the payment card identifier. In this way, sensitive card information isn't transmitted with each payment request, reducing the risk of payment card fraud. Chargeback liability can be shifted from the seller to the card issuer in many cases.

Unlike a physical payment card or stored PAN, a network token doesn't expire. In practice, that means that if the buyer's Mastercard or Visa payment card has been stored on file and tokenized, they can still make payments with the stored card even though their physical card might have expired.

Note

For card brands that the Cards API doesn't provide network tokenization, storing a card on file is still available. In these cases, payment requests are transmitted to the card network using PANs. For information about supported card brands, see Card on file for payment.

Link to section

See also

On this page
OverviewRequirements and limitationsHow the API worksNetwork tokenizationSee also