Web payments charge and store card with SCA

Questions
1

I’m trying to add a save card option to our embedded web payment form and having issues when it comes to cards requiring SCA/calling verifyBuyer.

The flow I’ve got from here https://developer.squareup.com/docs/cards-api/walkthrough/card-from-payment-id is:

Frontend

  1. User submits card details
  2. Call verifyBuyer with intent:CHARGE
  3. Call verifyBuyer with intent:STORE
  4. Send payment nonce, chargeVerificationToken and storeVerificationToken to api for payment

API

  1. Call payments API with sourceId=nonce and chargeVerificationToken (this works)
  2. Create customer (unless they already exist, then use existing id)
  3. Call createCard with sourceId=[payment.id from previous request] and storeVerificationToken (this is where it fails)

This flow works for cards without SCA challenges but always returns this error CARD_DECLINED_VERIFICATION_REQUIRED for SCA enabled test cards when saving the card (the payment still goes through).

I’ve also managed to save a card if I skip the payment part and use the payment nonce and storeVerificationToken, so it seems the verificationTokens are both valid, but breaks when trying to save a card with the payment id. As far as I’m aware you can’t use the card nonce twice if it’s already been used for the charge.

Questions:

  1. Should I be calling verifyBuyer twice, once with CHARGE and once with STORE one after the other?
  2. Is there anything wrong with this flow?
2

:wave: The card should ideally be stored first then used to charge the customer. It looks like from your flow your charging the card then storing it. :slightly_smiling_face:

3

Thanks for your reply @Bryan-Square. I’ve just tried swapping the requests round and I now get an error Invalid verification_token when I attempt to charge the card (the card is now saved). I assume this is because the verification token was generated with the card details and not the newly saved card id?

Does this mean I have to change my steps to:

  1. Submits card details
  2. verifyBuyer STORE
  3. Call api to save card
  4. verifyBuyer CHARGE with saved payment card
  5. Charge card with api?

From https://developer.squareup.com/docs/cards-api/walkthrough/card-from-payment-id it seemed like it was possible to do it in one request, but maybe that doesn’t work with SCA?

4

Just to provide an update on this. The above flow seems to work - making two separate requests from the frontend and calling verifyBuyer twice - first with the tokenised card and STORE then again with the returned card id and CHARGE.

Just want to check two things:

  1. That this is how it is meant to work and there isn’t a more streamlined approach
  2. if anyone knows if the live version is likely to ask for a verification code twice like the test cards do, or if banks will authenticate in the background the second time?
5

That’s great that you got it to work. Unfortunately there isn’t a more streamlined approach and you’ll need to call verifyBuyer twice. :slightly_smiling_face: