A Checkout charge session can be created for a saved card (card-on-file). In this case the customer will not have to enter card details, but only have to go through Strong Customer Authentication (SCA). A card-on-file session can be used for payments with a saved card where the customer is present (Customer Initiated Transaction) to be compliant with PSD2. See https://blog.reepay.com/psd2-strong-customer-authentication/. Notice the contrast to Merchant Initiated Transaction.
To create a card-on-file charge session the argument card_on_file must be supplied when creating the session. The argument value is a stored card reference ca_xxx.... The customer provided in the order object with customer_handle must match the customer owning the saved card.
If a payment fails in the card-on-file session, an error will be reported either as Javascript callback for overlay and embedded, or as a HTTP query argument error on the cancel url in window mode. If the card-on-file fails, an alternative payment option could be presented to the customer. E.g. a new session without card-on-file.
CVV will by default not be required for charge sessions but will by default required for recurring sessions. It can be controlled using the parameter card_on_file_require_cvv.
Example API call to create a charge session with card-on-file:
curl -X POST \
--url https://checkout-api.reepay.com/v1/session/charge \
-u 'priv_xxxx:' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
--data '{
"card_on_file": "ca_11111111111111111111111111111111",
"order": {
"ordertext": "Awesome product",
"handle": "order-12345",
"amount": 10000,
"customer_handle": "cust-0001"
},
"accept_url":"https://webshop.com/accept/order-12345",
"cancel_url":"https://webshop.com/decline/order-12345"
}'