documentation
  • LATAM Payment Methods
  • Integration guide
    • Getting started
      • Payment Methods
      • Payment Types
      • Supported Brands
      • Overview (Authentication and Endpoint)
    • COPYandPAY
      • Customization
      • Advanced Options
      • COPYandPAY API
      • Tokenization
      • Mobile Optimization
    • Server-to-Server
      • Tokenization
  • Manage Payments
    • Backoffice Operations
    • Recurring Payments
    • Installments
    • ZeroAuth
    • Transactions status
  • Instant Payment Notification (IPN) / Webhooks
    • General Information
    • Integration Guide
  • Queries
    • XML Integrator (Queries)
  • Reporting
    • Overview
    • Processed Report
    • Payout Report
    • Report Availability
    • Glossary of Fields
  • Compliance
    • Mandatory parameters by country
    • Test cards by country
    • Customer Identification Number by country (Customer ID)
    • Supported Countries and States
    • Requirements Before Going-Live
  • Reference
    • API Reference
    • Result Codes
  • FAQ
    • COPYandPAY FAQ
    • PCI DSS
    • TLS 1.2
Powered by GitBook
On this page
  • Storing the payment data
  • Store the data during a payment
  • Store the data as stand-alone
  • Using the stored payment data
  • Recurring Payment
  • Deleting the stored payment data
  1. Integration guide
  2. Server-to-Server

Tokenization

PreviousServer-to-ServerNextBackoffice Operations

Last updated 5 years ago

Note: You should be fully PCI compliant if you wish to perform tokenization requests Server-to-Server (as it requires that you collect the card data). If you are NOT fully PCI compliant, you can use the tutorial to collect the payment data securely.

Tokenization allows you to store payment data for later use. This can be useful for recurring payment scenarios.

Note: The token (registrationId )will be valid during 13 months if there is no transaction based on the token. Validity will extend by 13 months for each reference transaction (Debit or Preauthorization + Capture using the token).

This guide describes how you can store the data using our Server-to-Server API, how you can subsequently use the stored card details and how to delete stored data.

Storing the payment data

There are two methods for creating a token:

  • Store the data during a payment

  • Store the data as stand-alone

Store the data during a payment

A payment's data can be stored at the same time as the payment by sending the createRegistrationparameter with a value of true. This is done by sending a POST request to the /v1/payments endpoint.

curl https://test.oppwa.com/v1/payments \
 -d "entityId=8a8294174e918ca6014e9c6f5ae12a9c" \
 -d "amount=1.00" \
 -d "currency=BRL" \
 -d "paymentType=DB" \
 -d "paymentBrand=VISA" \
 -d "card.number=4111111111111111" \
 -d "card.holder=Jose da Silva" \
 -d "card.expiryMonth=05" \
 -d "card.expiryYear=2025" \
 -d "card.cvv=123" \
 -d "merchantTransactionId=Order Number 123" \
 -d "customer.merchantCustomerId=12345678909" \
 -d "customer.givenName=Jose" \
 -d "customer.surname=da Silva" \
 -d "customer.email= info@provider.com" \
 -d "customer.ip=123.123.123.123" \
 -d "descriptor=123 Usage" \
 -d "billing.city=Sao Paulo" \
 -d "billing.country=BR" \
 -d "billing.state=SP" \
 -d "billing.street1=Rua Itapeva 547" \
 -d "billing.postcode=01332000" \
 -d "customParameters[product]=1 month membership" \
 -d "customParameters[merchant_website]=www.store.com" \
 -d "recurringType=INITIAL" \
 -d "testMode=EXTERNAL" \
 -d "createRegistration=true" \
 -H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="

{
  "id":"8ac7a4a06a00f56b016a094665b76129",
  "registrationId":"8ac7a49f6a012230016a0946634c58e2",
  "paymentType":"DB",
  "paymentBrand":"VISA",
  "amount":"1.00",
  "currency":"BRL",
  "descriptor":"123 Usage",
  "merchantTransactionId":"Order Number 123",
  "result":{
    "code":"000.100.112",
    "description":"Request successfully processed in 'Merchant in Connector Test Mode'"
  },
    },
  "card":{
    "bin":"411111",
    "last4Digits":"1111",
    "holder":"Jose da Silva",
    "expiryMonth":"05",
    "expiryYear":"2025"
  },
  "customer":{
    "givenName":"Jose",
    "surname":"da Silva",
    "merchantCustomerId":"12345678909",
    "email":" info@provider.com",
    "ip":"123.123.123.123"
  },
  "billing":{
    "street1":"Rua Itapeva 547",
    "city":"Sao Paulo",
    "state":"SP",
    "postcode":"01332000",
    "country":"BR"
  },
  "customParameters":{
    "merchant_website":"www.store.com",
    "product":"1 month membership",
    "OPP_card.bin":"411111"
  },
  "risk":{
    "score":"0"
  },
  "buildNumber":"9530bc5348dcf347df44e234fa57653109617938@2019-04-09 04:42:22 +0000",
  "timestamp":"2019-04-10 22:02:52+0000",
  "ndc":"8a8294174e918ca6014e9c6f5ae12a9c_9ab8516d2e574e8b93a632c0f62646c1"
}

Store the data as stand-alone

A registration (RG) can also be made by calling the /v1/registrations endpoint as a stand-alone request (i.e. without requesting a payment).

Contrary to the registration as part of a payment, you directly receive a registration object in your response. Therefore the id to reference this data during later payments is the value of field id

curl https://test.oppwa.com/v1/registrations \
 -d "entityId=8a8294174e918ca6014e9c6f5ae12a9c" \
 -d "paymentBrand=VISA" \
 -d "card.number=4111111111111111" \
 -d "card.holder=Jose da Silva" \
 -d "card.expiryMonth=05" \
 -d "card.expiryYear=2025" \
 -d "card.cvv=123" \
 -d "merchantTransactionId=Order Number 123" \
 -d "customer.merchantCustomerId=12345678909" \
 -d "customer.givenName=Jose" \
 -d "customer.surname=da Silva" \
 -d "customer.email= info@provider.com" \
 -d "customer.ip=123.123.123.123" \
 -d "descriptor=123 Usage" \
 -d "billing.city=Sao Paulo" \
 -d "billing.country=BR" \
 -d "billing.state=SP" \
 -d "billing.street1=Rua Itapeva 547" \
 -d "billing.postcode=01332000" \
 -d "customParameters[product]=1 month membership" \
 -d "customParameters[merchant_website]=www.store.com" \
 -d "recurringType=INITIAL" \
 -d "testMode=EXTERNAL" \
 -H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="

{
  "id":"8ac7a4a26a116ede016a132ae2b35a5c",
  "merchantTransactionId":"Order Number 123",
  "result":{
    "code":"000.100.112",
    "description":"Request successfully processed in 'Merchant in Connector Test Mode'"
  },
  "card":{
    "bin":"411111",
    "last4Digits":"1111",
    "holder":"Jose da Silva",
    "expiryMonth":"05",
    "expiryYear":"2025"
  },
  "customer":{
    "merchantCustomerId":"12345678909"
  },
  "customParameters":{
    "merchant_website":"www.store.com",
    "product":"1 month membership"
  },
  "risk":{
    "score":"0"
  },
  "buildNumber":"9530bc5348dcf347df44e234fa57653109617938@2019-04-09 04:42:22 +0000",
  "timestamp":"2019-04-12 20:08:58+0000",
  "ndc":"8a8294174e918ca6014e9c6f5ae12a9c_efb7aaecef424e20956bc368bfa9b1fd"
}

Using the stored payment data

Recurring Payment

  • For the initial payment request you should send the recurringType parameter with value INITIAL.

  • For any subsequent payment you should send the recurringType parameter with value REPEATED.

Deleting the stored payment data

Once stored, a token can be deleted using the HTTP DELETE method against the registrationId

curl -X DELETE "https://test.oppwa.com/v1/registrations/{id}\
?entityId=8a8294174e918ca6014e9c6f5ae12a9c\
&testMode=EXTERNAL" \
 -H "Authorization: Bearer OGE4Mjk0MTcyODFiOGVlMzAxMjgyOTkwNjZmNTBjZGJ8ZGVtbw=="

{
  "id":"8ac7a49f6a116c56016a1388ba211bc9",
  "referencedId":"8ac7a4a26a116ede016a132ae2b35a5c",
  "merchantTransactionId":"Order Number 123",
  "result":{
    "code":"000.100.112",
    "description":"Request successfully processed in 'Merchant in Connector Test Mode'"
  },
  "customer":{
    "merchantCustomerId":"12345678909"
  },
  "buildNumber":"9530bc5348dcf347df44e234fa57653109617938@2019-04-09 04:42:22 +0000",
  "timestamp":"2019-04-12 21:51:28+0000",
  "ndc":"8a8294174e918ca6014e9c6f5ae12a9c_ab503607ad0b4045b5e2773f07e3890a"
}

Based on the stored account details, recurring payments become very simple to achieve. All you need to do is to add the parameter recurringTypeto your request. (see ):

Recurring Payments
COPYandPAY tokenization
Storing the payment data
Using the stored payment data
Deleting the stored payment data