# Use Multiple Payment Sources source: https://developer.mastercard.com/mastercard-gateway/documentation/tutorials-and-guides/multiple-payment-sources/index.md ## Overview {#overview} When performing Mastercard Payment Gateway API calls (for example, [**Pay**](https://network.gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/latest/operation/Transaction%3a%20%20Pay.html?locale=en_US), [**Authorize**](https://network.gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/latest/operation/Transaction%3a%20%20Authorize.html?locale=en_US), [**Refund**](https://network.gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/100/operation/Transaction%3a%20%20Refund.html?locale=en_US), [**Capture**](https://network.gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/100/operation/Transaction%3a%20%20Capture.html?locale=en_US), [**Initiate Authentication**](https://network.gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/100/operation/Authentication%3a%20%20Initiate%20Authentication.html?locale=en_US), [**Authenticate Payer**](https://network.gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/100/operation/Authentication%3a%20%20Authenticate%20Payer.html?locale=en_US)), card details must be provided. These payment details can be specified using multiple **sources**. #### Supported Sources {#supported-sources} * **Request Fields**: Payment details specified directly in the API request (e.g., card number, expiry, CSC). * **Session**: Payment details stored against a Payment Session. * **Card Token**: Payment details stored securely against a token (if using Tokenization). ## Precedence Rules {#precedence-rules} If a card detail (e.g., card number) is provided more than once in a single request because it exists in multiple sources, **precedence rules** determine which source is used: 1. API Request Fields 2. Session Identifier 3. Card Token **Example:** If you include both a session identifier (with card number, expiry, CSC) and a token (with card number and expiry) in a Pay request, the card details from the **session identifier** will be used. ## Example: Perform Transaction with Token and Session {#example-perform-transaction-with-token-and-session} You want to submit a **Pay** operation using: * Card number and expiry date stored in a **token** * CSC collected in a **session** **Request Example:** ```sh PUT {{host}}/api/rest/version/100/merchant//order//transaction/ ``` **JSON Body:** ```JSON { "apiOperation": "PAY", "session": { "id": "SESSION000177777777777777777777" }, "sourceOfFunds": { "token": "9999999999999999" }, "order": { "amount": "34.00", "currency": "AUD" } } ``` **Assumptions:** * Session `SESSION000177777777777777777777` contains CSC. * Token `9999999999999999` contains card number and expiry date. ## Example: Update a Token with New Expiry Date {#example-update-a-token-with-new-expiry-date} To update the expiry date on a stored token using [**Tokenization**](https://network.gateway.mastercard.com/api/documentation/apiDocumentation/rest-json/version/latest/operation/Tokenization%3a%20%20Create%20or%20Update%20Token.html?locale=en_US): * Supply the token in the request URL. * Include the same token as a source of payment details to reuse previously stored details. This means you **do not need to recapture the card number**. **Request Example:** ```sh PUT {{host}}/api/rest/version//merchant//token/9999999999999999 ``` **JSON Body:** ```json { "sourceOfFunds": { "provided": { "card": { "expiry": { "month": "05", "year": "27" }, "token": "99999999999999" } }, "type": "CARD" } } ``` **Assumptions:** * The JSON example assumes that the token with ID 9999999999999999 was already saved and contains the card number and its expiry date. * After this operation, the token still has the same card number, but its expiry date is updated to May 2027 (05/27). ## Best Practices {#best-practices} * Validate each payment source before initiating transactions. * Use **unique transaction IDs** for each payment attempt. * Implement error handling for declined or failed transactions.