Saving a card token with the API

Background
Before starting this tutorial, make sure you understand the following topics from the Quick start section: Sandbox environments (especially about testing). Authentication (about authenticating using your API user and when you need a login versus a one-time-use token).

Gathering and saving card information (also known as tokenization) allows that customer to use that card in a future transaction.

This tutorial is for situations where you send card information directly to Nexio rather than from a customer providing that information through a webpage, such as situations when you have existing card information from a database that you need to tokenize with Nexio.

To save a card token directly through the Nexio API, do the following:

First, contact Integrations Support to ensure your merchant ID and account have access to the proper API endpoint.

(You may be asked to provide additional information such as Gateway, TokenEx, or Kount credentials.)

Send a POST request to the Create one-time-use token endpoint.
(Do not include any card information or other body parameters—you will do that in step 3.)

curl -X POST https://api.nexiopaysandbox.com/pay/v3/token \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Basic [Base64_encoded_login]'
  -d '{}'

Copy or store the token from Nexio's response. It will be used in the next step.

{
  "expiration": "2018-09-18T15:43:05.664Z",
  "fraudUrl": "https://api.nexiopaysandbox.com/pay/v3/fingerprint?token=01080f80-76b8-4363-845d-67e8623bf170",
  "token": "830d36f6-a5e3-4455-9600-3a55b63e2fc2"
}

Send a POST request to the Save card token endpoint. Include the token from step 2 and the card information that you have in the body of your request.

Nexio requires at least the following values:

card.cardHolderName
card.expirationMonth
card.expirationYear
Either card.encryptedNumber or tokenex.token (an existing TokenEx card token)

curl -X POST https://api.nexiopaysandbox.com/pay/v3/saveCard \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Basic [Base64_encoded_login]'
  -d '{
  "card": {
    "cardHolderName": "John H Doe",
    "encryptedNumber": "cu3yRktaYFK2LUC6DpNK289tYDsGRCi7cO+GeG0hkeYFvT7Y8/oY5r53obMz6Q/BZ38gk2u2Ufwy8ojBcX2sfNjG5jplGTXA4NNlSIUjMFfiHe1sff1JFpThoiW/IIlifGlbWu+S1/9pqWPTzJ2+DcjwohbHzsDahhYewFhXgC8qsK0ypi/Shlp+CwRITyIvbVXESD0xz3YOTRHeZLlChvVqN8z4ZzN8nm0MXkmT1wcpYI73bH4KdnPwNU3s7XxvP/ernQP73SHHAOKSLlz4F6AEHFjJiCoXzeLF7LwEjRdxDJ0sKVXbRk3i9BGh+8Nle2VYgjpUWtk2763QkvZiQQ==",
    "expirationMonth": "12",
    "expirationYear": "20"
  },
  "token": "eb50a022-d6de-4244-a1e6-dcb8522b2d19"
}'

The response includes token.token. This is the saved card token that you should save to your server or database for that customer to use with future transactions.

Updated about 1 month ago