Tokens
Tokenization is the process Axxonpay uses to collect sensitive card or bank account details, or personally identifiable information (PII), directly from your customers in a secure manner. A token representing this information is returned to your server to use.
Client-Side Tokenization
We recommend using our recommended payments integrations to perform the tokenization process client-side. This ensures that no sensitive card data touches your server and allows your integration to operate in a PCI-compliant way. By using client-side tokenization, you benefit from the following:
- Secure collection of sensitive information
- PCI compliance
- Seamless integration with Axxonpay's recommended payment flows
const crypto = require('crypto');
const axios = require('axios');
// Define the request body
const dataObj = {
amount: 10000,
currency: 'USD',
cardNumber: 4242424242424242,
expMonth: '12',
expYear: '2029',
cvc: '984',
description: 'Payment for Service',
customer_id: '<example client Id>',
name: 'John Smith',
email: 'johnsmith@gmail.com',
return_url: 'https://google.com',
remote_ip: '192.76.99.255',
postal_code: '94102',
line1: '986 Holloway Street',
line2: 'APT 781',
city: 'Los Angeles',
state: 'CA',
country: 'US',
};
const key = crypto.pbkdf2Sync('key_<Your-Key>', 'sig_<Your-Signature>', 1000, 32, 'sha256');
function tokenizeObject(objectData, encryptionKey) {
// Convert the object to a JSON string
const jsonString = JSON.stringify(objectData);
// Generate a random initialization vector (IV)
const iv = crypto.randomBytes(16); // Updated to 16 bytes (128 bits)
// Create a cipher using the encryption key and IV
const cipher = crypto.createCipheriv('aes-256-cbc', encryptionKey, iv);
// Encrypt the JSON string
let encryptedData = cipher.update(jsonString, 'utf8', 'hex');
encryptedData += cipher.final('hex');
// Generate a token by combining the IV and encrypted data
const token = iv.toString('hex') + encryptedData;
return token;
}
const tokenized = tokenizeObject(dataObj, key);
// Define the headers with the signature
const headers = {
signature: 'sig_<Your-Signature>',
authorization: 'key_<Your-Key>',
};
const data = {
// Add your request body data here
token: tokenized,
};
// Make the POST request
axios.post('/v1/process/card-payment', data, { headers })
.then((response) => {
console.log(response.data);
})
.catch((error) => {
console.error(error);
});
API Tokenization
If client-side tokenization is not feasible for your integration, you can create tokens using the Axxonpay API with either your publishable or secret API key. However, please note the following:
- When using API tokenization, you are responsible for any PCI compliance requirements.
- You must keep your secret API key safe.
- Unlike client-side tokenization, the customer's information is not sent directly to Axxonpay, so we cannot determine how it is handled or stored.
Card Tokenization Endpoint
POST /v1/create/tokenSepa Debit Tokenization Endpoint
POST /v1/create/sepa/tokenToken Usage
Tokens cannot be stored or used more than once. If you need to store card or bank account information for later use, you can create Customer objects or Custom accounts. It's important to note that Axxonpay Radar, our integrated solution for automatic fraud protection, performs best with integrations that use client-side tokenization.
For detailed information on creating tokens using the API, refer to the following endpoint:
POST /v1/tokens
Create a new token with the specified data.
Card Tokenization Endpoint
POST /v1/create/tokenSepa Debit Tokenization Endpoint
POST /v1/create/sepa/tokenGET /v1/tokens/:id
Retrieve a specific token by its ID.
GET /v1/retrieve/token/:idCard Tokenization
POST /v1/create/token| Parameter | Required/Optional | Type | Description |
|---|---|---|---|
| amount | REQUIRED | Number | Amount intended to be collected by this Charge. A positive integer representing how much to charge in the smallest currency unit (e.g., 100 cents to charge $1.00 or 100 to charge ¥100, a zero-decimal currency). The minimum amount is $0.50 US or equivalent in charge currency. The amount value supports up to eight digits (e.g., a value of 99999999 for a USD charge of $999,999.99). |
| currency | REQUIRED | String | Three-letter ISO currency code, in lowercase. Must be a supported currency. |
| customer_id | OPTIONAL | String | ID of the Customer this Charge belongs to, if one exists. Payment methods attached to other Customers cannot be used with this Charge. If present in combination with setup_future_usage, this Charge's payment method will be attached to the Customer after the Charge has been confirmed and any required actions from the user are complete. |
| description | OPTIONAL | String | An arbitrary string attached to the object. Often useful for displaying to users. |
| return_url | REQUIRED | String | REQUIRED IN CASE 3DS IS REQUESTED |
| cardNumber | REQUIRED | Number | Number of the card used for the charge. |
| expMonth | REQUIRED | String | Expiration month of the card used for the charge. |
| expYear | REQUIRED | String | Expiration year of the card used for the charge. |
| cvc | REQUIRED | String | Card verification code used for the charge. |
| line1 | REQUIRED | String | First line of the address associated with the card used for the charge. |
| line2 | REQUIRED | String | Second line of the address associated with the card used for the charge. |
| postal_code | REQUIRED | String | Postal code of the address associated with the card used for the charge. |
| city | REQUIRED | String | City of the address associated with the card used for the charge. |
| country | REQUIRED | String | Country of the address associated with the card used for the charge. |
| REQUIRED | String | Email address of the customer associated with the charge. | |
| name | REQUIRED | String | Name of the customer associated with the charge. |
| state | REQUIRED | String | State of the address associated with the card used for the charge. |
| remote_ip | REQUIRED | String | IP address of the customer making the charge. |
Sepa Debit Tokenization
POST /v1/create/sepa/token| Parameter | Required/Optional | Type | Description |
|---|---|---|---|
| amount | REQUIRED | Number | Amount intended to be collected by this Charge. A positive integer representing how much to charge in the smallest currency unit (e.g., 100 cents to charge $1.00 or 100 to charge ¥100, a zero-decimal currency). The minimum amount is $0.50 US or equivalent in charge currency. The amount value supports up to eight digits (e.g., a value of 99999999 for a USD charge of $999,999.99). |
| currency | REQUIRED | String | Three-letter ISO currency code, in lowercase. Must be a supported currency. |
| customer_id | OPTIONAL | String | ID of the Customer this Charge belongs to, if one exists. Payment methods attached to other Customers cannot be used with this Charge. If present in combination with setup_future_usage, this Charge's payment method will be attached to the Customer after the Charge has been confirmed and any required actions from the user are complete. |
| description | OPTIONAL | String | An arbitrary string attached to the object. Often useful for displaying to users. |
| iban | REQUIRED | String | Number of the IBAN Bank Account used for the charge. |
| line1 | REQUIRED | String | First line of the address associated with the card used for the charge. |
| line2 | REQUIRED | String | Second line of the address associated with the card used for the charge. |
| postal_code | REQUIRED | String | Postal code of the address associated with the card used for the charge. |
| city | REQUIRED | String | City of the address associated with the card used for the charge. |
| country | REQUIRED | String | Country of the address associated with the card used for the charge. |
| REQUIRED | String | Email address of the customer associated with the charge. | |
| name | REQUIRED | String | Name of the customer associated with the charge. |
| state | REQUIRED | String | State of the address associated with the card used for the charge. |
| remote_ip | REQUIRED | String | IP address of the customer making the charge. |