Tokenize Card
Tokenize Card
A POST to the /tokens resource returns a token representing the supplied card details. The token can be used as the Subscription ID in the CyberSource payment tokenization or recurring billing services. This is an unauthenticated POST initiated from your customer’s device or browser to the /tokens resource:
Test: https://testflex.cybersource.com/cybersource/flex/v1/tokens
Live: https://flex.cybersource.com/cybersource/flex/v1/tokens
 
* 
Dummy address information is created: customerFirstname, customerLastname, customerEmail, billAddress1, billCity, billCountry, billState, and billZip. To replace this information, request an update or a combined authorization and update.
Request Fields
Table 4
Request Field Names 
Field Name
Description
Data Type
keyID
Unique identifier for the generated token which is obtained from the Generate Key request. See the Java Script example on how to import the key and encrypt using the imported key.
String
cardInfo
 
 
cardNumber
Encrypted or plain text card number.
If the encryption type of None was used in the Generate Key request, this value can be set to the plaintext card number/Personal Account Number (PAN).
If the encryption type of RsaOaep256 was used in the Generate Key request, this value needs to be the RSA OAEP 256 encrypted card number. The card number should be encrypted on the cardholders’ device.
For web based implementations on modern browsers, the WebCrypto API can be used with the JWK obtained in the Generate Key request.
String
cardExpirationMonth
Two digit expiration month.
String
cardExpirationYear
Four digit expiration year.
String
cardType
Card Type. This field is required. Refer to the CyberSource Credit Card Services documentation for supported card types.
String
Response Fields
Table 5
Response Field Names
Attribute
Description
Data Type
keyId
Unique identifier for the generated token.
String
token
The generated token. The token replaces card data and is used as the Subscription ID in the CyberSource Simple Order API or SCMP API.
String
maskedPan
The masked card number displaying the first 6 digits and the last 4 digits.
String
cardType
The card type.
String
timestamp
The UTC date and time in milliseconds at which the signature was generated.
Integer
signedFields
Indicates which fields from the response make up the data that is used when verifying the response signature. See the sample code on how to verify the signature.
String
signature
Flex-generated digital signature. To ensure the values have not been tampered with while passing through the client, verify the signature server-side using the public key generated from the /keys resource.
String
Examples
Example 4
Tokenized Card Request
{
"keyId": "05BgbFie7vX5vzSMKOoqEAAdfpdR4kas",
"cardDetails": {
"cardNumber": "ejbhIpMEgYnIODcB4//rrVxMHrqHcnLD6pDRF36jlEk72bETAfiOoxmpI9pGiidqMmkgAnvJfVgR3CLAV5EdG4Mu5IWK26QRnVtwvsVEUtpah7IylbxV9MLvXh2FjIJskKCWNLidb1G4PN5963hnV3IoZd2pF99JwV9lPhOHT5ymlNeg7sTzQQDN1I0/yJApds+t79hl9QVp4PusUDfSsPQTtR2frzlH4V3W+XjHDhmy5oNhiUaVxv27cyG1SWeCKkVC9tc8zLy4pvlgoplrLV8JRaS9hfWalJjv2xtk3DXmNT2urtFv2evcI3LM/S29KlJjPXZcBp0IYyB/taunCA==",
"cardType": "001"
}
}
Example 5
Tokenized Card Response
{
"keyId": "05BgbFie7vX5vzSMKOoqEAAdfpdR4kas",
"token": "0100153497304242",
"maskedPan": "424242XXXXXX4242",
"cardType": "001",
"timestamp": 1472733222651,
"signedFields": "token,cardType,maskedPan,timestamp",
"signature": "TcM7METFOIidwbxWG2Xhawx/5gZ7hZB0Lyrhg3NRJ+Pma+Nq7BugvsqLCE2R24+h13xnM6vpJXR2cqfQPkxhb6joJT8jcciEf+lj6h/KjvXuR4pJ4fMll4WS1Z4+574ps0ysV/5zs7kT2IAZj7i+szlYwFJxGhOGC0218x1N0NxELTDyU/HI6n+Aa+mYBqkMXth42t+GNQ7goVXkJWRgQSjp2v0WTh2d2plDnxEWPURZXz7GLdQXRIYUWWxBitNSYBMMILKfDd3KEg+6nIruCln5kDMbTRD8LwPpGYC9tyM9+UM8MBINPHhaqdFp2wHF7dccKA=="
}