-
Notifications
You must be signed in to change notification settings - Fork 69
Tokenization
This extension returns to the merchant card token information in addition to the payment/status response. Tokenization is primarily intended for identifying transactions paid by the same payment card. In case the payment transaction is successfully authorised, this extension returns cardToken value.
This extension is not available in the basic setup. Please contact akceptacekaret@csob.cz for activation of the extension for your merchant account.
Token substitutes sensitive card number value, so it can be used in merchant systems without need for PCI DSS certification. Computed token value is based on card number and card expiration values. Tokenization algorithm uses one-way cryptographic function, it is not possible to acquire card number from card token, token length is currently 66 chars (hex value of 33 bytes). Token - unlike a card number - can't be misused for fraud transactions.
Token is created for successfully authorised transactions only, i.e. cardholder is successfully verified during authorisation.
Newly added parameter is extensions, contains a list of all activated extensions for a given operation. Extension cardToken will be returned in payment/status response only if transaction is in Authorized (4) state or in Waiting for settlement (7) or in Settled (8) state.
Parameters in bold will always be returned
| Item | Type | Description |
|---|---|---|
| extension | String | Extension ID (assigned by gateway). It is always cardToken for this particular extension. |
| dttm | String | Date and Time of the response (format YYYYMMDDHHMMSS). |
| cardToken | String | Card token value. |
| signature | String | Extension signature, BASE64 encoded. |
Example of response to payment/status call with the cardToken extension
{
"dttm": "20151119113916",
"signature": "base64-encoded-response-signature",
"payId": "3090adf87eda7AK",
"resultCode": 0,
"resultMessage": "OK",
"paymentStatus": 7,
"authCode": "453708",
"extensions": [
{
"extension": "cardToken",
"dttm": "20220125131601",
"cardToken": "102eb880650bbd47742de9b0282c875fb1fa9180453d04a6022030909647e9b840",
"signature": "base64-encoded-extension-signature"
}
]
}
Cryptographic signature calculation is based on the string of parameters in exactly the same order as listed in the specification (see above).
cardToken|20220125131601|102eb880650bbd47742de9b0282c875fb1fa9180453d04a6022030909647e9b840
Note: Signature of the core parameters remains unchanged. The extensions item does not affect the calculation of the payment/status response. Each extension has its own signature.
Extension signature and its validation uses the same algorithm SHA1withRSA (for API 1.7 and older) or SHA256withRSA (for API 1.8 and newer).
- Payment lifecycle
- Integration and API security
- Activation of the production environment
- Test cards and credentials
- API Sunset
- Payment Authentication
- Basic Payment
- OneClick Payment
- Custom Payment
- Apple Pay
- Google Pay
- Collecting partial card payment
- ČSOB Payment Button
- Payment Skip Pay
- API Integration
- Request Signing and Response Signature Validation
- API Methods Overview
- Basic Methods
- Methods for OneClick Payment
- Methods for Apple Pay
- Methods for Google Pay
- Methods for ČSOB Payment Button
- Methods for Skip Pay
- Purchase metadata