Vaulting a credit card without a checkout authorization

These steps describe the flow of requests and responses required to vault a payment method without the typical checkout authorization with Payment Services enabled.

Workflow

Payment Services sequence diagram

Run the getVaultConfig query to fetch the vault configuration details for the available payment methods. Attribute is_vault_enabled set to true.
Commerce returns the vault configuration details.
Run the createVaultCardSetupToken mutation to create a temporary setup_token associated to the given payment source.
Commerce forwards token request to PayPal.
PayPal returns the temporary setup_token to Commerce.
Commerce receives the setup_token.
PayPal SDK updates the credit card information in the storefront.
Run the createVaultCardPaymentToken mutation to create a permanent vault_token_id and associate it with an optional card description, visible in the storefront.
Commerce forwards setup_token to PayPal.
PayPal returns a permanent vault_token_id to Commerce.
Commerce vaults the payment method.

Additional payment information

The setup token is generated with an empty card number in the payment_source object purposefully. The PayPal SDK, in conjunction with hosted fields or credit cards field components, securely updates the setup token with payment details.

See PayPal SDK developer documentation for more information.

To run the createVaultCardPaymentToken mutation, use the setup_token generated by the createVaultCardSetupToken mutation.

Vault a card during a checkout authorization

Vaulted card

Last updated 2/19/2025

Was this helpful?

Yes

Vaulting a credit card without a checkout authorization

Workflow.css-83mclq{margin-left:var(--spectrum-global-dimension-size-100);}

Additional payment information

Workflow