Skip to main content

Card Consent Tokens

Card consent tokens are provided by Stitch to facilitate recurring or Merchant-Initiated Transactions.

For any card, initially, card details will need to be provided by a user in order to create a consent token. Various methods exist at Stitch to be able to capture these:

  • The Stitch-Hosted UI is a simple way to securely capture a user's card details, without requiring your business to be PCI-compliant.
  • The Secure API allows you to build and customize your own UI to securely capture card details and specify these to Stitch, should your business be able to process card details as a PCI-compliant entity.

Following a consent request being completed with any of these methods, a webhook is sent out to indicate consent being granted by the user. This means you are able to proceed with initiating payments with the consent token.

Additionally, when creating a card consent token, you have the option to initially charge a user, within the same step of creating a consent token. In this case, an additional transaction status will be provided with the consent status, to indicate the corresponding transaction has been successfully completed.

If cards are saved on your platform, but users wish to remove any saved cards, these should be unlinked and subsequently deactivated at Stitch (such that no payments may be made with the token). Stitch provides an additional API call to revoke and deactivate the functionality of a given card token.