Create a new credit or debit card payment method by securely tokenizing the card details.
This endpoint allows you to create a new credit or debit card payment method by securely tokenizing the card details. However, using this server-side API solution increases the PCI DSS compliance requirements for your application. For most use cases, it is strongly recommended to use Stax.js, a browser-side solution, to minimize compliance obligations.
Key Features
Secure Tokenization
Tokenizes sensitive card data for secure storage and future use in transactions.
Customer Association
Associates the payment method with a customer if a customer_id is provided.
Safe Storage
Provides a tokenized representation of the card without storing sensitive details like the full card number or CVV.
Usage Guidelines
PCI Compliance
- Using the server-side solution expands your PCI scope and requires an annual SAQ-D assessment.
- Avoid handling sensitive card details server-side unless absolutely necessary.
- For reduced risk and liability, use Stax.js for tokenization.
Supported Card Details
Ensure that the provided card details, including the number, expiration date, and CVV, are valid.
Customer Association
Include a customer_id to associate the card with an existing customer. If no customer_id is provided, the card will not be linked to a customer.
Error Handling
Invalid or expired cards will result in a validation error.
Response Structure
| Code | Response | Reason |
|---|---|---|
| 200 | Success | A successful response returns the tokenized payment method |
| 400 | Bad Request | Invalid or missing card details. |
| 401 | Unauthorized | Authentication failed. |
| 422 | Unprocessable Entity | Validation error for card information (e.g., expired card, invalid number). |
| 500 | Internal Server Error | An unexpected error occurred on the server. |
Important Considerations
PCI Compliance: Avoid using this server-side API for credit card tokenization unless absolutely necessary. Always prioritize using Stax.js.
Card Validation: Stax does not store the full card number or CVV; these are only used during tokenization.
Customer Association: Linking the card to a customer ensures easier future retrieval.