API Overview

Token Management Service Developer Guide
- Recent Revisions to This Document
- VISA Platform Connect: Specifications and Conditions for Resellers/Partners
- TERMS OF USE APPLICABLE TO CARD NETWORK TOKENS

Introduction to the Token Management Service
- Types of Tokens
  - Customer Tokens
  - Shipping Address Tokens
  - Payment Instrument Tokens
  - Instrument Identifier Tokens
  - Network Tokens

Token Management Service Workflows
- PAN Tokenization Process Using TMS
- Network Token Tokenization Process
- Push Provisioning Process
- Network Token Provisioning for Merchants
- Network Token CIT for Merchants
- Network Token MIT for Merchants
- Network Token Provisioning for Partners
- Network Token CIT for Partners
- Network Token MIT for Partners

Requesting the Token Management Service API
- HTTP Response Headers
- Case Sensitivity
- Metadata
- Patching Considerations
  - Pagination
- Supported Processors
- Test Card Numbers

Token Management Service Onboarding
- Merchant ID Hierarchy
- Merchant ID Registration
- Portfolio MIDs for Partners
- Token Vault Management
  - Configure the Token Vault Settings Using the Business Center
  - Configure the Token Vault Access Using the Business Center
  - Configure Network Tokenization Using the Business Center
- Message-Level Encryption Keys
  - Creating a Message-Level Encryption Key

Network Tokenization
- Network Token Enablement
- Network Token Onboarding—Partner Model
- Network Token Life-Cycle Management
  - REST Examples: Life-Cycle Management Notifications
- Network Token Life-Cycle Management Reports
- Token Requestor IDs

Manage Webhook Subscriptions
- Create Keys for Digital Signature
  - Required Fields for Creating Keys for Digital Signature
  - REST Example: Creating Keys for Digital Signature
- Create Webhook Subscription
  - Required Fields for Creating Webhook Subscription
  - REST Example: Creating a Webhook Subscription
- Retrieve Webhook Subscription Details
  - Required Field for Retrieving Webhook Subscription Details
  - REST Example: Retrieving Webhook Subscription Details
- Update Webhook Subscription
  - Required Field for Updating Webhook Subscription
  - REST Example: Updating Webhook Subscriptions
- Delete Webhook Subscription
  - Required Field for Deleting a Webhook Subscription
  - REST Example: Deleting a Webhook Subscription

Customer Tokens
- Manage Customer Tokens
- Create a Customer
  - Required Fields for Creating a Customer
  - REST Example: Creating a Customer
- Retrieve a Customer
  - REST Example: Retrieving a Customer
- Update a Customer
  - Optional Fields for Updating a Customer
  - REST Example: Updating a Customer
- Delete a Customer
  - Required Fields for Deleting a Customer Token
  - REST Example: Deleting a Customer
- Retrieve a Customer's Default Payment with an Unmasked Card Number
  - REST Example: Retrieving a Customer's Default Payment with an Unmasked Card Number
- Retrieve a Customer's Default Payment and Shipping Details
  - REST Example: Retrieving a Customer's Default Payment and Shipping Details
- Payments with Customer Tokens
- Create a Customer Token with Validated Payment Details
  - Required Fields for Creating a Customer Token with Validated Payment Details Using the REST API
  - REST Example: Creating a Customer Token with Validated Payment Details
- Authorizing a Payment with a Customer Token
  - Required Fields for Authorizing a Payment with a Customer Token
  - REST Example: Authorizing a Payment with a Customer Token
  - REST Example: Authorizing a Payment Using a Customer Token Linked to a Network Token
- Making a Credit with a Customer Token
  - Required Fields for Making a Credit with a Customer Token
  - REST Example: Making a Credit with a Customer Token

Shipping Address Tokens
- Manage Shipping Address Tokens
- Create a Customer Shipping Address
  - Required Fields for Creating a Customer Shipping Address
  - REST Example: Creating a Customer Shipping Address
- Add a Default Shipping Address
  - Required Fields for Adding a Default Shipping Address
  - REST Example: Adding a Default Shipping Address
- Add a Non-Default Shipping Address
  - Required Fields for Adding a Non-Default Shipping Address
  - REST Example: Adding a Non-Default Shipping Address
- Change a Default Shipping Address
  - Required Fields for Changing a Default Shipping Address
  - REST Example: Changing Default Shipping Address
- Retrieve a Customer Shipping Address
  - REST Example: Retrieving a Shipping Address
- Retrieve All Customer Shipping Addresses
  - REST Example: Retrieving All Customer Shipping Addresses
- Update a Customer Shipping Address
  - Required Fields for Updating a Customer Shipping Address
  - REST Example: Updating a Customer Shipping Address
- Delete a Customer Shipping Address
  - Required Fields for Deleting a Customer Shipping Address
  - REST Example: Deleting a Customer Shipping Address
- Payments with Shipping Address Tokens
- Authorizing a Payment with a Non-Default Shipping Address
  - Required Fields for Authorizing a Payment with a Non-Default Shipping Address
  - REST Example: Authorizing a Payment with a Non-Default Shipping Address

Customer Payment Instrument Tokens
- Manage Customer Payment Instrument Tokens
- Create a Customer Payment Instrument
  - Required Fields for Creating a Customer Payment Instrument
  - Optional Fields for Creating a Customer Payment Instrument
  - REST Example: Creating a Customer Payment Instrument
- Add a Default Payment Instrument Using Instrument Identifier
  - Required Fields for Adding a Default Payment Instrument Using Instrument Identifier Using the REST API
  - Optional Fields for Adding a Default Payment Instrument Using Instrument Identifier Using the REST API
  - REST Example: Adding a Default Payment Instrument Using Instrument Identifier
- Add a Default Payment Instrument with Validated Payment
  - Required Fields for Adding a Default Payment Instrument with Validated Payment Using the REST API
  - REST Example: Adding a Default Payment Instrument with Validated Payment
- Add a Non-Default Payment Instrument Using Instrument Identifier
  - Required Fields for Adding a Non-Default Payment Instrument Using Instrument Identifier
  - Optional Fields for Adding a Non-Default Payment Instrument Using Instrument Identifier
  - REST Example: Adding a Non-Default Payment Instrument Using Instrument Identifier
- Add a Non-Default Payment Instrument with Validated Payment
  - Required Fields for Adding a Non-Default Payment Instrument with Validated Payment Using the REST API
  - REST Example: Adding a Non-Default Payment Instrument with Validated Payment
- Change a Customer's Default Payment Instrument
  - Required Fields for Changing a Customer's Default Payment Instrument
  - REST Example: Changing a Customer's Default Payment Instrument
- Retrieve a Customer Payment Instrument
  - REST Example: Retrieving a Customer Payment Instrument
- Retrieve a Customer Payment Instrument with an Unmasked Card Number
  - REST Example: Retrieving a Customer Payment Instrument with an Unmasked Card Number
- List Payment Instruments for a Customer
  - Required Fields for Listing Payment Instruments for a Customer
  - REST Example: Listing Payment Instruments for a Customer
- Update a Customer Payment Instrument
  - Required Fields for Updating a Customer Payment Instrument
  - Optional Fields for Updating a Customer Payment Instrument
  - REST Example: Updating a Customer Payment Instrument
- Delete a Customer Payment Instrument
  - REST Example: Deleting a Customer Payment Instrument
- Payments with Customer Payment Instrument Tokens
- Authorizing a Payment with a Non-Default Payment Instrument
  - Required Fields for Authorizing a Payment with a Non-Default Payment Instrument
  - Optional Fields for Authorizing a Payment with a Non-Default Payment Instrument
  - REST Example: Authorizing a Payment with a Non-Default Payment Instrument
- Making a Credit with a Non-Default Payment Instrument
  - Required Fields for Making a Credit with a Non-Default Payment Instrument
  - Optional Fields for Making a Credit with a Non-Default Payment Instrument
  - REST Example: Making a Credit with a Non-Default Payment Instrument

Payment Instrument Tokens
- Manage Payment Instrument Tokens
- Create a Payment Instrument
  - Required Fields for Creating a Payment Instrument
  - Optional Fields for Creating a Payment Instrument
  - REST Example: Creating a Payment Instrument
- Retrieve a Payment Instrument
  - REST Example: Retrieving a Payment Instrument
- Find Payment Instruments by Card Number
  - Required Fields for Finding Payment Instruments by Card Number
  - REST Example: Finding Payment Instruments by Card Number
- Retrieve a Payment Instrument with an Unmasked Card Number
  - REST Example: Retrieving a Payment Instrument with an Unmasked Card Number
- Update a Payment Instrument
  - Optional Fields for Updating a Payment Instrument
  - REST Example: Updating a Payment Instrument
- Delete a Payment Instrument
  - Required Fields for Deleting a Payment Instrument
  - REST Example: Deleting a Payment Instrument
- Payments with Payment Instrument Tokens
- Authorizing a Payment with a Payment Instrument
  - Required Fields for Authorizing a Payment with a Payment Instrument
  - Optional Fields for Authorizing a Payment with a Payment Instrument
  - REST Example: Authorizing a Payment with a Payment Instrument
- Making a Credit with a Payment Instrument
  - Required Fields for Making a Credit with a Payment Instrument
  - REST Example: Making a Credit with a Payment Instrument

Instrument Identifier Tokens
- Manage Instrument Identifier Tokens
- Create an Instrument Identifier
  - Required Fields for Creating an Instrument Identifier
  - Optional Fields for Creating an Instrument Identifier
  - REST Example: Creating a Card Instrument Identifier
  - REST Example: Creating a Bank Account Instrument Identifier
- Create an Instrument Identifier for Enrollable Network Tokens
  - Required Fields for Creating an Instrument Identifier for a Device Token
  - Optional Fields for Creating an Instrument Identifier
  - REST Example: Creating an Instrument Identifier for a Device Token
- Retrieve an Instrument Identifier
  - REST Example: Retrieving an Instrument Identifier
- Update an Instrument Identifier
  - Optional Fields for Updating an Instrument Identifier
  - REST Example: Updating an Instrument Identifier
- Retrieve an Instrument Identifier's Payment Instruments
  - REST Example: Retrieving an Instrument Identifier's Payment Instruments
- Retrieve an Instrument Identifier with an Unmasked Card Number
  - REST Example: Retrieving an Instrument Identifier with an Unmasked Card Number
- Delete an Instrument Identifier
  - REST Example: Deleting an Instrument Identifier
- Payments with Instrument Identifier Tokens
- Create an Instrument Identifier Token with Validated Payment Details
  - Required Fields for Creating an Instrument Identifier Token with Validated Payment Details
  - REST Example: Creating an Instrument Identifier with Validated Payment Details
- Authorize a Payment with an Instrument Identifier
  - Required Fields for Authorizing a Payment with an Instrument Identifier
  - REST Example: Authorizing a Payment with an Instrument Identifier
  - REST Example: Authorizing a Payment with an Instrument Identifier While Creating TMS Tokens
- Making a Credit with an Instrument Identifier
  - Required Fields for Making a Credit with an Instrument Identifier
  - REST Example: Making a Credit with an Instrument Identifier

Legacy Tokens
- Payments with Legacy Tokens
- Authorizing a Payment with a Legacy Token
  - Required Fields for Authorizing a Payment with a Legacy Token
  - REST Example: Authorizing a Payment with a Legacy Token
- Making a Credit with a Legacy Token
  - Required Fields for Making a Credit with a Legacy Token
  - REST Example: Making a Credit with a Legacy Token

Network Tokens
- Authorize a Payment While Ignoring Network Token
  - Required Fields for Authorizing a Payment While Ignoring Network Token
  - REST Example: Authorizing a Payment While Ignoring Network Token
- Update Merchant-Initiated Transaction Authorization Options
  - Required Fields for Updating MIT Authorization Options
  - REST Example: Updating MIT Authorization Options
- Provision a Network Token for a Card Number
  - Required Fields for Provisioning a Network Token for a Card Number
  - Optional Fields for Provisioning a Network Token for a Card Number
  - REST Example: Provisioning a Network Token for a Card Number
- Provision a Network Token for an Existing Instrument Identifier
  - Required Fields for Provisioning a Network Token for an Existing Instrument Identifier
  - Optional Fields for Provisioning a Network Token for an Existing Instrument Identifier
  - REST Example: Provisioning a Network Token for an Existing Instrument Identifier
- Provision a Network Token for a Consumer
  - Required Fields for Provisioning a COF Network Token for a Consumer
  - REST Example: Provisioning a Network Token for a Consumer
- Provision a Network Token for a Token
  - Required Fields for Provisioning a Network Token for a Token
  - REST Example: Provisioning a Network Token for a Token
- Retrieve a Standalone Network Token
  - REST Example: Retrieving a Standalone Network Token
- Delete a Standalone Network Token
  - REST Example: Deleting a Standalone Network Token
- Retrieve Network Token Payment Credentials
  - REST Example: Retrieving Network Token Payment Credentials
- Retrieve Network Token AFT Payment Credentials
  - Required Fields for Retrieving Network Token AFT Payment Credentials
  - REST Example: Retrieving Network Token AFT Payment Credentials
- Provision a Network Token with Push Provisioning
  - Required Fields for Provisioning a Network Token with Push Provisioning
  - Optional Fields for Provisioning a Network Token with Push Provisioning
  - REST Example: Provisioning a Network Token with Push Provisioning
- Network Token Provision Failures

Passkey Service
- Create Tokenized Card Authentication Options
  - Required Fields for Creating Tokenized Card Authentication Options
  - REST Example: Creating Tokenized Card Authentication Options
- Create a One-Time Password for Tokenized Card Authentication
  - Required Field for Creating an OTP for Tokenized Card Authentication
  - REST Example: Creating an OTP for Tokenized Card Authentication
- Validate a One-Time Password or Issuer Authentication Code
  - Required Field for Validating an OTP or Issuer Authentication Code
  - REST Example: Validating an OTP or Issuer Authentication Code
- Create Tokenized Card Authentication Registration
  - Required Fields for Creating Tokenized Card Authentication Registration
  - REST Example: Creating Tokenized Card Authentication Registration
- Create Tokenized Credentials with Authenticated Passkey Service Credentials
  - Required Fields for Creating Tokenized Credentials with Authenticated Passkey Service Credentials
  - REST Example: Creating Tokenized Credentials with Authenticated Passkey Service Credentials

Passkey Service API Field Reference
- authenticatedIdentities. data
- authenticatedIdentities. id
- authenticatedIdentities. provider
- clientCorrelationId
- deviceInformation. platformType
- deviceInformation. httpAcceptContent
- deviceInformation. httpBrowserColorDepth
- deviceInformation. httpBrowserJavaEnabled
- deviceInformation. httpBrowserLanguage
- deviceInformation. httpBrowserScreenHeight
- deviceInformation. httpBrowserScreenWidth
- deviceInformation. httpBrowserJavaScriptEnabled
- deviceInformation. ipAddress
- issuerAuthCode
- merchantInformation. merchantDescriptor.url
- merchantInformation. merchantDescriptor.name
- orderInformation. amountDetails.currency
- orderInformation. amountDetails.totalAmount
- otp
- sessionInformation. secureToken
- stepUpOptions. id
- stepUpOptions. method
- stepUpOptions. platformType
- stepUpOptions. requestPayload
- stepUpOptions. source
- stepUpOptions. subMethod
- stepUpOptions. value

Card Art
- Retrieve Card Art
  - REST Example: Retrieving Card Art Assets

BIN Lookup Service and TMS
- REST Example: Retrieving an Instrument Identifier with BIN Details

Using Token Management Service with Wallet Apps
- Manage Tokens with Wallet Apps
- Create a New Customer Account
- Add a New Shipping Address
- Edit or Delete a Shipping Address
- Create a New Payment Instrument with the Payments API
- Edit or Delete a Payment Method
- Change the Default Payment Method
- Add a New Payment Method Address
- View Wallet
- Payments with Tokens and Wallet Apps
- Authorize a Payment

Reference Information
- Encrypt and Decrypt Data
- HTTP Status Codes

Supported Processors

On This Page

Create a One-Time Password for Tokenized Card Authentication

This section describes how to create a one-time password (OTP) for a tokenized card. Before you send this request, you must receive the

STEP_UP_AUTHENTICATE

value in the

action

field from the create tokenized card authentication options
request. For more information see Create Tokenized Card Authentication Options.

The issuer is notified when the

stepUpOptions.method

field is set to one of these values:

OTP_SMS

OTP_EMAIL

OTP_ONLINE_BANKING

Endpoint

Test:

PUT https://apitest.cybersource.com/tms/v2/tokenized-cards/{tokenId}
/authentication-options/one-time-passwords

Production:

PUT https://api.cybersource.com/tms/v2/tokenized-cards/{tokenId}
/authentication-options/one-time-passwords

Production in India:

PUT https://api.in.cybersource.com/tms/v2/tokenized-cards/{tokenId}
/authentication-options/one-time-passwords

The {tokenId}
is the identifier of the tokenized card.

Required Field for Creating an OTP for Tokenized Card Authentication

clientCorrelationId: Set to the client reference ID.
stepUpOption.id

Related Information

API Field Reference for the REST API

REST Example: Creating an OTP for Tokenized Card Authentication

Request

{
  "clientCorrelationId": "aB3cD4eF5gH6iJ7kL8mN9oP0qR1sT2uV3wX",
  "stepUpOption": {
    "id": "YWEwMjFhZmFkZDU4ZWI0NDJjYTM0MzY4OTY1YjdhMDE="
  }
}

Response to a Successful Request

{
  "maxRequestsAllowed": 0,
  "maxVerificationAllowed": 0,
  "codeExpiration": 0
}

Back to top