💠Card Tokenization
🔐 Overview
A55's card tokenization enhances security and improves authorization performance by converting raw card data into a secure token on the first successful transaction — with no changes required to your integration.
Once enabled at the account level, the platform:
- Accepts raw card data normally on first use
- Securely tokenizes and stores the card after a successful charge
- Transparently uses the token for all subsequent charges
- Maintains secure card lifecycle handling (expiry / reissue continuity)
No new endpoints • No SDK updates • No payload changes — just enable and benefit
🔍 How It Works
| Stage | Platform Behavior |
|---|---|
| First card use | Card data is processed and tokenized in-line |
| Secure vaulting | Token is generated and securely mapped to the card |
| Future payments | Token replaces raw card data automatically |
| Integration impact | Zero — same requests, no new flows needed |
After the first successful use, the card never needs to be provided again.
🔄 Credit Card Transaction Flow with Tokenization
sequenceDiagram
participant Buyer as 🧑 Buyer
participant Merchant as 🛒 Merchant Platform
participant A55API as 🧩 a55 API
participant AF as 🛡️ Antifraud Engine
participant ThreeDS as 🔐 3DS Server
participant Token as 💠 Tokenization Engine
participant Acquirer as 🏦 Acquirer / Provider
Buyer->>Merchant: 1. Selects credit card as payment method
Merchant->>A55API: 2. Sends transaction request (card + payer data)
A55API->>AF: 3. Triggers antifraud analysis
AF-->>A55API: Risk decision (approve / reject / review)
A55API->>ThreeDS: 4. Initiates 3DS authentication (if enabled)
ThreeDS-->>A55API: 5. 3DS result (frictionless / challenge / success / fail)
A55API->>Token: 6. Tokenizes card on first successful use (if enabled)
Token-->>A55API: Token stored & mapped securely
A55API->>Acquirer: 7. Sends transaction for authorization (using token if available)
Acquirer-->>A55API: 8. Returns authorization status
A55API-->>Merchant: 9. Returns final result
🎯 Why It Matters
Modern payment infrastructure relies on automatic card tokenization to enable:
- ✅ Reduced PCI exposure — token replaces sensitive data
- ✅ Seamless recurring & subscription flows
- ✅ Higher authorization success & retry performance
- ✅ Automatic lifecycle continuity (expiry / reissued cards)
- ✅ Zero engineering overhead
This brings your payment flow up to enterprise orchestration standards.
⚙️ Activation
Automatic tokenization is configured at the account level.
Please contact [email protected] to request activation.
Once active, the feature applies to all eligible transactions for that account — no additional setup required.
💡 Best Practices
| Scenario | Recommendation |
|---|---|
| Recurring billing / subscriptions | Enable auto‑tokenization; charge normally |
| Retry & recovery flows | Allow token reuse for best success rates |
| User‑initiated repeat payments | Token prevents friction |
| Security & compliance | Avoid storing raw PAN entirely |
🧠 Behavior Notes
- Tokenization occurs on first successful transaction
- Token is used automatically on all future charges
- If a card token and raw card data are both sent → token takes priority
- Fully compatible with 3DS, fraud scoring, and routing logic
Automatic tokenization never interferes with existing security or orchestration rules.
✅ Summary
Automatic card tokenization gives you:
- Secure card handling without touching vault logic
- Frictionless recurring and retry flows
- Higher card approval stability
- PCI scope reduction
Enable once — the platform manages card lifecycle from there.
Secure. Seamless. Zero‑change integration.
➕ Explicit Card Tokenization (Card-by-Card)
sequenceDiagram
autonumber
participant Client as (Client) Merchant
participant API as (A55) Tokenization API
participant Billing as (A55) Charge API
Client->>API: Send PAN to tokenization endpoint
API-->>Client: Return token UUID
Client->>Billing: Create Charge using token UUID
Billing-->>Client: Charge created Status
In addition to automatic account-level tokenization, A55 supports an explicit card tokenization flow, allowing you to tokenize a card before any transaction is executed.
This mode is designed for advanced use cases such as:
- Storing a token before the first payment
- Off-session or future-use payment preparation
- Tokenizing cards without triggering authorization
- Unlike automatic tokenization, this flow requires a dedicated API call and submission of raw card data.
🔐 Tokenize a Card
Creates a secure card token by submitting full card details.
🧾 Request Example
{
"wallet_uuid": "1f937eb2-cf2c-421c-aa24-3f26519f42fa",
"merchant_uuid": "d6f921ef-5bdd-4ebf-a065-bd38de839bd1",
"card":{
"holder_name": "John Doe",
"card_number": "5345625884344596",
"expiry_month": "09",
"expiry_year": "2030",
"cvv": "123",
"brand": "Visa"
},
}✅ Response Example
{
"card_token": "d7641ce9-9411-432c-bb25-240ce7dd3cef"
}🧠 Behavior Notes
- Tokenization happens without performing a charge
- Returned token can be used in future transactions
- If a card token and raw card data are both sent → token takes priority
- Fully compatible with 3DS, fraud scoring, and routing logic
- Uses the same secure vault and lifecycle rules as automatic tokenization
⚠️ Security Notes
- This endpoint receives raw PAN and CVV
- Do not log, store, or expose sensitive card data
- Ensure PCI-compliant handling on client and server sides
- Prefer automatic tokenization unless explicit control is required
✅ Summary
Manual card tokenization enables early token creation for advanced payment flows while maintaining the same security, vaulting, and lifecycle guarantees as automatic tokenization.
Explicit. Controlled. Secure.
Updated 25 days ago