💠Card Tokenization
🔐 Overview
A55's card tokenization enhances security and improves authorization performance by converting raw card data into a secure token on the first successful transaction — with no changes required to your integration.
Once enabled at the account level, the platform:
- Accepts raw card data normally on first use
- Securely tokenizes and stores the card after a successful charge
- Transparently uses the token for all subsequent charges
- Maintains secure card lifecycle handling (expiry / reissue continuity)
No new endpoints • No SDK updates • No payload changes — just enable and benefit
🔍 How It Works
| Stage | Platform Behavior |
|---|---|
| First card use | Card data is processed and tokenized in-line |
| Secure vaulting | Token is generated and securely mapped to the card |
| Future payments | Token replaces raw card data automatically |
| Integration impact | Zero — same requests, no new flows needed |
After the first successful use, the card never needs to be provided again.
🔄 Credit Card Transaction Flow with Tokenization
sequenceDiagram
participant Buyer as 🧑 Buyer
participant Merchant as 🛒 Merchant Platform
participant A55API as 🧩 a55 API
participant AF as 🛡️ Antifraud Engine
participant ThreeDS as 🔐 3DS Server
participant Token as 💠 Tokenization Engine
participant Acquirer as 🏦 Acquirer / Provider
Buyer->>Merchant: 1. Selects credit card as payment method
Merchant->>A55API: 2. Sends transaction request (card + payer data)
A55API->>AF: 3. Triggers antifraud analysis
AF-->>A55API: Risk decision (approve / reject / review)
A55API->>ThreeDS: 4. Initiates 3DS authentication (if enabled)
ThreeDS-->>A55API: 5. 3DS result (frictionless / challenge / success / fail)
A55API->>Token: 6. Tokenizes card on first successful use (if enabled)
Token-->>A55API: Token stored & mapped securely
A55API->>Acquirer: 7. Sends transaction for authorization (using token if available)
Acquirer-->>A55API: 8. Returns authorization status
A55API-->>Merchant: 9. Returns final result
🎯 Why It Matters
Modern payment infrastructure relies on automatic card tokenization to enable:
- ✅ Reduced PCI exposure — token replaces sensitive data
- ✅ Seamless recurring & subscription flows
- ✅ Higher authorization success & retry performance
- ✅ Automatic lifecycle continuity (expiry / reissued cards)
- ✅ Zero engineering overhead
This brings your payment flow up to enterprise orchestration standards.
⚙️ Activation
Automatic tokenization is configured at the account level.
Please contact [email protected] to request activation.
Once active, the feature applies to all eligible transactions for that account — no additional setup required.
💡 Best Practices
| Scenario | Recommendation |
|---|---|
| Recurring billing / subscriptions | Enable auto‑tokenization; charge normally |
| Retry & recovery flows | Allow token reuse for best success rates |
| User‑initiated repeat payments | Token prevents friction |
| Security & compliance | Avoid storing raw PAN entirely |
🧠 Behavior Notes
- Tokenization occurs on first successful transaction
- Token is used automatically on all future charges
- If a card token and raw card data are both sent → token takes priority
- Fully compatible with 3DS, fraud scoring, and routing logic
Automatic tokenization never interferes with existing security or orchestration rules.
✅ Summary
Automatic card tokenization gives you:
- Secure card handling without touching vault logic
- Frictionless recurring and retry flows
- Higher card approval stability
- PCI scope reduction
Enable once — the platform manages card lifecycle from there.
Secure. Seamless. Zero‑change integration.
➕ Explicit Card Tokenization (Card-by-Card)
sequenceDiagram
autonumber
participant Client as (Client) Merchant
participant API as (A55) Tokenization API
participant Billing as (A55) Charge API
Client->>API: Send PAN to tokenization endpoint
API-->>Client: Return token UUID
Client->>Billing: Create Charge using token UUID
Billing-->>Client: Charge created Status
In addition to automatic account-level tokenization, A55 supports an explicit card tokenization flow, allowing you to tokenize a card before any transaction is executed.
This mode is designed for advanced use cases such as:
- Storing a token before the first payment
- Off-session or future-use payment preparation
- Tokenizing cards without triggering authorization
- Unlike automatic tokenization, this flow requires a dedicated API call and submission of raw card data.
🔐 Tokenize a Card
Creates a secure card token by submitting full card details.
🧾 Request Example
{
"wallet_uuid": "1f937eb2-cf2c-421c-aa24-3f26519f42fa",
"merchant_uuid": "d6f921ef-5bdd-4ebf-a065-bd38de839bd1",
"card":{
"holder_name": "John Doe",
"card_number": "5345625884344596",
"expiry_month": "09",
"expiry_year": "2030",
"cvv": "123",
"brand": "Visa"
},
}✅ Response Example
{
"card_token": "d7641ce9-9411-432c-bb25-240ce7dd3cef"
}🧠 Behavior Notes
- Tokenization happens without performing a charge
- Returned token can be used in future transactions
- If a card token and raw card data are both sent → token takes priority
- Fully compatible with 3DS, fraud scoring, and routing logic
- Uses the same secure vault and lifecycle rules as automatic tokenization
⚠️ Security Notes
- This endpoint receives raw PAN and CVV
- Do not log, store, or expose sensitive card data
- Ensure PCI-compliant handling on client and server sides
- Prefer automatic tokenization unless explicit control is required
✅ Summary
Manual card tokenization enables early token creation for advanced payment flows while maintaining the same security, vaulting, and lifecycle guarantees as automatic tokenization.
Explicit. Controlled. Secure.
Updated 4 days ago