English
API ReferenceSign In

Tokenization

Last updated 09/08/2019

Tokenization is a process to convert card number and expiry date into a unique alphanumeric string (eg. 5a04127fbe64ae7e487f8c55) called token. This token represents the buyer’s card details, so that you do not have to handle the real credit card information. This reduces your PCI-DSS scope and enhances security.

Tokenization happens on the front-end, such as browser or mobile app. When tokenizing, public API key is used. Xendit offers single-use or multiple-use tokens, based on your business needs.

Single Use TokenMultiple Use Token
Valid for only one transactionValid for multiple transactions
Token is unusable after one transaction is completedOnce the card details have been tokenized once, this do not be repeated for future charges
Expires in 30 days (if transaction is not completed) or when the card expiresExpires when the card expires

The chart below shows a typical tokenization flow: