How to update credit card details in shopify via API or SDK

Shopify Partner
9 0 6
I just want to update the credit card 16 digit number, expiry, and CVV using API!
Looking for an endpoint/API to use for updating credit card details. But I am struggling to find any API from Shopify documentation to do this, I tried to use the customer endpoint/API but there is no field related to card details or the payment method.
i found something called mutation customerPaymentMethodCreditCardUpdate , it required three arguments billingAddress, id (payment_id), and sessionId (it's called cardServer session ID). Now i tried to find the sessionId from order and payment_method but i am unable to find it.


What is the exact way or workaround to achieve this?

Replies 7 (7)

Shopify Partner
3 0 2


As far as I can tell this isn't documented anywhere.  I put it together through various other comments and such before I got it working.  The session id is acquired by sending a POST message to with the following body:

    "credit_card": {

This will return the sessionId you can then pass into the customerPaymentMethodCreditCardUpdate call.  The call to get the session id does not validation on the card, that happens in customerPaymentMethodCreditCardUpdate.


Hope this helps!



Shopify Partner
9 0 6


Hi Ryan, Thank you for sharing the helpful material, i tried it and successfully get the session ID but i am facing another issue when passing billingAddress, id, and sessionId to mutation. Getting this error:

"Access denied for customerPaymentMethodCreditCardUpdate field. Required access: `write_customers` access scope. Also: Requires `write_customer_payment_methods` scope.

although i have assigned write_customers scope but i am unable to find the write_customer_payment_methods scope either in the scopes of app or in the documentation



This is what i am trying:

# GraphQL mutation payload
    mutation = """
        mutation customerPaymentMethodCreditCardUpdate($billingAddress: MailingAddressInput!, $id: ID!, $sessionId: String!) {
          customerPaymentMethodCreditCardUpdate(billingAddress: $billingAddress, id: $id, sessionId: $sessionId) {
            customerPaymentMethod {
            userErrors {

    payload1 = {
        'query': mutation,
        'variables': {
            'billingAddress': billingAddress,
            'id': payment_id,
            'sessionId': sessionId

    # Sending the GraphQL request
    #response =, json=payload)
    response = requests.request("POST", api_url, headers=headers, json=payload1)

    # Parsing the response
    data = response.json()



Shopify Partner
3 0 2

Ah, yes.  Yet another hurdle.  Is your app defined as part of a store or as a partner app with a store assigned to it?  If it is the former you won't be able to access write_customer_payment_methods because it is a 'protected scope'.  You'll have to create a partner level app at and switch your store to use that app.  You can then request access to the protected scopes via the partner app settings.  Setting the scopes is done on a per-store basis and the store has to make the request.  It's a hassle to setup, unfortunately.


Basically they have three types of apps now even though most of the documentation references only two.  A 'public app' is an app created at and is to be made available to the marketplace.  A 'custom app' is also created at and will only be used by specific clients/stores (this is what you want to access the protected scopes).  And then you have the, what, 'legacy app?' I guess.  That's the old way where you would create the app for a specific store.  That way does not provide you access to the protected scopes or subscriptions.


I hope this points you in the right direction.  Good luck!

Shopify Partner
9 0 6

Hi Ryan, i have followed your guidelines and created a developer partner APP and requested access for write_customer_payment_methods and Payment Mandate access granted by Shopify.


i have created a Node.JS app with scopes=read_customers,write_customers,write_payment_mandate,read_payment_mandate to handle the oAuth to get the access token and created distribution as Merchant install link but when I tried to access the URL it takes me to the handshake page and in response i got he access_token as {"access_token": "AAAA_00dc679aAAAAAAAAAAAAAAAAAAAAAAAAAAbfa2", "scope": "write_customers,write_payment_mandate"}


i have used this access_token to call the API but still don't have access to the payment method and getting "message": "Access denied for customerPaymentMethodCreditCardUpdate field. Required access: `write_customers` access scope. Also: Requires `write_customer_payment_methods` scope 

Shopify Staff
1415 231 484

Hey @Abdul_Qayyum ,


The customerPaymentMethodCreditCardUpdate document is in reference to subscription apps and the scope `write_customer_payment_methods`would be assigned to your subscription app when requested through your Partner App dashboard. Are you trying to update a payment method for a subscription? You can use this documentation on creating / updating contracts as a reference if so. 


Hope that helps! 

Developer Support @ Shopify
- Was this reply helpful? Click Like to let us know!
- Was your question answered? Mark it as an Accepted Solution
- To learn more visit or the Shopify Web Design and Development Blog

Shopify Partner
9 0 6

thanks, but I got confused because there is nothing clear details to achieve update credit card details. earlier it seems that UpdateCreditCardMutation will work and for that, i have to create the developer partner app and requested the payment_mendates access, and then generate the access_token. but the same access denied error is what I am getting and now you're suggesting going with subscription contracts will be the solution but it only has to create and updating drafts.

Shopify Partner
4 0 4

Thank god. How on earth did you find this?! i was scratching my head around it for ages trying to figure out how to add a card to the vault. Seems very odd that this literally isn't docuumented anywhere. How do we know it's safe to use?