I'm using Opayo Pi API. It's been working fine for repeat payments, to authenticate a card initially with 3DS, then using the resulting transactionId as the referenceTransactionId for repeats.
Now I need the customer to be able to change card details, so I have them re-authenticate a new card, grab the resulting transactionId and again use that in any repeats as referenceTransactionId.
But Opayo is using the old card, as if I had used the older transactionId from a transaction using the old card. It will not use the latest card despite using the transactionId from that card's transaction.
I have tested with the test API endpoint. I have studied the docs. In their docs I can't see that an extra step is needed, eg. to de-authenticate a previous card first. Elsewhere there is mention of REMOVETOKEN transactions but that does not appear to be related to the Pi API. There is no mention in the Pi API of specifically replacing CoFs, just initiating them.
For reference, repeat payments use these properties (per the API docs) - this is PHP. Where $reference_transaction_code is the previous transactionId from a 3DS authenticated card payment. This works fine for repeats otherwise, just holds on to an old card.
$data = array(
"transactionType" => "Repeat",
"referenceTransactionId" => $reference_transaction_code,
"vendorTxCode" => $order_number,
"currency" => "GBP",
"amount" => ($amount * 100), // Must be in pence for Sagepay
"description" => "Repeat order ".$order_number,
"credentialType" => array(
"cofUsage" => "Subsequent",
"initiatedType" => "MIT",
"mitType" => "Unscheduled"
)
);
Does anyone have any guidance here? Am I missing a step in replacing the CoF? Is it not as simple as just using the transactionId from the latest authenticated card? Do ask for any further details or clarity.
You'd need to take a new parent payment on new card including COF usage fields, to then repeat on in future and stop repeating off old expired card.