I’m trying to add a save card option to our embedded web payment form and having issues when it comes to cards requiring SCA/calling
The flow I’ve got from here https://developer.squareup.com/docs/cards-api/walkthrough/card-from-payment-id is:
- User submits card details
- Send payment nonce, chargeVerificationToken and storeVerificationToken to api for payment
- Call payments API with
chargeVerificationToken (this works)
- Create customer (unless they already exist, then use existing id)
sourceId=[payment.id from previous request] and
storeVerificationToken (this is where it fails)
This flow works for cards without SCA challenges but always returns this error
CARD_DECLINED_VERIFICATION_REQUIRED for SCA enabled test cards when saving the card (the payment still goes through).
I’ve also managed to save a card if I skip the payment part and use the payment nonce and storeVerificationToken, so it seems the verificationTokens are both valid, but breaks when trying to save a card with the payment id. As far as I’m aware you can’t use the card nonce twice if it’s already been used for the charge.
- Should I be calling
verifyBuyer twice, once with
CHARGE and once with
STORE one after the other?
- Is there anything wrong with this flow?
The card should ideally be stored first then used to charge the customer. It looks like from your flow your charging the card then storing it.
Thanks for your reply @Bryan-Square. I’ve just tried swapping the requests round and I now get an error
Invalid verification_token when I attempt to charge the card (the card is now saved). I assume this is because the verification token was generated with the card details and not the newly saved card id?
Does this mean I have to change my steps to:
- Submits card details
- Call api to save card
CHARGE with saved payment card
- Charge card with api?
From https://developer.squareup.com/docs/cards-api/walkthrough/card-from-payment-id it seemed like it was possible to do it in one request, but maybe that doesn’t work with SCA?
Just to provide an update on this. The above flow seems to work - making two separate requests from the frontend and calling
verifyBuyer twice - first with the tokenised card and
STORE then again with the returned card id and
Just want to check two things:
- That this is how it is meant to work and there isn’t a more streamlined approach
- if anyone knows if the live version is likely to ask for a verification code twice like the test cards do, or if banks will authenticate in the background the second time?
That’s great that you got it to work. Unfortunately there isn’t a more streamlined approach and you’ll need to call