API docs by Redocly

Cardtokens ApS API (0.0.2)

Download OpenAPI specification:Download

Vault

The CardTokens.io vault handles storage of card data, outsourcing some PCI requirements.

Store a card

Store a card

Authorizations:
api_key
Request Body schema: application/json
required
accountNumber
required
string

Account number of the card to store

expiry
required
string

Expiry of the card to store in YYMM format

merchantID
required
string

Cardtokens merchant ID.

If no merchant ID is specified, account updates and tokenization are not possible.

updates
boolean

Enable account updates (VAU/ABU).

This requires enrollment for the specific merchant.

Responses

Request samples

Content type
application/json
{
  • "accountNumber": "string",
  • "expiry": "string",
  • "merchantID": "string",
  • "updates": true
}

Response samples

Content type
application/json
{
  • "cardID": "string"
}

Retrieve stored card information

Retrive stored card information

Authorizations:
api_key
path Parameters
CardID
required
string

Responses

Response samples

Content type
application/json
{
  • "accountNumber": "string",
  • "expiry": "string",
  • "merchantID": "string",
  • "accountUpdateStatus": "disabled"
}

Delete a stored card

Delete a card stored in the vault

Authorizations:
api_key
path Parameters
CardID
required
string

Responses

Response samples

Content type
application/json
{
  • "code": "string",
  • "message": "string",
  • "correlationID": "string"
}

Enable account updates

Authorizations:
api_key
path Parameters
CardID
required
string

Responses

Response samples

Content type
application/json
{
  • "code": "string",
  • "message": "string",
  • "correlationID": "string"
}

Disable account updates

Authorizations:
api_key
path Parameters
CardID
required
string

Responses

Response samples

Content type
application/json
{
  • "code": "string",
  • "message": "string",
  • "correlationID": "string"
}

Tokenize stored card

Tokenize a stored card, including optional extra data in the request.

Authorizations:
api_key
path Parameters
CardID
required
string
Request Body schema: application/json
required
securityCode
string

Card security code, e.g. CVV/CVV2/CVC

object (Address)

Account holder/billing address

Responses

Request samples

Content type
application/json
{
  • "securityCode": "string",
  • "address": {
    }
}

Response samples

Content type
application/json
{
  • "scheme": "string",
  • "token": "string",
  • "tokenID": "string",
  • "expiry": "string",
  • "par": "string"
}

Return possibly updated card information

Query Visa Account Updater or Mastercard Automatic Billing Updater using a live API, to check if a card has been updated.

An update causes the card on file to be updated.

Authorizations:
api_key
path Parameters
CardID
required
string

Responses

Response samples

Content type
application/json
{
  • "accountNumber": "string",
  • "expiry": "string",
  • "updateStatus": "noChange"
}

Retrieve cards associated with a merchant

Authorizations:
api_key
path Parameters
merchantID
required
string
query Parameters
cursor
string

Cursor used for pagination.

Each response contains a cursor, which can be used in the next call to page over the cards for the merchant.

Responses

Response samples

Content type
application/json
{
  • "cursor": "string",
  • "cards": [
    ]
}

Add cards to a specific merchant

Authorizations:
api_key
path Parameters
merchantID
required
string
Request Body schema: application/json
required
Array ([ 1 .. 100 ] items)
accountNumber
required
string

Account number of the card to store

expiry
required
string

Expiry of the card to store in YYMM format

merchantID
required
string

Cardtokens merchant ID

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
[
  • "string"
]

AccountUpdates

Standalone account update API, on cards not directly stored by cardtokens.io.

Check if card has been updated

Perform a synchronous check with card schemes to see if the card has been updated.

Authorizations:
api_key
Request Body schema: application/json
required

Perform an update of a card

accountNumber
required
string

Account number of the card to store

expiry
required
string

Expiry of the card to store in YYMM format

merchantID
required
string

Cardtokens merchant ID

Responses

Request samples

Content type
application/json
{
  • "accountNumber": "string",
  • "expiry": "string",
  • "merchantID": "string"
}

Response samples

Content type
application/json
{
  • "accountNumber": "string",
  • "expiry": "string",
  • "updateStatus": "noChange"
}

Subscribe the provided card to account updates

Subscribe the provided card to account updates. Callbacks are used to share information about account updates.

When a callback is sent to you with status accountNumberChanged or expiryChanged, the subscription is updated with the new card details.

Any other callbacks status will result in the subscription being deleted.

As a step in subscribing, an account update will be performed on the card, and the results will be returned.

If the account update result has status noChange, the provided account number and expiry will be used for the subscription.

If the account update result has status accountNumberChanged or expiryChanged, the new card details will be used for the subscription.

On any other account update result no subscription will be created.

Authorizations:
api_key
Request Body schema: application/json
required

Perform an update of a card

accountNumber
required
string

Account number of the card to store

expiry
required
string

Expiry of the card to store in YYMM format

merchantID
required
string

Cardtokens merchant ID

Responses

Request samples

Content type
application/json
{
  • "accountNumber": "string",
  • "expiry": "string",
  • "merchantID": "string"
}

Response samples

Content type
application/json
{
  • "accountNumber": "string",
  • "expiry": "string",
  • "updateStatus": "noChange",
  • "subscriptionID": "string"
}

Delete a card previously subscribed to account updates.

Authorizations:
api_key
path Parameters
subscriptionID
required
string

Responses

Response samples

Content type
application/json
{
  • "code": "string",
  • "message": "string",
  • "correlationID": "string"
}

Tokens

Standalone Tokenization operations on cards not directly stored by cardtokens.io.

Tokenize a card

Create a token

Authorizations:
api_key
Request Body schema: application/json
required
accountNumber
required
string

Card account number

expiry
required
string

Expiry in YYMM format

securityCode
string

Card security code, e.g. CVV/CVV2/CVC

merchantID
required
string

The cardtokens merchant ID

object (Address)

Account holder/billing address

Responses

Request samples

Content type
application/json
{
  • "accountNumber": "string",
  • "expiry": "string",
  • "securityCode": "string",
  • "merchantID": "string",
  • "address": {
    }
}

Response samples

Content type
application/json
{
  • "scheme": "string",
  • "token": "string",
  • "tokenID": "string",
  • "expiry": "string",
  • "par": "string"
}

Get information about a token

Authorizations:
api_key
path Parameters
tokenID
required
string

Responses

Response samples

Content type
application/json
{
  • "token": "string",
  • "expiry": "string",
  • "status": "ACTIVE"
}

Delete a token

Authorizations:
api_key
path Parameters
tokenID
required
string

Responses

Response samples

Content type
application/json
{
  • "code": "string",
  • "message": "string",
  • "correlationID": "string"
}

Provision a cryptogram for a card

Authorizations:
api_key
path Parameters
tokenID
required
string
Request Body schema: application/json
required

Provision token request

reference
required
string
transactionType
string
Enum: "ecom" "recurring"

Defaults to ecom

Responses

Request samples

Content type
application/json
{
  • "reference": "string",
  • "transactionType": "ecom"
}

Response samples

Content type
application/json
{
  • "cryptogram": "string",
  • "token": "string",
  • "expiry": "string",
  • "scheme": "string",
  • "par": "string",
  • "cryptogramID": "string"
}

Get graphical representation of card that can be displayed to the cardholder.

Authorizations:
api_key
path Parameters
tokenID
required
string

Responses

Response samples

Content type
application/json
{
  • "image": "string",
  • "mimetype": "string",
  • "height": "string",
  • "width": "string",
  • "expiry": "string",
  • "last4": "string",
  • "issue": "string"
}

Account Update callback on stored card Webhook

Authorizations:
api_key
Request Body schema: application/json
last4
string

Last 4 digits of card

expiry
string

Expiry of the card to store in YYMM format

newCardID
string

ID of the updated card, if applicable

cardID
required
string

ID of the stored card

updateStatus
required
string
Enum: "noChange" "accountNumberChanged" "expiryChanged" "closedAccount" "nonParticipatingBIN" "contactCardholder" "cardholderOptOut" "binNoMatch"

The result of the update check

Responses

Request samples

Content type
application/json
{
  • "last4": "string",
  • "expiry": "string",
  • "newCardID": "string",
  • "cardID": "string",
  • "updateStatus": "noChange"
}

Account update event on subscribed card Webhook

When an account update happens this callback will trigger and call your configured endpoint with the new account information.

Authorizations:
api_key
Request Body schema: application/json
accountNumber
string

Account number of the card to store

expiry
string

Expiry of the card to store in YYMM format

merchantID
string

Cardtokens merchant ID

subscriptionID
string

Subscription ID

The previously stored card has been replaced with the new card.

updateStatus
required
string
Enum: "noChange" "accountNumberChanged" "expiryChanged" "closedAccount" "nonParticipatingBIN" "contactCardholder" "cardholderOptOut" "binNoMatch"

The result of the update check

Responses

Request samples

Content type
application/json
{
  • "accountNumber": "string",
  • "expiry": "string",
  • "merchantID": "string",
  • "subscriptionID": "string",
  • "updateStatus": "noChange"
}