# Payment tokens

Use payment tokens to reduce the scope of [PCI DSS compliance](https://www.rebilly.com/docs/pci-compliance/).

A payment token can be made using a different authentication scheme (public key authentication), which enables you to create a payment token directly from the browser.
This bypasses the need to send sensitive cardholder info to your servers.
We recommend using this with the FramePay library, which helps you integrate a form into this API resource and create payment tokens.

## Create a payment token

 - [POST /tokens](https://www.rebilly.com/docs/dev-docs/api/payment-tokens/posttoken.md): Creates a payment token which can be exchanged into a payment instrument.
FramePay is the recommended way to create a payment token because it minimizes PCI DSS compliance.
Once a payment token is created, it can only be used once.

A payment token expires upon first use or within 30 minutes of the token creation, whichever comes first.

## Retrieve tokens

 - [GET /tokens](https://www.rebilly.com/docs/dev-docs/api/payment-tokens/gettokencollection.md): Retrieve a list of tokens.

## Retrieve a token

 - [GET /tokens/{token}](https://www.rebilly.com/docs/dev-docs/api/payment-tokens/gettoken.md): Retrieves a token with a specified ID.

## Validate a digital wallet session

 - [POST /digital-wallets/validation](https://www.rebilly.com/docs/dev-docs/api/payment-tokens/postdigitalwalletvalidation.md): Validates a digital wallet session.

We recommend using FramePay to validate a digital wallet session.