Menu

Developer Resources

  • All Files

Creating Tokens

General Overview Tokenization

A token is a unique value that represents and is provided in exchange for a credit/debit card number. Tokens are a security measure used to reduce your Payment Card Industry (PCI) exposure by preventing the credit/debit card number from being stored or transmitted in your system. Tokens are created automatically and as needed by our platform's Universal Token components in the PCI JavaScript Library or through the APIs.

There are two types of tokens:

  • Temporary tokens are designed for use in single, non-recurring transactions. Temporary tokens expire after 7 days or 168 hours.
  • Permanent tokens never expire and are designed for use in future or recurring transactions. A permanent token can be issued to a credit/debit card number following a successful transaction with your acquirer. When a permanent token is assigned, any previously assigned temporary token expires.

When storing a permanent token to use in future transactions, you must follow Visa's requirements for the Complying with the Stored Credential Framework.

Using the PCI JavaScript Library

The PCI JavaScript Library is intended for use in web and mobile web channels. This library is injected into the customer's browser via the checkout web page. The library function is triggered when the customer enters a credit/debit card number. The credit/debit card number is sent directly to our platform where it is securely stored, and a temporary token is generated and returned to you. To download the tokenization code needed for your checkout page, click here, then right click and select Save As.

Implementation

To create a temporary token, copy and paste this sample code into your Web form, and then replace the information in the brackets with the information returned to you.

Sample Code

In the Web form header, add the tokenization library, and then initialize the token object using the following code:

<script type="text/javascript" src="{Path to JS File}/vestatoken-1.0.3.js"></script>

<script type="text/javascript">

vestatoken.init({

ServiceURL : "{Tokenization API}",

AccountName : "{API Username}"

});

</script>

After adding the libraries and initializing the token object, add fields to the page to collect the customer information, payment information, and credit/debit card number using the following code:

<form id="paymentForm" method="post">

<!-- Add additional form fields -->

<input type="text" id="pdCardNumber" />

<input type="submit" />

</form>

On submission, the Web form JavaScript invokes the vesta.token-1.0.3.js file, which returns a token. Using the following code, replace the credit/debit card number on the form with the token before submitting it to the Web server:

<script type="text/javascript">

document.getElementById('paymentForm').onsubmit = function() {

vestatoken.getcreditcardtoken({

ChargeAccountNumber: document.getElementById('pdCardNumber').value,

onSuccess: function(data) {

// make use of 'data.ChargeAccountNumberToken' (String), 'data.PaymentDeviceLast4' (String) and 'data.PaymentDeviceTypeCD' (String)

},

onFailed: function(failure) {

// make use of `failure` (String)

},

onInvalidInput: function(failure) {

// make use of `failure` (String)

}

});

return false;

}

</script>