Tokenization
The creation of payment methods secures customer payment information by replacing the actual account details with an algorithmically generated (token) value.
Tokens are stored within Exact's platform and used by partners and merchants for recurring or card-on-file transactions.
When paired with the ExactJS product, Partners and merchants can eliminate all card data from their internal systems which, in turn, removes that entity from the security requirements defined by PCI Data Security Standards (DSS) scope.
Exact supports two token products available for use:
(Exact) Platform Tokens allow the creation of a token not only as a representation of a credit card, but also of almost any payment method including ACH. The token type is not format preserving. The Exact token can also store other data such as billing address.
Network Tokens only allow credit/debit cards to be tokenized. There are a number of key benefits associated with network tokens including:
- automatic account updater for expired and reissued cards on file
- token portability between payment providers with no conversion required
- improved authorization approval rates, and
- reduced interchange cost on certain transaction categories.
Creating Tokens
Platform tokens are created by sending request to the POST /payment-method endpoint.
For specific details please consult the relevant article for the token you want to create:
Paying with a Token
To use a token with our Payment API, you must specify it as a payment method.
POST /payments
{
"paymentMethod": {
"token": "9fd22452-a8ba-424c-bcce-9deb98f272a0"
},
"amount": 100,
"capture": false
}
{
"paymentId": "64ade106c79c5e590217a1c3",
"type": "payment",
"status": "completed",
"approved": true,
"captured": false,
"authorization": "ET120425",
"amount": 100,
...
"paymentMethodDetails": {
"cardBrand": "visa",
"cardholder": "John Doe",
"last4": "1111",
"expiryMonth": 9,
"expiryYear": 2024,
"cvdCheck": {
"code": "I",
"description": "CVV2 code is invalid or empty"
}
},
...
}
Looking Up Token Details
Looking up the payment details associated with a token is a simple request to GET /payment-method/:token.
GET /payment-method/9fd22452-a8ba-424c-bcce-9deb98f272a0
Note that the response will not contain any actual account or card numbers.
{
"type": "card",
"token": "054f3ce9-ad96-4306-abcc-5722e5313a71",
"updatedAt": "2023-07-11T22:44:23.507Z",
"createdAt": "2023-05-18T00:33:35.958Z",
"billingDetails": {
"email": "[email protected]",
"name": "John Doe",
"phone": "5551234567",
"address": {
"city": "Scottsdale",
"country": "USA",
"line1": "7272 E Indian School Rd",
"postalCode": "85251",
"state": "AZ"
}
},
"card": {
"brand": "visa",
"lastFour": "1111",
"checks": {
"cvcCheck": "full-match",
"addressCheck": "not-verified"
},
"expiry": {
"month": 9,
"year": 2024
},
"tokenType": "platform"
}
}
Deleting a Token
Deleting a token removes that token and its associated payment details from our vault.
To do so, send a request to DELETE /payment-method/:token.
DELETE /payment-method/9fd22452-a8ba-424c-bcce-9deb98f272a0
The response will be a 204 status code, with no payload.