Billing Account API - Create Payment Method #

1. API Overview #

Target Coverage #

PG	Payment Method
Worldpay	Card
Omise	Card Direct_Debit

Purpose #

This API creates a payment method for reuse. It is designed to securely store tokenized payment method information provided by the user without exposing sensitive data directly. This API aims to provide a convenient and secure payment experience by utilizing saved payment methods in subsequent payment requests.

For detailed Worldpay guidance, refer to: Worldpay Detailed Guide
For detailed Omise guidance, refer to: Omise Detailed Guide
For detailed Checkout.com guidance, refer to: Checkout.com Detailed Guide

Details #

Item	Value
API Name	Create Payment Method
API Path	/api/v2/payment-methods
API ID	EBP_API_120
HTTP Method	POST
Region	Global

[!INFO] Billing Account Creation
A billing account is automatically created in the system based on the combination of Store ID (X-Store-Id) and User Number (userNo) when a user registers a token or requests a payment for the first time, without any separate sign-up process.

2. Request Specification #

2.1 Request Header #

For detailed header information, please refer to the Common Headers documentation.

2.2 Request Data Schema #

depth	Field	Details & Description
0	userNo	`string≤ 500` 🔴 Required Unique number identifying the user
0	email	`string≤ 128` 🔴 Required User's email address
0	paymentMethod	`string` 🔴 Required Type of payment method to register e.g., CARD, DIRECT_DEBIT
0	successUrl	`string≤ 500` 🔴 Required URL to redirect after successful registration
0	failureUrl	`string≤ 500` 🔴 Required URL to redirect if registration fails
0	billingAddress	`object` ⚪ Optional Billing address information (mandatory for tax invoice issuance)
1	billingEmail	`string≤ 128` ⚪ Optional Billing contact email address
1	billingLastName	`string≤ 100` 🟡 Conditional Billing contact last name (local language)
1	billingFirstName	`string≤ 100` 🟡 Conditional Billing contact first name (local language)
1	billingCountry	`string≤ 3` 🟡 Conditional ISO 3166-1 alpha-3 country code
1	billingStreet	`string≤ 100` 🟡 Conditional Billing street address
1	billingAddressLine1	`string≤ 100` 🟡 Conditional Billing address line 1
1	billingAddressLine2	`string≤ 100` ⚪ Optional Billing address line 2
1	billingCity	`string≤ 100` 🟡 Conditional Billing city
1	billingPostalCode	`string≤ 100` 🟡 Conditional Billing postal code
1	billingState	`string≤ 100` 🟡 Conditional Billing state/province
0	account	`object` ⚪ Optional Account owner information
1	accountLastName	`string≤ 100` ⚪ Optional User's last name (local language)
1	accountFirstName	`string≤ 100` ⚪ Optional User's first name (local language)
0	directDebitType	`string` 🟡 Conditional Mandatory when using DIRECT_DEBIT. Refer to [Direct Debit Information (#direct-debit-info) below.]

Direct Debit Information (directDebitType)

When using Thailand direct debit (DIRECT_DEBIT), please check the supported bank codes below.

direct_debit_bay (Krungsri Bank)

direct_debit_kbank (Kasikorn Bank)

direct_debit_ktb (Krungthai Bank)

direct_debit_scb (Siam Commercial Bank)

2.3 Request Examples #

JSON Example #

CARD

DIRECT_DEBIT

{
  "userNo": "AU1234567890",
  "userId": "gildong.hong@example.com",
  "email": "gildong.hong@example.com",
  "paymentMethod": "CARD",
  "successUrl": "https://devkic-pgui.nebp.lge.com/pgui/v2/hpp/worldpay/success",
  "failureUrl": "https://devkic-pgui.nebp.lge.com/pgui/v2/hpp/worldpay/failure"
}

{
  "userNo": "TH1234567890",
  "userId": "gildong.hong@example.com",
  "email": "gildong.hong@example.com",
  "paymentMethod": "DIRECT_DEBIT",
  "successUrl": "https://devkic-pgui.nebp.lge.com/pgui/v2/hpp/omise/success",
  "failureUrl": "https://devkic-pgui.nebp.lge.com/pgui/v2/hpp/omise/failure",
  "directDebitType": "direct_debit_bay"
}

3. Response Specification #

3.1 Response Data Schema #

Response Data Schema #

depth	Field	Details & Description
-1	resultCode	`string` 🔴 Required Result code e.g., "0" for success, "EBP-A-0001" for error
-1	message	`string` 🔴 Required Result message
-1	requestId	`string` 🔴 Required Unique request identifier for tracking
-1	timestamp	`string` 🔴 Required Response timestamp in ISO 8601 format e.g., 2025-12-19T14:24:00+09:00
-1	data	`object` 🔴 Required Response data (Business results)
0	paymentMethodId	`string` 🔴 Required Registered payment method ID
0	orderNo	`string` 🔴 Required Order number
0	status	`string` 🔴 Required Payment method status e.g., ACTION_REQUIRED
0	paymentUrl	`string` ⚪ Optional The EBP standard URL to redirect the user to if additional authentication (e.g., HPP) is required. Mandatory if `requiresClientAction` is `true`.
0	paymentHeaderContext	`string` ⚪ Optional Encrypted payment header context issued by EBP. Must be passed as the x-ebp-context header value when calling the 'Complete Payment Method Registration API'.
0	pgResponse	`object` ⚪ Optional Original PG response object (required for direct action)
1	resultCode	`string` ⚪ Optional PG response result code
1	data	`object` ⚪ Optional Detailed PG response data. Varies by PG.
0	successUrl	`string≤ 500` ⚪ Optional URL to redirect to after successful payment method registration
0	failureUrl	`string≤ 500` ⚪ Optional URL to redirect to after failed payment method registration
-1	instructions	`object` 🔴 Required Instructions for follow-up processing (Process control)
0	nextStep	`string` 🔴 Required Next step instruction e.g., CLIENT_ACTION, REDIRECT
0	completionMethod	`string` 🔴 Required Final registration completion method for the entire process e.g., WEBHOOK, API
0	requiresClientAction	`boolean` 🔴 Required Whether additional client action (HPP redirection, tokenization, etc.) is required
0	clientAction	`object` ⚪ Optional Information object for additional client actions. Mandatory if `requiresClientAction` is `true`.
1	type	`string` ⚪ Optional Client action type e.g., TOKENIZE_CARD, CREATE_SOURCE
1	pgProvider	`string` ⚪ Optional The PG provider handling the action
0	requiresFollowUpApi	`boolean` 🔴 Required Whether a follow-up API (Finalization API) call is mandatory
0	followUpApi	`object` ⚪ Optional Information for the follow-up API to be called after the client action. Mandatory if `requiresFollowUpApi` is `true`.
1	method	`string` ⚪ Optional HTTP method of the follow-up API e.g., POST
1	url	`string` ⚪ Optional Call path of the follow-up API
1	description	`string` ⚪ Optional Additional description of the follow-up API

3.2 Response Samples #

Case 1: Worldpay Card Registration (Redirect + Webhook Completion) #

This case involves receiving card information through the PG's hosted payment page (HPP). Once the user enters the information, the PG sends a webhook to EBP to finalize the registration.

Next Step: REDIRECT (Move to PG HPP)
Completion: WEBHOOK (Asynchronous completion via webhook after user authentication)

{
  "resultCode": "0",
  "message": "SUCCESS",
  "requestId": "06EFX0CRR7ME0KCSSTFEEDRDVG",
  "timestamp": "2026-01-27T04:39:47.222Z",
  "data": {
    "paymentMethodId": "3e104ef7b98f4123948a8c248d0da4c5",
    "orderNo": "ORD_7202603277730794",
    "status": "ACTION_REQUIRED",
    "paymentUrl": "https://devkic-pgui.nebp.lge.com/pgui/v2/hpp/worldpay/wrapping",
    "paymentHeaderContext": "eyJhY3Rpb24iOiJSRURJUkVDVF9UT19IUFAiLCJwcm92aWRlciI6IldPUkxEUEFZIiwiY29udGV4dCI6I...",
    "pgResponse": {
      "resultCode": "PASS",
      "data": {
        "pgRefId": "3579052412",
        "returnUrl": "https://payments-test.worldpay.com/app/hpp/...",
        "referenceUrl": "https://payments-test.worldpay.com/app/hpp/..."
      }
    },
    "successUrl": "http://<yourhost>/v2/ebp/test/token/success",
    "failureUrl": "http://<yourhost>/v2/ebp/test/token/fail"
  },
  "instructions": {
    "nextStep": "REDIRECT",
    "completionMethod": "WEBHOOK",
    "requiresClientAction": true,
    "clientAction": {
      "type": "REDIRECT_TO_HPP",
      "pgProvider": "WORLDPAY"
    },
    "requiresFollowUpApi": false
  }
}

Case 2: Omise Card Registration (Client Action + API Completion) #

This case involves the client directly tokenizing card information using the Omise JS SDK. The obtained token is then passed to EBP's registration completion API to finalize the registration.

Next Step: CLIENT_ACTION (Requires calling the JS SDK and obtaining a token)
Completion: API (Registration is finalized by the API call)

{
  "resultCode": "0",
  "message": "SUCCESS",
  "requestId": "06EFWD32XT8HCBDCYR9RK7R0PC",
  "timestamp": "2026-01-27T04:39:50.123Z",
  "data": {
    "paymentMethodId": "3a9437e612ac4ccb9beaa6585e899321",
    "orderNo": "ORD_7202603277730795",
    "status": "ACTION_REQUIRED",
    "paymentUrl": "https://devkic-pgui.nebp.lge.com/pgui/v2/hpp/omise/card/wrapping",
    "paymentHeaderContext": "eyJhY3Rpb24iOiJUT0tFTklaRV9DQVJEIiwicHJvdmlkZXIiOiJPTUlTRSIsImNvbnRleHQiOiI...",
    "pgResponse": {
      "resultCode": "SUCCESS",
      "data": {
        "publicKey": "pkey_test_46lmsec8z06uh..."
      }
    }
  },
  "instructions": {
    "nextStep": "CLIENT_ACTION",
    "completionMethod": "API",
    "requiresClientAction": true,
    "clientAction": {
      "type": "TOKENIZE_CARD",
      "pgProvider": "OMISE"
    },
    "requiresFollowUpApi": true,
    "followUpApi": {
      "method": "POST",
      "url": "/api/v2/payment-methods/3a9437e612ac4ccb9beaa6585e899321/complete",
      "description": "After card tokenization, this API must be called to finalize the registration."
    }
  }
}

Case 3: Omise Direct Debit Registration (Client Action + Authentication Required) #

In this case, the client uses the Omise JS SDK to create a source (SourceId). The user proceeds to bank authentication through the paymentUrl provided in the response. Final registration is handled via a webhook after successful authentication.

Step 1 (Current API): CLIENT_ACTION (Obtain SourceId via JS SDK)
Step 2 (Authentication): Redirect user to the bank's authentication page via paymentUrl
Final Completion: WEBHOOK (Asynchronously activated via webhook after authentication)

{
  "resultCode": "0",
  "message": "SUCCESS",
  "requestId": "06EP2JWT2DHQEQGBC3W3RRK72W",
  "timestamp": "2026-04-06T05:37:22.536Z",
  "data": {
    "paymentMethodId": "1fc83f065287471987ee754ef01e7d40",
    "orderNo": "ORD_7202603277730796",
    "status": "ACTION_REQUIRED",
    "paymentUrl": "https://devkic-pgui.nebp.lge.com/pgui/v2/hpp/omise/direct-debit/wrapping",
    "paymentHeaderContext": "eyJhY3Rpb24iOiJDUkVBVEVfU09VUkNFIiwicHJvdmlkZXIiOiJPTUlTRSIsImNvbnRleHQiOiI...",
    "successUrl": "https://devkic-pgui.nebp.lge.com/pgui/v2/hpp/omise/success",
    "failureUrl": "https://devkic-pgui.nebp.lge.com/pgui/v2/hpp/omise/failure",
    "pgResponse": {
      "resultCode": "OK",
      "pgProvider": "OMISE",
      "data": {
        "type": "OMISE_DIRECT_DEBIT",
        "linkedAccountId": "lnac_test_679grm7z8axarr41r6m",
        "registrationUri": "https://pay.omise.co/registrations/linked_accounts/lnac_test_679grm7z8axarr41r6m/authorize"
      }
    }
  },
  "instructions": {
    "nextStep": "CLIENT_ACTION",
    "completionMethod": "WEBHOOK",
    "requiresClientAction": true,
    "clientAction": {
      "type": "CREATE_SOURCE",
      "pgProvider": "OMISE"
    },
    "requiresFollowUpApi": false
  }
}