Overview

The Forter Tokenization API provides a secure way to tokenize sensitive payment card information, ensuring PCI compliance while enabling seamless transaction processing.

This guide covers:

Authentication methods for API requests
Environment setup (sandbox and production)
Client-side authentication for Hosted Fields SDK users

Authentication

The Forter Tokenization API uses HTTP Basic authentication to verify merchant requests. Authentication credentials must be included in the Authorization header using the Basic Auth format:

Authorization: Basic TO_BASE64(site_id:site_secret)

Replace site_id and site_secret with your actual credentials.

Sandbox environment

What is Sandbox?

The sandbox environment is a free testing environment designed for integration and validation before transitioning to production. No real transactions are processed, and PCI information is not stored

Sandbox Credentials & API Endpoint

Base URL:

https://pci-tokenization-sandbox.checkouttools.com/v1/

OpenAPI Schema is available here

Test Card Numbers

Since the sandbox cannot store PCI-sensitive data, only the following hardcoded test PANs are accepted:

Test Card Number	Card Type (If Applicable)
4111111111111111	Visa
4444333322221111	Visa
4646464646464644	Visa
349531373081938	American Express
5248480000201017	Mastercard
5555444433331111	Mastercard

If you require a specific test card issued by a third party, please contact us.

Production environment

Transitioning to Production

Once you are ready to go live, you must request production credentials. Sandbox credentials do not work in production.

Security Requirements

As an additional security measure, Forter requires you to provide the IP addresses of the backend instances that will interact with the Tokenization API.

Production API Endpoint

Base URL:
```
https://pci.checkouttools.com/v1/
```
Full API documentation
Please refer to the Tokenization API Reference page