Tokenizing Payment Methods
Tokenization of payment methods is used to protect you and the merchant from having PCI critical data such as credit card numbers exposed through your platform. The token is a representation of the card data that is stored within the Exact Payments platform that the merchant can use for recurring or card-on-file type transactions. It can also be used to gather analytical data. When paired with the Exact JS product this eliminates any card data from ever being seen within your or the merchants environments, eliminating PCI DSS scope for the developer and reducing PCI scope for the merchant.
There are two types of token products available for use:
Gateway Token: Also known as an indexing token, allows the creation of a token not only as a representation of a credit card, but also of almost any payment vehicle such as ACH. The token is not format preserving, meaning it does not look at all like a credit card, being much longer in length. It can also store other data such as billing address within the data associated with the token. Typically the account updater function is used in conjunction in order to keep cards within the token up to date rather than letting them expire.
Network Token: Only allows credit cards to be tokenized and is format preserving, meaning that the tokens have the same format as a credit card when operating in existing application. The only data stored within the token is the actual credit card data. Benefits are that the network tokens are automatically updated upon any card change and do not require an account updater and additionally can be moved between acquiring platforms without a break in functionality or conversion.
Gateway tokens can be created by making a request to the platform through the API
clients should submit a JSON request as follows:
"line1": "7272 E Indian School Rd",
"name": "John Doe",
"email": "[email protected]",
Tokens can also be deleted or retrieved as necessary
To use that token with our Payment API, you must specify it as a payment method.
Requests and payments are made using the same methods, but selecting "network" as the token type.
Note: Billing address will not be stored