Tokenization is a process to convert card number and expiry date into a unique alphanumeric string (eg.
5a04127fbe64ae7e487f8c55) called token. This token represents the buyer’s card details, so that you do not have to handle the real credit card information. This reduces your PCI-DSS scope and enhances security.
Tokenization happens on the front-end, such as browser or mobile app. When tokenizing, public API key is used. Xendit offers single-use or multiple-use tokens, based on your business needs.
|Single Use Token||Multiple Use Token|
|Valid for only one transaction||Valid for multiple transactions|
|Token is unusable after one transaction is completed||Once the card details have been tokenized once, this do not be repeated for future charges|
|Expires in 30 days (if transaction is not completed) or when the card expires||Expires when the card expires|
The chart below shows a typical tokenization flow: