Payment tokens are used to reduce the scope of PCI DSS compliance. A payment token can be made using a different authentication scheme (refer to the public key authentication scheme in the Authentication section), which allows you to create a payment token directly from the browser, bypassing the need to send sensitive cardholder info to your servers. We recommend using this with our Rebilly.js library, which helps you wire a form into this API resource and create payment tokens.
FramePay is the recommended way to create a payment token because it minimizes PCI DSS compliance. Once a payment token is created, it can only be used once.
A payment token expires upon first use or within 30 minutes of the token creation (whichever comes first).
Organization-Id | string (ResourceId) <= 50 characters Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21 Organization identifier in scope of which need to perform request (if not specified, the default organization will be used). |
PaymentToken resource.
method required | string Value: "payment-card" The token payment method. |
required | object The payment card instrument details. |
object The billing address object. | |
object Risk metadata used for 3DS and risk scoring. | |
object |
Rate-Limit-Limit | integer The number of allowed requests in the current period. |
Rate-Limit-Remaining | integer The number of remaining requests in the current period. |
Rate-Limit-Reset | string The date in format defined by RFC 822 when the current period will reset. |
method required | string Value: "payment-card" The token payment method. |
required | object The payment card instrument details. |
object The billing address object. | |
id | string <= 50 characters The token identifier string. |
isUsed | boolean Default: false Whether the token was already used. |
object Risk metadata used for 3DS and risk scoring. | |
createdTime | string <date-time> Token created time. |
updatedTime | string <date-time> Token updated time. |
usageTime | string <date-time> Token usage time. |
expirationTime | string <date-time> Token expiration time. |
Array of objects (SelfLink) non-empty The links related to resource. |
{- "method": "payment-card",
- "paymentInstrument": {
- "pan": "string",
- "cvv": "string",
- "expMonth": 0,
- "expYear": 0
}, - "billingAddress": {
- "firstName": "Benjamin",
- "lastName": "Franklin",
- "organization": null,
- "address": "36 Craven St",
- "address2": "string",
- "city": "London",
- "region": "London",
- "country": "GB",
- "postalCode": "WC2N 5NF",
- "phoneNumbers": [
- {
- "label": "main",
- "value": "512-710-1640",
- "primary": true
}
], - "emails": [
- {
- "label": "main",
- "value": "rebilly@example.com",
- "primary": true
}
]
}, - "riskMetadata": {
- "ipAddress": "93.92.91.90",
- "fingerprint": "pIUt3xbgX3l9g3YDiLbx",
- "httpHeaders": {
- "Content-Type": "application/json",
- "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
}, - "browserData": {
- "colorDepth": 24,
- "isJavaEnabled": true,
- "language": "en-US",
- "screenWidth": 1920,
- "screenHeight": 1080,
- "timeZoneOffset": 300
}
}, - "leadSource": {
- "medium": "string",
- "source": "string",
- "campaign": "string",
- "term": "string",
- "content": "string",
- "affiliate": "string",
- "subAffiliate": "string",
- "salesAgent": "string",
- "clickId": "string",
- "path": "string",
- "referrer": "string"
}
}
{- "method": "payment-card",
- "paymentInstrument": {
- "expMonth": 0,
- "expYear": 0,
- "bin": "string",
- "last4": "string",
- "brand": "Visa"
}, - "billingAddress": {
- "firstName": "Benjamin",
- "lastName": "Franklin",
- "organization": null,
- "address": "36 Craven St",
- "address2": "string",
- "city": "London",
- "region": "London",
- "country": "GB",
- "postalCode": "WC2N 5NF",
- "phoneNumbers": [
- {
- "label": "main",
- "value": "512-710-1640",
- "primary": true
}
], - "emails": [
- {
- "label": "main",
- "value": "rebilly@example.com",
- "primary": true
}
], - "hash": "056ae6d97c788b9e98b049ebafd7b229bf852221"
}, - "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "isUsed": false,
- "riskMetadata": {
- "ipAddress": "93.92.91.90",
- "fingerprint": "pIUt3xbgX3l9g3YDiLbx",
- "httpHeaders": {
- "Content-Type": "application/json",
- "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
}, - "browserData": {
- "colorDepth": 24,
- "isJavaEnabled": true,
- "language": "en-US",
- "screenWidth": 1920,
- "screenHeight": 1080,
- "timeZoneOffset": 300
}, - "isProxy": true,
- "isVpn": true,
- "isTor": true,
- "isHosting": true,
- "vpnServiceName": "string",
- "isp": "string",
- "country": "US",
- "region": "NY",
- "city": "New York",
- "latitude": 0,
- "longitude": 0,
- "postalCode": "string",
- "timeZone": "America/New_York",
- "accuracyRadius": 0,
- "distance": 0,
- "hasMismatchedBillingAddressCountry": true,
- "hasMismatchedBankCountry": true,
- "hasMismatchedTimeZone": true,
- "hasMismatchedHolderName": true,
- "paymentInstrumentVelocity": 0,
- "deviceVelocity": 0,
- "score": 0
}, - "createdTime": "2019-08-24T14:15:22Z",
- "updatedTime": "2019-08-24T14:15:22Z",
- "usageTime": "2019-08-24T14:15:22Z",
- "expirationTime": "2019-08-24T14:15:22Z",
- "_links": [
- {
- "rel": "self",
- "href": "string"
}
]
}
Retrieve a list of tokens.
limit | integer [ 0 .. 1000 ] The collection items limit. |
offset | integer >= 0 The collection items offset. |
Organization-Id | string (ResourceId) <= 50 characters Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21 Organization identifier in scope of which need to perform request (if not specified, the default organization will be used). |
Rate-Limit-Limit | integer The number of allowed requests in the current period. |
Rate-Limit-Remaining | integer The number of remaining requests in the current period. |
Rate-Limit-Reset | string The date in format defined by RFC 822 when the current period will reset. |
Pagination-Total | integer Total items count. |
Pagination-Limit | integer Items per page limit. |
Pagination-Offset | integer Pagination offset. |
method required | string Value: "payment-card" The token payment method. |
required | object The payment card instrument details. |
object The billing address object. | |
id | string <= 50 characters The token identifier string. |
isUsed | boolean Default: false Whether the token was already used. |
object Risk metadata used for 3DS and risk scoring. | |
createdTime | string <date-time> Token created time. |
updatedTime | string <date-time> Token updated time. |
usageTime | string <date-time> Token usage time. |
expirationTime | string <date-time> Token expiration time. |
Array of objects (SelfLink) non-empty The links related to resource. |
$paymentCardTokens = $client->paymentCardTokens()->search([ 'filter' => 'token:string', ]);
[- {
- "method": "string",
- "paymentInstrument": {
- "expMonth": 0,
- "expYear": 0,
- "bin": "string",
- "last4": "string",
- "brand": "Visa"
}, - "billingAddress": {
- "firstName": "Benjamin",
- "lastName": "Franklin",
- "organization": null,
- "address": "36 Craven St",
- "address2": "string",
- "city": "London",
- "region": "London",
- "country": "GB",
- "postalCode": "WC2N 5NF",
- "phoneNumbers": [
- {
- "label": "main",
- "value": "512-710-1640",
- "primary": true
}
], - "emails": [
- {
- "label": "main",
- "value": "rebilly@example.com",
- "primary": true
}
], - "hash": "056ae6d97c788b9e98b049ebafd7b229bf852221"
}, - "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "isUsed": false,
- "riskMetadata": {
- "ipAddress": "93.92.91.90",
- "fingerprint": "pIUt3xbgX3l9g3YDiLbx",
- "httpHeaders": {
- "Content-Type": "application/json",
- "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
}, - "browserData": {
- "colorDepth": 24,
- "isJavaEnabled": true,
- "language": "en-US",
- "screenWidth": 1920,
- "screenHeight": 1080,
- "timeZoneOffset": 300
}, - "isProxy": true,
- "isVpn": true,
- "isTor": true,
- "isHosting": true,
- "vpnServiceName": "string",
- "isp": "string",
- "country": "US",
- "region": "NY",
- "city": "New York",
- "latitude": 0,
- "longitude": 0,
- "postalCode": "string",
- "timeZone": "America/New_York",
- "accuracyRadius": 0,
- "distance": 0,
- "hasMismatchedBillingAddressCountry": true,
- "hasMismatchedBankCountry": true,
- "hasMismatchedTimeZone": true,
- "hasMismatchedHolderName": true,
- "paymentInstrumentVelocity": 0,
- "deviceVelocity": 0,
- "score": 0
}, - "createdTime": "2019-08-24T14:15:22Z",
- "updatedTime": "2019-08-24T14:15:22Z",
- "usageTime": "2019-08-24T14:15:22Z",
- "expirationTime": "2019-08-24T14:15:22Z",
- "_links": [
- {
- "rel": "self",
- "href": "string"
}
]
}
]
Retrieve a token with specified identifier string.
token required | string The token identifier string. |
Organization-Id | string (ResourceId) <= 50 characters Example: 4f6cf35x-2c4y-483z-a0a9-158621f77a21 Organization identifier in scope of which need to perform request (if not specified, the default organization will be used). |
Rate-Limit-Limit | integer The number of allowed requests in the current period. |
Rate-Limit-Remaining | integer The number of remaining requests in the current period. |
Rate-Limit-Reset | string The date in format defined by RFC 822 when the current period will reset. |
method required | string Value: "payment-card" The token payment method. |
required | object The payment card instrument details. |
object The billing address object. | |
id | string <= 50 characters The token identifier string. |
isUsed | boolean Default: false Whether the token was already used. |
object Risk metadata used for 3DS and risk scoring. | |
createdTime | string <date-time> Token created time. |
updatedTime | string <date-time> Token updated time. |
usageTime | string <date-time> Token usage time. |
expirationTime | string <date-time> Token expiration time. |
Array of objects (SelfLink) non-empty The links related to resource. |
$paymentCardToken = $client->paymentCardTokens()->load('tokenId');
{- "method": "payment-card",
- "paymentInstrument": {
- "expMonth": 0,
- "expYear": 0,
- "bin": "string",
- "last4": "string",
- "brand": "Visa"
}, - "billingAddress": {
- "firstName": "Benjamin",
- "lastName": "Franklin",
- "organization": null,
- "address": "36 Craven St",
- "address2": "string",
- "city": "London",
- "region": "London",
- "country": "GB",
- "postalCode": "WC2N 5NF",
- "phoneNumbers": [
- {
- "label": "main",
- "value": "512-710-1640",
- "primary": true
}
], - "emails": [
- {
- "label": "main",
- "value": "rebilly@example.com",
- "primary": true
}
], - "hash": "056ae6d97c788b9e98b049ebafd7b229bf852221"
}, - "id": "4f6cf35x-2c4y-483z-a0a9-158621f77a21",
- "isUsed": false,
- "riskMetadata": {
- "ipAddress": "93.92.91.90",
- "fingerprint": "pIUt3xbgX3l9g3YDiLbx",
- "httpHeaders": {
- "Content-Type": "application/json",
- "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
}, - "browserData": {
- "colorDepth": 24,
- "isJavaEnabled": true,
- "language": "en-US",
- "screenWidth": 1920,
- "screenHeight": 1080,
- "timeZoneOffset": 300
}, - "isProxy": true,
- "isVpn": true,
- "isTor": true,
- "isHosting": true,
- "vpnServiceName": "string",
- "isp": "string",
- "country": "US",
- "region": "NY",
- "city": "New York",
- "latitude": 0,
- "longitude": 0,
- "postalCode": "string",
- "timeZone": "America/New_York",
- "accuracyRadius": 0,
- "distance": 0,
- "hasMismatchedBillingAddressCountry": true,
- "hasMismatchedBankCountry": true,
- "hasMismatchedTimeZone": true,
- "hasMismatchedHolderName": true,
- "paymentInstrumentVelocity": 0,
- "deviceVelocity": 0,
- "score": 0
}, - "createdTime": "2019-08-24T14:15:22Z",
- "updatedTime": "2019-08-24T14:15:22Z",
- "usageTime": "2019-08-24T14:15:22Z",
- "expirationTime": "2019-08-24T14:15:22Z",
- "_links": [
- {
- "rel": "self",
- "href": "string"
}
]
}
FramePay is the recommended way to use when validating a digital wallet session.
Digital wallet validation request.
type required | string Type of the digital wallet to validate. Apple Pay Apple Pay |
required | object The validation request. |
Rate-Limit-Limit | integer The number of allowed requests in the current period. |
Rate-Limit-Remaining | integer The number of remaining requests in the current period. |
Rate-Limit-Reset | string The date in format defined by RFC 822 when the current period will reset. |
type required | string Type of the digital wallet to validate. Apple Pay Apple Pay |
validationResponse | object The validation response to use by the Apple Pay SDK to proceed. |
{- "type": "Apple Pay",
- "validationRequest": {
- "validationURL": "string",
- "domainName": "www.example.com",
- "displayName": "My Store"
}
}
{- "type": "Apple Pay",
- "validationResponse": { }
}