Tokens
Create Token
Create a new token for the Tenant.
Permissions
token:create
Request
- cURL
- JavaScript
- C#
- Java
- Python
- Go
curl "https://api.basistheory.com/tokens" \
-H "BT-API-KEY: key_N88mVGsp3sCXkykyN2EFED" \
-H "Content-Type: application/json" \
-X "POST" \
-d '{
"type": "token",
"data": "Sensitive Value",
"mask": "{{ data | reveal_last: 4 }}",
"containers": [ "/general/high/" ],
"metadata": {
"nonSensitiveField": "Non-Sensitive Value"
},
"search_indexes": [
"{{ data }}",
"{{ data | last4 }}"
],
"fingerprint_expression": "{{ data }}",
"deduplicate_token": true,
"expires_at": "8/26/2030 7:23:57 PM -07:00"
}'
import { BasisTheory } from "@basis-theory/basis-theory-js";
const bt = await new BasisTheory().init("key_N88mVGsp3sCXkykyN2EFED");
const token = await bt.tokens.create({
type: "token",
data: "Sensitive Value",
mask: "{{ data | reveal_last: 4 }}",
containers: ["/general/high/"],
metadata: {
nonSensitiveField: "Non-Sensitive Value",
},
searchIndexes: ["{{ data }}", "{{ data | last4 }}"],
fingerprintExpression: "{{ data }}",
deduplicateToken: true,
expiresAt: "8/26/2030 7:23:57 PM -07:00",
});
using BasisTheory.net.Tokens;
var client = new TokenClient("key_N88mVGsp3sCXkykyN2EFED");
var token = await client.CreateAsync(new Token {
Type = "token",
Data = "Sensitive Value",
Mask = "{{ data | reveal_last: 4 }}",
Containers = new List<string> { "/general/high/" },
Metadata = new Dictionary<string, string> {
{ "nonSensitiveField", "Non-Sensitive Value" }
},
SearchIndexes = new List<string> { "{{ data }}", "{{ data | last4 }}" }
FingerprintExpression = "{{ data }}",
DeduplicateToken = true,
ExpiresAt = "8/26/2030 7:23:57 PM -07:00"
});
import com.basistheory.*;
import com.basistheory.auth.*;
import java.util.Arrays;
import java.util.Map;
public class Example {
public static void main(String[] args) throws Exception {
ApiClient defaultClient = Configuration.getDefaultApiClient();
defaultClient.setBasePath("https://api.basistheory.com");
ApiKeyAuth ApiKey = (ApiKeyAuth) defaultClient.getAuthentication("ApiKey");
ApiKey.setApiKey("key_N88mVGsp3sCXkykyN2EFED");
TokensApi apiInstance = new TokensApi(defaultClient);
CreateTokenRequest createTokenRequest = new CreateTokenRequest();
CreateTokenResponse result = apiInstance.create(createTokenRequest
.type("token")
.data("Sensitive Value")
.mask("{{ data | reveal_last: 4 }}")
.containers(Arrays.asList("/general/high/"))
.metadata(Map.of("nonSensitiveField", "Non-Sensitive Value"))
.searchIndexes(Arrays.asList("{{ data }}", "{{ data | last4 }}"))
.fingerprintExpression("{{ data }}")
.deduplicateToken(true)
.expiresAt("8/26/2030 7:23:57 PM -07:00"));
System.out.println(result);
}
}
import basistheory
from basistheory.api import tokens_api
from basistheory.model.create_token_request import CreateTokenRequest
with basistheory.ApiClient(configuration=basistheory.Configuration(api_key="key_N88mVGsp3sCXkykyN2EFED")) as api_client:
token_client = tokens_api.TokensApi(api_client)
token = token_client.create(create_token_request=CreateTokenRequest(
type="token",
data="Sensitive Value",
mask="{{ data | reveal_last: 4 }}",
metadata={
"nonSensitiveField": "Non-Sensitive Value"
},
containers=["/general/high/"],
search_indexes=[
"{{ data }}",
"{{ data | last4 }}"
],
fingerprint_expression="{{ data }}",
expires_at="8/26/2030 7:23:57 PM -07:00"
))
package main
import (
"context"
"github.com/Basis-Theory/basistheory-go/v3"
)
func main() {
configuration := basistheory.NewConfiguration()
apiClient := basistheory.NewAPIClient(configuration)
contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
"ApiKey": {Key: "key_N88mVGsp3sCXkykyN2EFED"},
})
createTokenRequest := *basistheory.NewCreateTokenRequest("Sensitive Value")
createTokenRequest.SetMask("{{ data | reveal_last: 4 }}")
createTokenRequest.SetType("token")
createTokenRequest.SetMetadata(map[string]string{
"myMetadata": "myMetadataValue",
})
createTokenRequest.SetSearchIndexes([]string{"{{ data }}", "{{ data | last4 }}"})
createTokenRequest.SetFingerprintExpression("{{ data }}")
createTokenRequest.SetDeduplicateToken(true)
createTokenRequest.SetContainers([]string{"/general/high/"})
createTokenRequest.SetExpiresAt("8/26/2030 7:23:57 PM -07:00")
createTokenResponse, createTokenHttpResponse, createErr := apiClient.TokensApi.Create(contextWithAPIKey).CreateTokenRequest(createTokenRequest).Execute()
}
Request Parameters
Attribute | Required | Type | Default | Description |
---|---|---|---|---|
id | false | string | null | A value or expression specifying the token's ID. If not specified, a UUID will be assigned. |
type | true | string | null | Token type of the token |
data | true | any | null | Token data. Can be an object, array, or any primitive type such as an integer, boolean, or string |
mask | false | any | Depends on the token type | Token data mask. Can be an object, array, or any primitive type such as an integer, boolean, or string. See mask expressions. |
containers | false | array | Depends on the token type | Array of containers to place this token within. Each container is a path representing a logical grouping of tokens. See Token Containers for details. |
metadata | false | map<string, string> | null | A key-value map of strings containing non-sensitive data. |
search_indexes | false | array | null | Array of expressions used to generate indexes to be able to search against. |
fingerprint_expression | false | string | {{ data | stringify }} | Expressions used to fingerprint your token. |
deduplicate_token | false | bool | null | Whether the token is deduplicated on creation. |
expires_at | false | string | null | ISO8601 compatible Token expiration DateTime. See Token Expiration for more details. |
id
of your token. See the documentation on Aliasing to learn more about best practices when specifying your own token ID.metadata
of your token.Response
Returns a token if the token was created. Returns an error if there were validation errors, or the token failed to create.
{
"id": "c06d0789-0a38-40be-b7cc-c28a718f76f1",
"tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
"type": "token",
"data": "XXXXXXXXXXXalue",
"mask": "{{ data | reveal_last: 4 }}",
"containers": ["/general/high/"],
"metadata": {
"nonSensitiveField": "Non-Sensitive Value"
},
"search_indexes": ["{{ data }}", "{{ data | last4 }}"],
"fingerprint_expression": "{{ data }}",
"created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
"created_at": "2020-09-15T15:53:00+00:00",
"expires_at": "2030-08-26T19:23:57-07:00"
}
List Tokens
Get a list of tokens for the Tenant, supporting basic search criteria. If you need to perform a more advanced token search, see Search Tokens.
Permissions
token:read
Request
- cURL
- JavaScript
- C#
- Java
- Python
- Go
curl "https://api.basistheory.com/tokens" \
-H "BT-API-KEY: key_N88mVGsp3sCXkykyN2EFED"
import { BasisTheory } from "@basis-theory/basis-theory-js";
const bt = await new BasisTheory().init("key_N88mVGsp3sCXkykyN2EFED");
const tokens = await bt.tokens.list();
using BasisTheory.net.Tokens;
var client = new TokenClient("key_N88mVGsp3sCXkykyN2EFED");
var tokens = await client.GetAsync();
import com.basistheory.*;
import com.basistheory.auth.*;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class Example {
public static void main(String[] args) throws Exception {
ApiClient defaultClient = Configuration.getDefaultApiClient();
defaultClient.setBasePath("https://api.basistheory.com");
ApiKeyAuth ApiKey = (ApiKeyAuth) defaultClient.getAuthentication("ApiKey");
ApiKey.setApiKey("key_N88mVGsp3sCXkykyN2EFED");
TokensApi apiInstance = new TokensApi(defaultClient);
List<String> type = Arrays.asList();
List<String> id = Arrays.asList();
Map<String, String> metadata = new HashMap();
Integer page = 1;
Integer size = 56;
TokenPaginatedList result = apiInstance.get(type, id, metadata, page, size);
System.out.println(result);
}
}
import basistheory
from basistheory.api import tokens_api
with basistheory.ApiClient(configuration=basistheory.Configuration(api_key="key_N88mVGsp3sCXkykyN2EFED")) as api_client:
token_client = tokens_api.TokensApi(api_client)
tokens = token_client.get()
package main
import (
"context"
"github.com/Basis-Theory/basistheory-go/v3"
)
func main() {
configuration := basistheory.NewConfiguration()
apiClient := basistheory.NewAPIClient(configuration)
contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
"ApiKey": {Key: "key_N88mVGsp3sCXkykyN2EFED"},
})
tokens, httpResponse, err := apiClient.TokensApi.Get(contextWithAPIKey).Execute()
}
Query Parameters
Parameter | Required | Type | Default | Description |
---|---|---|---|---|
id | false | string | null | One to many Token IDs to retrieve. Multiple IDs can be passed in the form ?id=<value1>&id=<value2> . |
type | false | string | null | One to many token types to filter the list of tokens by. Can be repeated in the form ?type=<value1>&type=<value2> . |
metadata.[key] | false | map | {} | Map of key-value pairs to filter tokens with matching metadata in the form ?metadata.key1=value1&metadata.key2=value2 . Note, [key] must be unique and repeated keys will be ignored. Metadata will be searched for a case-insensitive, exact match. Multiple parameters will be AND ed together. |
Response
Returns a paginated object with the data
property containing an array of tokens.
Token data will be returned according to the transform
applied within the requesting Application's Access Controls.
Providing any query parameters will filter the results. Returns an error if tokens could not be retrieved.
{
"pagination": {...},
"data": [
{
"id": "c06d0789-0a38-40be-b7cc-c28a718f76f1",
"type": "token",
"tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
"data": "secret data",
"containers": ["/general/high/"],
"metadata": {
"nonSensitiveField": "Non-Sensitive Value"
},
"created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
"created_at": "2021-03-01T08:23:14+00:00"
},
{...},
{...}
]
}
Get a Token
Get a token by ID in the Tenant.
Permissions
token:read
Request
- cURL
- JavaScript
- C#
- Java
- Python
- Go
curl "https://api.basistheory.com/tokens/c06d0789-0a38-40be-b7cc-c28a718f76f1" \
-H "BT-API-KEY: key_N88mVGsp3sCXkykyN2EFED"
import { BasisTheory } from "@basis-theory/basis-theory-js";
const bt = await new BasisTheory().init("key_N88mVGsp3sCXkykyN2EFED");
const token = await bt.tokens.retrieve("c06d0789-0a38-40be-b7cc-c28a718f76f1");
using BasisTheory.net.Tokens;
var client = new TokenClient("key_N88mVGsp3sCXkykyN2EFED");
var token = await client.GetByIdAsync("c06d0789-0a38-40be-b7cc-c28a718f76f1");
import com.basistheory.*;
import com.basistheory.auth.*;
public class Example {
public static void main(String[] args) throws Exception {
ApiClient defaultClient = Configuration.getDefaultApiClient();
defaultClient.setBasePath("https://api.basistheory.com");
ApiKeyAuth ApiKey = (ApiKeyAuth) defaultClient.getAuthentication("ApiKey");
ApiKey.setApiKey("key_N88mVGsp3sCXkykyN2EFED");
TokensApi apiInstance = new TokensApi(defaultClient);
Token result = apiInstance.getById("c06d0789-0a38-40be-b7cc-c28a718f76f1");
}
}
import basistheory
from basistheory.api import tokens_api
with basistheory.ApiClient(configuration=basistheory.Configuration(api_key="key_N88mVGsp3sCXkykyN2EFED")) as api_client:
token_client = tokens_api.TokensApi(api_client)
token = token_client.get_by_id(id="c06d0789-0a38-40be-b7cc-c28a718f76f1")
package main
import (
"context"
"github.com/Basis-Theory/basistheory-go/v3"
)
func main() {
configuration := basistheory.NewConfiguration()
apiClient := basistheory.NewAPIClient(configuration)
contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
"ApiKey": {Key: "key_N88mVGsp3sCXkykyN2EFED"},
})
token, httpResponse, err := apiClient.TokensApi.GetById(contextWithAPIKey, "c06d0789-0a38-40be-b7cc-c28a718f76f1").Execute()
}
URI Parameters
Parameter | Required | Type | Default | Description |
---|---|---|---|---|
id | true | string | null | The ID of the token |
Response
Returns a token with the id
provided.
Token data will be returned according to the transform
applied within the requesting Application's Access Controls.
Returns an error if the token could not be retrieved.
{
"id": "c06d0789-0a38-40be-b7cc-c28a718f76f1",
"type": "token",
"tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
"data": "secret data",
"containers": ["/general/high/"],
"metadata": {
"nonSensitiveField": "Non-Sensitive Value"
},
"created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
"created_at": "2021-03-01T08:23:14+00:00"
}
Update Token
Update an existing token for the Tenant.
Permissions
token:update
Content-Type
header to be set to application/merge-patch+json
. Requests made with a different Content-Type
header value will receive a 415 Unsupported Media Type
response code. For more information on merge-patch, see RFC 7386.Request
- cURL
- JavaScript
- C#
- Java
- Python
- Go
curl "https://api.basistheory.com/tokens/c06d0789-0a38-40be-b7cc-c28a718f76f1" \
-H "BT-API-KEY: key_N88mVGsp3sCXkykyN2EFED" \
-H "Content-Type: application/merge-patch+json" \
-X "PATCH" \
-d '{
"data": "Sensitive Value",
"mask": "{{ data | reveal_last: 4 }}",
"metadata": {
"nonSensitiveField": "Non-Sensitive Value"
},
"search_indexes": [
"{{ data }}",
"{{ data | last4 }}"
],
"fingerprint_expression": "{{ data }}",
"deduplicate_token": true,
}'
import { BasisTheory } from "@basis-theory/basis-theory-js";
const bt = await new BasisTheory().init("key_N88mVGsp3sCXkykyN2EFED");
const token = await bt.tokens.update("c06d0789-0a38-40be-b7cc-c28a718f76f1", {
data: "Sensitive Value",
mask: "{{ data | reveal_last: 4 }}",
metadata: {
nonSensitiveField: "Non-Sensitive Value",
},
searchIndexes: ["{{ data }}", "{{ data | last4 }}"],
fingerprintExpression: "{{ data }}",
deduplicateToken: true,
});
using BasisTheory.net.Tokens;
var client = new TokenClient("key_N88mVGsp3sCXkykyN2EFED");
var token = await client.UpdateAsync("c06d0789-0a38-40be-b7cc-c28a718f76f1", new TokenUpdateRequest {
Data = "Sensitive Value",
Mask = "{{ data | reveal_last: 4 }}",
Metadata = new Dictionary<string, string> {
{ "nonSensitiveField", "Non-Sensitive Value" }
},
SearchIndexes = new List<string> {
"{{ data }}",
"{{ data | last4 }}"
}
FingerprintExpression = "{{ data }}",
DeduplicateToken = true,
});
import com.basistheory.*;
import com.basistheory.auth.*;
import java.util.Arrays;
import java.util.Map;
public class Example {
public static void main(String[] args) throws Exception {
ApiClient defaultClient = Configuration.getDefaultApiClient();
defaultClient.setBasePath("https://api.basistheory.com");
ApiKeyAuth ApiKey = (ApiKeyAuth) defaultClient.getAuthentication("ApiKey");
ApiKey.setApiKey("key_N88mVGsp3sCXkykyN2EFED");
TokensApi apiInstance = new TokensApi(defaultClient);
UpdateTokenRequest updateTokenRequest = new UpdateTokenRequest();
Token result = apiInstance.update("c06d0789-0a38-40be-b7cc-c28a718f76f1", updateTokenRequest
.data("Sensitive Value")
.mask("{{ data | reveal_last: 4 }}")
.metadata(Map.of("nonSensitiveField", "Non-Sensitive Value"))
.searchIndexes(Arrays.asList("{{ data }}", "{{ data | last4 }}"))
.fingerprintExpression("{{ data }}")
.deduplicateToken(true)
.expiresAt("8/26/2030 7:23:57 PM -07:00"));
System.out.println(result);
}
}
import basistheory
from basistheory.api import tokens_api
from basistheory.model.update_token_request import UpdateTokenRequest
with basistheory.ApiClient(configuration=basistheory.Configuration(api_key="key_N88mVGsp3sCXkykyN2EFED")) as api_client:
token_client = tokens_api.TokensApi(api_client)
token = token_client.update(id="c06d0789-0a38-40be-b7cc-c28a718f76f1", update_token_request=UpdateTokenRequest(
data="Sensitive Value",
mask="{{ data | reveal_last: 4 }}",
metadata={
"nonSensitiveField": "Non-Sensitive Value"
},
search_indexes=[
"{{ data }}",
"{{ data | last4 }}"
],
fingerprint_expression="{{ data }}"
))
package main
import (
"context"
"github.com/Basis-Theory/basistheory-go/v3"
)
func main() {
configuration := basistheory.NewConfiguration()
apiClient := basistheory.NewAPIClient(configuration)
contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
"ApiKey": {Key: "key_N88mVGsp3sCXkykyN2EFED"},
})
updateTokenRequest := *basistheory.NewUpdateTokenRequest("Sensitive Value")
updateTokenRequest.SetMask("{{ data | reveal_last: 4 }}")
updateTokenRequest.SetMetadata(map[string]string{
"myMetadata": "myMetadataValue",
})
updateTokenRequest.SetSearchIndexes([]string{"{{ data }}", "{{ data | last4 }}"})
updateTokenRequest.SetFingerprintExpression("{{ data }}")
updateTokenResponse, updateTokenHttpResponse, createErr := apiClient.TokensApi.Update(contextWithAPIKey, "c06d0789-0a38-40be-b7cc-c28a718f76f1").UpdateTokenRequest(updateTokenRequest).Execute()
}
Request Parameters
Attribute | Required | Type | Behavior | Description |
---|---|---|---|---|
data | false | any | Merge Patch (see RFC 7386) | Token data. Can be an object, array, or any primitive type such as an integer, boolean, or string |
mask | false | any | Merge Patch (see RFC 7386) | Token data mask. Can be an object, array, or any primitive type such as an integer, boolean, or string. See mask expressions. |
metadata | false | map<string, string> | Merge Patch (see RFC 7386) | A key-value map of strings containing non-sensitive data. |
containers | false | array | Replace | Array of containers to place this token within. Each container is a path representing a logical grouping of tokens. See Token Containers for details. |
search_indexes | false | array | Replace | Array of expressions used to generate indexes to be able to search against. |
fingerprint_expression | false | string | Replace | Expressions used to fingerprint your token. |
deduplicate_token | false | bool | Replace | Whether the token is deduplicated on creation. |
expires_at | false | string | Replace | ISO8601 compatible Token expiration DateTime. See Token Expiration for more details. |
Response
Returns the updated token if successful. Returns an error if there were validation errors, or the token failed to create.
{
"id": "c06d0789-0a38-40be-b7cc-c28a718f76f1",
"tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
"type": "token",
"data": "XXXXXXXXXXXalue",
"mask": "{{ data | reveal_last: 4 }}",
"containers": ["/general/high/"],
"metadata": {
"nonSensitiveField": "Non-Sensitive Value"
},
"search_indexes": ["{{ data }}", "{{ data | last4 }}"],
"fingerprint_expression": "{{ data }}",
"created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
"created_at": "2020-09-15T15:53:00+00:00"
}
data
,metadata
, fingerprint_expression
, search_indexes
and mask
attributes will be redacted.Delete Token
Delete a token by ID in the Tenant.
Permissions
token:delete
Request
- cURL
- JavaScript
- C#
- Java
- Python
- Go
curl "https://api.basistheory.com/tokens/c06d0789-0a38-40be-b7cc-c28a718f76f1" \
-H "BT-API-KEY: key_N88mVGsp3sCXkykyN2EFED" \
-X "DELETE"
import { BasisTheory } from "@basis-theory/basis-theory-js";
const bt = await new BasisTheory().init("key_N88mVGsp3sCXkykyN2EFED");
await bt.tokens.delete("c06d0789-0a38-40be-b7cc-c28a718f76f1");
using BasisTheory.net.Tokens;
var client = new TokenClient("key_N88mVGsp3sCXkykyN2EFED");
await client.DeleteAsync("c06d0789-0a38-40be-b7cc-c28a718f76f1");
package org.example;
import com.basistheory.*;
import com.basistheory.auth.*;
public class App {
public static void main(String[] args) throws Exception {
ApiClient defaultClient = Configuration.getDefaultApiClient();
defaultClient.setBasePath("https://api.basistheory.com");
ApiKeyAuth ApiKey = (ApiKeyAuth) defaultClient.getAuthentication("ApiKey");
ApiKey.setApiKey("key_N88mVGsp3sCXkykyN2EFED");
TokensApi apiInstance = new TokensApi(defaultClient);
apiInstance.delete("c06d0789-0a38-40be-b7cc-c28a718f76f1");
}
}
import basistheory
from basistheory.api import tokens_api
with basistheory.ApiClient(configuration=basistheory.Configuration(api_key="key_N88mVGsp3sCXkykyN2EFED")) as api_client:
token_client = tokens_api.TokensApi(api_client)
token_client.delete(id="c06d0789-0a38-40be-b7cc-c28a718f76f1")
package main
import (
"context"
"github.com/Basis-Theory/basistheory-go/v3"
)
func main() {
configuration := basistheory.NewConfiguration()
apiClient := basistheory.NewAPIClient(configuration)
contextWithAPIKey := context.WithValue(context.Background(), basistheory.ContextAPIKeys, map[string]basistheory.APIKey{
"ApiKey": {Key: "key_N88mVGsp3sCXkykyN2EFED"},
})
httpResponse, err := apiClient.TokensApi.Delete(contextWithAPIKey, "c06d0789-0a38-40be-b7cc-c28a718f76f1").Execute()
}
URI Parameters
Parameter | Required | Type | Default | Description |
---|---|---|---|---|
id | true | string | null | The ID of the token |
Response
Returns an error if the token failed to delete.
Token Object
Attribute | Type | Description |
---|---|---|
id | string | Unique identifier of the token which can be used to get a token |
tenant_id | uuid | The Tenant ID which owns the token |
type | string | Token type |
data | any | Token data |
mask | any | An expression defining the mask to apply when retrieving token data with restricted permissions. |
fingerprint | string | Uniquely identifies the contents of this token. See Token Types for the default expression for each token type. |
containers | array | Array of containers to place this token within. Each container is a path representing a logical grouping of tokens. See Token Containers for details. |
metadata | map<string, string> | A key-value map of strings containing non-sensitive data. |
created_by | uuid | The Application ID which created the token |
created_at | date | Created date of the token in ISO 8601 format |
modified_by | uuid | (Optional) The Application ID which last modified the token |
modified_at | date | (Optional) Last modified date of the token in ISO 8601 format |
search_indexes | array | (Optional) Array of search index expressions used when creating the token. |
fingerprint_expression | string | (Optional) An expression defining the value to fingerprint when creating the token. |
expires_at | string | (Optional) The token expiration date. |
Token Data Validations
Bank Object
Attribute | Required | Type | Default | Description |
---|---|---|---|---|
routing_number | true | string | null | Nine-digit ABA routing number. Its checksum is validated. |
account_number | true | string | null | Account number up to seventeen-digits |
Card Object
Attribute | Required | Type | Default | Description |
---|---|---|---|---|
number | true | string | null | The card number without any separators |
expiration_month | false | integer | null | Two-digit number representing the card's expiration month |
expiration_year | false | integer | null | Four-digit number representing the card's expiration year |
cvc | false | string | null | Three or four-digit card verification code with automatic expiration |
See Test Card Numbers for suggested test data when using cards.
The cvc
property automatically expires and is deleted after one hour in order to comply with PCI requirements.
cvc
for longer than one hour, it may be possible to extend the expiration time while maintaining PCI compliance. Please reach out to our support team for assistance.Token Expiration
By default a created token will not expire, however, users can optionally set the expires_at
property with an ISO8601 DateTime
when creating a token to determine its expiration date.
An expired token is deleted from the tenant up to 1 hour after its expiration time.
Expiration Date Formats
Format | Example |
---|---|
DateTime String w/ Offset | 8/26/2030 7:23:57 PM -07:00 |
ShortDate String | 9/27/2030 |
DateTime
string, it's considered that the provided time is in UTC. When using the ShortDate
format, the expiration time will be set as 12AM UTC.