Card tokenization service by provider

The eComCharge system is fully PCI DSS certified, thus it can provide merchants with the tokenization services. Instead of storing sensitive card data on their back end, merchants can get the card number tokenized, save and use the received token for subsequent payments.

When you submit a card token in payment or authorization transaction requests, the credit card details are not required. The eComCharge system detects the card data by the card token and pass them to the processing network. The cardholder will be asked to confirm the transaction with the CVC/CVV only.

If the merchant uses the subscription service, the card token is enough to initiate a recurring payment.

Info

You should meet the PCI DSS requirements to deal with sensitive card data.

Create a card token

To get a card tokenized, send a POST request to https://processing.ecomcharge.com/credit_cards with the following parameters:

Parameter	Type	Description
request	object
number * required	string (19)	A card number.
holder * required	string (32)	A cardholder name as it appears on the card.
exp_month * required	integer (2)	A card expiration month expressed with two digits (for example, 01).
exp_year * required	integer (4)	A card expiration year expressed with four digits (for example, 2026).
contract * required	array	An array consisting of elements: `recurring` - eComCharge returns a card token to use it in subsequent charges without to enter a card data again. Customer agrees to be charged regularly, but initially the customer must make a payment with full card data including CVC/CVV code and pass 3-D Secure verification.

Example of the request to tokenize a card number

{
  "request":{
    "number":"4200000000000000",
    "holder":"John Smith",
    "exp_month":"05",
    "exp_year":"2026",
    "contract":["recurring"]
  }
}

Update card token data

The request to update card token attributes should be sent via HTTP POST on https://processing.ecomcharge.com/credit_cards/{token}, where {token} stands for the token value, with the following parameters:

Parameter	Type	Description
request	object
holder * required	string (32)	A cardholder name as it appears on the card.
exp_month * required	integer	A card expiration month expressed with two digits (for example, 01). Submit it along with `exp_year`.
exp_year * required	integer	A card expiration year expressed with four digits (for example, 2026). Submit it along with `exp_month`.

Example of the request to update tokenized card attributes

To change holder, exp_month and exp_year of the card token 23b48236ea85378ff899e33819ee31b1631ed8197dc254f9eb28c0011307cf32, send a POST request to https://processing.ecomcharge.com/credit_cards/23b48236ea85378ff899e33819ee31b1631ed8197dc254f9eb28c0011307cf32.

{
  "request":{
    "holder":"John Doe",
    "exp_month":"01",
    "exp_year":"2026"
  }
}

Response

The response to the card tokenization or update requests specifies the following parameters:

Parameter	Type	Description
holder * required	string	The cardholder name as it was sent in a request.
brand * required	string	The detected card brand: `visa`, `master`, `jcb`, `discover`, `dinersclub`, `amex`, `belkart` and `unionpay`.
first_1 * required	string (1)	The first digit of the card.
last_4 * required	string (4)	The last 4 digits of the card.
stamp * required	string	The card hash. It is constant even if either the card expiration date, or the cardholder is changed.
token * required	string	The card token. In case of the update request, a new token is returned.
exp_month * required	integer	The card expiration month expressed with two digits (for example, 01).
exp_year * required	integer	The card expiration year expressed with four digits (for example, 2026).

Example of the response

{
  "holder":"John Doe",
  "stamp":"a825df7faba8804619aef7a6d5a5821ec292fce04e3e43933ca33d0692df90b4",
  "brand":"visa",
  "last_4":"0000",
  "first_1":"4",
  "token":"7ba647e7013b5cb9df39f17c375783aef81bc8c20f221b962becbd0686cc33af",
  "exp_month":1,
  "exp_year":2026
}