Tokenization
Securely store and reuse payment details with tokens—enhancing security, reducing PCI scope, and enabling seamless customer experiences.
Tokenization replaces sensitive card information with a secure, non-reversible identifier called a token. Instead of handling raw card details, PCE enables you to collect card data directly from your customer’s browser or device and convert it into a token. This token can then be used for future transactions—reducing risk, enhancing security, and simplifying PCI compliance.
Tokens are always created in association with a Customer. In PCE, these are managed as Customer Card Accounts, which securely link tokens to customer profiles.
Importance of Tokenization
- Enhanced Security & Compliance: Protects customer data from breaches by ensuring no sensitive details are stored on your servers.
- Reduced Liability: Minimizes PCI scope, saving costs associated with maintaining high-security environments.
- Customer Experience: Supports use cases like one-click checkout, recurring billing, and stored credentials for subscriptions
Working of Card Tokenization
This approach is best suited for merchants maintaining customer profiles and enabling recurring or subscription payments.
Follow the below outlined steps to create Card Account tokens for Customers.
a. Create a Customer Profile
Skip this step if you already have a Customer.
If the customer doesn’t already exist, create one using the POST /checkout/v3/customer endpoint that includes:
| Parameter | Description |
|---|---|
name | Full name of the customer. |
email | Valid email address. |
mobile | Valid mobile number of the customer. |
merchantId | Merchant location ID. |
b. Generate a Card Token (Customer Card Account)
Use the POST /checkout/v3/customercardaccount/{customerId} endpoint to tokenize card details, that includes:
| Parameter | Description |
|---|---|
number | 13 to 17 digits of card number. |
expiryMonth | Card expiry month. |
expiryYear | Card expiry year. |
cvv | Card verification value. |
avsStreet | Billing street address. |
avsZip | Billing zip code. |
The GET /checkout/v3/customercardaccount/{customerId} endpoint returns all card accounts for a customer, including:
id: Card Account id.token: Secure card token for payments.
c. Create Payments with Secure Token
Create a Payment using the POST /checkout/v3/payment endpoint that includes:
| Parameter | Description |
|---|---|
ternderType | Set to CARD for card transactions. |
amount | Amount of Sale (in US currency units) |
cardAccount.token | Valid Card Token. |
merchantId | Merchant location ID |
PCE authorizes the payment with the issuer, captures the funds instantly. The GET /checkout/v3/payment/{id} endpoint gives a response with:
id: Unique identifier for the paymentpaymentToken: Secure token for future operations like void, adjustments or refunds.status: Status of the sale. You will also receive the result in a webhook.
Tokens support both Sale and Authorization & Capture workflows.
Updated 8 days ago