Skip to main content
Tokenization is a process that replaces sensitive data (e.g credit card numbers, or bank account numbers) with a non-sensitive, random string of numbers and letters. It’s an effective way for Tesouro to ensure your customers’ payment data is protected from criminal attempts like payment fraud, cyberattacks, or data breaches. There are two types of tokens:
  • Acquirer tokens
  • Network tokens
When to Use
  • You need to securely store customer payment information for future transactions.
  • You want to minimize PCI compliance scope by not storing sensitive card data.
  • You need to support recurring payments or subscriptions.
ScenarioBen creates an account on CoolTechGear.com and saves his credit card information for future purchases. Instead of storing his actual card number, CoolTechGear.com uses tokenization to replace his sensitive card data with a secure token. Later, when Ben returns to buy a new set of keycaps, CoolTechGear.com uses the stored token to process his payment without requiring him to re-enter his card details.

Acquirer tokens

These are tokens created by Tesouro.

Network tokens

These are tokens created by the card networks (Visa, Mastercard, American Express, Discover, etc.), and are not applicable to Bank Transfers.

Step 1: Create and save token

Presenters/acceptors have the option to use tokenization, which when enabled, allows Tesouro to tokenize card/bank details, and return the token in the transaction response under tokenDetails.token.Run in Playground
Request
Operation
mutation AuthorizeCIT($input: AuthorizeCustomerInitiatedTransactionInput!) {
  authorizeCustomerInitiatedTransaction(
    authorizeCustomerInitiatedTransactionInput: $input
  ) {
    authorizationResponse {
      tokenDetails {
        token
      }
    }
  }
}
Variables
{
  "input": {
    "acceptorId": "05a39b14-f29f-443b-a107-da3e3e8969fb",
    "transactionReference": "68448abe-735b-4ee3-af14-d0f50a091c9b",
    "transactionAmountDetails": {
      "totalAmount": 160,
      "currency": "USD"
    },
    "paymentMethodDetails": {
      "acquirerTokenDetails": {
        "token": "3c53f888-6ecf-4f33-9596-00121f5361a3",
        "expirationMonth": 3,
        "expirationYear": 2029,
        "securityCode": {
          "value": "932"
        }
      }
    },
    "automaticCapture": "ON_APPROVAL"
  }
}
Response
{
  "data": {
    "authorizeAndCaptureCard": {
      "paymentInstrument": {
        "card": {
          "primaryAccountNumberToken": "3c53f888-6ecf-4f33-9596-00121f5361a3"
        }
      }
    }
  }
}

Step 2: Re-use token for future transactions

Later, when the customer purchases from you again, you can pass the token (along with expiration and security code details) instead of the explicit payment method details.Run in Playground
Request
Operation
mutation AuthorizeCIT($input: AuthorizeCustomerInitiatedTransactionInput!) {
  authorizeCustomerInitiatedTransaction(
    authorizeCustomerInitiatedTransactionInput: $input
  ) {
    authorizationResponse {
      tokenDetails {
        token
      }
    }
  }
}
Variables
{
  "input": {
    "acceptorId": "05a39b14-f29f-443b-a107-da3e3e8969fb",
    "transactionReference": "68448abe-735b-4ee3-af14-d0f50a091c9b",
    "transactionAmountDetails": {
      "totalAmount": 160,
      "currency": "USD"
    },
    "paymentMethodDetails": {
      "acquirerTokenDetails": {
        "token": "3c53f888-6ecf-4f33-9596-00121f5361a3",
        "expirationMonth": 3,
        "expirationYear": 2029,
        "securityCode": {
          "value": "932"
        }
      }
    },
    "automaticCapture": "ON_APPROVAL"
  }
}
Response
{
  "data": {
    "authorizeAndCaptureCard": {
      "paymentInstrument": {
        "card": {
          "primaryAccountNumberToken": "3c53f888-6ecf-4f33-9596-00121f5361a3"
        }
      }
    }
  }
}