Skip to main content

Card Integration Process (Recurring payments)

Recurring card payments (also referred to as tokenized card payments) are transactions initiated directly from a backend client, and usually don't involve any redirects to a hosted user interface. This model is typically used in cases where the user is not necessarily present for repeated transactions on a card, such as subscription, collection or one-click payments.

A PaymentConsentRequest tracks a user's consent for their payment method to be tokenized and charged in the future, wheather or not they are present for subsequent transactions.


All API requests require Client Authentication. The client_consentrequest scope will be needed for tokenization.


Cards are tokenized by creating a PaymentConsentRequest and moving it into a GRANTED state.

This flow may be completed via

  • Stitch-hosted UI. This is used when the client is not PCI-compliant and would like Stitch to tokenize the card details on their behalf.
  • Secure API. This is used when the client has their own UI to collect card details and is already PCI-compliant.

The resulting token is the ID of a PaymentConsentRequest (in GRANTED state).

2. Initiating payments

The token collected above may be used to initiate payments directly with the Stitch API.