# Create a setup payment instrument transaction Creates a setup payment instrument transaction. This operation makes the payment instrument available for further payments. Treat the response as a regular transaction. For example, approval links must be followed until the transaction is completed. Endpoint: POST /storefront/payment-instruments/{id}/setup Version: latest Security: CustomerJWT ## Path parameters: - `id` (string, required) ID of the resource. ## Request fields (application/json): - `websiteId` (string, required) ID of the website. A website is where an organization obtains a customer. For more information, see [Obtain an organization ID and website ID](https://www.rebilly.com/docs/settings/organizations-and-websites/#obtain-your-organization-id-and-website-id). Example: "web_0YV7DE4Z26DQSA1AC92FBJ7SEG" - `currency` (string, required) Currency code in ISO 4217 format. Example: "USD" - `amount` (number) Amount of the transaction. Example: 97.97 - `billingAddress` (object,null) Billing address. If a billing address is not supplied the address associated with the payment instrument is used. If no address is associated with the payment instrument, the customer's address is used. - `billingAddress.firstName` (string,null) Contact's first name. Example: "Benjamin" - `billingAddress.lastName` (string,null) Contact's last name. Example: "Franklin" - `billingAddress.organization` (string,null) Contact's organization. Example: "Rebilly" - `billingAddress.address` (string,null) First line of the contact's street address. Example: "36 Craven St" - `billingAddress.address2` (string,null) Second line of the contact's street address. - `billingAddress.city` (string,null) Contact's city of residence. Example: "Austin" - `billingAddress.region` (string,null) Contact's region of residence. Example: "Texas" - `billingAddress.country` (string,null) Contact's country of residence in ISO 3166 alpha-2 country code. For examples, see [ISO.org](https://www.iso.org/obp/ui/#search/code/). Example: "GB" - `billingAddress.postalCode` (string,null) Contact's postal code. Example: "WC2N 5NF" - `billingAddress.phoneNumbers` (array) List of phone numbers associated with the contact. - `billingAddress.phoneNumbers.label` (string, required) Phone number label or name. Example: "main" - `billingAddress.phoneNumbers.value` (string, required) Phone number value. Example: "1-512-777-0269" - `billingAddress.phoneNumbers.primary` (boolean) Specifies if the phone number is the contact's primary phone number. Example: true - `billingAddress.emails` (array) List of email addresses associated with the contact. - `billingAddress.emails.label` (string, required) Email label or name. Example: "main" - `billingAddress.emails.value` (string, required) Email address value. Example: "rebilly@example.com" - `billingAddress.emails.primary` (boolean) Specifies if the email address is the contact's primary email address. Example: true - `billingAddress.dob` (string,null) Contact's date of birth in ISO-8601 format. Example: "1980-04-01" - `billingAddress.jobTitle` (string,null) Contact's job title. Example: "CEO" - `redirectUrl` (string,null) URL to redirect the end-user when an offsite transaction is completed. This field defaults to the configured website URL. You may use or as placeholders in the URL. These placeholders are replaced with the transaction ID and result. For more information, see [Placeholders](https://www.rebilly.com/docs/automations/email-notifications/#placeholders). - `riskMetadata` (object) Risk metadata used for 3D Secure and risk scoring. - `riskMetadata.ipAddress` (string,null) Customer's IP address. Example: "93.92.91.90" - `riskMetadata.fingerprint` (string,null) Customer's device fingerprint. A device fingerprint is a unique token that is used to identify the customer. The device fingerprint is generated based on device attributes, such as: hardware, software, IP address, language, browser, and more. Example: "pIUt3xbgX3l9g3YDiLbx" - `riskMetadata.httpHeaders` (object,null) HTTP headers. Example: {"Content-Type":"application/json","Accept":"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"} - `riskMetadata.browserData` (object,null) Browser data used for 3D Secure and risk scoring. - `riskMetadata.browserData.colorDepth` (integer, required) Browser color depth in bits per pixel. This value is obtained using the property. Example: 24 - `riskMetadata.browserData.isJavaEnabled` (boolean, required) Specifies if Java is enabled in a browser. This value is obtained from the property. - `riskMetadata.browserData.language` (string, required) Browser language settings. This value is obtained from the property. Example: "en-US" - `riskMetadata.browserData.screenWidth` (integer, required) Width of the browser screen. This value is obtained from the property. Example: 1920 - `riskMetadata.browserData.screenHeight` (integer, required) Height of the browser screen. This value is obtained from the property. Example: 1080 - `riskMetadata.browserData.timeZoneOffset` (integer, required) Browser time zone offset in minutes from UTC. A positive offset indicates that the local time is behind UTC. A negative offset indicates that the local time is ahead of UTC. You can find this value using the property. Example: 300 - `riskMetadata.browserData.isAdBlockEnabled` (boolean) Specifies if the usage of ad block has been detected in the browser. - `riskMetadata.extraData` (object,null) Third-party data used for risk scoring. - `riskMetadata.extraData.kountFraudSessionId` (string) Alpha-numeric as provided by the Kount SDK. Example: "abcdefg12345abababab123456789012" - `riskMetadata.extraData.payPalMerchantSessionId` (string) PayPal as generated by the PayPal Fraudnet SDK. Example: "dd65ratxc5qv15iph3vyoq7l6davuowa" - `riskMetadata.extraData.threatMetrixSessionId` (string) Temporary identifier that is unique to the visitor's session and passed to ThreatMetrix. Example: "dd65ratxc5qv15iph3vyoq7l6davuowadd65ratxc5qv15iph3vyoq7l6davuowa" ## Response 201 fields (application/json): - `id` (string) ID of the transaction. Example: "txn_0YVDTQJ8YWDGQACV2N2N5SPWQ0" - `websiteId` (string) ID of the website. A website is where an organization obtains a customer. For more information, see [Obtain an organization ID and website ID](https://www.rebilly.com/docs/settings/organizations-and-websites/#obtain-your-organization-id-and-website-id). Example: "web_0YV7DE4Z26DQSA1AC92FBJ7SEG" - `type` (string) Type of transaction. Enum: "3ds-authentication", "authorize", "capture", "credit", "refund", "sale", "setup", "void" - `status` (string) Status of the transaction. Enum: "completed", "conn-error", "disputed", "never-sent", "offsite", "partially-refunded", "pending", "refunded", "sending", "timeout", "voided", "waiting-approval", "waiting-capture", "waiting-gateway", "waiting-refund" - `result` (string) Result of the transaction. Enum: "abandoned", "approved", "canceled", "declined", "unknown" - `amount` (number) Total amount of the transaction. - `currency` (string) Currency code in ISO 4217 format. Example: "USD" - `purchaseAmount` (number) Amount by which the purchase is completed. If an adjustment occurs, the purchased amount may differ from the requested amount. - `purchaseCurrency` (string) Currency code in ISO 4217 format. Example: "USD" - `requestAmount` (number) Amount of the payment request. If an adjustment occurs, the purchase amount may differ from the billing amount. - `requestCurrency` (string) Currency code in ISO 4217 format. Example: "USD" - `parentTransactionId` (string) ID of the transaction. Example: "txn_0YVDTQJ8YWDGQACV2N2N5SPWQ0" - `childTransactions` (array) IDs of child transactions. Example: ["4f6cf35x-2c4y-483z-a0a9-158621f77a21"] - `invoiceIds` (array) Related invoice IDs. Example: ["4f6cf35x-2c4y-483z-a0a9-158621f77a21"] - `orderIds` (array) Subscription IDs of invoices that are related to the transaction. Example: ["4f6cf35x-2c4y-483z-a0a9-158621f77a21"] - `planIds` (array) Plan IDs of orders that are related to the transaction. Example: ["4f6cf35x-2c4y-483z-a0a9-158621f77a21"] - `isRebill` (boolean) Specifies if the transaction is one of a number of recurring payments in a subscription, excluding trials or setup fees. - `rebillNumber` (integer) Rebill number of the transaction. A rebill number is the number of recurring payments in a subscription, excluding trials or setup fees. - `billingAddress` (object) Contact's information. - `billingAddress.firstName` (string,null) Contact's first name. Example: "Benjamin" - `billingAddress.lastName` (string,null) Contact's last name. Example: "Franklin" - `billingAddress.organization` (string,null) Contact's organization. Example: "Rebilly" - `billingAddress.address` (string,null) First line of the contact's street address. Example: "36 Craven St" - `billingAddress.address2` (string,null) Second line of the contact's street address. - `billingAddress.city` (string,null) Contact's city of residence. Example: "Austin" - `billingAddress.region` (string,null) Contact's region of residence. Example: "Texas" - `billingAddress.country` (string,null) Contact's country of residence in ISO 3166 alpha-2 country code. For examples, see [ISO.org](https://www.iso.org/obp/ui/#search/code/). Example: "GB" - `billingAddress.postalCode` (string,null) Contact's postal code. Example: "WC2N 5NF" - `billingAddress.phoneNumbers` (array) List of phone numbers associated with the contact. - `billingAddress.phoneNumbers.label` (string, required) Phone number label or name. Example: "main" - `billingAddress.phoneNumbers.value` (string, required) Phone number value. Example: "1-512-777-0269" - `billingAddress.phoneNumbers.primary` (boolean) Specifies if the phone number is the contact's primary phone number. Example: true - `billingAddress.emails` (array) List of email addresses associated with the contact. - `billingAddress.emails.label` (string, required) Email label or name. Example: "main" - `billingAddress.emails.value` (string, required) Email address value. Example: "rebilly@example.com" - `billingAddress.emails.primary` (boolean) Specifies if the email address is the contact's primary email address. Example: true - `billingAddress.dob` (string,null) Contact's date of birth in ISO-8601 format. Example: "1980-04-01" - `billingAddress.jobTitle` (string,null) Contact's job title. Example: "CEO" - `billingAddress.hash` (string) Use this value to compare contacts for identical attribute values. Example: "056ae6d97c788b9e98b049ebafd7b229bf852221" - `redirectUrl` (string,null) URL where the end-user is redirected to when an offsite transaction is completed. The default value is the website URL. - `retryNumber` (integer) Position of the transaction in the sequence of retries. - `isRetry` (boolean) Specifies if a transaction is a retry. - `billingDescriptor` (string,null) Billing descriptor that appears on the periodic billing statement. For a credit card statement, this field commonly contains 12 or fewer characters. - `description` (string) Description of the payment. - `requestId` (string) Request ID of the transaction. This ID must be unique within a 24 hour period. Use this field to prevent duplicated transactions. - `hasAmountAdjustment` (boolean) Specifies if the transaction has amount adjustment. - `gatewayName` (string,null) Name of the payment gateway that processed, or is selected to process, the transaction. This value is only available after a gateway is selected for the transaction. Enum: "A1Gateway", "ACI", "Adyen", "Aircash", "Airpay", "Airwallex", "AmazonPay", "AmexVPC", "ApcoPay", "AsiaPaymentGateway", "AstroPayCard", "AuthorizeNet", "Awepay", "Bambora", "BankSEND", "BitPay", "BlueSnap", "BraintreePayments", "Buckaroo", "BVNK", "Cardknox", "Cashflows", "CASHlib", "Cashterminal", "CashToCode", "CauriPayment", "Cayan", "CCAvenue", "Chase", "CheckoutCom", "Chillstock", "Circle", "Citadel", "Clearhaus", "Cleo", "CODVoucher", "Coinbase", "CoinGate", "CoinPayments", "Conekta", "Coppr", "Credorax", "Cryptonator", "CyberSource", "DataCash", "Dengi", "Dimoco", "Directa24", "dLocal", "Dragonphoenix", "Dropayment", "EasyPayDirect", "EBANX", "ecoPayz", "ecoPayzTurkey", "EcorePay", "Elavon", "Euteller", "eMerchantPay", "EMS", "ePay", "EPG", "EPro", "Ezeebill", "eZeeWallet", "ezyEFT", "FasterPay", "Finrax", "Flexepin", "FinTecSystems", "FundSend", "Forte", "gate2way", "GET", "Gigadat", "GlobalOnePay", "GoCardless", "Gooney", "Gpaysafe", "Greenbox", "HiPay", "iCashOne", "iCanPay", "ICEPAY", "iCheque", "iDebit", "Ilixium", "Ingenico", "INOVAPAY", "Inovio", "Intuit", "InstaDebit", "IpayOptions", "JetPay", "Jeton", "JPMOrbital", "Khelocard", "Klarna", "Konnektive", "Kushki", "LaCore", "Limepay", "Loonio", "loonie", "LPG", "MaxiCash", "MercadoPago", "MiFinity", "MobilePay", "Moneris", "Monolo", "MonRem", "MtaPay", "MuchBetter", "MuchBetterGateway", "MyFatoorah", "Neosurf", "Netbanking", "Neteller", "NGenius", "NinjaWallet", "NMI", "NordikCoin", "NOWPayments", "NuaPay", "OchaPay", "OmniMatrix", "Onlineueberweisen", "OnRamp", "Orbital", "Pagadito", "Pagsmile", "Panamerican", "ParamountCommerce", "ParamountEft", "ParamountInterac", "PandaGateway", "Pay4Fun", "PayCash", "Paycly", "PayClub", "PayCom", "PayEcards", "Payeezy", "Payflow", "Paynote", "PaymentAsia", "PaymenTechnologies", "PaymentsOS", "Paymero", "PayPal", "Payper", "Payr", "PayRedeem", "PayRetailers", "Paysafe", "Paysafecard", "Paysafecash", "PayTabs", "PayU", "PayULatam", "Payvision", "PharosPayments", "Piastrix", "Pin4Pay", "Plugnpay", "PostFinance", "PPRO", "Prosa", "PSiGate", "Rapyd", "Realex", "Realtime", "Redsys", "Rotessa", "RPN", "Safecharge", "SaltarPay", "Sagepay", "SeamlessChex", "SecureTrading", "SecurionPay", "Skrill", "SmartInvoice", "SMSVoucher", "Sofort", "SparkPay", "StaticGateway", "STPMexico", "Stripe", "Tabby", "Telr", "TestProcessor", "ToditoCash", "Triple000", "Truevo", "TrustsPay", "Trustly", "TWINT", "Unlimit", "UPayCard", "USAePay", "VantivLitle", "vegaaH", "VCreditos", "VegaWallet", "Wallet88", "Walpay", "WesternUnion", "Wirecard", "WorldlineAtosFrankfurt", "Worldpay", "XPay", "Zimpler", "Zotapay" - `gateway` (object) Related gateway information. - `gateway.response` (object) Gateway response. - `gateway.response.code` (string,null) Gateway response code. - `gateway.response.message` (string,null) Gateway response message. - `gateway.response.type` (string,null) Gateway response type. - `gateway.response.originalCode` (string,null) Raw, unmapped gateway response code. - `gateway.response.originalMessage` (string,null) Raw, unmapped gateway response message. - `gateway.response.humanMessage` (string,null) Human-readable gateway response message. - `gateway.response.humanDescription` (string,null) Human-readable gateway response description with more detailed information. - `gateway.avsResponse` (object) Gateway Address Verification System (AVS) response. - `gateway.avsResponse.code` (string,null) Response code. - `gateway.avsResponse.message` (string,null) Response message. - `gateway.avsResponse.originalCode` (string,null) Raw response code. - `gateway.avsResponse.originalMessage` (string,null) Raw response message. - `gateway.cvvResponse` (object) Gateway Card Verification Value (CVV) response. - `customFields` (object) Use custom fields to extend a resource scheme to include custom data that is not provided as a common field. For more information, see [Custom fields](https://www.rebilly.com/catalog/all/custom-fields). Example: {"foo":"bar"} - `processedTime` (string) Read-only timestamp in ISO 8601 date-time format. - `createdTime` (string) Date and time which is set automatically when the resource is created. - `updatedTime` (string) Date and time which updates automatically when the resource is updated. - `paymentInstrument` (object) Default payment instrument information. - `paymentInstrument.method` (string, required) Payment method. Enum: "payment-card", "ach", "cash", "check", "paypal", "AdvCash", "Affirm", "Afterpay", "Aircash", "Airpay", "Alfa-click", "Alipay", "AmazonPay", "Apple Pay", "AstroPay Card", "AstroPay-GO", "BankSEND", "BankReferenced", "bank-transfer", "bank-transfer-2", "bank-transfer-3", "bank-transfer-4", "bank-transfer-5", "bank-transfer-6", "bank-transfer-7", "bank-transfer-8", "bank-transfer-9", "Baloto", "Beeline", "Belfius-direct-net", "bitcoin", "Bizum", "Blik", "Boleto", "Boleto-2", "Boleto-3", "cash-deposit", "CASHlib", "CashToCode", "CCAvenue", "China UnionPay", "Clearpay", "Cleo", "CODVoucher", "Conekta-oxxo", "Conekta-spei", "cryptocurrency", "Cupon-de-pagos", "CyberSource", "Dimoco-pay-smart", "Directa24Card", "domestic-cards", "Efecty", "echeck", "ecoPayz", "ecoVoucher", "EPS", "ePay.bg", "Ethereum", "e-wallet", "ezyEFT", "eZeeWallet", "FasterPay", "Flexepin", "Giropay", "Google Pay", "Gpaysafe", "iCashOne Voucher", "iDebit", "iDEAL", "ING-homepay", "INOVAPAY-pin", "INOVAPAY-wallet", "InstaDebit", "InstantPayments", "instant-bank-transfer", "Interac-online", "Interac-eTransfer", "Interac-express-connect", "Interac", "invoice", "iWallet", "Jeton", "JetonCash", "jpay", "KakaoPay", "Khelocard", "Klarna", "KNOT", "Litecoin", "loonie", "LPG-online", "LPG-payment-card", "Matrix", "MaxiCash", "Megafon", "MercadoPago", "MiFinity-eWallet", "miscellaneous", "MobilePay", "Multibanco", "Bancontact", "Bancontact-mobile", "MTS", "MuchBetter", "MyFatoorah", "Neosurf", "Netbanking", "Neteller", "Nordea-Solo", "NordikCoin", "OchaPay", "online-bank-transfer", "Onlineueberweisen", "oriental-wallet", "OXXO", "P24", "Pagadito", "PagoEffectivo", "Pagsmile-lottery", "Pagsmile-deposit-express", "PayCash", "Payco", "Payeer", "PaymentAsia-crypto", "Paysafecard", "PayTabs", "Pay4Fun", "Paynote", "Paymero", "Paymero-QR", "PayU", "PayULatam", "Perfect-money", "Piastrix", "PIX", "PinPay", "phone", "PhonePe", "POLi", "PostFinance-card", "PostFinance-e-finance", "QIWI", "QPay", "QQPay", "rapyd-checkout", "rebilly-hosted-payment-form", "Resurs", "reverse-withdrawal", "Ripple", "SafetyPay", "Samsung Pay", "SEPA", "Siirto", "Skrill", "Skrill Rapid Transfer", "SMSVoucher", "Sofort", "SparkPay", "SPEI", "swift-dbt", "Tele2", "Telr", "Terminaly-RF", "Tether", "ToditoCash-card", "Trustly", "Tupay", "TWINT", "UniCrypt", "UPayCard", "UPI", "USD-coin", "VCreditos", "VegaWallet", "VenusPoint", "voucher", "voucher-2", "voucher-3", "voucher-4", "Wallet88", "Webmoney", "Webpay", "Webpay-2", "Webpay Card", "WeChat Pay", "XPay-P2P", "XPay-QR", "Yandex-money", "Zotapay", "Zimpler", "Zip" - `paymentInstrument.paymentInstrumentId` (string) ID of the payment instrument. Example: "inst_0YVB8KPKNXCBR9EDX7JHSED75N" - `approvalUrl` (string) URL to redirect the end-customer when transaction is or . - `token` (string) Session token that is used for authentication. This token provides access to created orders, invoices, and transactions. - `depositRequestId` (string,null) ID of the deposit request if applicable. The created transaction is based on the properties of this deposit request. Example: "dep_req_0YVJ65BSGYC3EAT58SEX8KY6J7" - `_links` (array) Related links. - `_links.href` (string) Link URL. - `_links.rel` (string) Type of link. Enum: "self", "approvalUrl", "approvalContinue", "approvalBypass", "cancelUrl", "redirectUrl" ## Response 401 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. ## Response 403 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. ## Response 404 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. ## Response 422 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. - `invalidFields` (array) Invalid field details. Example: [{"field":"field1","message":"field1 is invalid"},{"field":"subObject.field2","message":"field2 is invalid"},{"field":"subObject.field2","message":"another error in the field2"}] - `invalidFields.field` (string) Name of the field. Dot notation is used for nested object field names. - `invalidFields.message` (string) Message field. ## Response 429 fields (application/json): - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". Example: "about:blank" - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. Example: "Rate Limit Exceeded" - `status` (integer) HTTP status code. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. Example: "A request cannot be executed because the user has sent too many requests within a certain period of time" - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.