> ## Documentation Index > Fetch the complete documentation index at: https://developer.nomba.com/llms.txt > Use this file to discover all available pages before exploring further. # Charge a customer using tokenized card data > You can use this endpoint to charge a customer's card using the tokenized card details. ## OpenAPI ````yaml post /v1/checkout/tokenized-card-payment openapi: 3.0.1 info: description: '' title: Vendor API version: 1.0.0 servers: - description: Production url: https://api.nomba.com - description: Sandbox url: https://sandbox.nomba.com security: [] tags: - name: Authenticate - name: Accounts - name: Virtual Accounts - name: Online Checkout - name: Charge - name: Transfers - name: Direct Debits - name: Terminals - name: Transactions - name: Airtime and Data Vending - name: Electricity Vending - name: CableTV Subscription - name: Betting Vending paths: /v1/checkout/tokenized-card-payment: post: tags: - Online Checkout summary: Charge a customer using tokenized card data description: >- You can use this endpoint to charge a customer's card using the tokenized card details. operationId: charge customer with tokenized card data parameters: - description: The parent accountId of the business. in: header name: accountId schema: type: string format: uuid example: 890022ce-bae0-45c1-9b9d-ee7872e6ca27 required: true requestBody: content: application/json: schema: $ref: '#/components/schemas/TokenizedCardPaymentRequest' description: The request payload required to perform a tokenized payment. required: true responses: '200': content: application/json: schema: type: object properties: code: type: string example: '00' description: Response Code description: type: string example: Success description: payment successful data: $ref: '#/components/schemas/TokenizedCardPaymentResponse' required: - code - description - data description: OK - your request was successful. headers: X-Rate-Limit-Limit: description: The number of allowed requests in the current period schema: type: string example: '40' X-Rate-Limit-Remaining: description: The number of remaining requests in the current period schema: type: string example: '39' X-Rate-Limit-Window: description: The specified rate limit window schema: type: string example: 1s '400': content: application/json: schema: $ref: '#/components/schemas/RequestError' description: The request body sent by merchant did not pass the validation checks '401': content: application/json: schema: $ref: '#/components/schemas/AuthenticationError' description: >- The access_token provided to access the resource is missing or invalid. '403': content: application/json: schema: $ref: '#/components/schemas/AuthorizationError' description: The client does not have the permissions to access this resource '404': content: application/json: schema: $ref: '#/components/schemas/RecordNotFoundError' description: The record that the client is trying to access does not exist. '429': content: application/json: schema: $ref: '#/components/schemas/RateLimitError' description: >- The client has maxed out the number of calls within a time period on this resource. '500': content: application/json: schema: $ref: '#/components/schemas/ServerError' description: Downstream system error. security: - BearerAuth: [] components: schemas: TokenizedCardPaymentRequest: type: object description: The Tokenized card payment request object properties: order: $ref: '#/components/schemas/Order' tokenKey: type: string description: the token key returned in the webhook example: '7628788443' required: - tokenKey TokenizedCardPaymentResponse: type: object properties: status: type: boolean description: status of the transaction example: 'true' message: type: string description: some details of the transaction response. example: success RequestError: type: object description: Request Error response. properties: code: type: string description: API error code. example: '400' description: type: string description: Additional details about the error. example: Request failed. AuthenticationError: type: object description: Authentication Error response. properties: code: type: string description: API error code. example: '401' description: type: string description: Additional details about the error. example: Unauthorized AuthorizationError: type: object description: Permissions error response. properties: code: type: string description: API error code. example: '403' description: type: string description: Additional details about the error. example: Forbidden RecordNotFoundError: type: object description: Record-Not-Found error response. properties: code: type: string description: API error code. example: '404' description: type: string description: Additional details about the error. example: Record not found RateLimitError: type: object description: Rate-limit error response. properties: code: type: string description: API error code. example: '429' description: type: string description: Additional details about the error. example: Too many requests ServerError: type: object description: Server error response. properties: code: type: string description: API error code. example: '500' description: type: string description: Additional details about the error. example: Server error Order: type: object properties: orderReference: type: string description: reference of the online checkout order to be created example: 90e81e8a-bc14-4ebf-89c0-57da752cca58 customerId: type: string description: customer id example: '762878332454' callbackUrl: type: string description: Merchant callback url for redirect after payment example: https://ip:port/merchant.com/callback customerEmail: type: string description: customer email example: abcde@gmail.com amount: type: number format: double description: Amount to pay example: '10000.00' currency: type: string description: >- ISO 4217 currency code. Use NGN for Nigerian checkout. For DRC accounts, use CDF or USD — NGN is not supported for DRC and will be rejected. enum: - NGN - CDF - USD example: NGN accountId: type: string description: If specified, this is the account where the funds will be deposited. example: 01a10aeb-d989-460a-bbde-9842f2b4320f allowedPaymentMethods: type: array description: >- Optional list of payment methods to display on the checkout page. If not provided, all supported methods for your account and region will be shown. Supported values: Card, Transfer, Nomba QR, USSD, Buy Now Pay Later (Nigerian checkout); MOMO, Intl Card, Apple Pay (DRC checkout). items: type: string enum: - Card - Transfer - Nomba QR - USSD - Buy Now Pay Later - MOMO - Intl Card - Apple Pay example: - Card - Transfer splitRequest: type: object description: Contains accounts where the inflow will be split into properties: splitType: type: string description: The type fo split to use, either PERCENTAGE or AMOUNT enum: - PERCENTAGE - AMOUNT splitList: type: array items: type: object properties: accountId: type: string description: >- The account Id whose wallet will be credited when the order is paid example: 01a10aeb-d989-460a-bbde-9842f2b4320f value: type: number description: >- The percentage or the order amount or the actual value to credit to this account. example: '65.45' orderMetaData: type: object description: >- Arbitrary key-value metadata to attach to the order. Keys and values must be strings. Stored on the order and returned in webhook payloads. Special key: set "region" to "CD" to route this order through DRC checkout (e.g. for a Nigerian merchant accepting DRC MoMo payments). additionalProperties: type: string example: productName: Premium Plan internalRef: INV-2026-001 region: CD required: - callbackUrl - customerEmail - amount - currency securitySchemes: BearerAuth: description: >- Nomba authenticates API calls with [OAuth2 HTTP bearer tokens](http://tools.ietf.org/html/rfc6750). There are two methods of authentication; [Client-Credentials method](https://www.rfc-editor.org/rfc/rfc6749) and [PKCE (Proof Key for Code Exchange)](https://www.rfc-editor.org/rfc/rfc7636) method. In each of the methods, You will get an `ACCESS_TOKEN`. You need to use an `"Authorization"` HTTP header to provide your `ACCESS_TOKEN`. For example: `Authorization: {ACCESS_TOKEN}`. scheme: bearer type: http bearerFormat: JWT ````