Create secure token

Use this method to create a secure token that represents a customer's payment details. When you create a secure token, you need to generate and provide a secureTokenId that you use to run follow-on actions: - [Retrieve Secure Token](https://docs.payroc.com/api/schema/payments/secure-tokens/retrieve) – View the details of the secure token. - [Delete Secure Token](https://docs.payroc.com/api/schema/payments/secure-tokens/delete) – Delete the secure token. - [Update Secure Token](https://docs.payroc.com/api/schema/payments/secure-tokens/partially-update) – Update the details of the secure token. - [Update Account Details](https://docs.payroc.com/api/schema/payments/secure-tokens/update-account) – Update the secure token with the details from a single-use token. **Note:** If you don't generate a secureTokenId to identify the token, our gateway generates a unique identifier and returns it in the response. If the request is successful, our gateway returns a token that the merchant can use in transactions instead of the customer's sensitive payment details, for example, when they [run a sale](https://docs.payroc.com/api/schema/payments/create).

Path parameters

processingTerminalIdstringRequired>=4 characters<=50 characters
Unique identifier that we assigned to the terminal.

Headers

AuthorizationstringRequired

Bearer authentication of the form Bearer <token>, where token is your auth token.

Idempotency-KeystringRequiredformat: "uuid"
Unique identifier that you generate for each request. You must use the [UUID v4 format](https://www.rfc-editor.org/rfc/rfc4122) for the identifier. For more information about the idempotency key, go to [Idempotency](https://docs.payroc.com/api/idempotency).

Request

This endpoint expects an object.
sourceobjectRequired
Object that contains information about the payment method to tokenize.
secureTokenIdstringOptional>=1 character<=200 characters
Unique identifier that the merchant created for the secure token that represents the customer's payment details. If the merchant doesn't create a secureTokenId, the gateway generates one and returns it in the response.
operatorstringOptional>=1 character<=50 characters
Operator who saved the customer's payment details.
mitAgreementenumOptional
Indicates how the merchant can use the customer's card details, as agreed by the customer: - `unscheduled` - Transactions for a fixed or variable amount that are run at a certain pre-defined event. - `recurring` - Transactions for a fixed amount that are run at regular intervals, for example, monthly. Recurring transactions don't have a fixed duration and run until the customer cancels the agreement. - `installment` - Transactions for a fixed amount that are run at regular intervals, for example, monthly. Installment transactions have a fixed duration.
Allowed values:
customerobjectOptional
Object that contains the customer's contact details and address information.
ipAddressobjectOptional
Object that contains the IP address of the device that sent the request.
threeDSecureobjectOptional

Object that contains information for an authentication check on the customer’s payment details using the 3-D Secure protocol.

customFieldslist of objectsOptional
Array of customField objects.

Response

Successful request. We created a secure token that represents your customer's payment details.
secureTokenIdstring>=0 characters<=200 characters
Unique identifier that the merchant created for the secure token that represents the customer's payment details.
processingTerminalIdstring>=4 characters<=50 characters
Unique identifier that we assigned to the terminal.
sourceobject
Object that contains information about the payment method that we tokenized.
tokenstring>=12 characters<=19 characters
Token that the merchant can use in future transactions to represent the customer's payment details. The token: - Begins with the six-digit identification number **296753**. - Contains up to 12 digits. - Contains a single check digit that we calculate using the Luhn algorithm.
statusenum

Outcome of a security check on the status of the customer’s payment card or bank account.

Note: Depending on the merchant’s account settings, this feature may be unavailable.

mitAgreementenum or null
Indicates how the merchant can use the customer's card details, as agreed by the customer: - `unscheduled` - Transactions for a fixed or variable amount that are run at a certain pre-defined event. - `recurring` - Transactions for a fixed amount that are run at regular intervals, for example, monthly. Recurring transactions don't have a fixed duration and run until the customer cancels the agreement. - `installment` - Transactions for a fixed amount that are run at regular intervals, for example, monthly. Installment transactions have a fixed duration.
Allowed values:
customerobject or null
Object that contains the customer's contact details and address information.
customFieldslist of objects or null
Array of customField objects.

Errors