UK Gateway

Tokenization

Last updated: 29-Oct-2021
Download as PDF

After having have decided that you'll tokenize cardholder data through the API you can see how to tokenize cards by following the steps described below.

Creating the token

Step 1 - Obtaining the cardholder data

Ensure you comply with the appropriate level of PCI compliancy required to capture cardholder data on your website directly before proceeding.

The cardholder data consists of the following:

  • Primary Account Number (PAN) - card_number
  • Expiry month - expiry_month
  • Expiry year - expiry_year
  • CVV optional - cvv
  • Organisation id - organisation

Step 2 - Posting the cardholder data and obtaining the card id

The cardholder data has to be sent in a POST request to $BASEURL/v1/card:

{
  "card_number": "string",
  "cvv": "string",
  "expiry_month": "string",
  "expiry_year": "string",
  "organisation": "string"
}

The response will at least contain an _id field that contains the card token. Other information related to card will include the card issuer, issuer country, currency, type and more. For now we will focus on the _id:

{
    ...
    "_id": "string",
    ...
}

If you are using an external CRM, store the card id with the customer for future purposes.

Step 3 - Initiating a transaction with the card id

Read more on initiating a transaction with the card token here.

Reusing the id

The CVV is discarded after it has been used for initiating a transaction, therefore it will need to be added again if you wish to reuse the id. The CVV can be added by updating the card through the $BASEURL/v1/card/id call (replace id with the card id). Follow the steps bellow to update the CVV.

It is possible to reuse the id without adding the CVV to the token. In this case the card transaction will be initiated without the CVV, which decreases the chance of authorisation.

Step 1 - Capture the CVV

Ensure you comply with the appropriate level of PCI compliancy required to capture cardholder data on your website directly before proceeding.

The data required to update the CVV is:

  • CVV - cvv
  • Organisation - organisation
  • Card id - id

Step 2 - Posting the cvv to the token

The cardholder data has to be sent in a POST request to $BASEURL/v1/card/id. Organisation always has to be provided, provide cvv to update the CVV of the token:

{
  "cvv": "string",
  "organisation": "string"
}

The response will return the same _id field as when the card was initially created. Other information related to card will include the card issuer, issuer country, currency, type and more. For now we will focus on the _id:

{
    ...
    "_id": "string",
    ...
}

The CVV has now been added to the token again. In the next step you can reuse the card token with a CVV attached.

Step 3 - Initiating a transaction with the card token

Read more on initiating a transaction with the card token here.

Rate this article:

Need help?

Do you have a question? If you didn’t find the answer you are looking for in our documentation, you can contact our Support teams for more information. If you have a technical issue or question, please contact us. We are happy to help.

Get in touch

Not yet a Verifone customer?

We’ll help you choose the right payment solution for your business, wherever you want to sell, in-person or online. Our team of experts will happily discuss your needs.

Contact sales Get Started
Verifone logo