Last updated: 27 October 2025 | Change log
To take a payment, you must first create an authorization request. Your response contains links to your next available actions.
If you want to reserve funds in your customer's account, send us an authorization request.
POST your authorization request to the payments:authorize action link received in your root resource response to authorize a payment.
POST https://try.access.worldpay.com/payments/authorizations
The requests below contain all the mandatory fields needed for a successful authorization request.
Click the tabs below to see all the mandatory fields for all supported paymentInstrument parameters.
Authorization request body:
{
"transactionReference": "unique-transactionReference",
"merchant": {
"entity": "default"
},
"instruction": {
"narrative": {
"line1": "trading name"
},
"value": {
"currency": "GBP",
"amount": 250
},
"paymentInstrument": {
"type": "card/plain",
"cardHolderName": "John Appleseed",
"cardNumber": "4444333322221111",
"cardExpiryDate": {
"month": 5,
"year": 2035
}
}
}
}| Parameter | Required? | Description |
|---|---|---|
transactionReference | ✅ | A unique reference generated by you that is used to identify a payment throughout its lifecycle. See transaction reference format, for more details and the best practices. |
merchant | ✅ | An object that contains information about the merchant. |
merchant.entity | ✅ | Direct your payment to assist with billing, reporting and reconciliation. This is mandatory for authentication and queries. Contact your Implementation Manager for more details. |
instruction | ✅ | An object that contains all the information related to the payment. |
instruction.narrative | ✅ | The text that appears on your customer's statement. Used to identify the merchant. See narrative formatfor more details and best practices. |
narrative.line1 | ✅ | The first line of the narrative which appears on your customer's statement (24 characters max. If character is not supported it is replaced with a space.). See narrative line1 format for more details. |
value.currency | ✅ | The three digit currency code. See list of supported currencies. |
value.amount | ✅ | The payment amount. This is a whole number with an exponent e.g. if exponent is two, 250 is 2.50. You can find the relevant exponent in our currency table. |
instruction.paymentInstrument | ✅ | An object that contains the payment type and details. To use "tokens" as a paymentInstrument you must first [create a token](PUT s/create-a-token). To use "checkout with CVC" (card on file only) as paymentInstrument you must first use our checkout SDK and create a token. |
3DS authorization request parameter descriptions
To get the customer authentication object you must complete an authentication request using our 3DS API.
{
"transactionReference": "unique-transactionReference",
"merchant": {
"entity": "default"
},
"instruction": {
"narrative": {
"line1": "trading name"
},
"value": {
"currency": "GBP",
"amount": 250
},
"paymentInstrument": {
"type": "card/plain",
"cardHolderName": "John Appleseed",
"cardNumber": "4444333322221111",
"cardExpiryDate": {
"month": 5,
"year": 2035
}
}
},
"customer": {
"authentication": {
"version": "1.0.2",
"type": "3DS",
"eci": "05",
"authenticationValue": "MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=",
"transactionId": "z9UKb06xLziZMOXBEmWSVA1kwG0="
}
}
}| Parameter | Required? | Description |
|---|---|---|
customer | ✅ | An object containing the result of your customer's verification. For more details see 3DS verification. |
authentication.type | ✅ | 3DS |
authentication.version | ✅ | The version of 3DS used to process the transaction. For 3DS1 - 1.0.2For 3DS2 - 2.1.0 or 2.2.0 Note Required for Mastercard's Identity Check transactions in Authorization. |
authentication.eci | ✅ | Electronic Commerce Indicator (ECI). Indicates the outcome of the 3DS verification.
|
authentication.authenticationValue | ✅ | A cryptographic value that provides evidence of the outcome of a 3DS verification.
authentication.authenticationValue must be 28 digits max and must be base64-encoded. |
authentication.transactionId | ✅ | Required, if authentication.eci value is 01, 02, 05 or 06.A unique authentication transaction identifier, generated by the issuer. For version 3DS1: transactionId must be base64-encoded and 28 digits in length.For version 3DS2: transactionId must be a UUID and 36 characters in length. |
Optional fields and descriptions
The requests below contain all the mandatory and optional fields needed for a successful authorization request.
Full authorization request body:
{
"transactionReference": "unique-transactionReference",
"merchant": {
"entity": "default",
"mcc": "1234",
"paymentFacilitator": {
"pfId": "12345",
"isoId": "12345",
"subMerchant": {
"name": "John",
"merchantId": "12345",
"postalCode": "SW1 1AA",
"street": "Regent Street",
"city": "London",
"countryCode": "GB"
}
}
},
"instruction": {
"debtRepayment": true,
"narrative": {
"line1": "trading name",
"line2": "order number"
},
"value": {
"currency": "GBP",
"amount": 250
},
"paymentInstrument": {
"cvc": "123",
"billingAddress": {
"address1": "Worldpay",
"address2": "1 Milton Road",
"address3": "The Science Park",
"postalCode": "CB4 0WE",
"city": "Cambridge",
"state": "Cambridgeshire",
"countryCode": "GB"
},
"type": "card/plain",
"cardHolderName": "John Appleseed",
"cardNumber": "4444333322221111",
"cardExpiryDate": {
"month": 5,
"year": 2035
}
}
}
}The descriptions of the additional parameters in your complete authorization request.
| Parameter | Required | Description |
|---|---|---|
narrative.line2 | ❌ | Additional details about the payment e.g. order number, telephone number. |
paymentInstrument.billingAddress | ❌ | An object containing the billing address information. If included you must send at least:
|
merchant.mcc | ❌ | You can apply a merchant category code (mcc) to an individual request. You can only provide an mcc if we have enabled the dynamic mcc feature during boarding. If enabled but not provided, merchant.mcc defaults to a configured value. For more information contact your Relationship Manager. |
paymentInstrument.cvc | ❌ | CVC is a unique set of 3 or 4 numbers on the back of the card. Our API checks to see if the CVC supplied matches the CVC held by the issuing bank. |
merchant.paymentFacilitator | ❌ | An object containing Payment Facilitator information. If required you must send:
|
Check out our API reference for more information on the Authorization request and schema for each version of our Payments API.
You receive:
- an HTTP code
201 - an
"outcome": "authorized" - risk factors (only returned if issuer identifies conflict)
- an issuer authorization code
- links to cancel, settle , partially settle or query your payment
You receive:
- an HTTP code
201 - an
"outcome": "refused" - a refusal code
- a
descriptionwhich gives additional context on the refusal
{
"outcome": "authorized",
"riskFactors": [{
"risk": "not_matched",
"type": "cvc"
},
{
"risk": "not_checked",
"detail": "postcode",
"type": "avs"
},
{
"risk": "not_matched",
"detail": "address",
"type": "avs"
}
],
"issuer": {
"authorizationCode": "0"
},
"_links": {
"payments:cancel": {
"href": "https://try.access.worldpay.com/payments/authorizations/cancellations/eyJrIjoiazNhYjYzMiJ9"
},
"payments:settle": {
"href": "https://try.access.worldpay.com/payments/settlements/full/eyJrIjoiazNhYjYzMiJ9"
},
"payments:partialSettle": {
"href": "https://try.access.worldpay.com/payments/settlements/partials/eyJrIjoiazNhYjYzMiJ9"
},
"payments:events": {
"href": "https://try.access.worldpay.com/payments/events/eyJrIjoiazNhYjYzMiJ9"
},
"curies": [{
"name": "payments",
"href": "https://try.access.worldpay.com/rels/payments/{rel}",
"templated": true
}]
}
}You can use the payments:settle action link to settle the payment straight away. Alternatively you can cache the response and use the link to settle the payment later.
Address and Card Verification
To reduce the probability of processing a fraudulent payment, supply your customer's billing address and cvc in your authorization request.
We check this with your customer's issuing bank and include any conflicts in our response.
The riskFactors array is returned only if there is a risk associated with the authorization request. The riskFactors array returns an object for avs and cvc only if this information was included in the authorization request and if any risk was identified.
The table below describes the response parameters:
| Parameter | Description |
|---|---|
riskFactors.type | Returns avs or cvc |
riskFactors.detail | For avs only.Returns postcode or address |
riskFactors.risk | Returns not_checked, not_matched or not_supplied |
Issuer
Information returned by your customer's card issuer based on your authorization request.
| Parameter | Description |
|---|---|
issuer.authorizationCode | The authorization code returned by customer's card issuer. |
If you need to make an existing recurring payment agreement compliant with the stored credentials mandate, use our payments:migrateRecurringAuthorize action link.
POST your recurring authorization request to our payments:migrateRecurringAuthorize action link received in your root resource response.
POST https://try.access.worldpay.com/payments/authorizations/migrateRecurring
Click the tabs below to see all the mandatory fields for all supported paymentInstrument parameters.
migrateRecurring authorization request body:
{
"transactionReference": "unique-transactionReference",
"merchant": {
"entity": "default"
},
"instruction": {
"narrative": {
"line1": "trading name"
},
"value": {
"currency": "GBP",
"amount": 250
},
"paymentInstrument": {
"type": "card/plain",
"cardHolderName": "John Appleseed",
"cardNumber": "4444333322221111",
"cardExpiryDate": {
"month": 5,
"year": 2035
}
}
}
}Descriptions of your migrateRecurring authorization request parameters can be found here
migrateRecurring authorization optional fields
The requests below contain all the mandatory and optional fields needed for a successful migrateRecurring authorization request.
Full migrateRecurring authorization request body:
{
"transactionReference": "unique-transactionReference",
"merchant": {
"entity": "default",
"mcc": "1234",
"paymentFacilitator": {
"pfId": "12345",
"isoId": "12345",
"subMerchant": {
"name": "John",
"merchantId": "12345",
"postalCode": "SW1 1AA",
"street": "Regent Street",
"city": "London",
"countryCode": "GB"
}
}
},
"instruction": {
"narrative": {
"line1": "trading name",
"line2": "order number"
},
"value": {
"currency": "GBP",
"amount": 250
},
"paymentInstrument": {
"billingAddress": {
"address1": "Worldpay",
"address2": "1 Milton Road",
"address3": "The Science Park",
"postalCode": "CB4 0WE",
"city": "Cambridge",
"state": "Cambridgeshire",
"countryCode": "GB"
},
"type": "card/plain",
"cardHolderName": "John Appleseed",
"cardNumber": "4444333322221111",
"cardExpiryDate": {
"month": 12,
"year": 2035
}
}
}
}Descriptions of your full migrateRecurring authorization request parameters can be found here.
You receive:
- an HTTP code
201 - an
"outcome": "authorized" - an issuer response code
- links to cancel, settle , partially settle or query your payment
- an authorization link for the next payment in your recurring agreement
You receive:
- an HTTP code
201 - an
"outcome": "refused" - an issuer response code
- a
descriptionwhich gives additional context on the refusal
{
"outcome": "authorized",
"issuer": {
"authorizationCode": "0"
},
"scheme": {
"reference": "1260019172"
},
"_links": {
"payments:cancel": {
"href": "https://try.access.worldpay.com/payments/authorizations/cancellations/eyJrIjoiazNhYjYzMiJ9"
},
"payments:settle": {
"href": "https://try.access.worldpay.com/payments/settlements/full/eyJrIjoiazNhYjYzMiJ9"
},
"payments:partialSettle": {
"href": "https://try.access.worldpay.com/payments/settlements/partials/eyJrIjoiazNhYjYzMiJ9"
},
"payments:events": {
"href": "https://try.access.worldpay.com/payments/events/eyJrIjoiazNhYjYzMiJ9"
},
"curies": [{
"name": "payments",
"href": "https://try.access.worldpay.com/rels/payments/{rel}",
"templated": true
}],
"payments:CardOnFileAuthorize": {
"href": "https://try.access.worldpay.com/payments/authorizations/CardOnFile/eyJrIjoiazNhYjYzMiJ9"
}
}
}You can use the payments:settle action link to settle the payment straight away. Alternatively you can cache the response and use the link to settle the payment later.
You must always store and use the link returned in the payments:recurringAuthorize action link to authorize your next payment.
Authorize new card on file payments whilst making them compliant. Migrate existing card on file agreements to a compliant environment whilst you send an authorization request.
This resource can only accept tokens as a payment instrument.
POST your card on file authorizations to our payments:migrateCardOnFileAuthorize action link resource received in your root resource response.
POST https://try.access.worldpay.com/payments/authorizations/migrateCardOnFile
Click the tabs below to see all the mandatory fields for all supported paymentInstrument parameters.
migrateCardOnFile authorization request body:
{
"transactionReference": "unique-transactionReference",
"merchant": {
"entity": "default"
},
"instruction": {
"narrative": {
"line1": "trading name"
},
"value": {
"currency": "GBP",
"amount": 250
},
"paymentInstrument": {
"type": "card/token",
"href": "https://try.access.worldpay.com/tokens/{}",
"cvc": "898"
}
}
}Descriptions of your migrateCardOnFile authorization request parameters can be found here and here for your 3DS parameters.
migrateCardOnFile authorization optional fields
The requests below contain all the mandatory and optional fields needed for a successful migrateCardOnFile authorization request.
Full migrateCardOnFile authorization request body:
{
"transactionReference": "unique-transactionReference",
"merchant": {
"entity": "default",
"mcc": "1000",
"paymentFacilitator": {
"pfId": "12345",
"isoId": "12345",
"subMerchant": {
"name": "John",
"merchantId": "12345",
"postalCode": "SW1 1AA",
"street": "Regent Street",
"city": "London",
"countryCode": "GB"
}
}
},
"instruction": {
"narrative": {
"line1": "trading name",
"line2": "order number"
},
"value": {
"currency": "GBP",
"amount": 250
},
"paymentInstrument": {
"type": "card/token",
"href": "https://try.access.worldpay.com/tokens/{}",
"cvc": "898"
},
"intent": "instalment"
}
}Descriptions of your full migrateCardOnFile authorization request parameters can be found here and here for your 3DS parameters.
You receive:
- an HTTP code
201 - an `"outcome": "authorized"
- risk factors (only returned if issuer identifies conflict)
- an issuer authorization code
- scheme reference
- links to cancel, settle , partially settle or query your payment
- an authorization link for the next payment in your repeat payment agreement
You receive:
- an HTTP code
201 - an
"outcome": "refused" - a refusal code
- a
descriptionwhich gives additional context on the refusal
{
"outcome": "authorized",
"issuer": {
"authorizationCode": "0"
},
"scheme": {
"reference": "1260019172"
},
"_links": {
"payments:cancel": {
"href": "https://try.access.worldpay.com/payments/authorizations/cancellations/eyJrIjoiazNhYjYzMiJ9"
},
"payments:settle": {
"href": "https://try.access.worldpay.com/payments/settlements/full/eyJrIjoiazNhYjYzMiJ9"
},
"payments:partialSettle": {
"href": "https://try.access.worldpay.com/payments/settlements/partials/eyJrIjoiazNhYjYzMiJ9"
},
"payments:events": {
"href": "https://try.access.worldpay.com/payments/events/eyJrIjoiazNhYjYzMiJ9"
},
"curies": [{
"name": "payments",
"href": "https://try.access.worldpay.com/rels/payments/{rel}",
"templated": true
}],
"payments:CardOnFileAuthorize": {
"href": "https://try.access.worldpay.com/payments/authorizations/CardOnFile/eyJrIjoiazNhYjYzMiJ9"
}
}
}You can use the payments:settle action link to settle the payment straight away. Alternatively you can cache the response and use the link to settle the payment later.
You must store and use the link returned in the payments:CardOnFileAuthorize action link to authorize your next payment.
Next steps