Tokenizing a Card

Card tokenization lets you securely vault a customer's card once and reuse it for future charges without handling raw PAN data again. The tokenize endpoint is a synchronous, no-redirect operation — it returns a cardToken immediately with no 3DS challenge, no webhook, and no redirect.

#What You Get Back

After tokenization, Exirom returns:

• token — the card reference to store on your side; pass this instead of card details on future charges
• cardMask — masked PAN for display (e.g. 411111******1111)
• cardBrand, cardType, issuingBank, cardCountry — BIN-derived metadata useful for fraud checks and display
• expirationDate — when this token expires (default 90 days, configurable)

The original card number is never stored by you. Only the token is retained.

#Token Lifetime

#What Happens Next

After tokenizing, you can:

1. Charge immediately — use the token to process a one-click payment via POST /payments/card/charge
2. Set up recurring billing — create a subscription plan that auto-charges on a schedule
3. Store for later — vault the token and charge when the customer initiates a future purchase

3DS authentication only applies when charging a saved card, not during tokenization. If the issuer requires 3DS on a charge, the charge response will include a challengeUrl.

#Sandbox Test Cards

All test cards tokenize successfully — card behavior only differs at charge time:

#Related

• API Reference: POST /api/v1/payments/card/tokenize — Full endpoint spec, parameters, Try It
• Tokenization Flow — End-to-end flow diagram
• Charging a Saved Card — Use the token for one-click payments
• Recurring Payments — Set up subscriptions using the token