Worldline Card Issuing in a Nutshell
A quick tour of Worldline Card Issuing
Worldline Card Issuing includes all the core features enabling to instantly issue cards and process payments :

-
Issue any type of card : debit, credit, pre-paid whatever its form physical/virtual,
-
Authorize and process transaction efficiently thanks to a proven technology already processing more than 10 billions of transactions a year
-
Launch a new product on international schemes but also on local ones, Wordline Card Issuing being GLOCAL !
-
Embrace the wallet revolution by having the possibility to tokenize you card portfolio and make it compatible with mobile wallet providers
-
Manage disputes and initiate chargeback to a merchant in line with the schemes’ rules and regulation.
Creating and managing your cards portfolio using Worldline Card Issuing will follow 4 main steps that can be easily done through our powerfull REST/json APIs.
Your journey with Worldline Card Issuing
Authentication doc
Authentication
Worldline APIs require authentication on all endpoints and methods.
We currently support one Authentication scheme:
- Bearer Token (OAuth2 - Client Credentials)
Bearer Token
Bearer tokens are temporary security credentials that can be used to authorize 'third parties' (bearers) access to the Worldline API.
These tokens are created by calling the accesstoken endpoint.
Once created the token field must be used in the HTTP Authorization header using the Bearer scheme.
Example HTTPS request with a bearer token in Accept Transactions API
GET /v1.0/acquiring/transaction/acquirers/{acquirerId}/transactions HTTPS/1.1
Accept: application/json
Authorization: Bearer fsdfdsfdsfdsfs9857958hjiIsInR5cCI6IkpXVCJ9
Security Scheme Type | HTTPS |
HTTP Authorization Scheme | bearer |
Header parameter name | authorization |
Create Bearer Token - OAuth2 Client Credentials
The Client Credentials grant type is used by clients to obtain an access token outside of the context of a user.
The OAuth 2.0 client credentials grant flow permits an API (confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling another API.
Steps to obtain an Access token
Step 1: Construct a Basic Authentication header using the following values shared by Worldline team.
Basic field | Example |
---|---|
consumerKey | jhfrjh881wtRxgregegegggeg |
consumerSecret | wfrregergjbD6rNxregregerg |
Step 2: Construct a valid HTTP Basic Authentication header as follows in pseudo-code.
const consumerKey = "jhfrjh881wtRxgregegegggeg";
const consumerSecret = "wfrregergjbD6rNxregregerg";
const authnValue = "Basic " + base64Encode(consumerKey + ":" + consumerSecret);
request.setHeader("Authorization", authnValue);
Security Scheme Type | HTTPS |
---|---|
HTTP Authorization Scheme | basic |
Header parameter name | authorization |
Step 3: Call the rest endpoint of Oauth2 client credentials to obtain the access token.
POST oauth/client_credential/accesstoken?grant_type=client_credentials HTTPS/1.1
Accept: application/json
Authorization: Basic jfvwrjfbrkfbrkbrglenglengelgnegnejwvfwejhf==
The call Response contains the Bearer Access token. Use this token to call the Actual resource.
Example POST call response - field access_token
{
"refresh_token_expires_in": "0",
"api_product_list": "[coffea]",
"api_product_list_json": [
"coffea"
],
"organization_name": "$organization_name",
"developer.email": "$Developermail",
"token_type": "BearerToken",
"issued_at": "1678146804722",
"client_id": "jhfrjh881wtRxgregegegggeg",
"access_token": "Knk9uvvoSALfzo3AGDADzGJ0Ayl1",
"application_name": "4a319510-0793-4332-9627-452ae6a70c1d",
"scope": "",
"expires_in": "3599",
"refresh_count": "0",
"status": "approved"
}
Stock Market Data doc sec
Open Banking Documentation
ITA Documentation
Acquiring Documentation
Issuing Documentation
WL 1-Click REST API Resources Diagram
WL 1-Click REST API Resources Diagram




Accept Transactions API
This API enables you to Accept transactions for your Merchant customers.
Transactions are accepted via a host-to-host connection between the API user and Worldline FS API Gateway. The Worldline FS API Gateway is connected to the Worldline FS acceptance host, which in turn is connected to the Issuer network.
Version note:
Please be aware that these API interfaces may be changed and improved (e.g. addition of fields).
The WL FS Sandbox for Accept Transactions API is available on request for PSPs and banks integrating with Worldline Financial Services (equensWorldline).
Latest open API spec below includes drop-down examples of requests (e.g. Purchase VISA Authorization) and drop-down examples of successful "200" responses. The “Try Out” button functionality is currently not available.
Accept Transactions API version 1.0.2 is operational for Card Not Present transactions. The API roadmap for 2025 includes (Soft-)POS transaction acceptance via this API.
Production release of Accept Transactions API version 1.0.3 is planned for January 2025.
#version 1.0.3 (19-12-2024)
- For API responses with codes other than 200, updated error codes & messages to help improve error handling
-New actionType AUTH_AND_CAPTURE_REVERSAL
#version 1.0.2 (22-11-2024)
- Changed response field “enumerations” into “examples”.
#version 1.0.1 (01-05-2024)
- Adjusted patterns of the following fields:
- 3DSecure.authenticationValue
- token.acceptorId
- token.tavvData
#version 1.0 (26-01-2024)
- Addition of header parameter Trace-ID.
- Addition of new object for Token:
- Addition new field acceptorId
- Addition new field tavvData
- Adjustment Card object:
- Removal of tavv
- Addition of new field walletId. We support wallets such as ApplePay.
-Adjustment to 3DSecure object:
- Result field is no longer required
- Addition of new field subVersion
- Addition of new field dsEci
- Addition of new field authenticationValue
- Removal of ucaf field
- Removal of cavvData field
- Removal of xid field
- Renaming from transactionId to dsTransactionId and changes in the pattern.
- Some updates to the static examples provided.
- Support Wallets e.g. ApplePay
- New actionType AUTH_REVERSAL_PARTIAL