Swiped Card
Submit magstripe data to Priority's Checkout API — when to use Swipe, fallback behavior, request shape, magstripe format notes, and best practices.
Swiped card payments capture data from the magstripe on the back of a card. The reader returns the magstripe data as a string, which your application submits to Priority's Checkout API for authorization. Swipe is the oldest in-person entry method and the least secure of the encrypted-capture options — it uses static track data with no dynamic cryptogram, and is most commonly used as a fallback when EMV chip read fails or when a card has no chip.
Who this is for — ISVs whose deployment captures magstripe data from a supported reader — standalone or integrated with a virtual terminal — and submits it to Priority for authorization.
What Defines a Swipe Transaction
| Condition | Required |
|---|---|
| Card swiped through a magstripe reader | Customer presents a magstripe-equipped card. |
| Magstripe-capable reader — standalone, or integrated with a virtual terminal | Reader returns the encoded magstripe string. |
Magstripe data submitted via cardAccount.magstripe | Posted to the /payment endpoint. |
Unlike EMV and NFC, magstripe data is static — the same data is on the card every time. The card network has no dynamic cryptogram to validate against, which is why swipe carries higher fraud risk and higher interchange than EMV or NFC.
When to Use Swipe
| Choose Swipe when... | Notes |
|---|---|
| The card has no chip | Common with older cards and some gift / prepaid cards. |
| The merchant has a magstripe-only reader | Some virtual terminal setups use swipe-only readers. |
| EMV chip read fails and the terminal falls back to swipe | Most certified EMV terminals automatically prompt for swipe on chip failure. |
| The merchant needs card-present pricing without EMV capability | Swipe still qualifies as card-present (lower fees than keyed) — but higher than EMV/NFC. |
If both swipe and EMV are available, always prefer EMV — see EMV Chip.
Required Equipment
| Requirement | Where to source |
|---|---|
| Supported magstripe reader or terminal (standalone or integrated with a virtual terminal) | Priority hardware fulfillment — see Supported Terminal Devices |
PCE-enabled merchant account with access to the Checkout API /payment endpoint | Priority Account Management |
How to Submit a Swiped Payment
Endpoint
POST /payment (Checkout API)
Authentication
Basic auth — Base64-encoded username:password in the Authorization header.
Authorization: Basic {base64(username:password)}
Content-Type: application/jsonRequest body
{
"merchantId": "4xxx0",
"tenderType": "Card",
"amount": "0.01",
"cardAccount": {
"magstripe": "%B40xxxxxxxx02060^YOU/A GIFT FOR^23xxxxx00000000000?;4077140007002060=230xxxxxx000000000000000?|0600|CBD4049DD42DA0Axxxxxxxx6A3B293572F568CEFBB7554E09D11D25499DB9xxxxxxxxxxxxxAD74742C569BFDB|F7E12F8E98E49574E3Axxxxxxxxxxxxxxxxx|..."
}
}Field reference
| Field | Required | Description |
|---|---|---|
merchantId | ✓ | Your merchant identifier (MID). |
tenderType | ✓ | Always "Card" for card transactions. |
amount | ✓ | Transaction amount as a string. |
cardAccount.magstripe | ✓ | Full magstripe string from the reader. Do not modify or truncate — submit exactly as returned by the reader. |
Optional: return the full response with echo=true
echo=trueTo receive the complete payment object in the response (instead of issuing a follow-up GET), append echo=true as a URL parameter:
POST /payment?echo=true
Successful response
HTTP 201 Created with the payment object's status set to Approved when the transaction is authorized.
Magstripe Format
The magstripe string returned by a reader is typically composed of:
- Track data — Track 1 and/or Track 2 information from the magstripe
- An encryption block — if the reader uses a secure swipe technology (P2PE) injected with the PPS private key
- Key serial numbers and reader metadata
Different readers may produce slightly different formats. Always submit the string exactly as returned by the reader — Priority's gateway parses the format automatically.
[verify — confirm magstripe string format consistency across all PPS-injected readers used with Priority]
EMV Fallback Behavior
If a chip read fails (damaged chip, read error, terminal issue), most EMV-capable terminals automatically prompt the customer to swipe instead. The resulting transaction is submitted as a standard swipe — there is no special "fallback" field or flag on the API request.
Chargeback liability still rests with the merchant for swiped fallback transactions, even on a card that has a working chip. The EMV liability shift only applies to successful chip reads — not to swipes that happen because the chip failed.
Where Magstripe Data Comes From — by Integration Path
| Integration path | How your application gets the magstripe data |
|---|---|
| Vendor-Direct: PAX | PAX VTX-HC application returns the magstripe string via PAX's SDK. |
| Vendor-Direct: Clover | Clover device application returns the magstripe string via Clover's SDK. |
| Other certified magstripe readers | Read via the manufacturer's SDK and forward the string. |
| Priority Terminal API | You don't submit magstripe data yourself — the Terminal API workflow handles capture and submission. Retrieve the final payment record via the Checkout API. |
Trade-Offs vs Other Entry Methods
| Aspect | EMV | NFC | Swipe | Keyed |
|---|---|---|---|---|
| Security | Highest | Highest (same crypto as EMV) | Lower (static data) | Lowest |
| Liability shift available | Yes | Yes | No | No |
| Interchange rate | Lower | Lower | Higher | Highest |
| Customer experience | Slightly slower (chip read) | Fastest (tap) | Fast | Slowest |
| Hardware required | EMV reader | NFC reader | Magstripe reader | None |
| Mobile wallet support | No | Yes | No | No |
Sandbox Testing
| Behavior | Detail |
|---|---|
| Default outcome | All valid-format card numbers approve in Sandbox. |
| Testing declines, AVS, or CVV failures | Use the documented test cards and scenarios — see Card Test Data. |
| Live magstripe data in Sandbox | Magstripe data from a real card will not be charged in Sandbox — the environment simulates the gateway. |
| Hardware requirement | A real magstripe reader is required even in Sandbox if you're testing the full data shape end-to-end. |
Best Practices
| Practice | Why it matters |
|---|---|
| Always prefer EMV when both are available | Stronger security, lower fraud risk, lower interchange, and liability shift. |
| Submit the magstripe string exactly as returned by the reader | Modifying or truncating breaks parsing and authorization. |
| Flag fallback transactions for the merchant | A swipe after a chip failure carries higher chargeback exposure — surface this to the merchant or operator if relevant to their workflow. |
| Verify reader injection with the PPS private key before going live | An un-injected secure-swipe reader may return data that fails decryption. |
Use echo=true when you need the full payment object immediately | Saves a follow-up GET request. |
Where to Go Next
Back to the entry-method hub — compare Swipe against EMV, NFC, and Keyed.
The preferred entry method — chip-card reads with dynamic cryptograms.
How to set up the PAX or Clover side that captures the magstripe data.