API Overview

Token Management Service Developer Guide
- Recent Revisions to This Document
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners
- TERMS OF USE APPLICABLE TO CARD NETWORK TOKENS

Introduction to the Token Management Service
- Types of Tokens
  - Instrument Identifier Tokens
  - Customer Tokens
  - Shipping Address Tokens
  - Payment Instrument Tokens
  - Network Tokens

Token Management Service Workflows
- PAN Tokenization Process Using TMS
- Network Token Tokenization Process
- Push Provisioning Process
- Network Token Provisioning for Merchants
- Network Token CIT for Merchants
- Network Token MIT for Merchants
- Network Token Provisioning for Partners
- Network Token CIT for Partners
- Network Token MIT for Partners

Requesting the Token Management Service API
- HTTP Response Headers
- Case Sensitivity
- Metadata
- Patching Considerations
  - Pagination
- Supported Processors
- Test Card Numbers

Token Management Service Onboarding
- Merchant ID Hierarchy
- Merchant ID Registration
- Portfolio MIDs for Partners
- Token Vault Management
  - Configure the Token Vault Settings Using the Business Center
  - Configure the Token Vault Access Using the Business Center
  - Configure Network Tokenization Using the Business Center
- Message-Level Encryption Keys
  - Creating a Message-Level Encryption Key

Network Tokenization
- Network Token Enablement
- Network Token Onboarding—Partner Model
- Network Token Life-Cycle Management
- Network Token Life-Cycle Management Reports
- Manage Webhook Subscriptions
  - Create a Digital Signature Key
  - Create Webhook Subscription
  - Retrieve the Details of a Webhook Subscription
  - Update Webhook Subscription
  - Delete Webhook Subscription
  - Network Token Life-Cycle Management Notification Examples
- Token Requestor IDs

Network Tokens
- Authorize a Payment While Ignoring Network Token
- Update Merchant-Initiated Transaction Authorization Options
- Provision a Network Token for a Card Number
- Provision a Network Token for an Existing Instrument Identifier
- Provision a Network Token for a Customer
- Provision a Network Token for a Token
- Retrieve a Standalone Network Token
- Delete a Standalone Network Token
- Retrieve Network Token Payment Credentials
- Retrieve Network Token AFT Payment Credentials
- Provision a Network Token with Push Provisioning
- Simulate Life-Cycle Management Events
  - Available Fields for Simulating Life-Cycle Management Events
  - REST Example: Simulating Life-Cycle Management Events
- Network Token Provision Failures

Create Multiple Tokens

Instrument Identifier Tokens
- Manage Instrument Identifier Tokens
  - Create an Instrument Identifier
  - Create an Instrument Identifier for Enrollable Network Tokens
  - Create an Instrument Identifier and Network Token Using EMV Tags
  - Retrieve an Instrument Identifier
  - Update an Instrument Identifier
  - Retrieve an Instrument Identifier's Payment Instruments
  - Retrieve an Instrument Identifier with an Unmasked Card Number
  - Delete an Instrument Identifier
- Payments with Instrument Identifier Tokens
  - Create an Instrument Identifier Token with Validated Payment Details
  - Authorize a Payment with an Instrument Identifier
  - Making a Credit with an Instrument Identifier

Payment Instrument Tokens
- Manage Payment Instrument Tokens
  - Create a Payment Instrument
  - Retrieve a Payment Instrument
  - Find Payment Instruments by Card Number
  - Retrieve a Payment Instrument with an Unmasked Card Number
  - Update a Payment Instrument
  - Delete a Payment Instrument
- Payments with Payment Instrument Tokens
  - Authorizing a Payment with a Payment Instrument
  - Making a Credit with a Payment Instrument

Customer Tokens
- Manage Customer Tokens
  - Create a Customer
  - Retrieve a Customer
  - Update a Customer
  - Delete a Customer
  - Retrieve a Customer's Default Payment with an Unmasked Card Number
  - Retrieve a Customer's Default Payment and Shipping Details
- Payments with Customer Tokens
  - Create a Customer Token with Validated Payment Details
  - Authorizing a Payment with a Customer Token
  - Making a Credit with a Customer Token
- Shipping Address Tokens
  - Manage Shipping Address Tokens
  - Create a Customer Shipping Address
  - Add a Default Shipping Address
  - Add a Non-Default Shipping Address
  - Change a Default Shipping Address
  - Retrieve a Customer Shipping Address
  - Retrieve All Customer Shipping Addresses
  - Update a Customer Shipping Address
  - Delete a Customer Shipping Address
  - Payments with Shipping Address Tokens
  - Authorizing a Payment with a Non-Default Shipping Address
- Customer Payment Instruments
  - Manage Customer Payment Instruments
    - Create a Customer Payment Instrument
    - Add a Default Payment Instrument Using Instrument Identifier
    - Add a Default Payment Instrument with Validated Payment
    - Add a Non-Default Payment Instrument Using Instrument Identifier
    - Add a Non-Default Payment Instrument with Validated Payment
    - Change a Customer's Default Payment Instrument
    - Retrieve a Customer Payment Instrument
    - Retrieve a Customer Payment Instrument with an Unmasked Card Number
    - List Payment Instruments for a Customer
    - Update a Customer Payment Instrument
    - Delete a Customer Payment Instrument
  - Payments with Customer Payment Instruments
    - Authorizing a Payment with a Non-Default Payment Instrument
    - Making a Credit with a Non-Default Payment Instrument

Payment Passkey
- Iframe Requirements
- Create Tokenized Card Authentication Options
- Authenticate with Passkey
  - Step 1: Cardholder authentication with FIDO
  - Step 2: Create payment credentials with FIDO data
- Register a Passkey and Authenticate
  - Step 1: Determine FIDO availability
  - Step 2: Cardholder authentication with FIDO
  - Step 3: Create payment credentials with FIDO data
- Step-up Authentication for Registration
  - Step-Up Authentication Methods
  - Step-up Authentication for Web Application or Phone
    - Step 1: Determine FIDO availability
    - Step 2: Cardholder authentication with FIDO
    - Step 3: Create payment credentials with FIDO data
  - Step-up Authentication for External Web Application
    - Step 1: Validate the one-time password code
    - Step 2: Determine FIDO availability
    - Step 3: Cardholder authentication with FIDO
    - Step 4: Create payment credentials with FIDO data
  - Step-up Authentication for One-Time Passwords
    - Step 1: Issuer sends a one-time password code
    - Step 2: Validate the one-time password code
    - Step 3: Determine FIDO availability
    - Step 4: Cardholder authentication with FIDO
    - Step 5: Create payment credentials with FIDO data

Tap to Add Card

Card Art
- Retrieve Card Art

BIN Lookup Service and TMS
- REST Example: Retrieving an Instrument Identifier with BIN Details

Using Token Management Service with Wallet Apps
- Manage Tokens with Wallet Apps
  - Create a New Customer Account
  - Add a New Shipping Address
  - Edit or Delete a Shipping Address
  - Create a New Payment Instrument with the Payments API
  - Edit or Delete a Payment Method
  - Change the Default Payment Method
  - Add a New Payment Method Address
  - View Wallet
- Payments with Tokens and Wallet Apps
  - Authorize a Payment

Reference Information
- Encrypt and Decrypt Data
- HTTP Status Codes

On This Page

Device Binding Workflow with Step-Up Authentication

Device Binding Step-Up Workflow

Bind a Device with Step-Up Authentication

The customer sends a request to the merchant that they consent to bind the device.

If the device is not enrolled, the merchant sends a request to TMSTMS to enroll the device.

Test:

POST https://apitest.cybersource.com/tms/v2/devices

If the device is enrolled, the merchant sends a request to TMS to bind the device using the device ID.

Test:

POST https://apitest.cybersource.com/tms/v2/tokenized-cards/{id}/bindings

TMS sends a binding request to the issuer with the binding ID.

The issuer sends a response to TMS with a step-up authentication binding status.

TMS sends a request to the issuer for authentication methods.

The issuer sends a list of authentication methods that are passed on to the customer.

The customer selects their authentication method and it is sent to the issuer.

The issuer initiates authentication method.

If authentication is valid, TMS binds the token to the device.

The issuer notifies TMS that binding was successful.

TMS sends a response to the merchant that the binding is completed.

The merchant notifies the customer that their device binding is complete.

Step-Up Authentication Flow

This workflow shows the possible options for step-up authentication after you send a request to

/tokenized-cards/{id}/bindings

:

Bind a Device with Step-Up Authentication

Back to top