Card Vaulting
Securely store and reuse payment details with tokens for recurring payments.
Card tokenization allows secure storage of card details by encrypting the card data. The encrypted token replaces sensitive card information with a secure, non-reversible identifier.
With your customer's consent, you can securely store payment details for your customers and offer the following:
- Recurring Payments
- Subscription payments
- Faster one click checkout experience for your customers.
Tokens are always created in association with a Customer as Customer Card Accounts, which securely link tokens to customer profiles. When the customer chooses to make a payment with their stored card details, you should use the token to submit the payment.
Importance of Tokens
- Faster checkout experience for your customer with stored payment details.
- Stored payment details can be used for future recurring, subscription or one time payments
Working of Card Tokenization
To store your customer's payment details, in the first payment, pass the payment information and generate a token for it. The token is then sent to server for future use. For later payments, make a request with the customer's reference and the token.
Follow the below outlined steps to create Card tokens for Customers
a. Create a Customer
A Customer represents the end user (cardholder) whose payment details you want to securely store for future use. It contains identifying information such as name, email, and mobile number.
If the customer already exists, you can skip this step.
Use the POST [/checkout/v3/customer]( endpoint to create a Customer, by passing following parameters:
| Parameter | Description |
|---|---|
name | Full name of the customer. |
email | Valid email address. |
mobile | Valid mobile number of the customer. |
merchantId | Merchant location ID. |
b. Generate a Card Token (Customer Card Account)
Once a Customer Profile exists, create a Customer Card Account to tokenize your card details. Use the POST /checkout/v3/customercardaccount/{customerId} endpoint.
| Parameter | Description |
|---|---|
number | 13 to 17 digits of card number. |
expiryMonth | Card expiry month. |
expiryYear | Card expiry year. |
cvv | Card verification value. |
avsStreet | Billing street address line 1. |
avsZip | 5-9 digit Billing zip/postal code. |
Note: Both
avsStreetandavsZipare used to perform Address Verification Service (AVS) checks.
The GET /checkout/v3/customercardaccount/{customerId} endpoint returns all card accounts for a customer, including:
id: Card Account id.token: Secure card token for payments.
c. Create Payments with Secure Token
Create a Payment using the POST /checkout/v3/payment endpoint that includes:
| Parameter | Description |
|---|---|
tenderType | Set to CARD for card transactions. |
amount | Amount of Sale (in US currency units) |
cardAccount.token | Valid Card Token. |
merchantId | Merchant location ID |
PCE authorizes the payment with the issuer, captures the funds instantly. The GET /checkout/v3/payment/{id} endpoint gives a response with:
id: Unique identifier for the paymentpaymentToken: Secure token for future operations like void, adjustments or refunds.status: Status of the sale. You will also receive the result in a webhook.
Tokens support both Sale and Authorization & Capture workflows.
Updated 19 days ago