Online-payment icon

Create and use tokens with the Sessions flow

Learn how to create and use tokens with a Sessions flow integration.

      Try it in our API Explorer.
  Postman collection

Implementation examples
  Java Spring
  .NET
  Node.js

To tokenize your shoppers payment details, you need to include additional fields when you make a /sessions request. If your request is successful, you receive a webhook containing the token that can be used for subsequent payments. You can use the token when making a payment request to offer returning customers a faster checkout experience.




If you are implementing 3D Secure for PSD2 SCA compliance, use our self-service guide to find out about the PSD2 SCA compliance rules that apply to your business when tokenizing shopper payment details.

Set parameters to flag transactions

When you make a /sessions request to create a token or pay with a token, you must include:

Parameter Description
recurringProcessingModel When you first create a token, indicates what type of recurring payment the token is intended for.
For subsequent payments, indicates the type of recurring payment. Possible values:
  • CardOnFile: A transaction where shopper card details are stored to enable one-click or omnichannel journeys, or to offer a faster checkout later.
  • UnscheduledCardOnFile: A transaction that occurs on a non-fixed schedule and/or have variable amounts.
  • Subscription: A transaction for a fixed or variable amount, which follows a fixed schedule.
shopperInteraction Indicates the sales channel through which the shopper gives their card details, for online transactions, this is Ecommerce. For subsequent payments, indicates whether the shopper is a returning customer (ContAuth).
shopperReference Your unique reference for the shopper. Minimum length: three characters. Do not include personally identifiable information (PII), such as name or email address.
storePaymentMethodMode Indicates if the details of the payment method will be stored for the shopper. Possible values:
  • disabled: No details will be stored (default).
  • askForConsent: When shopperReference is included, the Drop-in/Component displays a checkbox where the shopper can select to store their payment details.
  • enabled: When shopperReference is included, the payment details will be stored. The Drop-in/Component will not display a checkbox where the shopper can select to store their payment details.

When creating a token that you want to use for more than one type of recurring payment (for example, initially Subscription but in future also CardOnFile), use the recurringProcessingModel that is most appropriate at the time of token creation. In subsequent transactions you can then specify the applicable recurringProcessingModel.

Enable the webhook

When you store a shopper's payment details, you receive an asynchronous RECURRING_CONTRACT webhook. You must enable it on the Standard webhook page and the Webhooks settings page.

The webhook includes the token that you use for payments with the shopper's stored payment details:

Field Description
originalReference The pspReference for the payment made to store the shopper's payment details.
additionalData.recurring.recurringDetailReference The token for the stored payment details.
You must contact our Support Team to enable this parameter in your response.
additionalData.recurring.shopperReference Your unique shopper reference. Use this to associate the shopper with the token.
pspReference The token for the stored payment details. This is the same as recurringDetailReference.

Create a token

You can use the /sessions endpoint to create tokens for all recurring payment types, but you need to use the /payments endpoint to make subsequent Subscription and UnscheduledCardOnFile payments with tokens.

Select the tab that fits your business model and follow the integration steps:

One-off transactions where a shopper stores payment details or where the shopper purchases from your website or app at a later time using the saved details.

SCA can be required depending on regulations and scheme rules.

Save payment details for one-off payments

From your server, make a POST /sessions request including:

Parameter Description
amount The currency and value of the payment amount in minor units.
You can set amount.value to 0 to validate the payment details with a zero-auth transaction before processing payments.
shopperReference Your unique identifier for the shopper. Minimum length: three characters. Do not include personally identifiable information (PII), such as name or email address.
shopperInteraction Ecommerce
recurringProcessingModel CardOnFile
storePaymentMethodMode askForConsent: To display a checkbox where the shopper can select to store their payment details.
enabled: To store your shopper's payment details without displaying a checkbox where the shopper can select to store their payment details.

The token is created after a successful payment authorization to ensure that the payment details the shopper provided are linked to an active, chargeable account.

You get a /sessions response, including storePaymentMethod: true.

Result codes

The outcome of the tokenization request depends on the resultCode you get.

Result code Description Action
Authorised The payment was successful, and the payment details were tokenized. Save the token from the RECURRING_CONTRACT webhook.
Pending The payment is pending, and the payment details haven not been tokenized yet. Wait for the RECURRING_CONTRACT webhook that you get when the payment reaches the Authorised status.
Refused The payment was refused, and the payment details were not tokenized. Make another payment request to try tokenizing again.

When you get the token, store it with your shopper reference so that you and the shopper can use it for recurring payments.

Authorised API response

For some API responses with resultCode: Authorised, the token is included. You can enable the feature to get the token in the API response, when available, in the additionalData.recurring.recurringDetailReference. For example:

Because the API response does not always include the token, we recommend always getting it from the RECURRING_CONTRACT webhook.

Pay with a token

Select the type of recurring payment to make:

  1. Present the shopper's saved payment method in your payment form.

    With our client-side solutions (Drop-in, Components, or Pay by Link), you can present a shopper's stored cards in the payment form. For more information on how to do this, refer to the Cards documentation for Drop-in (Web, iOS, Android), the Card Component documentation (Web, iOS, Android), or our Pay by Link documentation.

  2. From your server, make a POST /sessions request including:

    Parameter Required Description
    paymentMethod.storedPaymentMethodId -white_check_mark- The token for the shopper's stored payment details. This is the recurringDetailReference from the response when you created the token.
    paymentMethod.encryptedSecurityCode -white_check_mark- The encrypted card verification code (CVC).
    If you do not want to require the CVC for one-off payments using stored details, you must contact our Support Team to activate the skipCvcForOneClick in your Customer Area.
    Do not store the CVC. Storing it violates PCI compliance rules.
    shopperReference -white_check_mark- Your unique identifier for the shopper. Must be the same one you included with the request to create the token.
    shopperInteraction -white_check_mark- ContAuth
    recurringProcessingModel -white_check_mark- CardOnFile

If you use 3D Secure for PSD2 SCA compliance, some issuing banks require SCA for ContAuth with CardOnFile transactions. See the PSD2 SCA compliance guide for more information.

Test and go live

To receive the recurringDetailReference in the /sessions response when it is available:

  1. In your Customer Area, go to Developers > Additional data.
  2. Select Recurring details.
  3. Select Save.

In your test environment:

  1. Test that you get the RECURRING_CONTRACT webhook.
  2. Store a test token.
  3. Make a test payment with the token.

Before going live:

Enable the RECURRING_CONTRACT webhook in your live Customer Area.

See also

Next steps

Capture a payment

Capture approved authorization when it is necessary to complete a payment.
Manage tokens

Retrieve, update, and disable tokens you stored with Adyen.