Docs Home
Dev Essentials
PaymentsCommerceCustomersStaffMerchants
Publish
Release notes

Docs

Docs Home
Dev Essentials
Payments
Commerce
Customers
Staff
Merchants
Publish
Release notes
Overview
Build a Tip Report
Split an Online Payment
Build a Sales Report
Delayed Capture
Partial Payments
Statement Descriptions
ACH Bank Transfer Payment
Afterpay and Clearpay Payments
Cash App Payments
Cash Payments
External Payments
House Accounts
Collect Application Fees
Update Payment and Tip Amounts
Retrieve Payments
Troubleshoot
Webhooks
Refund Payments
Refund a Payment with an App Fee
Retrieve Refunds
Process an Unlinked Refund
Webhooks
Process Disputes
Test in the Sandbox
Quickstart
Take Payments
POS App Pairing with Square Terminal
Dismiss Terminal Checkouts and Refunds
Monitor Square Terminals
Take and Process Orders
Manage Terminal Actions
Save Card on File
Check Device Information
Print or Issue Receipts
Customize the Idle Screen
Confirmation Screen
Signature Capture Screen
Data Collection Screen
Menu Selection List Screen
QR Code Screen
Link and Dismiss Actions
Refund Interac Payments
Take E-Money Payments
Take QR Code Payments for Digital Wallets
Authorize the Mobile Payments SDK
Pair and Manage Card Readers
Take a Payment
Tap to Pay on Android
Offline Payments
Handling Errors
Authorize the Mobile Payments SDK
Pair and Manage Card Readers
Take a Payment
Tap to Pay on iPhone
Offline Payments
Configure for Square Stand or Square Kiosk
Handling Errors
Migrate from Reader SDK
React Native Plugin
Migrate to Mobile Payments SDK
Get Credentials
Configure the Sample Application
Take a Cash Payment
Customize the Checkout Amount
Take a Credit Card Payment
How It Works
Build on Android
Build on iOS
Connect a Contactless Reader
Charge a Card on File
Save a Card on File
Configure on iOS for Square Stand
Deauthorize Reader SDK
Capture a Transaction
Delay the Capture of Payments
Configure APK Splits
Update to New Reader SDK Version
Flutter Plugin
React Native Plugin
How It Works
Build on Android
Build on iOS
Build on Mobile Web
Find Your Android Fingerprint
Use the API in Offline Mode
Add an Alert Dialog Helper Class
Accept E-Money Payments
Accept PayPay Payments
Mobile Web Technical Reference
Payments API Integration
Take Payments Online
Web Payments SDK
Clone the Quickstart Project Template
Add the SDK to the Web Client
Verify the Payment
Add Strong Customer Authentication
Deploy the Application
Take a Card Payment
Apple Pay
Google Pay
Digital Wallet Payment Requests
ACH Bank Transfer
Afterpay
Cash App Pay
Take a Gift Card Payment
Take Partial Payments
Customize the Card Entry Form
Add SCA to a Card Payment
Store a Card on File
Charge a Card on File
Charge and Store a Card on File
Add a Content Security Policy
Set up the Client
Deploy the Server
Install the SDK
Build on Android
Build on iOS
Google Pay
Apple Pay
Enable SRC for Android
Enable SRC for iOS
Localize an Application
Gift Card Payments
Flutter Plugin
React Native Plugin
Customize the Payment Entry Form
Connect to a Backend Service
Remove the Postal Code Requirement
Troubleshoot
How It Works
Verify a Buyer
Quick Pay Checkout
Square Order Checkout
Subscription Plan Checkout
Checkout Settings
Checkout Configurations
Manage Checkout
Guidelines and Limitations
Subscription Plans and Variations
Manage Subscriptions
Subscription Actions and Events
Pause, Resume, or Cancel Subscriptions
Subscription Billing and Invoices
Swap Subscription Plan Variations
Create and Publish Invoices
Retrieve, List, or Search Invoices
Create or Delete Invoice Attachments
Update Invoices
Cancel or Delete Invoices
Pay or Refund Invoices
Walkthrough: Create and Publish Invoices
Manage Cards
Create a Card on File from Payment ID
Create a Card on File and Make a Payment
Create a Shared Card on File and Make a Payment
List Payouts
Get Payout
List Payout Entries
Bank Accounts
How It Works
Build with Mobile Authorization
Get Authorization Code on Command Line
Payment Methods by Country
Payments Pricing
Strong Customer Authentication
Payment Minimums

/

Payments

/

Take Payments Online

/

Web Payments SDK

Take a Card Payment

Applies to: Web Payments SDK | Payments API | Cards API | Strong Customer Authentication

Learn how to take card-not-present payments in a web client with the Web Payments SDK.

Overview
Link to section

Overview

Square provides two card-not-present (CNP) payment flows with the Web Payments SDK for taking a card payment:

  • (Beta) A new payment flow that involves:
    1. Generating a payment token. During payment tokenization, Square checks the tokenize request to determine whether buyer verification is needed based on the buyer's information.
    2. Including the payment token in a Payments API call to process a payment with CreatePayment.
  • The existing payment flow that involves:
    1. Generating a payment token.
    2. Generating a verification token after verifying the buyer.
    3. Including both the payment token and verification token in a Payments API call to process a payment with CreatePayment.

Important

The new payment flow will replace the existing Web Payments SDK card payment acceptance implementation and become the new default card payment flow when Square releases it for General Availability.

When Square releases the new payment flow for General Availability, Square will deprecate the Payments.verifyBuyer() method that performs buyer verification and generates a verification token. Square will provide a migration guide so that you can update your application to take card payments with the new payment flow.

Square recommends updating your application to use the new payment flow with the Web Payments SDK. However, during Beta, Square will continue to support both payment flows.

Link to section

Payment flows

Choose a payment flow to set up your application to take card payments with Web Payments SDK integration.

The Web Payments SDK provides secure payment methods and Strong Customer Authentication (SCA) regulatory compliance so that your application authorizes and processes card payments.

To simplify the operation of authorizing payments, verifying buyer identity, and processing card payments, you can implement the new payment flow. Using this flow, an application calls the Web Payments SDK Card.tokenize() method and exchanges all necessary information about the buyer in the tokenization request so Square can handle all the authentication before returning a payment token. This payment flow allows Square to process the payment and comply with any applicable local regulations or to comply with the seller's preference to trigger 3D Secure (3DS) authentication based on rules that the seller sets in Square Risk Manager.

The payment flow uses additional fields in tokenize() to allow Square to perform payment authentication, which involves:

  1. Running a buyer risk evaluation.

  2. Determining whether a payment will be authenticated with 3DS.

    Square authenticates a payment for two reasons:

    • Regulatory mandate - Square determines whether the payment is in scope of a mandate and routes the payment through 3DS as needed.
    • Seller choice - A seller sets a rule in Risk Manager for when 3DS is triggered for a payment. For more information, see Square Risk Manager seller documentation for 3DS.

  3. Applying 3DS if needed per authentication regulations.

  4. Tokenizing the card payment so that the Web Payments SDK returns a payment token to the application with the buyer's identity verified and authentication completed (if authentication is required by a regulatory mandate or the seller's Risk Manager risk rule).

With this authentication flow, you no longer need the application to call Payments.verifyBuyer() and handle a verification token. The benefit of this authentication flow is that it provides all the buyer verification functionality from calling Card.tokenize() and CreatePayment or CreateCard with a payment token.

After getting a payment token, the application calls CreatePayment to process and complete the payment.

Link to section

Applications that use a verification token

Modify your application so it can incorporate the new payment flow for authentication with the Card.tokenize() method. Your application should then perform fewer operations to authenticate buyers for card payments without calling Payments.verifyBuyer().

Note

During Beta, Square will continue to perform SCA checks for buyer verification if your application calls verifyBuyer().

Link to section

Requirements and limitations

  • Web Payments SDK integration
  • Card payment method support
Link to section

Set up the new payment flow

In your application, initialize a Card object. Modify the token and payment objects prior to calling Card.tokenize() and CreatePayment, respectively.

The Card.tokenize() method passes the following properties in a verificationDetails object:

  • amount - The amount of the card payment to be charged.
  • billingContact - The buyer's contact information for billing.
  • intent - The transactional intent of the payment.
  • sellerKeyedIn - Indicates that the seller keyed in payment details on behalf of the customer. This is used to flag a payment as Mail Order / Telephone Order (MOTO).
  • customerInitiated - Indicates whether the customer initiated the payment.
  • currencyCode - The three-letter ISO 4217 currency code.

Important

Provide as much buyer information as possible for billingContact so that you get more accurate decline rate performance from 3DS authentication.

  1. Declare a verificationDetails object and add the parameters to the object body in JSON format.
  2. Declare a token object and include the await parameter with the Card.tokenize() method, which takes the verificationDetails object as an argument.
  3. Declare a payment object, which calls createPayment and takes the token object as an argument.

The following code example demonstrates the payment flow setup.

If your application makes calls with verifyBuyer() and uses a verification token (as part of the Web Payments SDK card payment method setup to add SCA), complete the next two steps.

Link to section

Modify the payment test flow

Card tokenization now takes in a verificationDetails object. If your application currently creates the verificationDetails object for use with verifyBuyer(), you must move the verificationDetails properties to the tokenize() method. Square will be deprecating verifyBuyer() and the verification token, which won't automatically be included in the card tokenization request.

The following procedure describes how to modify the existing payment test flow:

  1. Move the buyer verification test values to the token object.

    If your application makes calls with verifyBuyer(), you can move the test values declared in the verificationDetails object to the tokenize() method of the token object and modify the parameter values. The following code examples show a set of test values:

    Before moving the test values

    After moving and modifying the test values

    Make sure to add and set the customerInitiated and sellerKeyedIn fields.

  2. Update createPayment to take only the token as an argument.

  3. Remove instances of the verificationToken object and verifyBuyer() method calls.

    async function handlePaymentMethodSubmission(event, card) {
  event.preventDefault();
  try {
    // disable the submit button as we await tokenization and make a payment request.
    cardButton.disabled = true;
    const token = await tokenize(card);
    const paymentResults = await createPayment(token);
    displayPaymentResults('SUCCESS');
    console.debug('Payment Success', paymentResults);
  } catch (e) {
    cardButton.disabled = false;
    displayPaymentResults('FAILURE');
    console.error(e.message);
  }
}
Link to section

Test the application

  1. Navigate to http://localhost:3000/ in your browser.

  2. Complete the card payment form and submit a test payment with a CNP test credit card from Sandbox Payments.

    For this step, test with two cards: a test card that invokes an SCA challenge and a test card that doesn't.

    1. Use an SCA test card with a challenge type of “Modal with Verification Code".

      The following modal launches:

      A graphic showing the SCA cardholder authentication window that appears when the verifyBuyer function is called.

    2. Enter the verification code in the pop-up window and choose Authenticate. After authentication, the application sends the payment request to complete the card payment.

    3. Check the console log in your browser or the returned TokenResult object to confirm that the payment token is generated.

    4. Refresh your browser and use a test card from the Card-not-present success state values table or an SCA test card with no challenge.

    5. Check the console log again in your browser or the returned TokenResult object to confirm that the payment token is generated.

Link to section

Update the application to take payments from a card on file

After testing the application to take a card payment, you can update the application to authorize buyers for card-on-file payments. The tokenize() method includes the intent key where you can update the value to CHARGE_AND_STORE. When your application charges and stores a card on file, the application should call CreateCard to create a new Card object when the application sends the buyer authentication and payment requests to Square. For more information, see Charge and Store a Card on File with SCA.

Link to section

Reference for tokenize() method fields

The payment flow includes the following tokenize() method fields that allow Square to handle buyer verification and authentication.

Field nameTypeExample value
amountstring
 amount: '1.00'
currencyCodestring
 currencyCode: 'GBP'
intentstring
  • CHARGE
  • STORE
  • CHARGE_AND_STORE
billingContactBillingContact
 billingContact: {
    addressLines: ['123 Main Street', 'Apartment 1'],
    familyName: 'Doe',
    givenName: 'John',
    email: '[email protected]',
    countryCode: 'GBP',
    phone: '3214563987',
    state: 'LND',
    city: 'London',
    postalCode: 'WC2N 5DU'
 }
customerInitiatedboolean
  • true
  • false
sellerKeyedInboolean
  • true
  • false
On this page
OverviewPayment flows