Update session (e.g. amount changed)

PATCH

/v1/hosted-sessions/{sessionId}

const url = 'https://api.govifi.com/v1/hosted-sessions/example';
const options = {
  method: 'PATCH',
  headers: {
    'X-Payment-Account-Uid': 'example',
    Authorization: 'Bearer <token>',
    'Content-Type': 'application/json'
  },
  body: '{"amount":1,"line_items":[{"description":"example","amount":1,"quantity":1,"metadata":{}}]}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request PATCH \
  --url https://api.govifi.com/v1/hosted-sessions/example \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-Payment-Account-Uid: example' \
  --data '{ "amount": 1, "line_items": [ { "description": "example", "amount": 1, "quantity": 1, "metadata": {} } ] }'

Authorizations

cognitoAdmin

Parameters

Path Parameters

sessionId

required

string

/^cs_[A-Za-z0-9]+$/

Header Parameters

X-Payment-Account-Uid

required

string

Identifies the tenant (payment account) for the server-side, Cognito-admin-authenticated operations (create / update / expire). Same header /api/paymentaccounts uses.

Request Body^required

application/json

object

amount

integer

line_items

Array<object>

object

description

required

string

amount

required

Cents

integer

quantity

integer

default: 1

metadata

object

Responses

200

Updated

application/json

Sanitized config returned to the component (session-credential safe)

object

session_id

string

status

string

Allowed values: active completed expired

scope

Capability scope of the credential reading this session.

string

Allowed values: payment wallet

amount

integer

currency

string

description

string

line_items

Array<object>

object

description

required

string

amount

required

Cents

integer

quantity

integer

default: 1

metadata

object

customer_email

string

layout

string

Allowed values: hosted embedded

allowed_methods

Array<string>

setup_future_usage

string

Allowed values: off on_session off_session

branding

object

logo_url

string format: uri

accent_color

string

/^#[0-9A-Fa-f]{6}$/

merchant_display_name

string

required_avs_fields

Array<string>

saved_methods

Hydrated only when customer_id is set. Sanitized — no full PAN.

Array<object>

object

string

type

string

Allowed values: card ach

brand

Visa | mastercard | amex | discover (cards only)

string

last4

string

exp_month

integer

exp_year

integer

holder_name

string

bank_name

ACH only

string

account_type

string

Allowed values: checking savings

is_default

boolean

expires_at

string format: date-time

merchant_display_name

string

page_message

HTML allowed

string

challenge

Server-decided fraud challenge the payer must satisfy before confirm (RFC rfc-fraud-challenges.md). Null = no challenge required. Browser-safe — site_key is public and delivery_hint is masked; contains no PII.

object

type

string

Allowed values: hcaptcha turnstile sms email

site_key

Public key for hcaptcha/turnstile.

string

delivery_hint

Masked destination for sms/email, e.g. --1234.

string

code_sent

Sms/email: whether a verification code has already been dispatched.

boolean

Example

{
  "status": "active",
  "scope": "payment",
  "line_items": [
    {
      "quantity": 1
    }
  ],
  "layout": "hosted",
  "setup_future_usage": "off",
  "saved_methods": [
    {
      "type": "card",
      "account_type": "checking"
    }
  ],
  "challenge": {
    "type": "hcaptcha"
  }
}

Update session (e.g. amount changed)

Authorizations

Parameters

Path Parameters

Header Parameters

Request Body required

Responses

200

Example

Request Body^required