# Create a delegated payment token Tokenizes a credential for controlled usage by the merchant's PSP per the Allowance constraints. Exactly one credential type is currently supported: card. Endpoint: POST /sessions/agentic_commerce/delegate_payment Version: 2025-09-29 Security: bearerAuth ## Header parameters: - `Authorization` (string, required) Example: "Bearer api_key_123" - `Content-Type` (string, required) Example: "application/json" - `Accept-Language` (string) Example: "en-us" - `User-Agent` (string) Example: "ChatGPT/2.0" - `Idempotency-Key` (string) Example: "idem_abc123" - `Request-Id` (string) Example: "req_123" - `Signature` (string) Example: "ZXltZX..." - `Timestamp` (string) Example: "2025-09-29T10:30:00Z" - `API-Version` (string, required) Example: "2025-09-29" ## Request fields (application/json): - `payment_method` (object, required) - `payment_method.type` (string, required) Enum: "card" - `payment_method.card_number_type` (string, required) Enum: "fpan", "network_token" - `payment_method.number` (string, required) network token or fallback fpan value - `payment_method.exp_month` (string) - `payment_method.exp_year` (string) - `payment_method.name` (string) - `payment_method.cvc` (string) - `payment_method.cryptogram` (string) - `payment_method.eci_value` (string) - `payment_method.checks_performed` (array) Enum: "avs", "cvv", "ani", "auth0" - `payment_method.iin` (string) - `payment_method.display_card_funding_type` (string, required) Enum: "credit", "debit", "prepaid" - `payment_method.display_wallet_type` (string) - `payment_method.display_brand` (string) - `payment_method.display_last4` (string) - `payment_method.metadata` (object, required) - `allowance` (object, required) - `allowance.reason` (string, required) Enum: "one_time" - `allowance.max_amount` (integer, required) Minor units (e.g., $20 → 2000) - `allowance.currency` (string, required) ISO-4217 lowercase (e.g., usd) - `allowance.checkout_session_id` (string, required) - `allowance.merchant_id` (string, required) - `allowance.expires_at` (string, required) - `billing_address` (object) - `billing_address.name` (string, required) - `billing_address.line_one` (string, required) - `billing_address.line_two` (string) - `billing_address.city` (string, required) - `billing_address.state` (string, required) - `billing_address.country` (string, required) ISO-3166-1 alpha-2 - `billing_address.postal_code` (string, required) - `risk_signals` (array, required) - `risk_signals.type` (string, required) Enum: "card_testing" - `risk_signals.score` (integer, required) - `risk_signals.action` (string, required) Enum: "blocked", "manual_review", "authorized" - `metadata` (object, required) ## Response 201 fields (application/json): - `id` (string, required) Unique vault token identifier (vt_...) - `created` (string, required) - `metadata` (object, required) ## Response 400 fields (application/json): - `type` (string, required) Enum: "invalid_request", "rate_limit_exceeded", "processing_error", "service_unavailable" - `code` (string, required) Enum: "invalid_card", "duplicate_request", "idempotency_conflict" - `message` (string, required) - `param` (string) JSONPath of offending field ## Response 401 fields (application/json): - `type` (string, required) Enum: "invalid_request", "rate_limit_exceeded", "processing_error", "service_unavailable" - `code` (string, required) Enum: "invalid_card", "duplicate_request", "idempotency_conflict" - `message` (string, required) - `param` (string) JSONPath of offending field ## Response 409 fields (application/json): - `type` (string, required) Enum: "invalid_request", "rate_limit_exceeded", "processing_error", "service_unavailable" - `code` (string, required) Enum: "invalid_card", "duplicate_request", "idempotency_conflict" - `message` (string, required) - `param` (string) JSONPath of offending field ## Response 422 fields (application/json): - `type` (string, required) Enum: "invalid_request", "rate_limit_exceeded", "processing_error", "service_unavailable" - `code` (string, required) Enum: "invalid_card", "duplicate_request", "idempotency_conflict" - `message` (string, required) - `param` (string) JSONPath of offending field ## Response 429 fields (application/json): - `type` (string, required) Enum: "invalid_request", "rate_limit_exceeded", "processing_error", "service_unavailable" - `code` (string, required) Enum: "invalid_card", "duplicate_request", "idempotency_conflict" - `message` (string, required) - `param` (string) JSONPath of offending field ## Response 500 fields (application/json): - `type` (string, required) Enum: "invalid_request", "rate_limit_exceeded", "processing_error", "service_unavailable" - `code` (string, required) Enum: "invalid_card", "duplicate_request", "idempotency_conflict" - `message` (string, required) - `param` (string) JSONPath of offending field ## Response 503 fields (application/json): - `type` (string, required) Enum: "invalid_request", "rate_limit_exceeded", "processing_error", "service_unavailable" - `code` (string, required) Enum: "invalid_card", "duplicate_request", "idempotency_conflict" - `message` (string, required) - `param` (string) JSONPath of offending field