Implementation examples
Java Spring
.NET
Node.js
Tokenization is the process of replacing sensitive data with a non-sensitive equivalent, called a token. For payments, a token represents the shopper's payment details, such as the Primary Account Number (PAN).
If the shopper consents to save their payment details, we store payment details in the Adyen Vault. When the shopper chooses to pay with their saved payment details, you make the payment with a token. Tokens reduce your security risks and lowers your PCI DSS scope.
Tokenize is an Adyen Uplift module, and it lets you:
- Let shoppers store their payment details for a faster checkout experience later.
- Store payment details for subscription or other non-fixed schedule contracts.
- Reduce your PCI DSS scope by letting Adyen handle the sensitive payment data in the Adyen Vault.
- Enhance your implementation with additional features to increase authorization rates and reduce declines due to replaced or expired cards.
Implementation options
You can choose one of the following server-side flows to implement tokenization:
-
The Sessions flow is the simplest way to store payment details. It minimizes your security requirements by creating a secure session that contains all the information needed for our client-side components to securely create and pay with tokens. This implementation qualifies you for the simplest form of PCI validation (SAQ A).
-
The Advanced flow gives you more control over your checkout experience. You use our client-side components, or your own front-end, to collect payment details before sending them to your server to make an API call. It also requires you to manage the data flow and state yourself, offering greater flexibility for complex integrations.
Recurring payment types
You can make the following types of recurring payments:
- One-click payments: transactions where a returning shopper uses their saved payment details to pay in your website or app for simpler and faster checkout.
- Subscriptions: recurring transactions you initiate at regular intervals for a product or a service.
- Automatic top-ups and other non-fixed schedule contracts: transactions you initiate at irregular intervals for contracts where payments occur on a non-fixed schedule This includes automatic top-ups when the cardholder's balance drops below a certain amount.
The available recurring payment types depend on your server-side flow. If you use the Sessions flow, you must also use the /payments endpoint to make token payments where the shopper is not present, such as subscription payments.
Type | Sessions flow | Advanced flow | ||
|---|---|---|---|---|
| Create a token | Make a payment | Create a token | Make a payment | |
| One-click payments |  |
|
|
|
| Subscriptions | |
 |
|
|
| Automatic top-ups and other non-fixed schedule contracts |
|
|
|
|
Supported payment methods
We support tokenization for many card and local payment methods, including major card brands, ACH Direct Debit, and SEPA Direct Debit.
Our payment methods overview shows if each payment method supports recurring payments using tokenization.
Shopper reference management
When you store a shopper's payment details, you must store the token with a unique shopper reference. This shopper reference must be unique to each shopper, because we use it to associate the token with the shopper.
By default, shopper references and tokens can only be used with one merchant account. If your company account has multiple merchant accounts, you can enable the Token Groups feature which shares shopper references and their associated tokens between your merchant accounts. Contact our Support Team to enable the feature.
Security and compliance
We use client-side encryption (CSE) and end-to-end encryption to ensure that sensitive data is never exposed. All cryptographic keys are managed in a secure and compliant manner, so that you can focus on processing payments while Adyen handles the security requirements.
If you are not fully PCI DSS compliant, we recommend that you use Adyen tokens to make payments and limit your PCI scope.
To collect raw card data, you need to be fully PCI DSS compliant. If you are fully PCI DSS compliant, you can either create your own token vault or store raw card data to offer faster checkout options.
Enhance your tokenization implementation
Our solution lets you benefit from additional features to make your tokenization implementation more reliable and robust.
- Network tokenization: use secure tokens created and managed directly by card networks. It is independent of the physical card's expiration date, and remains valid even if the card is lost or expires. Adyen automatically requests network tokens for stored cards when possible, and no extra integration is required to use them.
- Account Updater: prevent declined payments due to expired or replaced cards. Account Updater automatically updates card details by working in the background with card schemes to get the latest card information.
- Forward: forward the payment details you stored with Adyen to a PCI-compliant third party. This lets you use the payment details you have securely stored with Adyen across providers.
Network tokenization
Increase authorization rates with secure tokens from card networks.
Account updater
Automatically update expired or replaced card details in your vault.
Forward
Forward payment details you stored in the Adyen Vault to third parties.
