Skip to main content

Recurring Payments & Auto-Debit

Auto-debit is a financial arrangement where a customer authorizes a merchant to automatically deduct money from their saved card. This covers subscriptions, installments, recurring billing, and event-based charges โ€” all processed without the customer needing to be present after the initial setup.

Boost Your Integration

Ottu offers SDKs and tools to speed up your integration. See Getting Started for all available options.

When to Useโ€‹

  • Subscriptions โ€” monthly or annual recurring charges for SaaS, memberships, or content
  • Installment payments โ€” split a single purchase into multiple scheduled charges
  • On-demand billing โ€” charge customers when events occur (e.g., account top-ups, usage-based billing)
  • Recurring invoices โ€” automatically collect payment on invoice due dates

Setupโ€‹

Before implementing auto-debit, ensure you have:

Guideโ€‹

Key Conceptsโ€‹

Auto-debit payments involve two types of transactions:

  • CIT (Cardholder Initiated Transaction) โ€” The first payment where the customer is present, enters their card details, and authorizes future charges. This establishes the agreement and saves the card token.
  • MIT (Merchant Initiated Transaction) โ€” Subsequent automatic charges triggered by the merchant using the saved token. The customer is not present during these transactions.

Agreementโ€‹

An agreement is a commercial contract between you and your customer that authorizes you to store and use their payment details for subsequent transactions. Each agreement has:

  • A unique id that you define
  • A type (recurring, unscheduled, or installment)
  • Scheduling parameters (frequency, cycle_interval_days, total_cycles, expiry_date)
  • Amount rules (amount_variability: fixed or variable)
warning

Only one card can be linked to an agreement at any time. To change the card, a new CIT (customer-present) transaction is required.

Agreement Typesโ€‹

TypeUse CaseRequired Fields
RecurringSubscriptions, regular billingid, frequency, amount_variability, expiry_date, cycle_interval_days, total_cycles
UnscheduledOn-demand charges (e.g., account top-ups)id, frequency
InstallmentSplit payments for a single purchaseid, frequency, amount_variability, expiry_date, cycle_interval_days, total_cycles, seller

Workflowโ€‹

Recurring Payments: CIT setup and MIT auto-debit In the cardholder-initiated setup (CIT), the merchant backend creates a session via the Checkout API and redirects the customer to the checkout page (Ottu-hosted or a self-hosted SDK embed), where the customer enters and saves their card and pays. The payment is submitted to Ottu, which processes it and then sends the merchant backend an asynchronous webhook notification carrying the saved-card token. For each merchant-initiated charge (MIT), the merchant creates a session via the Checkout API and calls the Native Payments API with the saved token; the payment result is returned directly in the API response โ€” there is no webhook for MIT charges. CIT ยท CUSTOMER PRESENT MIT ยท NO CUSTOMER OTTU PLATFORM Checkout Page Ottu or self-hosted Customer Merchant Backend Your server Checkout API Creates CIT & MIT sessions Ottu Processes payment ยท webhooks Native Payments API Charge saved token create session redirect to checkout enters card ยท pays submit payment Ottu webhook ยท token (async) session_id (MIT) charge saved token ยท MIT payment result (direct)
  1. CIT โ€” Merchant creates a session with payment_type: auto_debit and an agreement object.
  2. Payment โ€” Customer enters their card via the Checkout SDK or hosted page and completes 3DS authentication.
  3. Webhook โ€” Ottu delivers the token. Save token.token and token.pg_code for future charges.
  4. MIT โ€” Merchant charges the token by creating a new session, then calling the Native Payments API (or using One-Step Checkout).
  5. Result โ€” The Native Payments API (or One-Step Checkout) returns the payment result directly in the API response โ€” there is no webhook for MIT charges. No customer interaction needed.

Live Demoโ€‹

Experience the complete recurring payment lifecycle. Save a test card, watch the webhook deliver the token in real time, then charge the card automatically โ€” choose between Two-Step or One-Step checkout.

Test Card
Use card number 5123 4500 0000 0008 with expiry 01/39 and CVV 100.

Try Recurring Payments

Experience the full CIT/MIT flow: save a card with a test payment, then charge it automatically โ€” all in sandbox mode.

Step-by-Stepโ€‹

First Payment (CIT)โ€‹

Step 1 of 4
Step 1 of 4

Discover Payment Methods

Before creating a session, call the Payment Methods API with auto_debit: true to discover which gateways support tokenization and auto-debit.

POST /b/pbl/v2/payment-methods/

{
"plugin": "payment_request",
"operation": "purchase",
"currencies": ["KWD"],
"auto_debit": true
}
Use the returned pg_codes in the next step.

Subsequent Payments (MIT)โ€‹

Once you have the token, you can charge the customer automatically using either of the following approaches.

Two-Step (Checkout API + Native Payments API):

  1. Create a new session via the Checkout API with the same pg_code, agreement.id, and customer_id
  2. Call the Native Payments API with the session_id and token:
POST /b/pbl/v2/auto-debit/ โ€” Charge Saved Card
{
  "session_id": "19aa7cd3cfc43d9d7641f6c433767b25cbcd6c18",
  "token": "9923965822244314"
}
info

Use the same pg_code, agreement.id, and customer_id as the first payment. The amount may vary if the agreement's amount_variability is set to "variable".

One-Step (Checkout API with payment_instrument):

Combine session creation and payment in a single call using payment_instrument. To see this in action, try the Live Demo above.

POST /b/checkout/v1/pymt-txn/ โ€” One-Step Checkout
{
  "type": "e_commerce",
  "amount": "19.000",
  "payment_type": "auto_debit",
  "currency_code": "KWD",
  "pg_codes": ["credit-card"],
  "customer_id": "cust_123",
  "webhook_url": "https://yourwebsite.com/webhook",
  "agreement": { "id": "A123456789", "type": "recurring" },
  "payment_instrument": {
    "instrument_type": "token",
    "payload": { "token": "9923965822244314" }
  }
}

Use Casesโ€‹

Updating Card Informationโ€‹

Card changes for auto-debit always require a CIT (the customer must be present):

Customer-Initiated Update:

  1. Customer visits your card management section
  2. Your backend creates a new Checkout session with the same agreement.id
  3. Present the Checkout SDK or redirect to checkout_url
  4. Customer selects or enters a new card
  5. After successful payment, the new card is associated with the agreement
  6. You receive the updated token via webhook

Merchant-Requested Update:

When a card is about to expire or a payment fails, notify the customer via email/SMS with a direct link to a checkout page where they can enter a new card.

tip

Set up notifications for upcoming card expirations to avoid disruptions. Prompt customers to update their card details before expiry.

Error Handlingโ€‹

When an MIT payment fails:

  1. Notify the customer โ€” send an email/SMS explaining the failure reason
  2. Provide a payment link โ€” include a checkout_url so the customer can pay manually
  3. Retry after 24 hours โ€” create a new session with appropriate grace period parameters
  4. Allow card update โ€” the customer may need to update their saved card

Common failure reasons:

  • Insufficient funds โ€” retry after a delay
  • Expired card โ€” request card update from customer
  • Gateway decline โ€” check with payment gateway for details
  • Token invalidated โ€” requires new CIT to re-establish

Pre-Charge Notificationsโ€‹

For recurring billing, notify customers before each charge:

  • 1 week before โ€” upcoming charge notification
  • 1 day before โ€” final reminder with option to modify
  • Include a link to update card or cancel subscription

API Referenceโ€‹

Native Payment API(Auto Debit)โ€‹

Native Payment API(Auto Debit)

POST 
/b/pbl/v2/auto-debit/

This endpoint will take a session id and check for it's related payment if it's possible to be auto charged or not.
if possible it will charge the payment and return the operation response.
๐Ÿ“ NOTE Optional fields may not be represented in response body.

Permissionsโ€‹

Auth MethodRequired Permissions
API KeyAll permissions (admin access)
Basic AuthCan add payment requests or Can add e-commerce payments

Idempotency. Pass an Idempotency-Key request header to make this charge safe to retry. If the same key was already recorded on the transaction by a previous successful charge, the request is rejected with 409 Conflict before any charge is attempted โ€” so a network retry can never double-charge the customer. The key is stored only after a successful charge, so retrying a failed charge with the same key is still allowed. Omitting the header preserves the original, non-idempotent behavior. See Native Payments โ†’ Idempotency for the full contract.

curl --location 'https://sandbox.ottu.net/b/pbl/v2/auto-debit/' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: Api-Key YOUR_API_KEY' \
--data '{
  "session_id": "string",
  "token": "string"
}'

Requestโ€‹

Responsesโ€‹

Last updated on

Best Practicesโ€‹

  • Track schedules โ€” maintain a scheduling system for recurring payment dates
  • Keep records โ€” store detailed transaction records for reconciliation and dispute handling
  • Communicate โ€” send clear pre-charge and post-charge notifications to customers
  • Include links โ€” always provide direct checkout links in notifications for easy card updates
  • Handle failures gracefully โ€” implement retry logic with increasing intervals
  • Monitor token health โ€” track card expirations and proactively request updates

FAQโ€‹

What's Next?โ€‹

  • Operations โ€” Refund, capture, or void auto-debit transactions
  • Webhooks โ€” Handle payment notifications for recurring charges
  • User Cards โ€” Manage saved cards and retrieve tokens
  • One-Step Checkout โ€” Combine session creation and payment in a single call
Last updated on