See also the Braintree_PaymentMethod response object.

note

If you have card verification enabled, any updates made to credit cards are subject to those rules.

PHP
$result = Braintree_PaymentMethod::update(
  'the_token',
  [
    'billingAddress' => [
        'streetAddress' => '100 Maple Lane',
        'options' => [
            'updateExisting' => true
        ]
    ]
]);

If the payment method cannot be found, you'll receive a Braintree_Exception_NotFound exception.

Arguments
token required, string

The alphanumeric value that references a specific payment method stored in your Vault.

Additional Parameters
'billingAddress'

A billing address associated with a specific customer ID. It can be further associated with a specific payment method. The maximum number of addresses per customer is 50.

'company' string

Company name. 255 character maximum.

'countryCodeAlpha2' string

The ISO 3166-1 alpha-2 country code specified in an address. The gateway only accepts specific alpha-2 values.

'countryCodeAlpha3' string

The ISO 3166-1 alpha-3 country code specified in an address. The gateway only accepts specific alpha-3 values.

'countryCodeNumeric' string

The ISO 3166-1 numeric country code specified in an address. The gateway only accepts specific numeric values.

'countryName' string

The country name specified in an address. Braintree only accepts specific country names.

'extendedAddress' string

The extended address information—such as apartment or suite number. 255 character maximum.

'firstName' string

The first name. The first name value must be less than or equal to 255 characters.

'lastName' string

The last name. The last name value must be less than or equal to 255 characters.

'locality' string

The locality/city. 255 character maximum.

'options'

Optional values that can be passed with a request.

'updateExisting' bool

Update the billing address associated with the payment method token specified. Other payment methods associated with the same billing address will have their addresses updated, as well.

'postalCode' string

The postal code. Postal code must be a string of 4-9 alphanumeric characters, optionally separated by a dash or a space. Spaces, hyphens, and all other special characters are ignored.

'region' string

The state or province. For PayPal addresses, the region must meet PayPal's state restrictions; for all other payment methods, it must be less than or equal to 255 characters.

'streetAddress' string

The billing street address. 255 character maximum. Required to perform card verification when AVS rules are configured to require street address.

'billingAddressId' string

The two-letter value for an address associated with a specific customer ID. The maximum number of addresses per customer is 50.

'cardholderName' string

The cardholder name associated with the credit card. 175 character maximum.

'cvv' string

Typically requires PCI SAQ D compliance

We recommend using paymentMethodNonce to avoid any PCI concerns with raw credit card data being present on your server.

A 3 or 4 digit card verification value assigned to credit cards. The CVV will never be stored in the gateway, but it can be provided with one-time requests to verify the card.

'deviceData' string

Customer device information. Passing this value is strongly recommended when using Advanced Fraud Tools and adding credit card data to your Vault. Not recommended when vaulting PayPal or Venmo accounts.

'expirationDate' string

While we recommend using paymentMethodNonce when updating raw credit card data, the expiration date can be updated directly without any PCI concerns as long as you do not store, process, or transmit the raw PAN or CVV.

The expiration date, formatted MM/YY or MM/YYYY. May be used instead of expirationMonth and expirationYear.

'expirationMonth' string

While we recommend using paymentMethodNonce when updating raw credit card data, the expiration month can be updated directly without any PCI concerns as long as you do not store, process, or transmit the raw PAN or CVV.

The expiration month of a credit card, formatted MM. May be used with expirationYear, and instead of expirationDate.

'expirationYear' string

While we recommend using paymentMethodNonce when updating raw credit card data, the expiration year can be updated directly without any PCI concerns as long as you do not store, process, or transmit the raw PAN or CVV.

The two or four digit year associated with a credit card, formatted YYYY or YY. May be used with expirationMonth, and instead of expirationDate.

'number' string

Typically requires PCI SAQ D compliance

We recommend using paymentMethodNonce to avoid any PCI concerns with raw credit card data being present on your server.

The 12-19 digit value consisting of a bank identification number (BIN) and primary account number (PAN).

'options'
'failOnDuplicatePaymentMethod' bool

If this option is passed and the payment method has already been added to the Vault, the request will fail. This option will not work with PayPal payment methods.

'makeDefault' bool

This option makes the specified payment method the default for the customer.

'verificationAmount' string

Specify a non-negative amount that you want to use to verify a card. If you do not pass this option, the gateway will automatically use a verification amount of $0 or $1, depending on the processor and/or card type.

'verificationMerchantAccountId' string

Specify the merchant account ID that you want to use to verify a card. See the merchantAccountId on Braintree_Transaction::sale() to learn more. The merchant account cannot be a marketplace sub-merchant account. See the Braintree Marketplace Guide to learn more.

'verifyCard' bool

If the payment method is a credit card, this option prompts the gateway to verify the card's number and expiration date. It also verifies the AVS and CVV information if you've enabled AVS and CVV rules. If you want to verify all cards before they are stored in your Vault, you can turn on card verification for your entire Braintree account in the Control Panel.

In some cases, cardholders may see a temporary authorization on their account after their card has been verified. The authorization will fall off the cardholder's account within a few days and will never settle.

Only returns a Braintree_CreditCardVerification result if verification runs and is unsuccessful.

'paymentMethodNonce' string

Using a paymentMethodNonce on an update is only allowed when updating an existing credit card with new credit card information.

The nonce serves as proof that the user has authorized payment. This should be sent to your server and used with any of Braintree's server-side client libraries that accept new or saved payment details. When used to update subscriptions, the paymentMethodNonce must be vaulted and must belong to the customer owning the subscription.

If the payment method is a credit card, it will not be verified automatically on update – you must explicitly perform card verification.

'riskData'

Customer request information. Sent to processor to help verify transaction integrity.

'customerBrowser' string

The User Agent field provided by the customer. 255 characters maximum.

'customerIp' string

The customer's IP address.

'token' string

If provided, updates the token for the payment method.

Examples

Update billing address

To update the existing billing address when updating a payment method use the updateExisting option. If any other payment methods are associated with the same billing address, this will also update the billing address for those payment methods.

PHP
$result = Braintree_PaymentMethod::update(
  'the_token',
  [
    'billingAddress' => [
        'streetAddress' => '100 Maple Lane',
        'options' => [
            'updateExisting' => true
        ]
    ]
]);

If the payment method cannot be found, you'll receive a Braintree_Exception_NotFound exception.

New billing address

If you don't use the updateExisting option, a new address will be created. The existing billing address will remain in the Vault associated with the customer.

PHP
$result = Braintree_PaymentMethod::update(
  'the_token',
  [
    'billingAddress' => [
        'firstName' => 'Drew',
        'lastName' => 'Smith',
        'company' => 'Smith Co.',
        'streetAddress' => '1 E Main St',
        'region' => 'IL',
        'postalCode' => '60622'
    ]
  ]
);

Update with existing billing address

If a customer already has an address you'd like to use, you can update the payment method with that address.

PHP
$result = Braintree_PaymentMethod::update(
  'the_token',
  [
    'billingAddressId' => 'theBillingAddressId'
  ]
);

Updating a PayPal account token

The only fields that may be updated on a PayPal account are the token associated with that account, and setting the account as the default payment method for a customer.

PHP
$result = Braintree_PayPalAccount::update($originalToken, [
    'token' => $newToken
]);

Make default

You can set a payment method as the default for the customer.

PHP
$updateResult = Braintree_PaymentMethod::update(
  'the_token',
  [
    'options' => [
      'makeDefault' => true
    ]
  ]
);

Making a PayPal account the default

PHP
$result = Braintree_PayPalAccount::update($originalToken, [
    'options' => ['makeDefault' => true]
]);

Card verification

By default we will run credit card validations but not perform verification. Set the $verifyCard option to verify the card.

PHP
$result = Braintree_PaymentMethod::update('the_payment_method_token', [
    'paymentMethodNonce' => nonceFromTheClient,
    'options' => [
        'verifyCard' => true
    ]
]);
important

If you are using our Advanced Fraud Tools, we strongly recommend passing $deviceData each time you verify a card.

Updating with a nonce and additional parameters

When updating the credit card information with a nonce, you may pass additional parameters to update as well. Here is an example of updating a payment method and explicitly verifying the card.

important

If a field is passed from the client and included in the nonce data (such as postal code) it should not be passed as an explicit argument as well.

PHP
$result = Braintree_PaymentMethod::update(
  'the_token',
  [
    'paymentMethodNonce' => 'nonce-from-the-client',
    'billingAddress' => [
        'firstName' => 'Drew',
        'lastName' => 'Smith',
        'company' => 'Smith Co.',
        'streetAddress' => '1 E Main St',
        'region' => 'IL'
    ]
  ]
);
important

If you are using our Advanced Fraud Tools, we strongly recommend passing $deviceData each time you verify a card.

To verify the AVS information of an existing payment method, pass the update request with an empty array and the verify_card set to "true". Note that an update will create a transaction, so if your processing options are set to reject transactions without CVV, you will need to include CVV as a parameter, or disable this rule (see below).

To disable the CVV requirement:

  1. Log into the Control Panel
  2. Navigate to Settings > Processing > CVV
  3. Click Options
  4. Uncheck CVV Not Provided (I)

Still have questions?

If you can’t find an answer, contact our Support team.