Skip to main content

Tokenization

Creating and Using Account Tokens

The AndDone Tokenization service provides a secure method for saving customer payment information to be used in future transactions. Tokenization replaces a customer's credit card, debit card or ACH payment information with a unique token that can be validated by the issuer or payment processor.

The AndDone Tokenization service provides a secure method for saving customer payment information to be used in future transactions. Tokenization replaces a customer's credit card, debit card or ACH payment information with a unique token that can be validated by the issuer or payment processor.

The tokenization process for payment transactions is as follows:

  1. The merchant initiates the transaction process by creating a payment intent and opting to save the payment method for future transactions.
  2. The payment intent returns a payment token, which the merchant uses to initialize AndDoneJS.
  3. The merchant server uses the payment token to initialize AndDoneJS, and displays the payment form to the customer.
  4. The customer provides their account details and completes the payment transaction. The payment processor or issuer generates a unique account token representing the customer's payment information. This account token is a random alphanumeric sequence that has no intrinsic meaning or value. The account information is securely stored with the issuer or acquirer in compliance with PCI standards.
  5. The account token is returned to the merchant's server via webhook notification. The account token is stored with the customer's information.
  6. When the merchant processes a subsequent payment transaction for the same customer, they can pass the account token representing the payment method to the payment processor in place of the sensitive account information. The payment processor or issuer uses the token to identify the customer's account and authorize the payment.

Generating an Account Token

A token is generated during a payment transaction in which the customer elects to save their payment account information for future use.

The payment transaction is initiated by calling the POST Create Payment Intent method. When a customer has elected to save their account information for future use, the saveForFuture parameter is set to true. This indicates to the payment processor that the customer's account details for this transaction are to be tokenized.

Example: Create payment intent request body

    
    {
    "saveForFuture": true,
    "amount": "10",
    "title": "{{paymentTitle}}",
    "shortDescription": "shortDescription",
    "paymentDescription": "paymentDescription",
    "invoiceNumber": "invoiceNumber-007",
    "expiresIn": "3000",
    "intent": {
        "paymentTypes": [
            "CreditCard"
        ]
    }
  
}

Example: Create payment intent response

    
{
    "splits": null,
    "saveForFuture": true,
    "quoteKey": "null",
    "accountNumber": "null",
    "enablePremiumFinance": false,
    "paymentToken": "Qvz7orxV",
    "title": "Title_Car_608",
    "amount": 10.0,
    "invoiceNumber": "invoiceNumber-007",
    "expireOn": "03-30-2023 16:40:10",
    "shortDescription": "shortDescription",
    "paymentDescription": "paymentDescription",
    "intent": {
        "paymentTypes": [
            "CreditCard"
        ]
    }
}

The POST Create Payment Intent method returns a paymentToken in its response. This value is used to associate the subsequent payment transaction with the payment intent. The merchant server uses the paymentToken to initialize AndDoneJS and display the payment form to the customer.

The customer provides their account details and completes the payment transaction. The payment processor or issuer generates a unique account token representing the customer's account information. This account token is a random alphanumeric sequence that has no intrinsic meaning or value. The account information is securely stored with the issuer or acquirer in compliance with PCI standards.

The accountToken is returned to the merchant server via webhook notification.

Example: Account Token Created Webhook Payload

{
"EventCode": "MerchantTokenCreated",
"EventDateTime": "12-14-2023 19:42:50",
"EventBody": {
"MerchantId": "4bvl9KxM",
"AccountToken": "RPYGLDBW10MPD5ZK",
"CardBrand": "VISA",
"ExpiryMonth": "03",
"ExpiryYear": "30",
"MaskedAccountNumber": "****0008",
"NameOnAccount": "John Smith",
"NotificationType": "MerchantTokenCreated",
"NotificationDate": "12-14-2023 19:42:50",
"TimeZone": "Eastern"
},
"AdditionalFields": "",
"Signature": null
}

The AccountToken is stored by the merchant to be used in future payment transactions.

Secure Payment Transactions using Account Tokens

Once the customer's payment method has been tokenized, the accountToken can be used in secure payment transactions in place of the payment account details. This example shows the use of an account token in an Open Payment transaction. The Open Payment transaction is initiated by calling the POST Secure Payment Request method, and passing the account token instead of the actual payment account information. 

{
    "PaymentReference": "PMT-86753092112",
    "type": "OpenPayment",
    "suppressTechnologyFee": false,
    "transactionCode": "Web",
    "channelType": "CreditCard",
    "tenderInfo": {
        "amount": "158",
        "accountToken": "RPYGLDBW10MPD5ZK"
    },
    "billingcontact": {
        "phone": "8003213388",
        "name": {
            "firstname": "John",
            "lastname": "Smith"
        },
        "address": {
            "addressLine1": "30",
            "addressLine2": "Memorial Drive",
            "city": "Avon ",
            "state": "NY",
            "country": 1,
            "postalCode": "12701"
        }
    }
}

If the payment token is authorized and the transaction is successful, a success value of true is returned in the transactionResult object.

    
    ...
    "transactionResult": {
        "success": true,
        "processorAuthCode": "Authorised",
        "traceNumber": "VPVT8P3HSRWZNN82",
        "reasonCode": null,
        "reasonMessage": null,
        "additionResultData": null,
        "additionResultData2": "{\"additionalData\":{\"PaymentMethod\":\"visa\",\"NetworkTxReference\":\"735540941918995\",\"CardBin\":\"415150\",\"CardSummary\":\"0008\",\"CardHolderName\":\"Onkar\",\"ExpiryDate\":\"3/2030\",\"RealtimeAccountUpdaterStatus\":null,\"Recurring.RecurringDetailReference\":\"G3ZMD9V493M84H82\",\"Recurring.ShopperReference\":\"EAKGGKPGKR4EMZAZ\"},\"PspReference\":\"VPVT8P3HSRWZNN82\",\"RefusalReason\":null,\"ResultCode\":\"Authorised\",\"RefusalReasonCode\":null,\"amount\":{\"Currency\":\"USD\",\"Value\":1100},\"MerchantReference\":\"Title_Ball_181\"}",
        "verificationStatus": true,
        "verification1Code": null,
        "verification2Code": null,
        "errorCode": null,
        "errorMessage": null,
        "merchantReference": "Title_Ball_181"
    }
    ...

Webhook Notifications for Account Tokens

Webhook notifications are supported for account tokens, enabling real-time tracking of account token events. To receive notifications, subscribe to the Account Token webhook module in the AndDone Merchant Portal. For detailed payload and event information, see Account Token Webhook Payloads.