*** id: 0fcb77ad-932f-4947-aced-464f54b8c14c title: Pay sidebar-title: Pay slug: /cxml/reference/voice/pay position: 1 max-toc-depth: 3 ---------------- ## Overview The `` verb enables secure payment processing during voice calls. When implemented in your voice application, it handles the complete payment flow including data collection, validation, and processing through your configured payment gateway. The `` verb also has two nouns that are embedded within it: * [``](/docs/compatibility-api/cxml/reference/voice/pay/parameter): Pass custom parameters to your payment processor. * [``](/docs/compatibility-api/cxml/reference/voice/pay/prompt): Customize the prompts used during payment collection. ## Core functionality * Secure payment information collection * Real-time payment processing * Payment method tokenization * Multi-currency support * Automated retry handling * Status tracking via webhooks *** ## Transaction types The `` verb supports two primary transaction types: immediate charges and tokenization. ### Immediate charges When you need to process a payment right away, use an immediate charge transaction. This collects the payment details and processes the transaction in one step. To execute an immediate charge: ```xml ``` Setting any positive value for `chargeAmount` initiates an immediate charge transaction. ### Tokenization Tokenization allows you to securely store payment information for future use. Instead of processing a payment, it generates a secure token that represents the payment method. This is particularly useful for: * Subscription services * Recurring billing To tokenize payment information: ```xml ``` You can also omit the `chargeAmount` attribute entirely: to re-enter their payment details. This may differ depending on the payment processor you are using. *** ## Attributes Minimum required length for postal code input. Used for input validation. The URL to which to POST the encrypted payment data. Controls whether CVV/security code collection is required. When `false`, skips security code collection. HTTPS endpoint that receives POST requests after payment completion. Must be HTTPS. Response determines next cXML instructions. For tokenization, receives `PaymentToken` and `ProfileId`. For charges, receives `PaymentConfirmationCode`. Defaults to the current cXML document URL. Amount to charge. Set to 0 or omit for tokenization only. Must be between 0 and 1,000,000. Three-letter currency code (e.g., `usd`, `eur`, `gbp`). Must be supported by selected payment connector. Currently only `usd` is accepted. Transaction description passed to payment processor. Appears in transaction records. The only supported input method for payment data collection. All captured digits are automatically redacted in logs. Controls prompt language. Supports `en-AU`, `en-CA`, `en-GB`, `en-IN`, `en-US` for all payments. Additional `es-ES`, `es-MX`, `fr-CA`, `fr-FR`, `de-DE`, `it-IT` for credit card only. See [language list](#language-support). Maximum number of retry attempts when timeout occurs or invalid data is received. Allowed values are `1`, `2`, or `3`. Payment flow terminates after `maxAttempts` is reached. Determines payment collection flow. Credit card flow captures card number, expiration, security code, and postal code. ACH flow captures routing and account numbers. Controls postal code collection. When `false`, skips collection for postal code. When `true`, prompts the user for collection. When a String value, uses provided value without needing to collect the postal code from the user. HTTPS endpoint that receives real-time payment status updates via POST requests. Includes details about current payment stage, errors, and attempt counts. See [Status Callback Parameters](#statuscallback-request-parameters) for more details. Number of seconds to wait for the next digit input before timing out. Must be a positive integer greater than 3 seconds. Applies to all input collection stages. Determines token persistence. Allowed values are `one-time` or `reusable`. One-time for single use, reusable for recurring use. Payment-method specific to certain processors. Space-separated list of accepted card types. Validates card number against specified types. Allowed values: `visa`, `mastercard`, `amex`, `maestro`, `discover`, `optima`, `jcb`, `diners-club`, `enroute`. ## Webhook request parameters ### `paymentConnectorUrl` request parameters When a transaction is completed, SignalWire will `POST` to your `paymentConnectorUrl` URL. Based on the [transaction type](#transaction-types), the body of the request will contain the below parameters: A valid response from your `paymentConnectorUrl` must be provided to indicate the success or failure of the transaction. More information can be found in the [Webhook Response](#paymentconnectorurl-response) section. Customer's credit card number. Amount to charge. Three-letter currency code. Card security code. Transaction description. Card expiration month (2 digits). Card expiration year (2 digits). Payment method (`credit-card`). Custom key-value parameters. Billing postal code. Unique identifier for the transaction. #### Example ```json { "transaction_id":"id", "method":"credit-card", "cardnumber":"1234123412341234", "cvv":"123", "postal_code":"12345", "description":"renew plan", "chargeAmount":123.45, "expiry_month":"01", "expiry_year":"38", "currency_code":"USD", "parameters":{ "custom1":"value1" } } ``` Set to 0 for tokenization. Customer's credit card number. Three-letter currency code. Card security code. Transaction description. Card expiration month (2 digits). Card expiration year (2 digits). Custom key-value parameters. Billing postal code. Token persistence (`reusable` or `one-time`). Unique identifier for the transaction. #### Example ```json { "transaction_id":"id", "cardnumber":"1234123412341234", "cvv":"123", "postal_code":"12345", "description":"save card", "amount":0, "token_type":"reusable", "expiry_month":"01", "expiry_year":"38", "currency_code":"USD", "parameters":{ "custom1":"value1" } } ``` *** ### `action` request parameters When a transaction is completed, SignalWire will `POST` to your `action` URL. The body of the request will contain the [standard request parameters](/docs/compatibility-api/cxml/reference/voice#request-parameters) as well as the following parameters: A valid cXML response must be provided if the `action` URL is provided. More information can be found in the [Webhook Response](#action-response) section. Masked bank account number. Bank routing number. Raw processor error details. Card expiration in MMYY format. Numeric error reference. Masked card number (last 4 digits visible). Postal code provided. Card brand (visa, mastercard, etc.). Transaction confirmation code. Detailed error information. Type of payment method used. Tokenized payment method reference. Customer profile identifier from payment processor. Final outcome of the payment attempt. The possible values can be seen in the [Result Values](#result-values) table. Masked security code. #### Result values | Value | Description | | ------------------------------ | ------------------------------ | | `success` | Payment processed successfully | | `too-many-failed-attempts` | Maximum retry attempts reached | | `payment-connector-error` | Gateway communication failure | | `caller-interrupted-with-star` | User canceled with \* key | | `caller-hung-up` | Call terminated by user | | `validation-error` | Invalid parameter provided | | `internal-error` | System processing error | *** ### `statusCallback` request parameters When a status change occurs, the following parameters are sent to your statusCallback URL: Current attempt number. Specifies the nature of the error encountered (if any). Refer to the table below for detailed error type descriptions. The possible values can be seen in the [Error Types](#error-types) table. Card expiration date. Indicates the present phase of the `` request. The table below outlines the potential values. Possible values can be seen in the [For Values](#for-values) table. Masked card number. Postal code provided. Type of card provided. Type of payment being processed. Masked security code. #### Status callback events | Event | Description | | --------------------- | ---------------------------- | | `payment-card-number` | Collecting card number | | `expiration-date` | Collecting expiration date | | `security-code` | Collecting CVV/security code | | `postal-code` | Collecting postal code | | `bank-routing-number` | Collecting routing number | | `bank-account-number` | Collecting account number | | `payment-processing` | Processing transaction | #### For values | Value | Description | | --------------------- | ----------------------------------------------------------------- | | `payment-card-number` | Requesting the customer's credit or debit card details | | `expiration-date` | Requesting the expiration date of the customer's payment card | | `security-code` | Requesting the security code (CVV) of the customer's payment card | | `postal-code` | Requesting the postal code linked to the customer's payment card | | `payment-processing` | Executing the payment transaction | #### Error types | Error | Description | | ----------------------------- | -------------------------- | | `input-timeout` | User input timeout | | `invalid-card-number` | Failed card validation | | `invalid-card-type` | Unsupported card type | | `invalid-date` | Invalid expiration date | | `invalid-security-code` | Invalid CVV format | | `invalid-postal-code` | Invalid postal code format | | `invalid-bank-routing-number` | Invalid routing number | | `invalid-bank-account-number` | Invalid account number | | `session-in-progress` | Concurrent session attempt | *** ## Webhook response ### `paymentConnectorUrl` response The response from your `paymentConnectorUrl` is used to inform if the transaction was successful or not. #### Successful transaction When a transaction is successful, the webhook should respond with one of the following formats (depending on the transaction type): ```json title="Successful Standard Credit Card Payment" { "charge_id":"charge_id", "error_code":null, "error_message":null } ``` ```json title="Successful Tokenized Credit Card Payment" { "token_id":"token_id", "error_code":null, "error_message":null } ``` #### Unsuccessful transaction When a transaction is unsuccessful (declined by the payment processor), the webhook should respond with the following format: ```json title="Declined Standard Credit Card Payment" { "charge_id": null, "error_code": "some error code", "error_message": "some error message" } ``` ```json title="Declined Tokenized Credit Card Payment" { "token_id": null, "error_code": "some error code", "error_message": "some error message" } ``` *** ### `action` response When a transaction is completed, SignalWire will `POST` to your `action` URL. The response should return valid cXML for the next step in your application. #### Example ```xml Thank you for your payment. Your transaction has been completed. ``` *** ## Language support The `language` attribute controls the language of automated prompts during payment collection. ### Credit card payments All credit card payments support the following languages: #### English variants * en-AU (Australian English) * en-CA (Canadian English) * en-GB (British English) * en-IN (Indian English) * en-US (American English) #### Additional languages * es-ES (European Spanish) * es-MX (Mexican Spanish) * fr-CA (Canadian French) * fr-FR (European French) * de-DE (German) * it-IT (Italian) *** ## Examples ### Simple payment collection: ```xml Please enter your payment information ``` ### Payment with status tracking: ```xml Please enter your payment information ``` ### Basic tokenization: ```xml Please enter your card information to save for future use ``` ### Tokenization with validation: ```xml Please enter your card information ``` ### Custom retry logic: ```xml Please enter your payment information ``` ### International payment: ```xml Por favor, ingrese su informaciÃ³n de pago ``` ### Example with custom parameters and prompts ```xml Let's collect your payment information. Please enter your credit card number Please enter your credit card number Please enter your credit cardâ€™s security code. It's the 4 digits located on the front of your card. ``` ## Security best practices 1. Always use HTTPS for callback URLs 2. Implement webhook validation 3. Monitor payment status callbacks 4. Handle errors gracefully 5. Store tokens securely 6. Use appropriate timeout values 7. Implement proper error handling 8. Validate all inputs 9. Monitor transaction patterns 10. Keep payment connector configurations secure