Create a payment token from a payment card

post

https://cert.api.firstdata.com/gateway/v2/payment-tokens

Use this to create a payment token to safely store sensitive credit card information.

Body Params

Accepted request types: PaymentCardPaymentTokenizationRequest, PaymentDevicePaymentTokenizationRequest, and ReferencedOrderPaymentTokenizationRequest.

requestType

string

required

Object name of tokenization request.

storeId

string

length ≤ 20

An optional outlet ID for clients that support multiple stores in the same app.

billingAddress

object

Address information that is passed to the issuer (it may appear on the cardholder’s statement) or if merchant wants to pass information that differs from the information stored on our master file.

createToken

object

required

Use this model to create a payment token.

accountVerification

boolean

Defaults to false

If the account should be verified prior to token creation.

merchantTransactionId

string

length ≤ 40

The unique merchant transaction ID from the request, if supplied.

additionalDetails

object

Merchant supplied tracking numbers.

paymentCard

object

required

Payment card model.

Headers

Content-Type

string

enum

required

Defaults to application/json

Content type.

Allowed:

Client-Request-Id

string

required

A client-generated ID for request tracking and signature creation, unique per request. This is also used for idempotency control. We recommend 128-bit UUID format.

Api-Key

string

required

Key given to merchant after boarding associating their requests with the appropriate app in Apigee.

Timestamp

int64

required

Epoch timestamp in milliseconds in the request from a client system. Used for Message Signature generation and time limit (5 mins).

Message-Signature

string

required

Used to ensure the request has not been tampered with during transmission. The Message-Signature is the Base64 encoded HMAC hash (SHA256 algorithm with the API Secret as the key.) For more information, refer to the supporting documentation on the Developer Portal.

Authorization

string

The access token previously generated with the access-tokens call. Use the format 'Bearer {access-token}'.

Responses

Language

Credentials

Header

URL

Loading…

Response

Click Try It! to start a request and see the response here! Or choose an example:

application/json

200Success response.

400The request cannot be validated.

401The request was unauthorized.

404The requested resource doesn't exist.

409The attempted action is not valid according to gateway rules. For example, when the gateway is too busy then the transaction is not processed.

422The processor declined the transaction.

500An unexpected internal server error occurred.