Skip to content

Card tokenization service by provider

The eComCharge system is fully PCI DSS certified, thus it can provide merchants with the tokenization services. Instead of storing sensitive card data on their back end, merchants can get the card number tokenized, save and use the received token for subsequent payments.

When you submit a card token in payment or authorization transaction requests, the credit card details are not required. The eComCharge system detects the card data by the card token and pass them to the processing network. The cardholder will be asked to confirm the transaction with the CVC/CVV only.

If the merchant uses the subscription service, the card token is enough to initiate a recurring payment.

Info

You should meet the PCI DSS requirements to deal with sensitive card data.


Create a card token

To get a card tokenized, send a POST request to https://processing.ecomcharge.com/credit_cards with the following parameters:

Parameter Type Description
request object
number * required
string (19) A card number.
holder * required
string (32) A cardholder name as it appears on the card.
exp_month * required
integer (2) A card expiration month expressed with two digits (for example, 01).
exp_year * required
integer (4) A card expiration year expressed with four digits (for example, 2026).
contract * required
array An array consisting of elements:

recurring - eComCharge returns a card token to use it in subsequent charges without to enter a card data again. Customer agrees to be charged regularly, but initially the customer must make a payment with full card data including CVC/CVV code and pass 3-D Secure verification.
Example of the request to tokenize a card number
{
  "request":{
    "number":"4200000000000000",
    "holder":"John Smith",
    "exp_month":"05",
    "exp_year":"2026",
    "contract":["recurring"]
  }
}

Update card token data

The request to update card token attributes should be sent via HTTP POST on https://processing.ecomcharge.com/credit_cards/{token}, where {token} stands for the token value, with the following parameters:

Parameter Type Description
request object
holder * required
string (32) A cardholder name as it appears on the card.
exp_month * required
integer A card expiration month expressed with two digits (for example, 01). Submit it along with exp_year.
exp_year * required
integer A card expiration year expressed with four digits (for example, 2026). Submit it along with exp_month.
Example of the request to update tokenized card attributes

To change holder, exp_month and exp_year of the card token 23b48236ea85378ff899e33819ee31b1631ed8197dc254f9eb28c0011307cf32, send a POST request to https://processing.ecomcharge.com/credit_cards/23b48236ea85378ff899e33819ee31b1631ed8197dc254f9eb28c0011307cf32.

{
  "request":{
    "holder":"John Doe",
    "exp_month":"01",
    "exp_year":"2026"
  }
}

Response

The response to the card tokenization or update requests specifies the following parameters:

Parameter Type Description
holder * required
string The cardholder name as it was sent in a request.
brand * required
string The detected card brand: visa, master, jcb, discover, dinersclub, amex, belkart and unionpay.
first_1 * required
string (1) The first digit of the card.
last_4 * required
string (4) The last 4 digits of the card.
stamp * required
string The card hash. It is constant even if either the card expiration date, or the cardholder is changed.
token * required
string The card token. In case of the update request, a new token is returned.
exp_month * required
integer The card expiration month expressed with two digits (for example, 01).
exp_year * required
integer The card expiration year expressed with four digits (for example, 2026).
Example of the response
{
  "holder":"John Doe",
  "stamp":"a825df7faba8804619aef7a6d5a5821ec292fce04e3e43933ca33d0692df90b4",
  "brand":"visa",
  "last_4":"0000",
  "first_1":"4",
  "token":"7ba647e7013b5cb9df39f17c375783aef81bc8c20f221b962becbd0686cc33af",
  "exp_month":1,
  "exp_year":2026
}