This guide will be removed on April 29, 2022. Please use our new, easier-to-use Toast technical documentation site. All updated content is on the new site.
The following procedure provides an overview of the process to authorize and apply a credit card payment.
To authorize and apply a credit card payment for an orders API order
-
Submit a
POSTrequest to the/pricesendpoint of the orders API to get the total price of each check in an order. For more information, see Getting check prices before you submit an order. -
Generate a UUID unique identifier for the credit card payment.
The payment UUID is a path parameter for a
PUTrequest to the/merchants/{merchantUuid}/payments/{paymentUuid}resource.You use the payment UUID to apply the authorized credit card payment to an order.
To generate the payment UUID, you must use the algorithm described in version four of the UUID standard.
-
Submit a
PUTrequest to the/merchants/{merchantUuid}/payments/{paymentUuid}resource of the credit cards API.In the message body of the request, include the total price for all checks and encrypted credit card information. For more information, see Authorizing a credit card payment.
-
Within five minutes, submit a
POSTrequest to the/ordersendpoint of the orders API to add the order.In the JSON message body data for a check, set the
guidvalue of the payment object to the payment UUID of the credit card payment. For more information, see Applying an authorized credit card payment to an orders API check.
If a credit card payment cannot be authorized, the ErrorMessage
object typically includes a generic, non-null, error message such
as Invalid card data.
Error messages in the credit cards API are intentionally not specific or detailed, to minimize the error information that reaches attackers that are attempting to make fraudulent payments.
For a list of common reasons for card denial, see Credit card declined message reference.