RPG Single Use Card Tokens
Credit card information can be converted to card tokens that expire after use or after a certain amount of time. This is particularly useful for avoiding sensitive information entering your server since the token can be created in browser or other client with communication straight with SaltPay. Single use tokens can be created by using either a private access token or a public access token, the borgun-payment.js library can be used to create single use tokens without card information entering your server.
The Single Use Card Token API endpoint ('/api/token/single') can be used to create, disable and get info on tokens.
Creating single use card tokens
Request objects
TokenSingleRequest
| Name | Description |
|---|---|
| PAN Required |
Credit card number, should not contain dashes(-) or spaces. |
| ExpMonth Required |
Expiration month on card, format: MM. |
| ExpYear Required |
Expiration year on card, format: YYYY. |
| TokenLifetime Required |
Expiry time of token in seconds. |
| Metadata Optional |
Metadata object for token that is specified by the merchant. Note: Never store sensitive data in the Metadata parameter |
Metadata
| Name | Description |
|---|---|
| Payload Required |
Merchant Metadata associated with the token. Datatype is string. |
Response objects
TokenSingleInfo
| Name | Description |
|---|---|
| Token Required |
Single Use Card Token that can be used to charge the card. |
| PAN Required |
Masked Credit card number that was used to generate the token. |
| ExpMonth Required |
Expiration month on card, format: MM. |
| ExpYear Required |
Expiration year on card, format: YYYY. |
| Enabled Required |
Boolean value that indicates if the token has been disabled. |
| ValidUntil Required |
Expiration date of the token. |
| Used Required |
Boolean value that indicates if the token has been used. |
| TransactionId Conditional |
If the token has been used this field will contain the TransactionId of the transaction that the token was used in. |
| UsedTime Conditional |
If the token has been used this field will contain when the token was used. |
| Metadata Optional |
Metadata object for token that was specified by the merchant. |
Metadata
| Name | Description |
|---|---|
| Payload Required |
Merchant Metadata associated with the token. Datatype is string. |
Example - Creating single use card token
curl <SERVICE_URL>/api/token/single \
-u <ACCESS_TOKEN>: \
-d "PAN=4242424242424242" \
-d "ExpYear=2020" \
-d "ExpMonth=01" \
-d "TokenLifetime=120"
TokenSingleRequest req = new TokenSingleRequest()
{
PAN = "4242424242424242",
ExpMonth = "10",
ExpYear = "2020",
TokenLifetime = 60
};
RPGClient client = new RPGClient("<PRIVATE_ACCESS_TOKEN>", "<SERVICE_URL>");
TokenSingleResponse response = await client.TokenSingle.CreateAsync(req);
BAPIjs.getToken({
'pan': '4242424242424242',
'expMonth': '10',
'expYear': '2020'
}, function(status, data) { console.log(data); });
Get token info
To get token information you can perform a GET request to /api/token/single/<TOKEN> where <TOKEN> is a Single use card token. The request will return a TokenSingleInfo object.
Example - Get Token Info
curl <SERVICE_URL>/api/token/single/<TOKEN> \
-u <PRIVATE_ACCESS_TOKEN>:
RPGClient client = new RPGClient("<PRIVATE_ACCESS_TOKEN>", "<SERVICE_URL>");
TokenSingleResponse response = await client.TokenSingle.GetAsync("<TOKEN>");
Disable token
To disable a token you can perform a PUT request to /api/token/single/<TOKEN>/disable where <TOKEN> is a Single use card token.
Example - Disabling Token
curl <SERVICE_URL>/api/token/single/<TOKEN>/disable \
-u <PRIVATE_ACCESS_TOKEN>: \
-X PUT \
-d ""
RPGClient client = new RPGClient("<PRIVATE_ACCESS_TOKEN>", "<SERVICE_URL>");
TokenSingleResponse tokenResponse = await client.TokenSingle.DisableAsync(<TOKEN>);