Overview
Card information is very sensitive and needs to be secured when making payments online. Tokenization is where Tyro eCommerce substitutes card information with a non-sensitive and valueless token. Card tokenization allows a merchant to securely save a customers card details and then process payments without having to transmit the card details to their own servers. This saves you from having to comply with full PCI requirements.
A typical workflow for saving a customer's card information is when the customer is at the checkout screen, you offer to save the customer's card details. Then, when the customer returns to the checkout on a repeat visit, they can be prompted to checkout with the saved card details retrieved from Tyro eCommerce, where you can display the card expiry plus the last four digits to the customer and a payment made against the saved card. This is a great user experience as it speeds up the checkout process.
Using Java for our examples, let's look at how you would: Tokenize a Card, Create the Customer with a Token and Make a Payment from a Saved Customer.
Tokenize Card Information
Follow 3 simple steps on how to tokenize a card and use it to create a customer:
- 1 A customer’s card details are entered on the merchants website or mobile app.
Send these details to Tyro eCommerce using either: a hosted payment form, simplify.js library (see our tutorial for this), iOS or Android mobile SDKs. - 2 The Tyro eCommerce server will return a token that represents the card details:
e.g. e1393e7c-6ab1-4ba3-87de-ab041697ca03 - 3 The token can be used by the merchant with the Tyro eCommerce API to create a Customer.
Note: Once the token has been used it cannot be used again.
Create the Customer from a Token
Once you have generated the token, you can create the customer and save their card details from the token.
PaymentsApi.PUBLIC_KEY = "YOUR_PUBLIC_API_KEY";
PaymentsApi.PRIVATE_KEY = "YOUR_PRIVATE_API_KEY";
Customer customer = Customer.create(new PaymentsMap()
.set("token", "[TOKEN ID]")
.set("email", "customerToken@mastercard.com")
.set("name", "Customer CustomerToken")
);
// TODO - Persist the Customer ID somewhere such as a Database
System.out.println("Saved a customer with a credit card. Customer ID: " + customer.get("id"));
The API will return a customer id, along with the expiry date and last four digits of the card (see the Customer outputs for all the response data). Save the customer ID in your system for re-use later.
Make a Payment from a Saved Customer
Later on, you can create a payment for the customer using the saved customer ID.
PaymentsApi.PUBLIC_KEY = "YOUR_PUBLIC_API_KEY";
PaymentsApi.PRIVATE_KEY = "YOUR_PRIVATE_API_KEY";
// Retrieve the Customer ID from your Database
Customer customer = Customer.find("[Saved Customer ID]");
Payment payment = Payment.create(new PaymentsMap()
.set("customer", customer.get("id"))
.set("amount", 2500) // $25
.set("currency", "USD")
.set("description", "Customer payment from card on file")
);
if ("APPROVED".equals(payment.get("paymentStatus"))) {
System.out.println("Customer Payment approved");
}
Note:
- You can only use a card token once.
- You can only save 1 card per customer (but the card can be updated later).