Server-to-Server Network Tokens

Server-to-Server Network Tokens

Last updated:October 15, 2024

This Server-to-Server guide describes how you can store the data, provision a network token with the involvement of the card network and then subsequently use the network token authorization data for a payment.

To better understand what network tokens are, please read Tokenization guide.
To know which acquirers do support network tokenization, please reach out to your Customer Success Manager.
To collect card data, you must be PCI-DSS compliant. To minimize your compliance requirements, please use COPYandPAY Network Tokens.

Use cases

Standalone tokenization

The merchant collects card data from shopper and initiates tokenization. No payment request/flow involved. A registration token is synchronously provisioned and returned to the merchant. The registration token can then be used in subsequent payments. In the background, a network token is being provisioned by the card network with Issuer involved in the token approval process to make it active for payments.


How it works

Create the token

Send the tokenization request with the collected card data.

OPTIONAL

Send payment using the token

Send the payment request using the stored registration token.

Transactions:
RG
RG
TK
TK
DB
DB
TF
TF

1. Create the token

To initiate network token provisioning, perform a server-to-server POST request with the required customer data, excluding paymentType. A successful request will return an id that should be stored and used in subsequent payments.

Tokenization response

The response will include a token transaction history, indicating that the network token provisioning process has started with the card network. This process involves the issuer and may take some time for approval. In the test environment, there is a simulated 2-second delay to mirror production conditions. The network token will be retrieved during the next payment attempt.

Sample request:

Language:
curl https://test.tillpayments.io/v1/registrations \
 -d "entityId=8ac7a4c8863ab63e01863b16f63900bc" \
 -d "testMode=EXTERNAL" \
 -d "paymentBrand=MASTER" \
 -d "card.number=5213354406836646" \
 -d "card.holder=John Smith" \
 -d "card.expiryMonth=12" \
 -d "card.expiryYear=2031" \
 -d "card.cvv=123" \
 -d "customer.email=john.smith@gmail.com" \
 -d "customer.givenName=Smith" \
 -d "customer.ip=192.168.0.0" \
 -d "customer.surname=John" \
 -d "customer.language=DE" \
 -d "billing.city=MyCity" \
 -d "billing.country=DE" \
 -d "billing.postcode=712121" \
 -d "billing.state=DE" \
 -d "billing.street1=MyStreet" \
 -H "Authorization: Bearer OGE4Mjk0MTg0ZTU0MmE1YzAxNGU2OTFkMzQwNzA4Y2N8MmdtWkhBZVNXSw=="

Try it Out

2. Send payment using the token

To send a payment using the network token, perform a server-to-server POST request using the registration token retrieved in the previous step.

Payment response

The response will include a token transaction history, indicating that an attempt was made to fetch the network token from the card network. If no network token is active for payments, the payment authorization will proceed using the real card data.

When the network token is fetched, the response will also provide the original PAN BIN. This information will be exposed in the payment response as part of the card.bin parameter. It’s important to note that the network token BIN is different from the original PAN BIN. This distinction is crucial for post-authorization issuer BIN management, ensuring that you have the necessary details to handle the transaction accurately.

Sample request:

Language:
https://test.tillpayments.io/v1/registrations//payments
curl https://test.tillpayments.io/v1/registrations/{id}/payments \
 -d "entityId=8ac7a4c8863ab63e01863b16f63900bc" \
 -d "paymentBrand=MASTER" \
 -d "paymentType=DB" \
 -d "amount=17.99" \
 -d "currency=EUR" \
 -d "testMode=EXTERNAL" \
 -d "customer.email=john.smith@gmail.com" \
 -d "customer.givenName=Smith" \
 -d "customer.ip=192.168.0.0" \
 -d "customer.surname=John" \
 -d "customer.language=DE" \
 -d "billing.city=MyCity" \
 -d "billing.country=DE" \
 -d "billing.postcode=712121" \
 -d "billing.state=DE" \
 -d "billing.street1=MyStreet" \
 -d "standingInstruction.type=RECURRING" \
 -d "standingInstruction.mode=INITIAL" \
 -d "standingInstruction.source=CIT" \
 -d "threeDSecure.eci=05" \
 -d "threeDSecure.authenticationStatus=Y" \
 -d "threeDSecure.version=2.2.0" \
 -d "threeDSecure.dsTransactionId=c75f23af-9454-43f6-ba17-130ed529507e" \
 -d "threeDSecure.acsTransactionId=2c42c553-176f-4f08-af6c-f9364ecbd0e8" \
 -d "threeDSecure.verificationId=MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=" \
 -d "threeDSecure.amount=19.99" \
 -d "threeDSecure.currency=EUR" \
 -d "threeDSecure.flow=challenge" \
 -H "Authorization: Bearer OGE4Mjk0MTg0ZTU0MmE1YzAxNGU2OTFkMzQwNzA4Y2N8MmdtWkhBZVNXSw=="

Try it Out


See also