# CIT Sale request This endpoint allows you to create a subsequent transaction that triggers a 3-D Secure (3DS) authentication flow for your users. It can be used when you want customers to actively confirm and provide consent for the charge, ensuring additional security and compliance with authentication requirements. Similar to the standard subsequent transaction, this endpoint enables you to manage rebills on your end or offer one-click payments without requiring users to re-enter their card details. Use the payment token ID received from the original Sale request to initiate this transaction. Note that the combination of payment_token_id and merchant_customer_id should match the initial sale values Endpoint: POST /cit-sale Version: 1.2 Security: X-Api-Key ## Query parameters: - `mode` (string) Enum: "SYNC", "ASYNC" ## Header parameters: - `X-Idempotency-Key` (string) The system supports the query deduplication mechanism. Any system-wide merchant's request after the first one with the same X-Idempotency-Key will return an error. For example, if you have retrying mechanism for payouts and you want to avoid double sending, you can put header with value payout_{your_payout_id} ## Request fields (application/json): - `payment_token_id` (string, required) Token from original payment - `payment_method` (string, required) - `merchant_payment_id` (string) Optional field, might be used as a reference from the merchant side - `merchant_customer_id` (string, required) - `email` (string, required) - `amount` (string, required) can't be zero for SALE | MIT_SALE - `language` (string) required only for SALE | AUTHORIZE | RECURRING - `country_code` (string, required) Country Code (ISO 3166-2) - `currency_code` (string, required) Currency code (ISO 4217) - `forced_3d` (boolean) If needs to initiate 3d secure from merchant side. - `success_url` (string) required only for SALE | AUTHORIZE | RECURRING - `failure_url` (string) required only for SALE | AUTHORIZE | RECURRING - `shop_name` (string) Shop name - `shop_url` (string) Shop URL with protocol HTTP or HTTPS - `products` (array, required) Expected at least 1 product - `payment_form_override` (object) [Customizing Payment Form Appearance.](/openapi/override-theme/customizing-payment-form-appearance) All these parameters will override existing configuration in Upgate back office if any - `payment_form_override.color` (string) [Override the color](/openapi/override-theme/customizing-payment-form-appearance) for the payment form. - `payment_form_override.theme_type` (string) [Override the theme](/openapi/override-theme/themes) for the payment form. Enum: "LIGHT", "DARK", "BROWSER" - `payment_form_override.theme_variables` (object) [Override CSS variables](/openapi/override-theme/variables) for the payment form. - `payment_form_override.theme_rules` (object) [Override CSS rules](/openapi/override-theme/rules) for the payment form. ## Response 400 fields (application/json): - `errors` (array) - `errors.error_code` (string, required) Enum: "INVALID_REQUEST_PARAMETER", "INVALID_REQUEST", "INTERNAL_ERROR", "TOO_MANY_REQUESTS", "NOT_FOUND" - `errors.error_message` (string, required) ## Response 401 fields (application/json): - `errors` (array) - `errors.error_code` (string, required) Enum: "INVALID_REQUEST_PARAMETER", "INVALID_REQUEST", "INTERNAL_ERROR", "TOO_MANY_REQUESTS", "NOT_FOUND" - `errors.error_message` (string, required) ## Response 429 fields (application/json): - `errors` (array) - `errors.error_code` (string, required) Enum: "INVALID_REQUEST_PARAMETER", "INVALID_REQUEST", "INTERNAL_ERROR", "TOO_MANY_REQUESTS", "NOT_FOUND" - `errors.error_message` (string, required) ## Response 500 fields (application/json): - `errors` (array) - `errors.error_code` (string, required) Enum: "INVALID_REQUEST_PARAMETER", "INVALID_REQUEST", "INTERNAL_ERROR", "TOO_MANY_REQUESTS", "NOT_FOUND" - `errors.error_message` (string, required)