Card Enrollment

Overview

Before an agent can charge a payment card, the card must be enrolled in NVM Pay. Enrollment tokenizes the card data (NVM Pay never stores raw card numbers), verifies the cardholder’s identity, and registers the card with the payment provider. NVM Pay supports three enrollment providers, each available as a separate tab in the Nevermined Pay dashboard. The right provider for a given plan is determined by the seller’s fiatPaymentProvider metadata: Stripe-priced plans require a Stripe-vaulted card, and Braintree-priced plans require a Braintree-vaulted card.

Enrollment Paths

Visa
Stripe
Braintree

Visa Enrollment

Visa cards are tokenized via Visa Token Service (VTS) and enrolled in Visa Intelligent Commerce (VIC). This path requires passkey (FIDO2) authentication.

Capture card data

Enter your card details through the enrollment form. Card data is captured in a PCI-compliant VGS Collect iframe and tokenized in the browser before submission.

Tokenize with Visa

NVM Pay registers the card with Visa Token Service (VTS), producing a provisioned token ID that replaces the real card number.

Enroll in Visa Intelligent Commerce

The tokenized card is enrolled in VIC, which enables mandate-based charging.

Authenticate with passkey

Complete passkey authentication (FIDO2/WebAuthn) to prove you authorized the enrollment. If passkeys aren’t available, a one-time password (OTP) is sent to your email instead.

Create a mandate

After enrollment, create a spending mandate to define how agents can charge this card.

Visa Card Lifecycle

Enrollment started
  |
  |-> PAN enrolled (VTS tokenization)
  |
  |-> Token provisioned (provisioned token ID created)
  |
  |-> VIC enrolled (payment network registration)
  |
  |-> Authentication (passkey or OTP)
  |
  |-> Active -> Mandates can be created
        |
        |-> Inactive (card deactivated or removed)

You can track enrollment progress in the dashboard. Each step is recorded, and if enrollment fails at any point, the specific step and error are captured.

Stripe Enrollment

Stripe cards are captured via Stripe Elements and tokenized through Stripe SetupIntents. This is a simpler flow with no passkey requirement.

Enter card details

Enter your card number, expiry, and CVC through the Stripe Elements form. Card data goes directly to Stripe and never touches the NVM Pay backend.

Confirm with Stripe

Stripe creates a SetupIntent and confirms the card. This validates the card and saves it as a reusable payment method.

Finalize enrollment

NVM Pay finalizes the enrollment by linking the Stripe payment method to your account. The card appears in your dashboard immediately.

Create a delegation

After enrollment, create a spending delegation to define how agents can charge this card.

Stripe Card Lifecycle

SetupIntent created
  |
  |-> Card confirmed (Stripe tokenization)
  |
  |-> Enrollment finalized (linked to NVM Pay account)
  |
  |-> Active -> Delegations can be created
        |
        |-> Removed (card and all delegations revoked)

Braintree Enrollment

Braintree cards are captured via the Braintree Drop-in UI (or hosted fields) and exchanged for a vaulted payment-method token. The flow is similar to Stripe — no passkey is required — but uses Braintree’s tokenization and vaulting primitives so the resulting token can be charged by the seller’s OAuth-connected Braintree merchant at settlement time.

Request a client token

The Nevermined App requests a short-lived Braintree client token from the facilitator. The client token authorizes the in-browser Drop-in / hosted fields to talk directly to Braintree.

Enter card details

Enter your card number, expiry, and CVC into the Braintree Drop-in. Card data goes directly to Braintree and never touches the Nevermined backend. Drop-in returns a single-use payment-method nonce to the browser.

Vault the card

The browser submits the nonce to the facilitator. The facilitator looks up (or creates) your Braintree customer record and exchanges the nonce for a permanent paymentMethodToken by vaulting the card with verifyCard: true. From this point on, NVM Pay only ever stores the token — never raw card data.

Create a delegation

After enrollment, create a spending delegation backed by the vaulted Braintree token. The delegation can then settle x402 charges against any Braintree-priced plan in the supported currency.

Braintree Card Lifecycle

Client token requested
  |
  |-> Card details captured (Braintree Drop-in tokenization)
  |
  |-> Nonce returned to browser (single-use)
  |
  |-> Card vaulted (paymentMethodToken issued, verifyCard pass)
  |
  |-> Active -> Delegations can be created
        |
        |-> Removed (card and all delegations revoked)

A Braintree-vaulted card can only be charged for plans whose seller has a Braintree merchant account in the card’s transaction currency. See Braintree onboarding for the seller-side per-currency requirements.

Card Properties

Visa, Stripe, and Braintree cards share these core properties:

Property	Description
`id`	Unique card identifier
`userId`	Owner of the card
`last4`	Last 4 digits of the card number (for display)
`alias`	User-friendly name (e.g., “Work Visa”, “Dev Card”)
`status`	`active` or `inactive`
`spendingCeiling`	Maximum total amount that can be allocated across all active mandates or delegations on this card (default: $10.00)

Spending Ceiling

Every card has a spending ceiling, a cumulative limit on the total amount allocated to active authorizations. This prevents over-allocation and provides a safety net. Both Visa and Stripe cards enforce the same ceiling. For example, if your card has a $10.00 ceiling:

Authorization A: $5.00
Authorization B: $3.00
Remaining capacity: $2.00

The default spending ceiling is $10.00 during the pilot phase. Contact the Nevermined team if you need a higher limit.

When you create or update a mandate/delegation, NVM Pay validates that the total allocated amount across all active authorizations on the card doesn’t exceed the ceiling. If it would, the request is rejected with a clear error showing the remaining capacity.

Managing Cards

Via the Nevermined Pay Dashboard

The Nevermined Pay dashboard provides a visual interface for managing your enrolled cards. Visa, Stripe, and Braintree cards appear in separate tabs:

View all enrolled cards with their status and spending ceiling
See active mandates/delegations per card with remaining capacity
View transaction history for each card
Deactivate or remove cards

Via the API

Visa
Stripe

Endpoint	Method	Description
`/cards`	`GET`	List enrolled Visa cards (filter by `userId`)
`/cards/{id}`	`GET`	Get card details including mandates
`/cards/{id}`	`PUT`	Update card properties
`/cards/{id}`	`DELETE`	Remove a card and its mandates
`/cards/{cardId}/transactions`	`GET`	Get transaction history (paginated)

Endpoint	Method	Description
`/api/v1/payment-methods`	`GET`	List enrolled Stripe cards
`/api/v1/payment-methods/{id}`	`PATCH`	Update card alias or allowed API keys
`/api/v1/payment-methods/{id}`	`DELETE`	Remove card and revoke all delegations
`/api/v1/delegation/{id}/transactions`	`GET`	Get transaction history per delegation

Choosing a Provider

	Visa	Stripe	Braintree
Enrollment complexity	Multi-step with passkey auth	Simple card form	Simple card form (Braintree Drop-in)
Authentication	Passkeys (FIDO2) or OTP	Stripe handles verification	Braintree `verifyCard` at vault time
Best for	High-security use cases, production deployments	Quick setup, developer testing, broader card support	Plans whose seller settles on Braintree (per-currency merchant accounts, OAuth Connect)
Settlement	Visa credentials charged via Stripe	Stripe PaymentIntents directly	Braintree `transaction.sale` against vaulted `paymentMethodToken`

All three providers support the same spending controls (ceilings, usage limits, expiration) and API key linking. The right enrollment provider for a given plan is determined by the plan’s fiatPaymentProvider metadata: a Braintree-priced plan can only be paid by a Braintree-vaulted card.

What’s Next?

Once your card is enrolled, create a spending authorization to control how agents can charge it.

Create a Mandate or Delegation

Define spending limits, usage caps, and expiration for agent payments

Learn

Build

Nevermined Pay

Solutions

Integrations

Payment Patterns

Components

Specs

FAQ

Overview

Enrollment Paths

Visa Enrollment

Visa Card Lifecycle

Stripe Enrollment

Stripe Card Lifecycle

Braintree Enrollment

Braintree Card Lifecycle

Card Properties

Spending Ceiling

Managing Cards

Via the Nevermined Pay Dashboard

Via the API

Choosing a Provider

What’s Next?

Create a Mandate or Delegation

Learn

Build

Nevermined Pay

Solutions

Integrations

Payment Patterns

Components

Specs

FAQ

Documentation Index

​Overview

​Enrollment Paths

​Visa Enrollment

​Visa Card Lifecycle

​Stripe Enrollment

​Stripe Card Lifecycle

​Braintree Enrollment

​Braintree Card Lifecycle

​Card Properties

​Spending Ceiling

​Managing Cards

​Via the Nevermined Pay Dashboard

​Via the API

​Choosing a Provider

​What’s Next?

Create a Mandate or Delegation

Overview

Enrollment Paths

Visa Enrollment

Visa Card Lifecycle

Stripe Enrollment

Stripe Card Lifecycle

Braintree Enrollment

Braintree Card Lifecycle

Card Properties

Spending Ceiling

Managing Cards

Via the Nevermined Pay Dashboard

Via the API

Choosing a Provider

What’s Next?