Tokenise Payment Method
MutationYou can securely store a payment method in our vault. You should use our recommended payments integrations to perform this process client-side. This ensures that no sensitive card data touches your server, and allows your integration to operate in a PCI-compliant way. The payment method is tokenised and we return you a token for future use.
If a customer id is provided, it assigns the payment method to that customer.
If customer data is provided, it creates a new customer and assigns the payment method to that customer.
Request
paymentMethodpaymentMethodInput ﹡paymentMethod.cardPaymentCardInputThe card this token will representcustomerVaultCustomerInputCustomer details to associate to the tokencustomer.idStringUnique identifier for the customercustomer.billingAddressBillingAddressInputThe customer’s addresscustomer.descriptionStringAn arbitrary string attached to the objectcustomer.emailStringThe customer’s email addresscustomer.nameString ﹡The customer’s full name or business namecustomer.phoneStringThe customer’s phone numbercustomer.shippingAddressShippingAddressInputMailing and shipping address for the customercustomer.companyCompanyInputCompany details for customer
curl
-X POST
-H "Content-Type: application/json"
-H "Authorization: Bearer xxxxxxx"
-d '{
"query": "mutation tokenisePaymentMethod($data: TokenInput!){
tokenisePaymentMethod(data: $data) {
id
token
createdDate
}
}",
"variables": {
"data": {
"paymentMethod": {
"card": {
"number":"4000056655665556",
"expMonth": 8,
"expYear": 2026,
"cvc": "342",
"name": "John Smith",
"billingAddress": {
"line1": "Bartlett Avenue",
"line2": "no. 4",
"city": "Southfield",
"postalCode": "48076",
"state": "Michigan",
"country": "USA"
},
"isDefault": true
},
"bankAccount": {
"number": "123456",
"accountHolderName": "John Smith",
"bankName": "Golden Horizon"
}
},
"externalId": "15793519248",
"customer": {
"id": "421dd9b0-0af6-41ee-9fc5-48f42d5ad640",
"name": "John Smith"
}
}
}
}'
https://api.whenthen.com/api/graphqlResponse
tokenisePaymentMethod.idIDUnique identifier for the object.tokenisePaymentMethod.tokenStringvalue of the tokentokenisePaymentMethod.createdDateDateTimeThe date and time at which the token was created yyyy-MM-dd'T'HH:mm:ssZtokenisePaymentMethod.customerVaultCustomerApiCustomer details associated to the token
{
"data": {
"tokenisePaymentMethod": {
"id": "e46d1d90-a71d-45f0-b900-5da4edf67a74",
"token": "yaGePwkqyBRWaYdA",
"createdDate": "2022-09-08T11:43:06.085692Z"
}
}
}Get Payment Method
QueryGet payment method.
Request
tokenString ﹡Value of the token or id of payment method
curl
-X POST
-H "Content-Type: application/json"
-H "Authorization: Bearer xxxxxxx"
-d '{
"query": "query getPaymentMethod($token: String!){
getPaymentMethod(token: $token)
}",
"variables": {
"token": "neHtRZxnhKJsuame"
}
}'
https://api.whenthen.com/api/graphqlResponse
getPaymentMethod.idIDUnique identifier for the object.getPaymentMethod.tokenStringValue of the card token.getPaymentMethod.numberStringMasked card number.getPaymentMethod.expMonthIntTwo-digit number representing the card's expiration month.getPaymentMethod.expYearIntTwo-digit number representing the card's expiration year.getPaymentMethod.nameStringCardholder name.getPaymentMethod.isDefaultBooleanIs default payment methodgetPaymentMethod.brandStringCard brand
{
"data": {
"getPaymentMethod": {
"id": "e0549aad-b836-4c48-b54a-aebfe573d782",
"token": "neHtRZxnhKJsuame",
"number": "**** **** **** 7892",
"expMonth": 3,
"expYear": 2030,
"name": "John Smith",
"isDefault": false,
"brand": "VISA",
}
}
}Delete Payment Method
MutationDelete a payment method.
Request
tokenString ﹡
curl
-X POST
-H "Content-Type: application/json"
-H "Authorization: Bearer xxxxxxx"
-d '{
"query": "mutation deletePaymentMethod($token: String!){
deletePaymentMethod(token: $token)
}",
"variables": {
"token": "neHtRZxnhKJsuame"
}
}'
https://api.whenthen.com/api/graphqlResponse
deletePaymentMethodBooleanwhether the payment method has been successfully deleted
{
"data": {
"deletePaymentMethod": true
}
}Create Customer
MutationCreates a customer. If payment method data is provided, it also creates a payment method and assigns it to the new customer. The payment method is tokenised and stored in our secure vault.
The Create Customer API enables you to create and manage customers. To setup a card for future payments, you must attach it to a Customer. You can also use the Customer to build card on file solutions.
Request
customerVaultCustomerInput ﹡Customer object
customer.billingAddressBillingAddressInputThe customer’s billing address
customer.descriptionStringAn arbitrary string attached to the object
customer.emailStringThe customer’s email address
customer.nameString ﹡The customer’s full name or business name
customer.phoneStringThe customer’s phone number
customer.shippingAddressShippingAddressInputMailing and shipping address for the customer
customer.companyCompanyInputCompany details for customercardPaymentCardInputCard data for a token we will associate to this customer
card.numberString ﹡The card number, as a string without any separators
card.expMonthInt ﹡Two-digit number representing the card’s expiration month
card.expYearInt ﹡Four-digit number representing the card’s expiration year
card.cvcStringCard security code
card.nameStringCardholder name
card.billingAddressBillingAddressInputCardholder address
card.isDefaultBooleanSet this as the default payment method
curl
-X POST
-H "Content-Type: application/json"
-H "Authorization: Bearer xxxxxxx"
-d '{
"query": "mutation createCustomer($data: CustomerInput!){
createCustomer(data: $data)
}",
"variables": {
"data": {
"card": {
"number":"4242424242424242",
"expMonth": 8,
"expYear": 2026,
"cvc": "582",
"name": "John Smith",
"billingAddress": {
"line1": "Bartlett Avenue",
"line2": "no. 4",
"city": "Southfield",
"postalCode": "48076",
"state": "Michigan",
"country": "USA"
},
"isDefault": true
},
"customer": {
"billingAddress": {
"line1": "Bartlett Avenue",
"line2": "no. 4",
"city": "Southfield",
"postalCode": "48076",
"state": "Michigan",
"country": "USA"
},
"description": "description",
"email": "john@example.com",
"name": "John Smith",
"phone": "406-694-3629",
"shippingAddress": {
"name": "John Smith",
"phone": "04153 79 44141",
"address": {
"line1": "Gruenauer Strasse 55",
"line2": "",
"city": "Buchhorst",
"postalCode": "16567",
"state": "Brandenburg",
"country": "DEU"
}
}
}
}
}
}'
https://api.whenthen.com/api/graphqlResponse
createCustomerIDUnique identifier for the customer
{
"data": {
"createCustomer": "9e8daecb-392a-4921-9dbb-384577ac4036"
}
}Update Customer
MutationUpdate a customer.
Request
idID ﹡Customer id
customerVaultCustomerInput ﹡Customer object
customer.billingAddressBillingAddressInputThe customer’s billing address
customer.descriptionStringAn arbitrary string attached to the object
customer.emailStringThe customer’s email address
customer.nameString ﹡The customer’s full name or business name
customer.phoneStringThe customer’s phone number
customer.shippingAddressShippingAddressInputMailing and shipping address for the customer
customer.companyCompanyInputCompany details for customer
curl
-X POST
-H "Content-Type: application/json"
-H "Authorization: Bearer xxxxxxx"
-d '{
"query": "mutation updateCustomer($id: ID!,$customer: VaultCustomerInput!){
updateCustomer(id: $id, customer: $customer)
}",
"variables": {
"id":"9e8daecb-392a-4921-9dbb-384577ac4036",
"customer": {
"billingAddress": {
"line1": "Bartlett Avenue",
"line2": "no. 4",
"city": "Southfield",
"postalCode": "48076",
"state": "Michigan",
"country": "USA"
},
"description": "description",
"email": "john@example.com",
"name": "John Smith",
"phone": "406-694-3629",
"shippingAddress": {
"name": "John Smith",
"phone": "04153 79 44141",
"address": {
"line1": "Gruenauer Strasse 55",
"line2": "",
"city": "Buchhorst",
"postalCode": "16567",
"state": "Brandenburg",
"country": "DEU"
}
}
}
}
}'
https://api.whenthen.com/api/graphqlResponse
updateCustomerBoolean ﹡Whether the customer has been successfully updated
{
"data": {
"updateCustomer": true
}
}Get Customer
QueryGet customer.
Request
idString ﹡Customer id
curl
-X POST
-H "Content-Type: application/json"
-H "Authorization: Bearer xxxxxxx"
-d '{
"query": "query getCustomer($id: String!){ getCustomer(id: $id) }",
"variables": {
"id": "440482b8-9197-4ac1-9f48-2832d9a0c662"
}
}' https://api.whenthen.com/api/graphqlResponse
getCustomer.idIDCustomer id
getCustomer.billingAddressBillingAddressApiThe customer's address
getCustomer.emailStringAn arbitrary string attached to the object
getCustomer.nameStringThe customer's full name or business name
getCustomer.shippingAddressShippingAddressApiMailing and shipping address for the customer
getCustomer.systemCreatedDateTimeThe date and time at which the customer was created yyyy-MM-dd'T'HH:mm:ssZ
getCustomer.systemUpdatedDateTimeThe date and time at which the customer was updated yyyy-MM-dd'T'HH:mm:ssZ
getCustomer.defaultPaymentMethodStringDefault payment method of the customer
{
'data': {
'getCustomer': {
'id':'440482b8-9197-4ac1-9f48-2832d9a0c662',
'name':'John Smith',
'email':'john.smith@example.com',
'billingAddress': {
'line1': "3589 Main Rd.",
'line2': "West Hill.",
'city': "Kilcoole",
'postalCode': "93027",
'postalCode': "Waterford",
'postalCode': "IRL"
}
}
}Get Payment Methods
QueryGet payment methods attached to a customer.
Request
customerIdString ﹡Unique identifier for the customer
curl
-X POST
-H "Content-Type: application/json"
-H "Authorization: Bearer xxxxxxx"
-d '{
"query": "query getPaymentMethods($customerId: String!){
getPaymentMethods(customerId: $customerId)
}",
"variables": {
"customerId": "33acf90a-609f-4b76-8e62-b19e6a1f81bc"
}
}'
https://api.whenthen.com/api/graphqlResponse
getPaymentMethods[PaymentMethod]List of payment methods.getPaymentMethod.idIDUnique identifier for the object.getPaymentMethod.tokenStringValue of the card token.getPaymentMethod.numberStringMasked card number.getPaymentMethod.expMonthIntTwo-digit number representing the card's expiration month.getPaymentMethod.expYearIntTwo-digit number representing the card's expiration year.getPaymentMethod.nameStringCardholder name.getPaymentMethod.isDefaultBooleanIs default payment methodgetPaymentMethod.brandStringCard brand
{
"data": {
"getPaymentMethods": [
{
"id": "e0549aad-b836-4c48-b54a-aebfe573d782",
"token": "neHtRZxnhKJsuame",
"number": "**** **** **** 7892",
"expMonth": 3,
"expYear": 2030,
"name": "John Smith",
"isDefault": false,
"brand": "VISA",
},
{
"id": "ec47571f-fcbe-4e62-bd34-5f67fdeae54e",
"token": "yetVucsiwQsYDdtw",
"number": "**** **** **** 1584",
"expMonth": 11,
"expYear": 2027,
"name": "John Smith",
"isDefault": true,
"brand": "MASTERCARD",
},
]
}
}Set the default payment method for a customer.
Request
tokenString ﹡Value of the token
curl
-X POST
-H "Content-Type: application/json"
-H "Authorization: Bearer xxxxxxx"
-d '{
"query": "mutation updateDefaultPaymentMethod($token: String!){
updateDefaultPaymentMethod(token: $token)
}",
"variables": {
"token": "neHtRZxnhKJsuame"
}
}'
https://api.whenthen.com/api/graphqlResponse
updateDefaultPaymentMethodBooleanwhether the payment method has been successfully updated
{
"data": {
"updateDefaultPaymentMethod": true
}
}Retrieve the payment processor token that is associated with the supplied WhenThenvaultToken.
The associated payment method should have been tokenised in our system before this API is invoked.
It is possible that WhenThen don't currently hold the payment processor token associated with the suppliedvaultToken. In this scenario, WhenThen will need to either tokenise or submit a verification payment against the payment processor in order to retrieve the associated payment processor token. This action may trigger 3DS. For this reason, an accessible callback endpoint should be supplied via the threeDSecureRedirectUrl parameter in the request body. When the 3DS handshake is complete, WhenThen will send the result to the supplied endpoint. If 3DS was successful then this API should be invoked again in order to retrieve the payment processor token from WhenThen's secure vault.
Request
tokenRequestHeadlessPaymentProcessorTokenRequest ﹡A top level object for the individual request fields.tokenRequest.vaultTokenString ﹡The WhenThen vault token that represents the payment methodtokenRequest.paymentProcessorConnectionIdString ﹡The ID of the payment processor connection that was setup in the WhenThen webapptokenRequest.currencyCodeString ﹡The default currency associated with the payment method. ISO 4217 (3 letter alpha code) format.tokenRequest.threeDSecureRedirectUrlStringThis should be supplied when operating in a 3DS-compliant region. The value must be an accessible URL which WhenThen will callback to with a 3DS result. 3DS may be triggered during a call from WhenThen to the payment processor during tokenisation or if a verification payment (zero-value auth) is required.
curl
-X POST
-H "Content-Type: application/json"
-H "Authorization: Bearer xxxxxxx"
-d '{
"query": "mutation headlessRequestPaymentProcessorToken($tokenRequest: HeadlessPaymentProcessorTokenRequest!){
headlessRequestPaymentProcessorToken(tokenRequest: $tokenRequest) {
token
}
}",
"variables": {
"tokenRequest": {
"vaultToken": "KbQHOIcQTpOXKmxr",
"paymentProcessorConnectionId": "connection-provider:ff8705dc-7d94-4a44-abe2-a206d5c833d9",
"currencyCode": "USD",
"threeDSecureRedirectUrl": "https://merchant.com/handle-3ds"
}
}'
https://api.whenthen.com/api/graphqlResponse
headlessRequestPaymentProcessorToken.tokenStringThe payment processor token.
{
"data": {
"headlessRequestPaymentProcessorToken": {
"token": "yaGePwkqyBRWaYdA"
}
}
}