Data Vault Tokenisation

Creating a token

To generate a Token for future use at the same time as submitting a payment, use the createToken object to set a Token up for multiple use (set reusable to "true"). In addition, you can create your own token, send it to us within the object, and set rules as to whether you want to decline payments with duplicate payment details.

To tokenise a payment card separately to a payment, POST the payload to /payment-tokens

If you supply a token value, we will store that, otherwise we'll generate a token value and pass it back to you in the response.

The following JSON documents represent the examples of requests and response for token creation:

  "createToken": {
    "value": "optional - define your own token",
    "reusable": true | false,
    "declineDuplicates": true | false
   }
{
  "requestType": "PaymentCardPaymentTokenizationRequest",
  "paymentCard": {
    "number": "4012000033330026",
    "expiryDate": {
      "month": "12",
      "year": "24"
    }
  },
  "createToken": {
    "reusable": true,
    "declineDuplicates": false
  },
  "accountVerification": false,
  "additionalDetails": {
    "operatorId": "OPERATOR_ID_123XXX",
    "salesSystemId": "W-EU-H3866-FLS2"
  }
}
{
    "clientRequestId": "7ea3415f-62ba-4a1f-8c0f-3c933c1e0c87",
    "apiTraceId": "Y7gIvGrWgLTPAUE7rGOJaQAAAso",
    "requestStatus": "SUCCESS",
    "requestTime": 1673005244065,
    "country": "United Kingdom",
    "paymentToken": {
        "value": "838C36B4-133E-4068-BF50-99008A0DB003",
        "reusable": true,
        "declineDuplicates": false,
        "last4": "0026",
        "brand": "MASTERCARD",
        "type": "PAYMENT_CARD"
    },
    "orderId": "R-e0b9cc9c-730b-4064-b81b-ff84327ce7ac",
    "ipgTransactionId": "84616111269"
}

In the above example, we are allowing our systems to generate a payment token for the given card details, and it sends it back with the value 838C36B4-133E-4068-BF50-99008A0DB003 for later use.

If you wish to set your own value for the token, include the value attribute in the createToken object. If you do not include this, we will define the token value and return it in the response as value attribute in the paymentToken object. If set to true, the token can be reused. If false, it has only a single use.

Updating a token

You can update one or more tokens at a time, and change the settings for the token or the payment card associated with the Token. To make these updates, make a PATCH to /payment-tokens using requestType=PaymentCardPaymentTokenUpdateRequest.

The PaymentTokens object is a list, and can include multiple payment tokens. See the example below to see how to construct the payload. Each of the token objects below includes the updates required - these will automatically be written to the token record on our systems if the request is processed successfully.

{
  "requestType": "PaymentCardPaymentTokenUpdateRequest",
  "paymentTokens": [
    {
      "value": "1751905117310026",
      "reusable": true,
      "declineDuplicates": false,
      "paymentCard": {
        "number": "5424180279791732",
        "expiryDate": {
          "month": "03",
          "year": "27"
        },
        "securityCode": "XXX"
      }
    },
    {
      "value": "9877hkhk68688888ffgh",
      "reusable": true,
      "declineDuplicates": false,
      "paymentCard": {
        "number": "4773410012347324",
        "expiryDate": {
          "month": "12",
          "year": "27"
        },
        "securityCode": "XXX"
      }
    }
  ]
}
{
  "requestStatus": "PARTIAL_SUCCESS",
  "requestTime": "1554308829345",
  "errors": {
    "details": [
      {
        "message": "HOSTED_DATA_ID4773410012347324. Invalid credit card number: CreditCard [cardNumber=4773410...7324, expirationMonth=12, expirationYear=2026"
      },
    ]
  }
}

Using a token

Once the token is created and you have stored it against the customer’s account detail, you can use it to execute payments for the customer. To use a tokenised payment instrument, use the relevant PaymentToken* requestType.

{
  "requestType": "PaymentTokenSaleTransaction",
  "transactionAmount": {
    "total": 12.04,
    "currency": "EUR"
  },
  "paymentMethod": {
    "paymentToken": {
      "value": "1235325235236",
      "function": "DEBIT",
      "securityCode": "977"
    }
  }
}

When a customer is checking out, and you've previously tokenised their payment details mapped to their account, you can request token details to enable the customer to confirm they want to pay with the stored payment instrument.

To do this, use the GET endpoint, providing the tokenid to receive a PaymentTokenDetails response. Our suggestion is you use the last4 value and brand to enable the customer to correctly identify which payment instrument they wish to use, and then from there you can use the token value as in the example above.


Want a quick overview?