Tokenization
Tokenization allows you to securely store customer payment information for future use. Rather than storing sensitive payment details, you store a token that represents those details, enhancing security and simplifying recurring payments.
How Tokenization Works
- A customer provides their payment information (through Pay Portal, Pay Session, or Pay API)
- Prahsys Payments securely captures the payment details
- The information is tokenized and stored in our secure vault
- A token is returned to your system to reference the payment method
- You use this token for future transactions, without handling sensitive payment data
Token Management Operations
The Tokenization API provides several endpoints for creating, retrieving, updating, and deleting tokens.
Creating a Token
There are multiple ways to create a token, depending on your integration method:
Session-Based Tokenization
When using Pay Portal or Pay Session, you can generate tokens from session data:
const response = await fetch("https://api.prahsys.com/payments/n1/merchant/{merchantId}/token", {
method: "POST",
headers: {
Authorization: `Bearer ${apiKey}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
session: {
id: "SESSION0002742481646J67219140J7",
},
}),
});
NOTE: The session must have processed a transaction to tokenize the payment information.
Pay API Tokenization (Higher PCI Scope)
When using Pay API, you can tokenize card details directly (requires higher PCI compliance). Read more about Direct Pay here.
const response = await fetch("https://api.prahsys.com/payments/n1/merchant/{merchantId}/token", {
method: "POST",
headers: {
Authorization: `Bearer ${apiKey}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
billing: {
card: {
number: "4111111111111111",
expiry: {
month: "12",
year: "25",
},
securityCode: "123",
},
},
}),
});
Retrieving a Token
You can retrieve details about a token:
const response = await fetch(`https://api.prahsys.com/payments/n1/merchant/{merchantId}/token/${tokenId}`, {
method: "GET",
headers: {
Authorization: `Bearer ${apiKey}`,
},
});
Updating a Token
You can update certain token attributes:
const response = await fetch(`https://api.prahsys.com/payments/n1/merchant/{merchantId}/token/${tokenId}`, {
method: "PUT",
headers: {
Authorization: `Bearer ${apiKey}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
// Update card expiry date
billing: {
card: {
expiry: {
month: "12",
year: "26",
},
},
},
}),
});
Deleting a Token
You can delete a token when it’s no longer needed:
const response = await fetch(`https://api.prahsys.com/payments/n1/merchant/{merchantId}/token/${tokenId}`, {
method: "DELETE",
headers: {
Authorization: `Bearer ${apiKey}`,
},
});