API Overview

Token Management Service Developer Guide
- Recent Revisions to This Document
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners
- TERMS OF USE APPLICABLE TO CARD NETWORK TOKENS

Introduction to the Token Management Service
- Types of Tokens
  - Instrument Identifier Tokens
  - Customer Tokens
  - Shipping Address Tokens
  - Payment Instrument Tokens
  - Network Tokens

Token Management Service Workflows
- PAN Tokenization Process Using TMS
- Network Token Tokenization Process
- Push Provisioning Process
- Network Token Provisioning for Merchants
- Network Token CIT for Merchants
- Network Token MIT for Merchants
- Network Token Provisioning for Partners
- Network Token CIT for Partners
- Network Token MIT for Partners

Requesting the Token Management Service API
- HTTP Response Headers
- Case Sensitivity
- Metadata
- Patching Considerations
  - Pagination
- Supported Processors
- Test Card Numbers

Token Management Service Onboarding
- Merchant ID Hierarchy
- Merchant ID Registration
- Portfolio MIDs for Partners
- Token Vault Management
  - Configure the Token Vault Settings Using the Business Center
  - Configure the Token Vault Access Using the Business Center
  - Configure Network Tokenization Using the Business Center
- Message-Level Encryption Keys
  - Creating a Message-Level Encryption Key

Network Tokenization
- Network Token Enablement
- Network Token Onboarding—Partner Model
- Network Token Life-Cycle Management
- Network Token Life-Cycle Management Reports
- Manage Webhook Subscriptions
  - Create a Digital Signature Key
  - Create Webhook Subscription
  - Retrieve the Details of a Webhook Subscription
  - Update Webhook Subscription
  - Delete Webhook Subscription
  - Network Token Life-Cycle Management Notification Examples
- Token Requestor IDs

Network Tokens
- Authorize a Payment While Ignoring Network Token
- Update Merchant-Initiated Transaction Authorization Options
- Provision a Network Token for a Card Number
- Provision a Network Token for an Existing Instrument Identifier
- Provision a Network Token for a Customer
- Provision a Network Token for a Token
- Retrieve a Standalone Network Token
- Delete a Standalone Network Token
- Retrieve Network Token Payment Credentials
- Retrieve Network Token AFT Payment Credentials
- Provision a Network Token with Push Provisioning
- Simulate Life-Cycle Management Events
  - Available Fields for Simulating Life-Cycle Management Events
  - REST Example: Simulating Life-Cycle Management Events
- Network Token Provision Failures

Create Multiple Tokens

Instrument Identifier Tokens
- Manage Instrument Identifier Tokens
  - Create an Instrument Identifier
  - Create an Instrument Identifier for Enrollable Network Tokens
  - Create an Instrument Identifier and Network Token Using EMV Tags
  - Retrieve an Instrument Identifier
  - Update an Instrument Identifier
  - Retrieve an Instrument Identifier's Payment Instruments
  - Retrieve an Instrument Identifier with an Unmasked Card Number
  - Delete an Instrument Identifier
- Payments with Instrument Identifier Tokens
  - Create an Instrument Identifier Token with Validated Payment Details
  - Authorize a Payment with an Instrument Identifier
  - Making a Credit with an Instrument Identifier

Payment Instrument Tokens
- Manage Payment Instrument Tokens
  - Create a Payment Instrument
  - Retrieve a Payment Instrument
  - Find Payment Instruments by Card Number
  - Retrieve a Payment Instrument with an Unmasked Card Number
  - Update a Payment Instrument
  - Delete a Payment Instrument
- Payments with Payment Instrument Tokens
  - Authorizing a Payment with a Payment Instrument
  - Making a Credit with a Payment Instrument

Customer Tokens
- Manage Customer Tokens
  - Create a Customer
  - Retrieve a Customer
  - Update a Customer
  - Delete a Customer
  - Retrieve a Customer's Default Payment with an Unmasked Card Number
  - Retrieve a Customer's Default Payment and Shipping Details
- Payments with Customer Tokens
  - Create a Customer Token with Validated Payment Details
  - Authorizing a Payment with a Customer Token
  - Making a Credit with a Customer Token
- Shipping Address Tokens
  - Manage Shipping Address Tokens
  - Create a Customer Shipping Address
  - Add a Default Shipping Address
  - Add a Non-Default Shipping Address
  - Change a Default Shipping Address
  - Retrieve a Customer Shipping Address
  - Retrieve All Customer Shipping Addresses
  - Update a Customer Shipping Address
  - Delete a Customer Shipping Address
  - Payments with Shipping Address Tokens
  - Authorizing a Payment with a Non-Default Shipping Address
- Customer Payment Instruments
  - Manage Customer Payment Instruments
    - Create a Customer Payment Instrument
    - Add a Default Payment Instrument Using Instrument Identifier
    - Add a Default Payment Instrument with Validated Payment
    - Add a Non-Default Payment Instrument Using Instrument Identifier
    - Add a Non-Default Payment Instrument with Validated Payment
    - Change a Customer's Default Payment Instrument
    - Retrieve a Customer Payment Instrument
    - Retrieve a Customer Payment Instrument with an Unmasked Card Number
    - List Payment Instruments for a Customer
    - Update a Customer Payment Instrument
    - Delete a Customer Payment Instrument
  - Payments with Customer Payment Instruments
    - Authorizing a Payment with a Non-Default Payment Instrument
    - Making a Credit with a Non-Default Payment Instrument

Payment Passkey
- Iframe Requirements
- Create Tokenized Card Authentication Options
- Authenticate with Passkey
  - Step 1: Cardholder authentication with FIDO
  - Step 2: Create payment credentials with FIDO data
- Register a Passkey and Authenticate
  - Step 1: Determine FIDO availability
  - Step 2: Cardholder authentication with FIDO
  - Step 3: Create payment credentials with FIDO data
- Step-up Authentication for Registration
  - Step-Up Authentication Methods
  - Step-up Authentication for Web Application or Phone
    - Step 1: Determine FIDO availability
    - Step 2: Cardholder authentication with FIDO
    - Step 3: Create payment credentials with FIDO data
  - Step-up Authentication for External Web Application
    - Step 1: Validate the one-time password code
    - Step 2: Determine FIDO availability
    - Step 3: Cardholder authentication with FIDO
    - Step 4: Create payment credentials with FIDO data
  - Step-up Authentication for One-Time Passwords
    - Step 1: Issuer sends a one-time password code
    - Step 2: Validate the one-time password code
    - Step 3: Determine FIDO availability
    - Step 4: Cardholder authentication with FIDO
    - Step 5: Create payment credentials with FIDO data

Tap to Add Card

Card Art
- Retrieve Card Art

BIN Lookup Service and TMS
- REST Example: Retrieving an Instrument Identifier with BIN Details

Using Token Management Service with Wallet Apps
- Manage Tokens with Wallet Apps
  - Create a New Customer Account
  - Add a New Shipping Address
  - Edit or Delete a Shipping Address
  - Create a New Payment Instrument with the Payments API
  - Edit or Delete a Payment Method
  - Change the Default Payment Method
  - Add a New Payment Method Address
  - View Wallet
- Payments with Tokens and Wallet Apps
  - Authorize a Payment

Reference Information
- Encrypt and Decrypt Data
- HTTP Status Codes

On This Page

Classic Cloud Token Framework

The Cloud Token Framework (CTF) is the framework for binding a device and a network token. CTF enables merchants to perform one-time issuer identification and verification and securely binds a user's device to a Visa network token. CTF reduces fraud rates and improves transaction conversion.

IMPORTANT

CTF is supported only in mobile in-app experiences.

Prerequisites

In order to send device binding requests, you must have a self-signed certificate associated with your merchant account. See Cloud Token Framework Key Generation.

A token requestor must pass local authentication information. The token requestor can select up to two of these authentication factors for the cardholder to verify their identity at checkout:

Knowledge: Knowledge verification factors include information that only the cardholder knows. For example, a password.
Possession: Possession verification factors include something that only the cardholder has. For example, a pre-registered mobile phone, a card reader, or a key generation device.
Inherence: Inherence verification factors include something that the cardholder is. For example, biometric data. Biometric data includes facial recognition, a fingerprint, voice recognition, or a behavioral biometric.

IMPORTANT

In markets where two-factor authentication is a regulatory requirement, token requestors must send both authentication factors and the two selected factors should be mutually independent. In all other markets, token requestors will have to perform single-factor authentication as a minimum requirement.

Back to top