4

I am trying to submit a payment to Square, and am not sure what the card_nonce represents.

In the full API Documentation found here: https://docs.connect.squareup.com/api/connect/v2/#endpoint-createcustomercard

It states, "A card nonce representing the credit card to link to the customer."

However, in the REST payment processing documentation found here: https://docs.connect.squareup.com/articles/processing-payment-rest

It states, "Card nonces expire after 24 hours. The Charge endpoint returns an error if you attempt to charge an expired nonce."

  1. If I am trying to store a card_nonce for recurring billing can I use a card_nonce one time and repeatedly use it for billing?

  2. Will a customer have to enter their card information every time they want to check out?

  3. Does a card_nonce represent the state of the card, or a key that represents a specific card transaction?

KVNA
  • 847
  • 1
  • 11
  • 24
  • "Card nonces are generated by the SqPaymentForm that buyers enter their card information into. See Embedding the payment form for more information." so it's a String that is generated by the form. That's all. –  May 10 '17 at 21:04
  • I'm not a square expert but yes, I think that the user would have to re-enter their CC details again in this scenario. I don't know if square provides a way to save details on a server. – adam-beck May 10 '17 at 21:05
  • Can I use the SqPaymentForm to add a card to a customer profile? – KVNA May 10 '17 at 21:06
  • Yes but I think only the non-confidential details of a card. Which is why a nonce would need to be generated each time. – adam-beck May 10 '17 at 21:07
  • @adam-beck There is a section in the customer dashboard directory to add a card to a customer's profile. – KVNA May 10 '17 at 21:08

3 Answers3

5

A card nonce is a tokenized form of a credit card. You can use it only once, and they do expire. It "represents" a credit card, and all the details that a end user typed into your payment form.

If you want to use it for reocurring payments, please read the Processing reoccurring payments in Square's documentation.

You attach the card to a customer, and then use the the customer's card id against charge endpoint for payments without end users having to input their credit card details again.

tristansokol
  • 4,054
  • 2
  • 17
  • 32
  • OK, so when making a checkout flow, the ```card_nonce``` can be used for either processing a payment or connecting to the ```CreateCustomerCard``` endpoint, but not both at the same time? i.e. A new customer will have to fill out a separate form to add a card on file? – KVNA May 10 '17 at 22:10
  • correct, every new customer needs to to fill out the form at least once. – tristansokol May 10 '17 at 22:11
  • So typically do you see design patterns where an application has one button to add card on file and a separate button for one time payment? – KVNA May 10 '17 at 22:13
  • And does the submit button on the form consume the ```card_nonce``` during the ```cardNonceResponseReceived``` callback? – KVNA May 10 '17 at 22:15
  • in general your applications do only one kind based on their use case. The design is usually to just ask customers if they want to keep their card on file and just process it differently in the back end. two buttons would be kind of weird. The card nonce is only "consumed" when you send it to one of our endpoints, or it expires. – tristansokol May 10 '17 at 22:16
  • OK. Thank you!! – KVNA May 10 '17 at 22:33
  • @tristansokol so my records of the transaction has a Guid created for each transaction. If I pass the Guid as the nonce, that is ok? This is specifically for my own records then, correct? – Chizl Apr 03 '19 at 16:43
  • @Switch, no the transactionID and nonce are very different things. – tristansokol Apr 03 '19 at 18:41
  • @tristansokol I don't understand this nonce thing.. I keep reading things on it and they all say the same thing. I have an windows application, I have clients in. I'm attempting to process a transaction with their credit card from the application and the API doesn't have anything with passing the actual CC, which can be different each month with different charge amount. I don't want Square to store my customer data, I just want to process a credit card. This nonce doesn't help me at all to understand how to process a CC. Not sure why companies make this much harder than it needs to be. – Chizl Apr 03 '19 at 19:30
  • @Switch, partially because of the laws around how credit card data can be handled. You'll need to use Square's payment form to generate the nonce from the card data. – tristansokol Apr 06 '19 at 11:30
1

Per the Square documentation (link below) you can use either value below for nonce. Make sure you are using your sandbox credentials for testing. 

fake-card-nonce-ok — returns a successful test transaction.
fake-card-nonce-declined — returns a "Card Declined" error.

e.g. - Replace nonce below with either "fake-card-nonce-ok" or "fake-card-nonce-declined".

ChargeRequest body = new ChargeRequest(AmountMoney: amount, IdempotencyKey: uuid, CardNonce: nonce);

https://docs.connect.squareup.com/articles/using-sandbox

This will return a JSON object with transaction result information.

Robert Bolton
  • 667
  • 3
  • 8
  • 22
0

Also not a Square developer, but the use of the term "nonce" seems to imply the answers to your questions. Basically, a nonce would normally be a one-use authentication token or one-time key. So ...

  1. By definition, a nonce wouldn't be useful for anything recurring.

  2. Yes, the customer would need to re-enter information each time.

  3. The card_nonce would likely represent a singular authentication of that card.

Of course, if they define it differently, my answers could be all off :-)

Ken Gant
  • 11
  • 1