Payment Method

Payment Method: Update

See also the Payment Method response object.

note

If you have card verification enabled, any updates made to credit cards are subject to those rules.

  1. Ruby
result = gateway.payment_method.update(
  "the_token",
  :billing_address => {
    :street_address => "1 E Main St",
    :extended_address => "Suite 3",
    :locality => "Chicago",
    :region => "IL",
    :postal_code => "60622",
    :options => {
      :update_existing => true
    }
  }
)
Arguments
tokenrequired, String
The alphanumeric value that references a specific payment method stored in your Vault.
Additional Parameters
:billing_address
A billing address associated with a specific customer ID. It can be further associated with a specific payment method. The maximum number of addresses per customer is 50.
:companyString
Company name. 255 character maximum.
:country_code_alpha2String

The ISO 3166-1 alpha-2 country code specified in an address. The gateway only accepts specific alpha-2 values.

:country_code_alpha3String

The ISO 3166-1 alpha-3 country code specified in an address. The gateway only accepts specific alpha-3 values.

:country_code_numericString

The ISO 3166-1 numeric country code specified in an address. The gateway only accepts specific numeric values.

:country_nameString

The country name specified in an address. Braintree only accepts specific country names.

:extended_addressString
The extended address information—such as apartment or suite number. 255 character maximum.
:first_nameString
The first name. The first name value must be less than or equal to 255 characters.
:international_phone
The phone number that belongs to the address that is structured with country code and national number.
:country_codeString
Country code of phone number. 1-3 digits. Required.
:national_numberString
National number of phone number. 4-12 digits. Required.
:last_nameString
The last name. The last name value must be less than or equal to 255 characters.
:localityString
The locality/city. 255 character maximum.
:options
Optional values that can be passed with a request.
:update_existingbool
Update the billing address associated with the payment method token specified. Other payment methods associated with the same billing address will have their addresses updated, as well.
:phone_numberString

Deprecated.

We recommend using international_phone. This functionality still exists in the gateway but is no longer documented. This parameter will be removed in the future.

:postal_codeString
The postal code. Postal code must be a string of 4-9 alphanumeric characters, optionally separated by a dash or a space. Spaces and hyphens are ignored.
:regionString
The state or province. For PayPal addresses, the region must meet PayPal's state restrictions; for all other payment methods, it must be less than or equal to 255 characters.
:street_addressString
The billing street address. 255 character maximum. Required to perform card verification when AVS rules are configured to require street address.
:billing_address_idString
The two-letter value for an address associated with a specific customer ID. The maximum number of addresses per customer is 50.
:cardholder_nameString
The cardholder name associated with the credit card. 175 character maximum.
:cvvString

Typically requires PCI SAQ D compliance

We recommend using payment_method_nonce to avoid any PCI concerns with raw credit card data being present on your server.

A 3 or 4 digit card verification value assigned to credit cards. The CVV will never be stored in the gateway, but it can be provided with one-time requests to verify the card.

:device_dataString

Customer device information. Pass this value only if you have Premium Fraud Management Tools enabled and are adding credit card data to your Vault. Be sure to provide the full string received from the Braintree client SDK.

:expiration_dateString

While we recommend using payment_method_nonce when updating raw credit card data, the expiration date can be updated directly without any PCI concerns as long as you do not store, process, or transmit the raw PAN or CVV.

The expiration date, formatted MM/YY or MM/YYYY. May be used instead of expiration_month and expiration_year.

:expiration_monthString

While we recommend using payment_method_nonce when updating raw credit card data, the expiration month can be updated directly without any PCI concerns as long as you do not store, process, or transmit the raw PAN or CVV.

The expiration month of a credit card, formatted MM. May be used with expiration_year, and instead of expiration_date.

:expiration_yearString

While we recommend using payment_method_nonce when updating raw credit card data, the expiration year can be updated directly without any PCI concerns as long as you do not store, process, or transmit the raw PAN or CVV.

The two or four digit year associated with a credit card, formatted YYYY or YY. May be used with expiration_month, and instead of expiration_date.

:numberString

Typically requires PCI SAQ D compliance

We recommend using payment_method_nonce to avoid any PCI concerns with raw credit card data being present on your server.

The 12-19 digit value consisting of a bank identification number (BIN) and primary account number (PAN).

:fail_on_duplicate_payment_methodbool
If this option is passed and the same payment method has already been added to the Vault for any customer, the request will fail. This option will be ignored for PayPal, Pay with Venmo, Apple Pay, Google Pay, Samsung and ACH payment methods.
:fail_on_duplicate_payment_method_for_customerbool
If this option is passed and the same payment method has already been added to the Vault for the same customer, the request will fail. This option can only be used for customers with at most 100 credit cards, cannot be used in combination with the fail_on_duplicate_payment_method option, and is ignored for PayPal, Pay with Venmo, Apple Pay, Google Pay, Samsung and ACH payment methods.
:make_defaultbool

If the payment method is a Credit Card or Paypal Account, this option makes the specified payment method the default for the customer. See example below.

:skip_advanced_fraud_checkingboolean

Prevents the verification from being evaluated as part of Premium Fraud Management Tools checks. Use with caution – once you've skipped checks for a verification, it is not possible to run them retroactively.

:venmo_sdk_sessionString
This functionality still exists in the gateway but is no longer documented. Will remove this param/attr when the corresponding gateway code is removed.
:verification_add_onsmultiple

Type of verification add ons for network check. Possible values:

  • customer_verification
:verification_amountString
Specify a non-negative amount that you want to use to verify a card. If you do not pass this option, the gateway will automatically use a verification amount of $0 or $1, depending on the processor and/or card type.
:verification_merchant_account_idString

Specify the merchant account ID that you want to use to verify a card. See the merchant_account_id on Transaction: Sale to learn more. The merchant account can't be a marketplace sub-merchant account. See the Braintree Marketplace Guide to learn more.

:verify_cardbool

If the payment method is a credit card, this option prompts the gateway to verify the card's number and expiration date. It also verifies the AVS and CVV information if you've enabled AVS and CVV rules.

note

Braintree strongly recommends verifying all cards before they are stored in your Vault by enabling card verification for your entire account in the Control Panel.

In some cases, cardholders may see a temporary authorization on their account after their card has been verified. The authorization will fall off the cardholder's account within a few days and will never settle.

Only returns a Credit Card Verification result if verification runs and is unsuccessful.

:payment_method_nonceString
One-time-use reference to new card details provided by your customer. Can only be used on payment method update if the payment method type is a card; other payment method types do not allow their details to be updated. See example below.
:three_d_secure_pass_thru

Results of a merchant-performed 3D Secure authentication. You will only need to use these fields if you've performed your own integration with a 3D Secure MPI provider (e.g. Cardinal Centinel). Otherwise, Braintree's SDKs handle this for you in our standard 3D Secure integration.

:cavvString

Cardholder authentication verification value or CAVV. The main encrypted message issuers and card networks use to verify authentication has occurred. Mastercard uses an AVV message and American Express uses an AEVV message, each of which should also be passed in the cavv parameter.

:ds_transaction_idString

Transaction identifier resulting from 3D Secure 2 authentication. This field must be supplied for Mastercard Identity Check.

:eci_flagString

The value of the electronic commerce indicator (ECI) flag, which indicates the outcome of the 3DS authentication.

Accepted values for Mastercard:

  • 00 = Failed or not attempted
  • 01 = Attempted
  • 02 = Success
  • 04 = Data-Only (Applies to limited processors)

Accepted values for all other card brands:

  • 07 = Failed or not attempted
  • 06 = Attempted
  • 05 = Success
:three_d_secure_versionString

The version of 3D Secure authentication used for the transaction. Required on Visa and Mastercard authentications. Must be composed of digits separated by periods (e.g. 1.0.2).

:xidString

Transaction identifier resulting from 3D Secure authentication. Uniquely identifies the transaction and sometimes required in the authorization message. Must be base64-encoded. This field will no longer be used in 3D Secure 2 authentications.

:tokenString
If provided, updates the token for the payment method.

Examplesanchor

Update billing addressanchor

To update the existing billing address when updating a payment method use the update_existing option. If any other payment methods are associated with the same billing address, this will also update the billing address for those payment methods.

  1. Ruby
result = gateway.payment_method.update(
  "the_token",
  :billing_address => {
    :street_address => "1 E Main St",
    :extended_address => "Suite 3",
    :locality => "Chicago",
    :region => "IL",
    :postal_code => "60622",
    :options => {
      :update_existing => true
    }
  }
)

If the payment method can't be found, it will raise a Braintree::NotFoundError.

New billing addressanchor

If you don't use the update_existing option, a new address will be created. The existing billing address will remain in the Vault associated with the customer.

  1. Ruby
result = gateway.payment_method.update(
  "the_token",
  :billing_address => {
    :street_address => "1 E Main St",
    :extended_address => "Suite 3",
    :locality => "Chicago",
    :region => "IL",
    :postal_code => "60622",
  }
)

Update with existing billing addressanchor

If a customer already has an address you'd like to use, you can update the payment method with that address.

  1. Ruby
result = gateway.payment_method.update(
  "the_token",
  :billing_address_id => "the_billing_address_id"
)

Updating a PayPal account tokenanchor

The only fields that may be updated on a PayPal account are the token associated with that account, and setting the account as the default payment method for a customer.

  1. Ruby
updated_result = gateway.paypal_account.update(original_token,
  :token => new_token
)

Make defaultanchor

If the payment method is a credit card or PayPal account, you can use this call to set the payment method as the customer's default. For all other payment method types, use default_payment_method_token on Customer: Update instead.

  1. Ruby
result = gateway.payment_method.update(
  "the_token",
  :options => {
    :make_default => true
  }
)
note

This only works with credit cards and PayPal accounts. We recommend updating the customer to set a default payment method.

Card verificationanchor

By default we will run credit card validations but not perform verification. Braintree strongly recommends verifying all cards before they are stored in your Vault by enabling card verification for your entire account in the Control Panel. If you choose to manually verify cards, set verify_card to true .

If you have AVS/CVV checks enabled, they will be performed when you call the payment method update. To skip these checks, set verify_card to false.

  1. Ruby
result = gateway.payment_method.update("the_payment_method_token",
  :payment_method_nonce => nonce_from_the_client,
  :options => {
    :verify_card => true
  }
)
important

If you are using our Premium Fraud Management Tools, we strongly recommend passing device_data each time you verify a card.

Updating with a nonce and additional parametersanchor

When updating the credit card information with a nonce, you may pass additional parameters to update as well. Here is an example of updating a payment method and explicitly verifying the card.

important

If a field is passed from the client and included in the nonce data (such as postal code) it should not be passed as an explicit argument as well.

  1. Ruby
result = gateway.payment_method.update(
  "the_token",
  :payment_method_nonce => nonce_from_the_client,
  :billing_address => {
    :street_address => "1 E Main St",
    :extended_address => "Suite 3",
    :locality => "Chicago",
    :region => "IL",
  }
)
note

Nonce used for updating a payment method must not be associated with any customer. A nonce that was created with a customer ID in authorization when used to update a payment method will raise a Braintree::CannotUpdateCardUsingPaymentMethodNonce.

important

If you are using our Premium Fraud Management Tools, we strongly recommend passing device_data each time you verify a card.

To verify the AVS information of an existing payment method, pass the update request with verify_card set to "true". Note that an update will create a transaction, so if your processing options are set to reject transactions without CVV, you will need to include CVV as a parameter, or disable this rule (see below).

To disable the CVV requirement:

  1. Log into the Control Panel
  2. Click on the gear icon in the top right corner
  3. Click Fraud Management from the drop-down menu
  4. Next to CVV, click the Options link
  5. Under the Reject Transactions & Verifications If section, uncheck the CVV Not Provided (I) box

Payment method nonces vs. raw card dataanchor

While it is possible to pass both raw card data and a payment method nonce in the same call, we recommend passing only a payment method nonce.

Passing both will result in a payment method that has a mix of their attributes, with precedence given to the fields individually, then to the attributes of the payment method nonce. For example, if you pass both a card number and a payment method nonce, the payment method will have the number you passed explicitly, but the rest of the attributes will be obtained through the nonce.