Server-to-Server Network Tokens

Server-to-Server Network Tokens

Last updated:April 29, 2024

This Server-to-Server guide describes how you can store the data, provision a network token with the involvement of the card network and then subsequently use the network token authorization data for a payment.

To better understand what network tokens are, please read Tokenization guide.
To know which acquirers do support network tokenization, please reach out to your Customer Success Manager.
To collect card data, you must be PCI-DSS compliant. To minimize your compliance requirements, please use COPYandPAY Network Tokens.

Use cases

Standalone tokenization

The merchant collects card data from shopper and initiates tokenization. No payment request/flow involved. A registration token is synchronously provisioned and returned to the merchant. The registration token can then be used in subsequent payments. In the background, a network token is being provisioned by the card network with Issuer involved in the token approval process to make it active for payments.


How it works

Create the token

Send the tokenization request with the collected card data.

OPTIONAL

Send payment using the token

Send the payment request using the stored registration token.

Transactions:
RG
RG
TK
TK
DB
DB
TF
TF

1. Create the token

Perform a server-to-server POST request with the required customer data, but excluding paymentType. The response to a successful request is an id that should be stored and used in subsequent payments.

A token transaction history is provided in the response to let you know that the network token provisioning kicked-off with the card network. The provisioning request takes time with issuer involved in the token approval process. The network token will be fetched with the subsequent payment attempt.

"transactions":[
  {
	"reason":"tokenization",
	"transactionId":"<UUID>",
	"clearingInstituteName":"TokenVault",
	"paymentType":"TK",
	"result":{
	  "code":"000.000.000",
	  "description":"Transaction succeeded"
	}
  }
]

Sample request:

2. Send payment using the token

Perform a server-to-server POST request over the registration token retrieved in the previous step.

A token transaction history is provided in the response to tell you that the network token is attempted to be fetched from the card network. The payment authorization continues with real card data if no network token is yet active for payments.

"transactions":[
  {
	"reason":"tokenization",
	"transactionId":"<UUID>",
	"clearingInstituteName":"TokenVault",
	"paymentType":"TF",
	"result":{
	  "code":"000.000.000",
	  "description":"Transaction succeeded"
	}
  }	
]

The network token BIN (Bank Identification Number) is different than the original PAN (Primary Account Number) BIN. However, the original PAN BIN is provided in the response to help you with a better post-authorization real issuer BIN management.

"card":{
  "bin":"<bin>",
  "last4Digits":"<last4>",
  "holder":"<holder>",
  "expiryMonth":"<month>",
  "expiryYear":"<year>"
}

Sample request:


See also