Re-auth passing in security code manually


The following is legacy content for those using version 1 of our JavaScript Library

Click here for our latest documentation on this topic.



It is possible to process a new authorisation request that inherits billing, delivery and payment credentials from a previously-processed authorisation. However, doing so forgoes additional checks by the acquiring bank on the customer’s security code, as this data is not stored by Trust Payments and cannot be inherited.

For this reason, when processing a re-authorisation, you may find it useful to utilise our JavaScript Client SDK (as documented in our Getting started documentation) to prompt a returning customer for just their security code and this can then be put into a new cachetoken.

Following this, you can process a new AUTH request, containing a reference to a previous payment (to retrieve and re-use previously-stored credentials) AND a new cachetoken, which contains the security code. This allows the aforementioned security code checks to be performed.


Server-side payment form

As described in our Getting started documentation, you will need to utilise our JavaScript Client SDK to prompt the customer for their sensitive payment credentials. However, as shown in the markup example below, you will only need to prompt returning customers for their security code:


        #st-payment {
            background-color: #ffc6c7;
            border: 2px solid #ffb5b5;
        #st-message .st-error {
            background: #ffcdcd;
            border: 2px solid #ffb5b5;
            padding: 4px 4px 4px 28px !important;

    <div id="st-message"></div>
    <form id="st-payment" action="">
    <!--Ensure the security code uses the data-st-field attribute.-->
        Security Code: 
        <input type="text" data-st-field="securitycode" autocomplete="off" /></br>
        <input type="submit" name="mybtn" />
    <script src=""></script>
        new SecureTrading.Standard({
            sitereference: "test_site12345", locale: "en_gb"


Submit the AUTH request

Once you are in possession of the cachetoken (containing the security code), you can submit an AUTH request to process a new payment, as shown in the example below. The example below is similar to the example found in the Getting started documentation, except it contains an additional field parenttransactionreference. This will need to include the unique transaction reference to the original transaction. This is needed in order to inherit the previously-submitted billing, delivery and payment credentials. (Click here for further information on inheritance).

import securetrading

stconfig = securetrading.Config()
stconfig.username = "[email protected]"
stconfig.password = "Password1^"
st = securetrading.Api(stconfig)
#Replace the example Web Services username and password above with your own

request = {
  "sitereference": "test_site12345",
  "requesttypedescriptions": ["AUTH"],
  "currencyiso3a": "GBP",
  "baseamount": "1050",
  "orderreference": "My_Order_123",
  "parenttransactionreference": "1-2-3",
  "cachetoken": "token_posted_by_st.js"

strequest = securetrading.Request()
stresponse = st.process(strequest) #stresponse contains the transaction response

if (!($autoload = realpath(__DIR__ . '/../../../autoload.php')) && !($autoload = realpath(__DIR__ . '/../vendor/autoload.php'))) {
  throw new Exception('Composer autoloader file could not be found.');

$configData = array(
  'username' => '[email protected]',
  'password' => 'Password1^',
//Replace the example Web Services username and password above with your own

$requestData = array(
  'sitereference' => 'test_site12345',
  'requesttypedescriptions' => array('AUTH'),
  'currencyiso3a' => 'GBP',
  'baseamount' => '1050',
  'orderreference' => 'My_Order_123',
  'parenttransactionreference' => '1-2-3',
  'cachetoken' => 'token_posted_by_st.js'

$api = \Securetrading\api($configData);
$response = $api->process($requestData);

curl --user [email protected]:Password1^ -H "Content-type: application/json" -H "Accept: application/json" -X POST -d '{
"alias":"[email protected]",
"version": "1.00",
  "request": [{
    "currencyiso3a": "GBP",
    "requesttypedescriptions": ["AUTH"],
    "sitereference": "test_site12345",
    "baseamount": "1050",
    "orderreference": "My_Order_123",
    "parenttransactionreference": "1-2-3",
    "cachetoken": "token_posted_by_st.js"


Once the request has been submitted, you will need to check the AUTH response returned to ensure the payment was processed successfully (Click here for further information on checking the response). In particular, you will need to check that the securityresponsesecuritycode field is “2”, indicating the value submitted by the customer matches the value on their card. (Click here for further information on security code checks)