Merchant-Initiated Transactions

Home    Online Payments    Card Operations    Merchant-Initiated Transactions

On this page:

Overview

A merchant-initiated transaction (MIT) is a payment transaction initiated by a merchant with the customer’s prior consent. MIT payments are sometimes named subsequent or recurring card payment transactions.

Card schemes require additional parameters to process MIT payments.

The MIT flow involves two or more transactions: an initial payment and one or more subsequent payments.

This topic describes these transactions and the additional parameters to include in these requests:

Stored Credentials

Subsequent MIT payment requests are sent by you (with the customer’s prior consent), using the customer’s “cardholder details” (stored credentials).

It is recommended to access stored credentials via our Card-on-File/UPO solution (see User Payment Management (Tokenization)), which seamlessly handles card schemes’ “Stored Credentials” requirements on your behalf.

Only merchants who have the relevant level of PCI compliance are allowed to store cardholder credentials, and payment transactions need to conform to the card schemes’ “Stored Credentials” requirements (see Storing Credentials Yourself).

Some APM providers offer recurring APM payment services (for example: PayPal, Skrill, and Post finance). After the initial APM payment request, subsequent (recurring) payment requests are sent directly via server-to-server and do not redirect the customer. See the APM subMethod Class topic for details.

Submit the Initial MIT Payment

You can use Postman to run a full “Recurring – with 3DS” workflow simulation in the Nuvei sandbox environment. To install Postman and the relevant simulation collection, follow the steps in the Testing APIs with Postman topic.

Press tab to open…

Perform the relevant steps described in the Server-to-Server topic, and include the following parameters in the Payment step:

When sending the initial MIT /payment request with its mandatory parameters, include these additional parameters:

  • isRebilling:”0” to indicate that this is the initial MIT.
  • For a 3D Secure (3DS) payment:
    • card.threeD.v2AdditionalParams.rebillFrequency – (format: number of days)
    • card.threeD.v2AdditionalParams.rebillExpiry – (format: YYYYMMDD)

      It is recommended that the rebillExpiry should not be more than 5 years from the initial transaction date.

    • If the /initPayment returned v2supported = true, then include:
      relatedTransactionId: “<transactionId from the initPayment request>
    Example Initial MIT /payment Request with 3DS
    { 
   "sessionToken":"<sessionToken from /getSessionToken>",
   "merchantId":"<merchantId>",
   "merchantSiteId":"<merchantSiteId>",
   "userTokenId":"<unique customer identifier in merchant system>",
   "clientRequestId":"<unique request ID in merchant system>",
   "clientUniqueId":"<unique transaction ID in merchant system>",
   "currency":"USD",
   "amount":"200",
   "isRebilling":"0",
   "relatedTransactionId": "<transactionId from the initPayment request>",
   "paymentOption":{ 
      "card":{
         "cardNumber":"4000020951595032",
         "cardHolderName":"john smith",
         "expirationMonth":"12",
         "expirationYear":"25",
         "CVV":"217", 
         "threeD":{ 
            "methodCompletionInd":"Y",
            "version":"2.1.0",
            "notificationURL":"<notificationURL>",
            "merchantURL":"<merchantURL>",
            "platformType":"02",
            "v2AdditionalParams":{ 
               "rebillExpiry":"20200101",
               "rebillFrequency":"30",
               "challengeWindowSize":"05"
             }
         }
      }
   },
   "billingAddress":{ 
      "country":"GB",
      "email":"[email protected]"
   },
   "deviceDetails":{ 
      "ipAddress":"<customer's IP address>"
   },
   "timeStamp":"<YYYYMMDDHHmmss>",
   "checksum":"<calculated checksum>"
}

Perform the relevant steps for card or APM payments:

  • For card payments:
    Perform the relevant steps described in the Web SDK – Quick Start topic, and include the following parameters in the Initiate a Session step, in the /openOrder API call to define the initial MIT, as described below.
  • For APM payments:
    Perform the relevant steps described in the APM Payments topic, and include the following parameters in the Initiate a Session step, in the /openOrder API call to define the initial MIT, as described below.

For both card and APM payments, on the server side, “define” the initial MIT by sending an /openOrder request with its mandatory parameters, and include these additional parameters:

  • isRebilling: “0” to indicate that this is the initial MIT.
  • For a 3DS payment:
    • paymentOption.card.threeD.v2AdditionalParams.rebillFrequency – (format: number of days)
    • paymentOption.card.threeD.v2AdditionalParams.rebillExpiry – (format: YYYYMMDD)

      It is recommended that the rebillExpiry should not be more than 5 years from the initial transaction date.

Example /openOrder Request for Initial MIT with 3DS
{
  "merchantId": "<your merchantId goes here>",
  "merchantSiteId": "<your merchantSiteId goes here>",
  "clientUniqueId": "<unique transaction ID in merchant system>",
  "clientRequestId": "<unique request ID in merchant system>",
  "userTokenId": "<unique customer identifier in merchant system>",
  "currency": "USD",
  "amount": "200",
  "isRebilling": "0",
  "paymentOption": {
    "card": {
      "threeD": {
        "v2AdditionalParams": {
          "rebillExpiry": "<Recurring expiry date YYYYMMDD>",
          "rebillFrequency": "<Recurring frequency in days>"
        }
      }
    }
  },
  "timeStamp": "<YYYYMMDDHHmmss>",
  "checksum": "<calculated checksum>"
}

REST API

Perform the relevant steps described in the Server-to-Server topic, and include the following parameters in the Payment step:

When sending the initial MIT /payment request with its mandatory parameters, include these additional parameters:

  • isRebilling:”0” to indicate that this is the initial MIT.
  • For a 3D Secure (3DS) payment:
    • card.threeD.v2AdditionalParams.rebillFrequency – (format: number of days)
    • card.threeD.v2AdditionalParams.rebillExpiry – (format: YYYYMMDD)

      It is recommended that the rebillExpiry should not be more than 5 years from the initial transaction date.

    • If the /initPayment returned v2supported = true, then include:
      relatedTransactionId: “<transactionId from the initPayment request>
    Example Initial MIT /payment Request with 3DS
    { 
   "sessionToken":"<sessionToken from /getSessionToken>",
   "merchantId":"<merchantId>",
   "merchantSiteId":"<merchantSiteId>",
   "userTokenId":"<unique customer identifier in merchant system>",
   "clientRequestId":"<unique request ID in merchant system>",
   "clientUniqueId":"<unique transaction ID in merchant system>",
   "currency":"USD",
   "amount":"200",
   "isRebilling":"0",
   "relatedTransactionId": "<transactionId from the initPayment request>",
   "paymentOption":{ 
      "card":{
         "cardNumber":"4000020951595032",
         "cardHolderName":"john smith",
         "expirationMonth":"12",
         "expirationYear":"25",
         "CVV":"217", 
         "threeD":{ 
            "methodCompletionInd":"Y",
            "version":"2.1.0",
            "notificationURL":"<notificationURL>",
            "merchantURL":"<merchantURL>",
            "platformType":"02",
            "v2AdditionalParams":{ 
               "rebillExpiry":"20200101",
               "rebillFrequency":"30",
               "challengeWindowSize":"05"
             }
         }
      }
   },
   "billingAddress":{ 
      "country":"GB",
      "email":"[email protected]"
   },
   "deviceDetails":{ 
      "ipAddress":"<customer's IP address>"
   },
   "timeStamp":"<YYYYMMDDHHmmss>",
   "checksum":"<calculated checksum>"
}

Web SDK

Perform the relevant steps for card or APM payments:

  • For card payments:
    Perform the relevant steps described in the Web SDK – Quick Start topic, and include the following parameters in the Initiate a Session step, in the /openOrder API call to define the initial MIT, as described below.
  • For APM payments:
    Perform the relevant steps described in the APM Payments topic, and include the following parameters in the Initiate a Session step, in the /openOrder API call to define the initial MIT, as described below.

For both card and APM payments, on the server side, “define” the initial MIT by sending an /openOrder request with its mandatory parameters, and include these additional parameters:

  • isRebilling: “0” to indicate that this is the initial MIT.
  • For a 3DS payment:
    • paymentOption.card.threeD.v2AdditionalParams.rebillFrequency – (format: number of days)
    • paymentOption.card.threeD.v2AdditionalParams.rebillExpiry – (format: YYYYMMDD)

      It is recommended that the rebillExpiry should not be more than 5 years from the initial transaction date.

Example /openOrder Request for Initial MIT with 3DS
{
  "merchantId": "<your merchantId goes here>",
  "merchantSiteId": "<your merchantSiteId goes here>",
  "clientUniqueId": "<unique transaction ID in merchant system>",
  "clientRequestId": "<unique request ID in merchant system>",
  "userTokenId": "<unique customer identifier in merchant system>",
  "currency": "USD",
  "amount": "200",
  "isRebilling": "0",
  "paymentOption": {
    "card": {
      "threeD": {
        "v2AdditionalParams": {
          "rebillExpiry": "<Recurring expiry date YYYYMMDD>",
          "rebillFrequency": "<Recurring frequency in days>"
        }
      }
    }
  },
  "timeStamp": "<YYYYMMDDHHmmss>",
  "checksum": "<calculated checksum>"
}

Submit Subsequent MIT Payments

After the initial MIT payment was successfully processed by Nuvei, or by an external PSP, you can begin sending subsequent MIT payment requests.

Subsequent recurring payments can only be performed from the backend using REST API (not from the frontend via Web SDK).

Subsequent MIT payment requests are handled differently depending on who sent the original initial MIT payment request:

For Payments Originally Initiated by Nuvei

  1. Generate a sessionToken as described in .
  2. Send subsequent MIT /payment requests with their mandatory parameters, and include these additional parameters:
    • isRebilling: “1” to indicate that this is a subsequent MIT.
    • relatedTransactionId: “<transactionId from the original initial CIT> (sent by Nuvei).

      If utilizing a auth/settle transaction flow, then relatedTransactionId should reference transactionId from the original authorization flow (not from the settle flow).

      Example Subsequent MIT /payment Request
      {
    "sessionToken": "<sessionToken from /getSessionToken>",
    "merchantId": "<merchantId>",
    "merchantSiteId": "<merchantSiteId>",
    "userTokenId":"<unique customer identifier in merchant system>",
    "clientRequestId": "<unique request ID in merchant system>",
    "timeStamp": "<YYYYMMDDHHmmss>",
    "checksum": "<calculated checksum>",
    "currency": "USD",
    "amount": "200",
    "transactionType": "Sale",
    "isRebilling": "1",
    "relatedTransactionId": "<transactionId from the original initial CIT>",
    "paymentOption":{
        "userPaymentOptionId": "<ID of a previously stored payment option>"
    },
    "billingAddress": {
        "country": "US",
        "email": "[email protected]"
    },
    "deviceDetails": {
        "ipAddress": "<customer's IP address>"
    }
}

For Payments Originally Initiated by an External PSP

Prerequisite

When sending subsequent MIT card payment requests (or recurring card payment transactions), there are cases where the original MIT payment transaction was initiated by an External PSP (acquirer). For example, when a merchant previously used an external PSP, and has now switched to Nuvei as their PSP.

  • If you have access to the following data, then you can include the externalSchemeDetails class when sending subsequent MIT card payment requests (or the recurring card payment transactions):
    • The transactionId (this is the external scheme reference) of the original initial MIT payment transaction, provided by the external PSP.
    • The brand of the card.
  • If you do not have access to this data, then you cannot send the externalSchemeDetails class.
    Instead, follow the steps in the For Payments Originally Initiated by Nuvei section (above).

Sending subsequent MIT /payment requests:

  1. Generate a sessionToken as described in .
  2. Send subsequent MIT /payment requests (or recurring card payment transactions) with their mandatory parameters, and include these additional parameters:
    • isRebilling: “1” to indicate that this is a subsequent MIT.
    • Include the externalSchemeDetails class:
      If you are able to provide the scheme reference (Visa, Mastercard, Amex, Diners, Discover) of the original transaction, then add an externalSchemeDetails class containing these two parameters (required):
      • transactionId – This is the external scheme reference of the original CIT (provided by the external PSP).

        For Mastercard the format should be:
        <3 letters><6 alphanumeric characters><date (4 digits MMDD)>

        For Visa and Amex, the structure for this parameter must be a string of up to 15 numbers.

      • brand – The card brand. Possible values: VISA, MASTERCARD, AMEX, DINERS, DISCOVER.
        • Use the full brand name, all in UPPER CASE.
        • Currently, these are the only brands. Using other brands returns an error.
      Example Subsequent /payment Request with externalSchemeDetails Class
      {
    "sessionToken": "<sessionToken from /getSessionToken>",
    "merchantId": "<merchantId>",
    "merchantSiteId": "<merchantSiteId>",
    "userTokenId":"<unique customer identifier in merchant system>",
    "clientRequestId": "<unique request ID in merchant system>",
    "timeStamp": "<YYYYMMDDHHmmss>",
    "checksum": "<calculated checksum>",
    "currency": "USD",
    "amount": "200",
    "transactionType": "Sale",
    "isRebilling": "1",
    "externalSchemeDetails": {
        "transactionId": "<transactionId from the CIT>",
        "brand": "VISA"
    },
    "paymentOption": {
        "card": {
            "cardNumber": "4000020951595032",
            "cardHolderName": "john smith",
            "expirationMonth": "12",
            "expirationYear": "25",
            "CVV": "217"
        }
    },
    "billingAddress": {
        "country": "US",
        "email": "[email protected]"
    },
    "deviceDetails": {
        "ipAddress": "<customer's IP address>"
    }
}
Last update iconLast modified February 2025