**Last updated**: 30 October 2025 | [**Change log**](/access/products/checkout/ios/changelog/)

# Create sessions to pay with a card and CVC

Use our iOS SDK to secure your customer's payment details by creating separate sessions for the card details and CVC.

Full Sample Integration
You can see an example of the session generation [here](https://github.com/Worldpay/access-checkout-ios/tree/v2.4.1/AccessCheckoutDemo).

## Reference your UI components

To display your checkout form, you must create your layout first using your storyboard.

Here's an example of how you would reference your UI components using unique identifiers.


```swift
import AccessCheckoutSDK

class ViewController: UIViewController {

    @IBOutlet weak var panTextField: UITextField!
    @IBOutlet weak var expiryDateTextField: UITextField!
    @IBOutlet weak var cvcTextField: UITextField!

    func submitButtonClickHandler() {
        // code to generate your sessions
        ...
    }   
    ...
```

## Card validation

You can optionally validate your customer's card details. You can find instructions [here](/access/products/checkout/ios/v2/card-validator)

## Create a session

### Initialize the AccessCheckoutClientBuilder

You must now initialize the SDK using the `AccessCheckoutClientBuilder`.

To do this, you must provide your `BaseURL`, `merchantId` (checkout ID) and other parameters.

Here's an example of how you would initialize the SDK with the mandatory parameters.


```swift
// The AccessCheckoutClientBuilder throws an error if either the accessBaseUrl() or merchantId() calls are omitted 
let accessCheckoutClient:AccessCheckoutClient? = try? AccessCheckoutClientBuilder().accessBaseUrl(<ACCESS_BASE_URL>)
   .merchantId(<CHECKOUT_ID>)
   .build()
```

| Placeholder | Description |
|  --- | --- |
| `<ACCESS_BASE_URL>` | For testing use: `https://try.access.worldpay-bsh.securedataplatform.com/`For live use: `https://access.worldpay-bsh.securedataplatform.com/` |
| `<CHECKOUT_ID>` | Your unique checkout ID as provided by Worldpay. |


## Retrieve the session

### Submitting your customer's card details

The `CardDetails` contains the customer's data that is submitted to retrieve the `session`s.


```swift
// The CardDetailsBuilder throws an error if the expiry date is provided in a format different from MM/YY or MMYY (which will not happen if you use the components with built-in validation provided by the SDK)
let cardDetails:CardDetails = try! CardDetailsBuilder().pan(panTextField.text!)
    .expiryDate(expiryDateTextField.text!)
    .cvc(cvcTextField.text!)
    .build()
```

### Specifying the sessions

You must specify `[SessionType.card]` and `[SessionType.cvc]` as the type of `session`s to generate.


```swift
try? accessCheckoutClient?.generateSessions(cardDetails: cardDetails, sessionTypes: [SessionType.card, SessionType.cvc]) { result in
    DispatchQueue.main.async {
        switch result {
        case .success(let sessions):
            // The session is returned in a Dictionary[SessionType:String]
            let cardSession = sessions[SessionType.card]
            let cvcSession = sessions[SessionType.cvc]
            ...
        case .failure(let error):
            // The error returned is of type AccessCheckoutError 
            let errorMessage = error.message
            ...
        }
    }
}
```

Note
- The call to `generateSessions` takes a closure that returns a `Result<[SessionType: String], AccessCheckoutError>`
- You must use the pattern of the main thread in the closure when handling the success/ failure would lead to updating the UI


### Full code sample

Here's the full code sample of the steps above.


```swift
import AccessCheckoutSDK

class MyViewController: UIViewController {
    private let accessBaseUrl = "https://try.access.worldpay-bsh.securedataplatform.com"
    private let checkoutId = "your-checkout-id"
    @IBOutlet weak var panTextField: UITextField!
    @IBOutlet weak var expiryDateTextField: UITextField!
    @IBOutlet weak var cvcTextField: UITextField!
    @IBAction func submit(_ sender: Any) {
        let cardDetails = try! CardDetailsBuilder().pan(panTextField.text!)
            .expiryDate(expiryDateTextField.text!)
            .cvc(cvcTextField.text!)
            .build()
        let accessCheckoutClient = try? AccessCheckoutClientBuilder().accessBaseUrl(accessBaseUrl)
            .merchantId(checkoutId)
            .build()
        try? accessCheckoutClient?.generateSessions(cardDetails: cardDetails, sessionTypes: [SessionType.card, SessionType.cvc]) { result in
            DispatchQueue.main.async {
                switch result {
                    case .success(let sessionsDictionary):
                        let cardSession = sessionsDictionary[SessionType.card]
                        let cvcSession = sessionsDictionary[SessionType.cvc]
                        ...
                    case .failure(let error):
                        ...
                }
            }
        }
    }
}
```

Caution
Do **not** validate the structure or length of the session resources. We follow HATEOS standard to allow us the flexibility to extend our APIs with non-breaking changes.

## Create a verified token

Once you've received the CARD `session` you must create a [verified token](/access/products/verified-tokens/v2/create-verified-token#create-a-verified-token-request) and use it alongside your CVC `session` to [take a payment](/access/products/card-payments/v6/authorize-a-payment#authorize-a-payment).

Important
The CARD `session` has a lifespan of **one minute** and you can use it **only once**. If you do not create a token within that time, you must create a new CARD `session` value.

## Take a payment

Use the value of the CVC `session` and the verified token in our card/checkout `paymentInstrument` to take a card on file payment.

Important
The CVC `session` has a lifespan of **15 minutes** and you can use it **only once**. If you do not take a payment within that time, you must create a new CVC `session` value. You can do this with our [CVC only SDK](#create-a-session-for-cvc-only).

This `paymentInstrument` can be used in any of our card on file resources ([payments:cardOnFileAuthorize](/access/products/card-payments/v6/authorise-a-cardonfile-payment), [payments:migrateCardOnFileSale](/access/products/card-payments/v6/migrate-cardonfile-sale) and [payments:migrateCardOnFileAuthorize](/access/products/card-payments/v6/authorize-a-payment#-migratecardonfile-authorization)).

Need to create a session for CVC only? Take a look at our integration example below:

# Create a session for CVC only

Create a Payments cvc `session` by sending your customer's CVC.

Full Sample Integration
You can see an example of the session generation [here](https://github.com/Worldpay/access-checkout-ios/tree/v2.4.1/AccessCheckoutDemo).

## Reference your UI components

To display your checkout form, you must create your layout first using your storyboard.

Here's an example of how you would reference your UI components using unique identifiers.


```swift
import AccessCheckoutSDK

class ViewController: UIViewController {

    @IBOutlet weak var cvcTextField: UITextField!

    func submitButtonClickHandler() {
        // code to generate your session
        ...
    }   
    ...
```

## CVC validation

You can optionally validate your customer's CVC. You can find instructions [here](/access/products/checkout/ios/v2/cvc-validator)

## Create a CVC session

### Initialize the AccessCheckoutClientBuilder

You must now initialize the SDK using the `AccessCheckoutClientBuilder`.

To do this, you must provide your `BaseURL`, `merchantID` (checkout ID) and other parameters.

Here's an example of how you would initialize the SDK with the mandatory parameters.


```swift
// The AccessCheckoutClientBuilder throws an exception if either the accessBaseUrl() or merchantId() calls are omitted 
let accessCheckoutClient:AccessCheckoutClient? = try? AccessCheckoutClientBuilder().accessBaseUrl(<ACCESS_BASE_URL>)
   .merchantId(<CHECKOUT_ID>)
   .build()
```

| Placeholder | Description |
|  --- | --- |
| `<ACCESS_BASE_URL>` | For testing use: `https://try.access.worldpay-bsh.securedataplatform.com/`For live use: `https://access.worldpay-bsh.securedataplatform.com/` |
| `<CHECKOUT_ID>` | Your unique checkout ID as provided by Worldpay. |


## Retrieve the session

### Submitting your customer's card details

The `CardDetails` contains the customer's data that is submitted to retrieve a `session`.


```swift
let cardDetails:CardDetails = try! CardDetailsBuilder().cvc(cvcTextField.text!)
    .build()
```

### Specifying the session

You must specify `[SessionType.cvc]` as the type of `session` to generate.


```swift
try? accessCheckoutClient?.generateSessions(cardDetails: cardDetails, sessionTypes: [SessionType.cvc]) { result in
    DispatchQueue.main.async {
        switch result {
        case .success(let sessions):
            // The session is returned in a Dictionary[SessionType:String]
            let session = sessions[SessionType.cvc]
            ...
        case .failure(let error):
            // The error returned is of type AccessCheckoutError 
            let errorMessage = error.message
            ...
        }
    }
}
```

Recommendation
- The call to `generateSessions` takes a closure that returns a `Result[SessionType: String], AccessCheckoutError>`
- You must use the pattern of the main thread in the closure when handling the success/failure would lead to updating the UI


### Full code sample

Here's the full code sample of the steps above.


```swift
import AccessCheckoutSDK

class MyViewController: UIViewController {
    private let accessBaseUrl = "https://try.access.worldpay-bsh.securedataplatform.com"
    private let checkoutId = "your-checkout-id"
    @IBOutlet weak var cvcTextField: UITextField!
    @IBAction func submit(_ sender: Any) {
        let cardDetails = try! CardDetailsBuilder().cvc(cvcTextField.text!)
            .build()
        let accessCheckoutClient = try? AccessCheckoutClientBuilder().accessBaseUrl(accessBaseUrl)
            .merchantId(checkoutId)
            .build()
        try? accessCheckoutClient?.generateSessions(cardDetails: cardDetails, sessionTypes: [SessionType.card, SessionType.cvc]) { result in
            DispatchQueue.main.async {
                switch result {
                    case .success(let sessionsDictionary):
                        let cardSession = sessionsDictionary[SessionType.card]
                        let cvcSession = sessionsDictionary[SessionType.cvc]
                        ...
                    case .failure(let error):
                        ...
                }
            }
        }
    }
}
```

Caution
Do **not** validate the structure or length of the session resources. We follow HATEOS standard to allow us the flexibility to extend our APIs with non-breaking changes.

## Take a payment

Use the value of the CVC `session` and your stored verified token in our card/checkout `paymentInstrument` to take a card on file payment.

Important
The CVC `session` has a lifespan of **15 minutes** and you can use it **only once**. If you do not take a payment within that time, you must create a new CVC `session` value.

This `paymentInstrument` can be used in any of our card on file resources ([payments:cardonFileAuthorize](/access/products/card-payments/v6/authorise-a-cardonfile-payment), [payments:migrateCardOnFileSale](/access/products/card-payments/v6/migrate-cardonfile-sale) and [payments:migrateCardOnFileAuthorize](/access/products/card-payments/v6/authorise-a-cardonfile-payment#card-on-file-authorization-without-verification)).

**Next steps**

Take a [card on file sale](/access/products/card-payments/v6/migrate-cardonfile-sale)
Take a [card on file authorization](/access/products/card-payments/v6/authorise-a-cardonfile-payment) or 
[Migrate a card on file authorization](/access/products/card-payments/v6/authorise-a-cardonfile-payment#card-on-file-authorization-without-verification)