Can't save card via source_id

I’m trying to use the following flow (the data is all converted to JSON):
1 - submit a payment (success)
2 - create a customer using the payment’s source_id (success)
3 - save a card related to the customer using the source_id and customer_id (FAIL)

I Send a payment with a response of:

Payment response:Array
(
    [payment] => Array
        (
            [id] => 73BQjUJutcF8LdmqHX0Twbom6R8YY
            [created_at] => 2021-09-27T22:03:07.481Z
            [updated_at] => 2021-09-27T22:03:07.671Z
            [amount_money] => Array
                (
                    [amount] => 33048
                    [currency] => GBP
                )

            [status] => COMPLETED
            [delay_duration] => PT168H
            [source_type] => CARD
            [card_details] => Array
                (
                    [status] => CAPTURED
                    [card] => Array
                        (
                            [card_brand] => VISA
                            [last_4] => 1019
                            [exp_month] => 11
                            [exp_year] => 2022
                            [fingerprint] => sq-1-oqGDocPJcaleGojsHKQx2qvtBIcTKJn7hbgPy70oPwF8iTvjkQA7xpV8BTR6AWen0w
                            [card_type] => CREDIT
                            [prepaid_type] => NOT_PREPAID
                            [bin] => 431000
                        )

                    [entry_method] => KEYED
                    [cvv_status] => CVV_ACCEPTED
                    [avs_status] => AVS_ACCEPTED
                    [statement_description] => SQ *DEFAULT TEST ACCOUNT
                    [card_payment_timeline] => Array
                        (
                            [authorized_at] => 2021-09-27T22:03:07.593Z
                            [captured_at] => 2021-09-27T22:03:07.671Z
                        )

                )

            [location_id] => L1C7FNP4HA3FJ
            [order_id] => OeuTJe74ZaVfzfFvr8mF5fXI6OIZY
            [reference_id] => 6416
            [risk_evaluation] => Array
                (
                    [created_at] => 2021-09-27T22:03:07.593Z
                    [risk_level] => NORMAL
                )

            [buyer_email_address] => support@ez-ms.com
            [shipping_address] => Array
                (
                    [address_line_1] => The Queens Walk
                    [locality] => London
                    [administrative_district_level_1] => LDN
                    [postal_code] => se1
                    [country] => GB
                )

            [note] => Order: 6416
            [total_money] => Array
                (
                    [amount] => 33048
                    [currency] => GBP
                )

            [approved_money] => Array
                (
                    [amount] => 33048
                    [currency] => GBP
                )

            [receipt_number] => 73BQ
            [receipt_url] => https://squareupsandbox.com/receipt/preview/73BQjUJutcF8LdmqHX0Twbom6R8YY
            [delay_action] => CANCEL
            [delayed_until] => 2021-10-04T22:03:07.481Z
            [version_token] => j0Lzr70WIGcrIN9n4MKyKZzJLP6l7xixDgLkklTUdQ45o
        )

)

I then create a customer using a source_id of 73BQjUJutcF8LdmqHX0Twbom6R8YY which returns an ‘id’ of JAHTXJJNR0WDN0RD9NC2VMH94M

I attempt to create a card for that customer using:

squarepay::send_request(https://connect.squareupsandbox.com/v2/cards): request:Array
(
    [type] => post
    [url] => https://connect.squareupsandbox.com/v2/cards
    [send_data] => Array
        (
            [source_id] => 73BQjUJutcF8LdmqHX0Twbom6R8YY
            [card] => Array
                (
                    [card_brand] => VISA
                    [last_4] => 1019
                    [exp_month] => 11
                    [exp_year] => 2022
                    [fingerprint] => sq-1-oqGDocPJcaleGojsHKQx2qvtBIcTKJn7hbgPy70oPwF8iTvjkQA7xpV8BTR6AWen0w
                    [card_type] => CREDIT
                    [prepaid_type] => NOT_PREPAID
                    [bin] => 431000
                    [customer_id] => JAHTXJJNR0WDN0RD9NC2VMH94M
                    [cardholder_name] => Tony 1
                )

            [idempotency_key] => sq_card_uk-dev346761523f9bb2eb2
        )

    [headers] => Array
        (
            [0] => Authorization: Bearer EAAAEGp_Q7nYSFoymliCdDqkJOR4Y8KPhUjP7kOOcKDsee_VEICOJHnzFNQYP8p2
            [1] => Accept: application/json
        )

)

But it FAILS with:

squarepay::send_request(https://connect.squareupsandbox.com/v2/cards): response:Array
(
    [errors] => Array
        (
            [0] => Array
                (
                    [category] => INVALID_REQUEST_ERROR
                    [code] => INVALID_CARD_DATA
                    [detail] => Invalid card data.
                    [field] => source_id
                )

        )

)

:wave: With Square the source_id is a one time use token. If you are going to first take a payment with the source_id and still want to save the card on file you’ll need to Create a Card on File from a Payment ID so your customer won’t have to enter their information in twice. :slightly_smiling_face:

I’m using the payment_id as the source_id in both creating the customer and saving the card from the same payment.

Are you saying that I can’t both create a customer and save a card to that customer from that same payment? I’m not understanding what you’re trying to tell me.

That should work. What test value are you using to create the initial payment?

I’m using a NONCE, then using the payment_id.
See the detail above.

I was able to replicate this and escalated to the team. I’ll be sure to post any updates.

So what am I supposed to do? You have an SCA deadline approaching which requires me to convert to your new api’s. But there are now 2 bugs I’ve found which should be basic QA tests during development.

How long do you anticipate the wait to be? I can live with the bug in verifyBuyer() but I can’t live with not being able to create a customer AND save a card from the same payment.

Note that further testing reveals that the issue is not that there are multiple uses of the payment_id as the source_id, Trying to create a card using a payment_id as the source_id fails even through the customer exists (created in a previous transaction).

This is a much more serious problem essentially making saving a card without a verificationToken impossible.

Is there any update from “The Team” on when this will be fixed? The deadline for SCA is rapidly approaching and the ability to save a card from a payment_id is critical in our application.

At this time there isn’t any additional update from the team.

Possibly you could share the status/priority of the defect so one might be able to plan some work around this? My testing has come to a grinding halt.

This is a high priority for the team and they are working on a fix. The SCA flow of first saving the card on file with the intent to STORE to get the card_id to then call verifyBuyer() again with the card_id and the intent to CHARGE is working as expected as a workaround.

Seriously? You expect a customer to sit around during a checkout process while they wait for 2 emails to be sent to separately verify the added card; once for purchase and once to save? In the front-end, I don’t even know whether the merchant wants to save cards. I don’t know that until the process gets to the backend.

That solution is not a workaround for any non-trivial environment. Merchant conversions will fall through the floor.

Any updates? We’re running out of time for SCA in the UK.

At this time there isn’t an update. The team is currently working on this.