Credit cards API will require PaymentRequestMetadata values for all authorizations

On 2026-01-17, the credit cards API will require the following values in the PaymentRequestMetadata object for all credit card authorization requests.

• cardFirst6

• cardLast4

• billingAddress

• guestIdentifier

• originIPAddr

These values are currently required for authorization requests that use credit card information entered directly by guests (the cardNumberOrigin value is END_USER). On 2026-01-17, the credit cards API will require the values for all authorization requests.

Including the required payment request metadata values in a credit cards API authorization request improves the effectiveness of the fraud detection provided by the Toast platform. For more information, see Optimizing fraud detection.