GuestyPay Tokenization Flow

How to safely tokenize credit card details for the GuestyPay payment method.


There are two primary steps to creating a guest payment method through GuestyPay for reservations.

  1. Collect and tokenize the guest's credit card.
  2. Pass the token in the reservation creation request.


Create a Guest Payment Method Sequence Diagram

Figure 1.0. GuestyPay Tokenization Flow

Step 1: Tokenize the Guest's Card


Determine the Payment Processor ID

The API will automatically identify a property's payment processor when you include the listingId in your tokenization request. Even then, it is a best practice to include the paymentProviderId as well. You can retrieve it with the following request.

Payment Form and SDK

The quickest, easiest, and recommended way to facilitate payments on your website is by using our payment form SDK. Guesty offers a JavaScript SDK that supports multiple payment methods, ensuring that your guests enjoy a personalized and hassle-free checkout process. It's secure and PCI-compliant. You can access it at the links below.

Please note that the SDK only supports the GuestyPay.



Directly Interfacing with the API

Interfacing with the API directly, using the resources outlined below, should only be attempted if the SDK cannot be adapted for your use case. Even then, please contact Customer Experience and we will assist you with it. We plan to offer the SDK as the only method in the near future.

Available Endpoints



Body ParameterData TypeDescriptionRequired
paymentProviderIdstringThe payment processing account ID as stored in Guesty - Learn more.βœ”οΈ
listingIdstringThe ID of the property being booked.βœ”οΈ
cardobjectCredit card details.βœ”οΈ
billing_detailsobjectBilling details.βœ”οΈ
threeDSobject3D Secure validation (refer to the threeDS Object table below).βœ”οΈ
merchantDataobjectSee the Merchant Data section below.

Card Object

This table describes the parameters of the card object from the Payload table above.

Body ParameterData TypeDescriptionRequired
numberstringCredit card number.βœ”οΈ
exp_monthstringExpiration month in 2 digits string format ("04").βœ”οΈ
exp_yearstringExpiration year in 4 digits string format ("2024").βœ”οΈ
cvcstringCard verification code. Three digits in string format.βœ”οΈ

Billing Details Object

These are the parameters of the billing_details object from the Payload table above.

Body ParameterData TypeDescriptionRequired
namestringCardholder's name.βœ”οΈ
addressobjectCard's billing address.βœ”οΈ
    citystringCity. Max length 50 characters.βœ”οΈ
    countrystringThe ISO 3166 Alpha-2 country code.βœ”οΈ
    line1stringStreet name and number. Max length 50 characters.βœ”οΈ
    postal_codestringPostal code. Max length 20 characters.βœ”οΈ

threeDS Object

Guesty offers two parameters that can help guide the user toward the next step in your booking process after an authentication attempt.

  1. successURL is the next step in your booking flow after a successful authentication attempt. For example, post the token as the guest's payment method and send the user a booking confirmation message.

  2. failureURL is the next step in your process after authentication fails. Your website/application should redirect the guest to the relevant page to either try again, provide an alternate payment method, or follow any other process you have in place for invalid credit cards.

Body ParameterData TypeDescriptionRequired
amountnumberThe total amount of the future payment.βœ”οΈ
currencystringThe currency code. E.g. "USD"βœ”οΈ
successURLstringURL for redirect after successful authentication.
failureURLstringURL for redirect after a failed authentication.


Success and Failure URLs

If you don't provide any URLs, the user will be redirected to a blank white page after attempting to authenticate. To avoid this, we suggest specifying the URL of the next step in your booking process, based on the authentication result, for a better user experience.

Merchant Data

Body ParameterData TypeDescriptionRequired
freeTextstringAny text you may wish to retain for future reference. E.g., "PayeeId-1234567".
transactionDatestringThe ISO 8601 date and time (
transactionDescriptionstringDefine your transaction for ease of reference.
transactionIdstringEnter the transaction ID you require for your systems.



curl --location '' \
--header 'Content-Type: application/json' \
--data '{  
    "listingId": "64f03f9094d741004fda977d",
    "card": {
        "number": "4580458045804580",
        "exp_month": "12",
        "exp_year": "2024",
        "cvc": "123"
    "billing_details": {
        "name": "John Smith",
        "address": {
            "line1": "20 W 34th St",
            "city": "New York",
            "postal_code": "10001",
            "country": "US"
     "threeDS": {
        "amount": 500,
        "currency": "USD",
        "successURL": "{orderN}",
        "failureURL": "{orderN}"
     "merchantData": {
        "freeText": "PayeeId-1234567",
        "transactionDate": "2023-11-14T12:12:33.162Z",
        "transactionDescription": "Descriptor",
        "transactionId": "Reservation-2000583"



Body ParameterData TypeDescription
_idstringThe ID of the newly tokenized card. Pass this as the ccToken in your reservation creation request.
threeDSobjectContains the authentication URL ("authURL").

Send the authURL to the user to authenticate the payment method. Once the authentication process is complete, the user is redirected to either the successURL or failureURL specified in the tokenization request, depending on the outcome.

If authentication is successful no authURL is returned in the response (the issuer didn't require it), you may proceed to use the token_id to create the guest payment method.


    "_id": "64d4d01f1884841581a7768e",
    "threeDS": {
        "authURL": "",

Step 2: Create the Reservation

Pass the GuestyPay token you've generated as the ccToken in the Create inquiry for reservation based on quote or Create instant reservation based on quote requests.

Reuse of Tokens

Using the same payment token for multiple reservations is not supported. It will result in a missing payment method error in the user dashboard (even though it exists), preventing auto payments from being executed as scheduled. Generate a new token for each new inquiry or reservation through the Booking Engine API.


The reservation was created without a payment method

This may be due to either of the following:

  1. The credit card was tokenized in a different payment processor account than the one assigned to the listing. Determine the correct account using the Get payment provider by listing and Get provider stats.
  2. The payment processor or credit card issuer reported an issue. Check your payment processor extranet for error messages and see our Help Center troubleshooting articles.
How can I be sure the payment method succeeded?

The reservation object payload will show the payment object, nested under the money.payments section.


When the data of your response contains the messages: "Request contradicts clearing interface configuration" and"Bad Bin or Host Disconnect", it means there is an issue with your GuestyPay account and it could be offline. To remedy this, contact Customer Experience.