Frequently Asked Questions about the Spreedly Payments APIs

Credit Cart Vault

  • If I store a credit card in Spreedly’s vault, can I charge against it using multiple gateways?
    • Yes. A credit card token is never tied to any one gateway. Once you have the token for that payment method, you can run transactions against any of the gateways you have on file.
  • Do I have to vault credit cards?
    • No. By default, a card is removed from Spreedly in a short period of time unless you indicate that you want to store it.
  • Are there any limits on the number of cards I can store?
    • No. If the amount of cards you need to store is higher than our published plans please email us at
  • Will Spreedly give me my credit card data back if I wish to change services?
    • Yes. We believe it’s your data, not ours. Given this is sensitive data it will need to be transferred in a secure fashion to another fully certified PCI organization.



  • Does Spreedly ever hold my funds directly?
    • No. We never touch your money. Instead, money flows from your customer to your gateway/merchant account.
  • What currencies does Spreedly support?
    • We support the underlying currencies that your particular payment gateway(s) supports.
  • Does Spreedly support recurring/subscription payments?
    • You can vault the cards so that you can charge the same card again in the future. So, in that sense we support recurring charges. However, you have to create the rules and code around when you want to re-charge those cards. If you need a fully functioning subscription offering check out our subscription partners
  • Does Spreedly support ACH payments?
  • Does Spreedly provide merchant account services?
    • No. You must have an existing merchant account to use Spreedly via one of our supported gateways.

PCI Compliance

  • What is PCI and how does it affect my business?
    • Our PCI page can help to give you an understanding of some of the basics.
  • Is Spreedly PCI Level 1 Compliant?
  • How does Spreedly reduce my PCI compliance scope?
    • By using a transparent redirect we ensure that the sensitive data never touches your servers. You can read more about how we can help on our PCI page.
  • I have been asked to provide evidence of my PCI compliance, what do I need to provide?
    • While we’re not a QSA and can’t advise on PCI issues, most customers will need to provide a copy of Spreedly’s AOC and occasionally an AOC for our most recent quarterly scan plus a self-assessment questionnaire. You can find both documents and more information on the questionnaire and the process generally on our PCI page. If you have any questions specific to your business we recommend contacting a QSA