As you may know, "payment details" refers to the user input required to make a payment. This user input often contains sensitive information subject to regulations such as PCI-DSS - specifically, credit card numbers.
This document is about short-term tokenization of Payment Details. The goal is to "tokenize" credit card inputs on the client browser or app, and then send the token to your server for immediate processing. If you're interested in long-term storage of payment details, see Long-term Tokens.
When credit card numbers pass through your server, you become subject to PCI-DSS. PCI-DSS can be a serious burden on day-to-day operations. KOMOJU provides a way to avoid from sending raw credit card details to your server, while still letting you use our full suite of payments APIs. We call this "tokenization".
Here we'll walk through steps taken in this recipe:
|string||Credit card number with no spaces, e.g. "4111111111111111".|
|string||Two-digit card expiration month.|
|string||Two-digit card expiration year.|
|string||Short 3~4 digit code on the back of most cards.|
The key here is to call this on your front-end application. This ensures that sensitive information flows directly from the customer to KOMOJU. Since we are PCI-DSS compliant, this saves you the burden.
In the response, you'll get a Token object.
|string||Token ID. You can safely pass this value to your back-end and then use it in place of |
Pass this token to your server.
Once you have a Token ID on your server, you can set
payment_details to your Token
id string for any of the following endpoints:
Caveats: these Tokens can only be used once. Additionally, they will expire after 24 hours of non-use.
The main purpose of tokenization is to allow for rich payments integrations without PCI-DSS burden. PCI-DSS only affects credit cards, and so using our Tokens API doesn't help much for other payment methods. That said, our Tokens API does still work with any payment method.
For example, you could make the following request
and KOMOJU will give you a valid token ID. When you use this token ID to make a payment, you will get a Payment with status "authorized" and an instructions link for how to pay at Seven Eleven, which you'll need to show to your customer.
The only reasons you might want to do this is:
- Your want to re-use code between credit card and other payment method integrations, OR
- You are using Hosted Fields Token Mode.
Updated 6 months ago