Stored Credentials

Stored credentials let you save a customer's card and charge it again later - for subscriptions, recurring billing, or any saved card payment where the customer isn't there to re-enter their details. Card data is captured and held by Super on a PCI-compliant basis, so you only ever handle a token reference (pm_), never raw card numbers.

📘

Tokens and payment methods are the same thing

Throughout these docs, "token" and "payment method" refer to the same concept: a stored card reference (pm_) you can charge without the customer present.

How It Works

Stored credentials are built from two linked resources - a customer and a payment method - created in that order:

1. Create a customer. A customer is the central record (cus_) that everything else hangs off. Create one before storing any card against them.
2. Create a payment method. Create a payment method (pm_) against the customer. It starts in REQUIRES_ACTION until card details are attached.
3. Attach the card. How the payment method reaches ENABLED depends on where the card comes from:
   • New customer - use a Setup Intent with the <super-card> component to collect the card. Super handles PCI capture and 3DS, then moves the payment method to ENABLED.
   • Migrating from another provider - Super backfills the card automatically after the token import. See Migrate to Super.
4. Charge the saved card. Once ENABLED, use the payment method id to take off-session payments.

Key Objects

Explore Stored Credentials

Work through the resources in order, or jump to migration if you're bringing cards across from another provider.

Using Saved Cards

Once a payment method is ENABLED, take payments with it from the Saved Card Payments flows: