Network Tokenization API
Network tokenization generates tokens in cooperation with the card issuer and card network to offer additional lifecycle management and security benefits. Card networks share and maintain network tokens so they stay current, even if the underlying card data changes. Forter leverages tokens provided by Visa, Mastercard, Amex.
Authentication
The Forter Tokenization API uses HTTP Basic authentication in order to authenticate the merchant’s request. Provide the username and password via the “authorization” header in a basic auth format:
Header: “authorization: Basic TO_BASE64(site_id:site_secret)”
Sandbox environment
While integrating with Forter, you should use our sandbox environment which is free for use, and only requires your credentials.
URL (Sandbox Environment): https://pci-tokenization-sandbox.checkouttools.com/v1/
OpenAPI Schema: https://pci-tokenization-sandbox.checkouttools.com/documentation/json
NOTE: The sandbox environment can not store PCI information, and to that end only accepts hardcoded test PANS:
5353535353535351
4343434343434345
373737373737374
If you require running a test using a specific test card (e.g. one that is issued by a third party), please let us know.
Production environment
One you are ready to transition to the production environment, you will need to contact us for production-specific credentials which are different from the sandbox environment. As a security measure, we will also ask you to provide the IP addresses of your backend instances that will make use of Forter's tokenization APIs.
URL (Production PCI Environment): https://pci.checkouttools.com/v1/
POST /v1/tokenization/tokenize
Receive PCI sensitive data and create a multi-use token for it, can also create a network token synchronously or asynchronously.
const response = await axios.post('https://pci-tokenization-sandbox.checkouttools.com/v1/tokenization/tokenize', {
cardNumber: '5353535353535351',
expirationMonth: 12,
expirationYear: 2028,
cardHolderName: 'John Doe',
networkToken: {
provision: true
}
}, {
headers: { authorization: `Basic ${btoa(`${site_id}:${site_secret}`)}` }
});
Example response:
{
"token": "ftr10ebf75407f0e4077hb5b347f0d4b69bb",
"networkTokenStatus": {
"created": true
}
}
POST /v1/tokenization/upgrade
Receive a single-use token (created by Forter's Hosted Fields), and replace it with a new multi-use token.
Can also create a network token synchronously or asynchronously.
const response = await axios.post('https://pci-tokenization-sandbox.checkouttools.com/v1/tokenization/upgrade', {
token: 'ftr1d8a56cfa6b3745a39e4a42d5ab1048c8',
networkToken: {
provision: true
}
}, {
headers: { authorization: `Basic ${btoa(`${site_id}:${site_secret}`)}` }
});
Example response:
{
"token": "ftr10ebf75407f0e4077hb5b347f0d4b69bb",
"networkTokenStatus": {
"created": true
}
}
POST /v1/tokenization/provision-network-token
Receive a Forter token and provision a network token on top of it using the PCI data it stores.
const response = await axios.post('https://pci-tokenization-sandbox.checkouttools.com/v1/tokenization/provision-network-token', {
token: 'ftr1d8a56cfa6b3745a39e4a42d5ab1048c8',
mode: 'SYNC'
}, {
headers: { authorization: `Basic ${btoa(`${site_id}:${site_secret}`)}` }
});
Example response:
{
"created": true
}
POST /v1/tokenization/provision-cryptogram
Receive a Forter token and provision a cryptogram.
const response = await axios.post('https://pci-tokenization-sandbox.checkouttools.com/v1/tokenization/provision-cryptogram', {
token: 'ftr1d8a56cfa6b3745a39e4a42d5ab1048c8'
}, {
headers: { authorization: `Basic ${btoa(`${site_id}:${site_secret}`)}` }
});
Example response:
{
"networkToken": "2222850249904957",
"cryptogram": "AgAAAAACFFoJxBEAmZpHgw0AAAA\\u003d"
}
Updated about 2 months ago