{"title":"Tokenization","category":"default","creationDate":1776961627,"content":"<p>For certain business models, tokenization is necessary to securely capture and store a shopper's card details during an in-person transaction. This process allows you to create a so-called <em>recurring contract<\/em> and make later charges after the shopper's initial point-of-sale transaction. For example:<\/p>\n<ul>\n<li>Subscriptions: cross-sell products that require regular payments, such as an insurance policy for a product that the shopper bought in your store.<\/li>\n<li>Hospitality: charge no-shows, or charge guests for additional services or damages.<\/li>\n<li>Autonomous stores: charge the shopper for the groceries they walked out with, if the payment failed at first. Using the token the payment can be retried later.<\/li>\n<li>Omnichannel: complete part of the sale in-store, and complete another part of the sale after goods are delivered to the shopper.<\/li>\n<\/ul>\n<h2 id=\"before-you-begin\">Requirements<\/h2>\n<p>Before you begin, take into account the following requirements, limitations, and preparations.<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Requirement<\/th>\n<th style=\"text-align: left;\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><strong>Integration type<\/strong><\/td>\n<td style=\"text-align: left;\">A <a href=\"\/pt\/point-of-sale\/design-your-integration\/terminal-api\">Terminal API<\/a> integration with payment terminals.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>Limitations<\/strong><\/td>\n<td style=\"text-align: left;\">Note that while we backward-support the old system, you cannot use both the old and <a href=\"\/pt\/point-of-sale\/recurring-payments#tokenization-parameters\">new parameters (available from software version 1.85)<\/a> in the same payment request.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>Setup steps<\/strong><\/td>\n<td style=\"text-align: left;\">Before you begin, review <a href=\"\/pt\/online-payments\/psd2-sca-compliance-and-implementation-guide\/business-models-overview\">additional SCA requirements based on business models<\/a> that can apply to you depending on your tokenization implementation.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>How it works<\/h2>\n<p>If you tokenize the shopper's payment details when they make a payment at the point of sale, you can use that token in a later online payment.<\/p>\n<ol>\n<li>You ask the shopper's consent to tokenize their card for specific future payments.<\/li>\n<li>You make an <a href=\"#make-initial-payment\">initial point-of-sale payment<\/a> with <a href=\"#tokenization-parameters\">tokenization parameters<\/a>.<\/li>\n<li>We securely save the shopper's payment details, and generate and send you a token. This token represents the shopper's payment details.<\/li>\n<li>You use the token to make a later <a href=\"#recurring-online\">online payment with saved payment details<\/a>.<\/li>\n<\/ol>\n<h2>Cardholder consent and authentication<\/h2>\n<p>Tokenization should always be an opt-in process. Without the shopper's consent, there is an increased chance of chargebacks for payments made using saved card details.<\/p>\n<p>Under PSD2 regulations, the tokenization process also requires <a href=\"\/pt\/online-payments\/psd2-sca-compliance-and-implementation-guide\">Strong Customer Authentication (SCA)<\/a> on the initial transaction. The later transactions are then exempted from customer authentication and can be made using a token. When the initial transaction is a point-of-sale payment, the customer authentication is usually done through PIN entry. However, the terminal will not prompt for a PIN in case of:<\/p>\n<ul>\n<li>A payment with a digital wallet that has built-in password or biometric authentication.<\/li>\n<li>A contactless payment below the CVM limit.<\/li>\n<\/ul>\n<div class=\"sc-notice note\"><div>\n<p>You can ask our <a href=\"https:\/\/ca-test.adyen.com\/ca\/ca\/contactUs\/support.shtml?form=other\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Support Team<\/a> to ensure the terminal asks for a PIN when the payment request includes specific tokenization parameter values.<\/p>\n<\/div><\/div>\n<p>To check if PSD2 SCA applies to you, see our <a href=\"\/pt\/online-payments\/psd2-sca-compliance-and-implementation-guide#are-my-payments-affected\">self-service guide<\/a>. There are also <a href=\"\/pt\/online-payments\/3d-secure-for-regulation-compliance#overviewofexistingregulations\">other regulations<\/a> that may apply.<\/p>\n<h2>Tokenization parameters<\/h2>\n<p>From software version 1.85, the parameters to use in a payment request for tokenizing the payment details are the same for online payments and in-person payments. These parameters are:<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Parameter<\/th>\n<th style=\"text-align: left;\">Value<\/th>\n<th style=\"text-align: left;\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><code>recurringProcessingModel<\/code><\/td>\n<td style=\"text-align: left;\"><strong>CardOnFile<\/strong><\/td>\n<td style=\"text-align: left;\">Creates a recurring contract for one-off transactions where a shopper can either store their payment details or pay in your website or app at a later time using their saved details.  Doesn't enforce cardholder authentication. <\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><\/td>\n<td style=\"text-align: left;\"><strong>Subscription<\/strong><\/td>\n<td style=\"text-align: left;\">Creates a recurring contract for transactions that occur on a fixed schedule for a fixed or variable amount.  Enforces cardholder authentication (if configured by our Support Team). <\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><\/td>\n<td style=\"text-align: left;\"><strong>UnscheduledCardOnFile<\/strong><\/td>\n<td style=\"text-align: left;\">Creates a recurring contract for transactions that occur on a non-fixed schedule and\/or have variable amounts.  Enforces cardholder authentication (if configured by our Support Team). <\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><code>shopperReference<\/code><\/td>\n<td style=\"text-align: left;\">(Your own reference)<\/td>\n<td style=\"text-align: left;\">Your unique reference, such as user ID or account ID. Also, each shopper reference must have a minimum length of three characters, and should not include personally identifiable information (PII) such as name or email address.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div class=\"accordion-shortcode adl-accordion adl-accordion--max-height-transition\" data-expand=\"true\" data-ignore=\"anchorjs-link\">\n    \n    <div class=\"adl-accordion__item\" style=\"\">\n        <div tabindex=\"0\" role=\"item\" aria-expanded=\"false\" class=\"adl-accordion__header\">\n            <i class=\"adl-accordion__toggle adl-icon-chevron-down\"><\/i>\n            <div class=\"adl-accordion__title-wrapper\" data-accordion=\"#migration-from-old-tokenization-parameters\">\n                                    <h2 class=\"adl-accordion__title\">Migration from old tokenization parameters<\/h2>\n                            <\/div>\n        <\/div>\n        <div role=\"region\" class=\"adl-accordion__content\">\n            \n<p>Previously, there was a difference in the tokenization parameter and values between ecommerce and point of sale. If you implemented tokenization of in-person payments before software version 1.85, you are using that old system. We backward-support the old system, but encourage you to migrate to the new system.<\/p>\n<div class=\"notices yellow\">\n<p>We do not support using both the old and the new tokenization parameters in the same payment request.<\/p>\n<\/div>\n<p>To help you migrate to the new system, see the following table.<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Parameter or value<\/th>\n<th style=\"text-align: left;\">Old<\/th>\n<th style=\"text-align: left;\">New<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\">parameter<\/td>\n<td style=\"text-align: left;\"><code>recurringContract<\/code><\/td>\n<td style=\"text-align: left;\"><code>recurringProcessingModel<\/code><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">value<\/td>\n<td style=\"text-align: left;\"><span translate=\"no\"><strong>ONECLICK<\/strong><\/span><\/td>\n<td style=\"text-align: left;\"><span translate=\"no\"><strong>CardOnFile<\/strong><\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">value<\/td>\n<td style=\"text-align: left;\"><span translate=\"no\"><strong>RECURRING<\/strong><\/span><\/td>\n<td style=\"text-align: left;\"><span translate=\"no\"><strong>Subscription<\/strong><\/span> or <span translate=\"no\"><strong>UnscheduledCardOnFile<\/strong><\/span><\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">value<\/td>\n<td style=\"text-align: left;\"><span translate=\"no\"><strong>ONECLICK, RECURRING<\/strong><\/span><\/td>\n<td style=\"text-align: left;\">Use a single value that best represents your use case: <span translate=\"no\"><strong>CardOnFile<\/strong><\/span>, <span translate=\"no\"><strong>Subscription<\/strong><\/span>, or <span translate=\"no\"><strong>UnscheduledCardOnFile<\/strong><\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n        <\/div>\n    <\/div>\n<\/div>\n\n<h2>Enable receiving tokenization details<\/h2>\n<p>To make later payments using saved payment details, you must keep track of the following identifiers:<\/p>\n<ul>\n<li><strong>Recurring detail reference<\/strong>: this is the token you need to use in future recurring payments. You receive this  in the <code> AdditionalResponse <\/code>  to the initial payment in <code>recurring.recurringDetailReference<\/code> and <code>tokenization.storedPaymentMethodId<\/code>.<\/li>\n<li><strong>Shopper reference<\/strong> (<code>shopperReference<\/code>): this is your own reference to the shopper. You submit it with the initial payment, and receive it back  in the <code> AdditionalResponse <\/code> . In a future recurring payment, you submit it again. The shopper reference must have a minimum length of three characters, and should not include personally identifiable information (PII) such as name or email address.<\/li>\n<\/ul>\n<p>In addition, it can be useful to keep track of other <a href=\"\/pt\/point-of-sale\/card-acquisition\/identifiers\">identifiers<\/a> like the card alias and the payment account reference (PAR).<\/p>\n<p>To enable receiving these identifiers in API responses:<\/p>\n<ol>\n<li>In your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a>, go to <strong>Developers<\/strong> &gt; <strong>Additional data<\/strong>.<\/li>\n<li>\n<p>Select options:<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Identifier<\/th>\n<th style=\"text-align: left;\">Instruction<\/th>\n<th style=\"text-align: left;\">Result<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\">Recurring detail reference<\/td>\n<td style=\"text-align: left;\">Select <strong>Payment<\/strong> &gt; <strong>Recurring details<\/strong><\/td>\n<td style=\"text-align: left;\">Returns the recurring detail reference and the shopper reference in the  <code> AdditionalResponse <\/code> .<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Shopper reference<\/td>\n<td style=\"text-align: left;\">Select <strong>Payment<\/strong> &gt; <strong>Recurring details<\/strong><\/td>\n<td style=\"text-align: left;\">Returns the recurring detail reference and the shopper reference in the  <code> AdditionalResponse <\/code> .<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Card alias<\/td>\n<td style=\"text-align: left;\">Select <strong>Payment<\/strong> &gt; <strong>Include alias info<\/strong><\/td>\n<td style=\"text-align: left;\">Returns the alias in the  <code> AdditionalResponse <\/code> .<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\">Payment account reference (PAR)<\/td>\n<td style=\"text-align: left;\">Select <strong>Acquirer<\/strong> &gt; <strong>Payment account reference<\/strong><\/td>\n<td style=\"text-align: left;\">Returns the PAR, if available.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n<\/ol>\n<h2 id=\"make-initial-payment\">Make the initial payment<\/h2>\n<p>To create a token from a point-of-sale transaction:<\/p>\n<ol>\n<li>\n<p>Get the shopper's consent to save their payment details for future online payments, and collect any contact details you need.<br \/>\nYou can let your staff enter the information in your POS app, but you can also make input requests to collect the information on the terminal. For example:<\/p>\n<ul>\n<li>A <a href=\"\/pt\/point-of-sale\/shopper-engagement\/shopper-input\/confirmation\">confirmation input request<\/a> or <a href=\"\/pt\/point-of-sale\/shopper-engagement\/shopper-input\/signature\">signature input request<\/a> to ask the shopper's consent.<\/li>\n<li>\n<p><a href=\"\/pt\/point-of-sale\/shopper-engagement\/shopper-input\/text\">Text input requests<\/a> and a <a href=\"\/pt\/point-of-sale\/shopper-engagement\/shopper-input\/phone-number\">phone number input request<\/a> to collect the shopper's contact details.<\/p>\n<!-- list separator -->\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><a href=\"\/pt\/point-of-sale\/basic-tapi-integration\/make-a-payment\">Make a payment request<\/a> including a  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/terminal-api\/latest\/post\/payment#request-SaleData\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">SaleData<\/a> object with:<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Parameter<\/th>\n<th style=\"text-align: center;\">Required<\/th>\n<th style=\"text-align: left;\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><code>TokenRequestedType<\/code><\/td>\n<td style=\"text-align: center;\"><\/td>\n<td style=\"text-align: left;\"><span translate=\"no\"><strong>Customer<\/strong><\/span>. Returns the card alias in the <code>TokenValue<\/code> field of the response. Note that the card alias is always returned in the <code>AdditionalResponse<\/code>.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"> <a href=\"https:\/\/docs.adyen.com\/api-explorer\/terminal-api\/latest\/post\/payment#request-SaleData-SaleToAcquirerData\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">SaleToAcquirerData<\/a><\/td>\n<td style=\"text-align: center;\"><\/td>\n<td style=\"text-align: left;\">Data to create the token and shopper identifiers. In <code>SaleData.SaleToAcquirerData<\/code> include: <ul><li><code>shopperReference<\/code>: Your unique reference for this shopper. Minimum length: Three characters. Note that the value is case-sensitive. Do not include personally identifiable information (PII), such as name or email address. <li\/> <code>shopperEmail<\/code>: optional. The shopper's email address, if you collected that in the first step. <li\/> <code>recurringProcessingModel<\/code>: <span translate=\"no\"><strong>CardOnFile<\/strong><\/span>, <span translate=\"no\"><strong>Subscription<\/strong><\/span>, or <span translate=\"no\"><strong>UnscheduledCardOnFile<\/strong><\/span>. We will create a token for later payments, and save the shopper reference and shopper email on our platform. See <a href=\"#tokenization-parameters\">Tokenization parameters<\/a>. <ul\/><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Pass the <code>SaleToAcquirerData<\/code> value in one of the following formats (refer to <a href=\"\/pt\/point-of-sale\/add-data\">Add information to a payment<\/a>):<\/p>\n<ul>\n<li>\n<p>Option 1: a JSON object converted to a Base64 encoded string. For example:<\/p>\n<div data-component-wrapper=\"code-sample\">\n<code-sample :title=\"'JSON object'\" :id=\"''\" :code-data='[{\"language\":\"json\",\"tabTitle\":\"\",\"content\":\"{\\n    \\\"recurringProcessingModel\\\": \\\"UnscheduledCardOnFile\\\",\\n    \\\"shopperReference\\\": \\\"12345\\\",\\n    \\\"shopperEmail\\\": \\\"S.Hopper@example.com\\\"\\n}\"}]' :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<div data-component-wrapper=\"code-sample\">\n<code-sample :title=\"'Converted to Base64'\" :id=\"''\" :code-data='[{\"language\":\"raw\",\"tabTitle\":\"\",\"content\":\"ewogICAgInJlY3VycmluZ1Byb2Nlc3NpbmdNb2RlbCI6ICJVbnNjaGVkdWxlZENhcmRPbkZpbGUiLAogICAgInNob3BwZXJSZWZlcmVuY2UiOiAiMTIzNDUiLAogICAgInNob3BwZXJFbWFpbCI6ICJTLkhvcHBlckBleGFtcGxlLmNvbSIKfQ==\"}]' :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<\/li>\n<li>\n<p>Option 2: form-encoded key-value pairs, using <strong>&amp;<\/strong> as a separator. For example:<br \/>\n<code>recurringProcessingModel=UnscheduledCardOnFile&amp;shopperReference=12345&amp;shopperEmail=S.Hopper@example.com<\/code><\/p>\n<\/li>\n<\/ul>\n<p>The format that you use here, will also be the format of the <code>AdditionalResponse<\/code> that you receive.<\/p>\n<div data-component-wrapper=\"code-sample\">\n<code-sample :title=\"'Tokenization request'\" :id=\"''\" :code-data='[{\"language\":\"json\",\"tabTitle\":\"\",\"content\":\"{\\n   \\\"SaleToPOIRequest\\\":{\\n      \\\"MessageHeader\\\":{\\n         \\\"ProtocolVersion\\\":\\\"3.0\\\",\\n         \\\"MessageClass\\\":\\\"Service\\\",\\n         \\\"MessageCategory\\\":\\\"Payment\\\",\\n         \\\"MessageType\\\":\\\"Request\\\",\\n         \\\"SaleID\\\":\\\"POSSystemID12345\\\",\\n         \\\"ServiceID\\\":\\\"01142\\\",\\n         \\\"POIID\\\":\\\"V400m-346403161\\\"\\n      },\\n      \\\"PaymentRequest\\\":{\\n         \\\"SaleData\\\":{\\n            \\\"SaleTransactionID\\\":{\\n               \\\"TransactionID\\\":\\\"12420\\\",\\n               \\\"TimeStamp\\\":\\\"2022-12-13T10:18:45.000Z\\\"\\n            },\\n            \\\"SaleToAcquirerData\\\":\\\"recurringProcessingModel=UnscheduledCardOnFile&amp;shopperReference=12345&amp;shopperEmail=S.Hopper@example.com\\\",\\n            \\\"TokenRequestedType\\\":\\\"Customer\\\"\\n         },\\n         \\\"PaymentTransaction\\\":{\\n            \\\"AmountsReq\\\":{\\n               \\\"Currency\\\":\\\"EUR\\\",\\n               \\\"RequestedAmount\\\":32.76\\n            }\\n         }\\n      }\\n   }\\n}\"}]' :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<\/li>\n<li>\n<p>When you receive the  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/terminal-api\/latest\/post\/payment#responses-200\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">PaymentResponse<\/a>, note that the <code>AdditionalResponse<\/code> (you may need to Base64-decode first) contains:<\/p>\n<ul>\n<li><code>tokenization.store.operationType<\/code>: informs you whether a token was successfully created. Possible values: <span translate=\"no\"><strong>created<\/strong><\/span>, <span translate=\"no\"><strong>alreadyExisting<\/strong><\/span>, <span translate=\"no\"><strong>updated<\/strong><\/span>.<\/li>\n<\/ul>\n<p>Save the following fields from the <code>AdditionalResponse<\/code> in your back-end system:<\/p>\n<ul>\n<li><code>recurring.recurringDetailReference<\/code> and <code>tokenization.storedPaymentMethodId<\/code>: the token representing the shopper's payment method, for use in online recurring payments.<\/li>\n<li><code>recurring.shopperReference<\/code> and <code>tokenization.shopperReference<\/code>: your unique reference for this shopper that you specified in the request.<\/li>\n<\/ul>\n<p>Optionally also keep the following card and shopper identifiers, for easier shopper recognition:<\/p>\n<ul>\n<li><code>shopperEmail<\/code>: the shopper's email address, if you specified that in the request.<\/li>\n<li><code>alias<\/code>: the card alias.<\/li>\n<li><code>PaymentAccountReference<\/code>: a reference to the payment account that is linked to the shopper's card and\/or NFC wallet.<\/li>\n<\/ul>\n<div data-component-wrapper=\"code-sample\">\n<code-sample :title=\"'Response including the recurring detail reference (token)'\" :id=\"''\" :code-data='[{\"language\":\"json\",\"tabTitle\":\"\",\"content\":\"{\\n    \\\"SaleToPOIResponse\\\": {\\n        \\\"MessageHeader\\\": {...},\\n        \\\"PaymentResponse\\\": {\\n            \\\"POIData\\\": {\\n                \\\"POIReconciliationID\\\": \\\"1000\\\",\\n                \\\"POITransactionID\\\": {\\n                    \\\"TimeStamp\\\": \\\"2022-12-13T10:18:47.000Z\\\",\\n                    \\\"TransactionID\\\": \\\"8ha5001670926727000.SQC78ZN4875ZGN82\\\"\\n                }\\n            },\\n            \\\"PaymentReceipt\\\": [...],\\n            \\\"PaymentResult\\\": {\\n                ...,\\n                \\\"PaymentInstrumentData\\\": {\\n                    \\\"CardData\\\": {\\n                        \\\"EntryMode\\\": [\\n                            \\\"Contactless\\\"\\n                        ],\\n                        \\\"MaskedPan\\\": \\\"541333 **** 9999\\\",\\n                        \\\"PaymentBrand\\\": \\\"mc\\\",\\n                        \\\"{hint:This is the card alias, not the token for future payments}PaymentToken{\\\/hint}\\\": {\\n                            \\\"TokenRequestedType\\\": \\\"Customer\\\",\\n                            \\\"TokenValue\\\": \\\"M469509594859802\\\"\\n                        },\\n                        \\\"SensitiveCardData\\\": {...\\n                        }\\n                    },\\n                    \\\"PaymentInstrumentType\\\": \\\"Card\\\"\\n                }\\n            },\\n            \\\"Response\\\": {\\n                \\\"AdditionalResponse\\\": \\\"...PaymentAccountReference=HcQNpZIC4aB3Zn0QkdiKnw30acufi...alias=M469509594859802...recurring.recurringDetailReference=7219687191761347&amp;recurring.shopperReference=12345&amp;recurringProcessingModel=Subscription...shopperEmail=S.Hopper%40example.com...tokenization.shopperReference=12345&amp;tokenization.store.operationType=created&amp;tokenization.storedPaymentMethodId=7219687191761347...\\\",\\n                \\\"Result\\\": \\\"Success\\\"\\n            },\\n            \\\"SaleData\\\": {...}\\n            }\\n        }\\n    }\\n}\"}]' :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<div class=\"sc-notice info\"><div>\n<p>Note that the <code>PaymentToken<\/code> object contains the card alias. You cannot use this for making payments. It is intended only for recognizing the card.<\/p>\n<\/div><\/div>\n<\/li>\n<\/ol>\n<p>The token and the shopper reference are now saved on the plataforma de pagamentos da Adyen, as well as the shopper's email address if you specified that in the request.<\/p>\n<h2 id=\"recurring-online\">Make a recurring online payment<\/h2>\n<p>For an online payment using saved payment details you make a request to the Adyen back end directly. This is not a Terminal API request to either the terminal itself or the cloud endpoint for the terminal. You need to <a href=\"\/pt\/development-resources\/api-credentials#generate-api-key\">generate an API key<\/a> to authenticate your request to the back end.<\/p>\n<div class=\"notices blue\">\n<p>If you are using a Terminal API integration with <a href=\"\/pt\/point-of-sale\/design-your-integration\/choose-your-architecture#cloud-communications\">cloud-based communications<\/a>, you can use the existing API key that you use for Terminal API requests.<\/p>\n<\/div>\n<p>To make an online payment using a token you created with a point-of-sale payment:<\/p>\n<ol>\n<li>\n<p>Make a POST  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/Checkout\/latest\/post\/payments\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/payments<\/a> request including:<\/p>\n<ul>\n<li><code>storedPaymentMethodId<\/code>: the <code>recurringDetailReference<\/code>, or <code>storedPaymentMethodId<\/code>, returned in the Terminal API payment response for the initial point-of-sale payment. This is the token.<\/li>\n<li><code>shopperReference<\/code>: your unique identifier for the shopper, that you created with the initial point-of-sale payment.<\/li>\n<li>For the other parameters and values to use, refer to:\n<ul>\n<li><a href=\"\/pt\/online-payments\/tokenization\/make-token-payments#make-a-one-click-payment\">One-off payment<\/a><\/li>\n<li><a href=\"\/pt\/online-payments\/tokenization\/make-token-payments#make-a-subscription-or-unscheduled-card-on-file-payment\">Subscription payment<\/a><\/li>\n<li><a href=\"\/pt\/online-payments\/tokenization\/make-token-payments#make-a-subscription-or-unscheduled-card-on-file-payment\">Auto top-up payment<\/a><\/li>\n<\/ul><\/li>\n<\/ul>\n<\/li>\n<li>\n<p>When you receive the response, check that it has a <code>resultCode<\/code> of <strong>Authorised<\/strong>. This means the payment using the saved payment details was successful.<\/p>\n<\/li>\n<\/ol>\n<h2>Token management<\/h2>\n<p>You can view, update, and remove saved payment details by making API calls to various online payments endpoints.<\/p>\n<ul>\n<li>To authenticate API calls for token management, you need an <a href=\"\/pt\/development-resources\/api-credentials\">API credential<\/a>. This API credential must have an <a href=\"\/pt\/development-resources\/api-credentials#generate-api-key\">API key<\/a>.\n<div class=\"notices blue\">\n<p>If you are using a Terminal API integration with <a href=\"\/pt\/point-of-sale\/design-your-integration\/choose-your-architecture#cloud-communications\">cloud-based communications<\/a>, you can use the existing API key that you use for Terminal API requests.<\/p>\n<\/div>\n<\/li>\n<li>For instructions, see <a href=\"\/pt\/online-payments\/tokenization\/managing-tokens\">Manage tokens<\/a>.<\/li>\n<\/ul>\n<h2>See also<\/h2>\n<div class=\"see-also-links output-inline\" id=\"see-also\">\n<ul><li><a href=\"https:\/\/www.adyen.com\/knowledge-hub\/card-on-file\"\n                        target=\"_blank\"\n                         class=\"external\">\n                    Blog: Everything you need to know about card-on-file\n                <\/a><\/li><li><a href=\"\/point-of-sale\/add-data\"\n                        target=\"_self\"\n                        >\n                    Pass additional data\n                <\/a><\/li><li><a href=\"\/point-of-sale\/shopper-engagement\/shopper-input\"\n                        target=\"_self\"\n                        >\n                    Ask for input on the terminal\n                <\/a><\/li><\/ul><\/div>\n","url":"https:\/\/docs.adyen.com\/pt\/point-of-sale\/recurring-payments","articleFields":{"description":"Tokenize a point-of-sale payment for future card-on-file or recurring payments.","feedback_component":true,"parameters":{"hostingType":"tapi"},"id":"36197708","type":"page","_expandable":null,"operations":""},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/point-of-sale\/recurring-payments","title":"Tokenization","content":"For certain business models, tokenization is necessary to securely capture and store a shopper's card details during an in-person transaction. This process allows you to create a so-called recurring contract and make later charges after the shopper's initial point-of-sale transaction. For example:\n\nSubscriptions: cross-sell products that require regular payments, such as an insurance policy for a product that the shopper bought in your store.\nHospitality: charge no-shows, or charge guests for additional services or damages.\nAutonomous stores: charge the shopper for the groceries they walked out with, if the payment failed at first. Using the token the payment can be retried later.\nOmnichannel: complete part of the sale in-store, and complete another part of the sale after goods are delivered to the shopper.\n\nRequirements\nBefore you begin, take into account the following requirements, limitations, and preparations.\n\n\n\nRequirement\nDescription\n\n\n\n\nIntegration type\nA Terminal API integration with payment terminals.\n\n\nLimitations\nNote that while we backward-support the old system, you cannot use both the old and new parameters (available from software version 1.85) in the same payment request.\n\n\nSetup steps\nBefore you begin, review additional SCA requirements based on business models that can apply to you depending on your tokenization implementation.\n\n\n\nHow it works\nIf you tokenize the shopper's payment details when they make a payment at the point of sale, you can use that token in a later online payment.\n\nYou ask the shopper's consent to tokenize their card for specific future payments.\nYou make an initial point-of-sale payment with tokenization parameters.\nWe securely save the shopper's payment details, and generate and send you a token. This token represents the shopper's payment details.\nYou use the token to make a later online payment with saved payment details.\n\nCardholder consent and authentication\nTokenization should always be an opt-in process. Without the shopper's consent, there is an increased chance of chargebacks for payments made using saved card details.\nUnder PSD2 regulations, the tokenization process also requires Strong Customer Authentication (SCA) on the initial transaction. The later transactions are then exempted from customer authentication and can be made using a token. When the initial transaction is a point-of-sale payment, the customer authentication is usually done through PIN entry. However, the terminal will not prompt for a PIN in case of:\n\nA payment with a digital wallet that has built-in password or biometric authentication.\nA contactless payment below the CVM limit.\n\n\nYou can ask our Support Team to ensure the terminal asks for a PIN when the payment request includes specific tokenization parameter values.\n\nTo check if PSD2 SCA applies to you, see our self-service guide. There are also other regulations that may apply.\nTokenization parameters\nFrom software version 1.85, the parameters to use in a payment request for tokenizing the payment details are the same for online payments and in-person payments. These parameters are:\n\n\n\nParameter\nValue\nDescription\n\n\n\n\nrecurringProcessingModel\nCardOnFile\nCreates a recurring contract for one-off transactions where a shopper can either store their payment details or pay in your website or app at a later time using their saved details.  Doesn't enforce cardholder authentication. \n\n\n\nSubscription\nCreates a recurring contract for transactions that occur on a fixed schedule for a fixed or variable amount.  Enforces cardholder authentication (if configured by our Support Team). \n\n\n\nUnscheduledCardOnFile\nCreates a recurring contract for transactions that occur on a non-fixed schedule and\/or have variable amounts.  Enforces cardholder authentication (if configured by our Support Team). \n\n\nshopperReference\n(Your own reference)\nYour unique reference, such as user ID or account ID. Also, each shopper reference must have a minimum length of three characters, and should not include personally identifiable information (PII) such as name or email address.\n\n\n\n\n    \n    \n        \n            \n            \n                                    Migration from old tokenization parameters\n                            \n        \n        \n            \nPreviously, there was a difference in the tokenization parameter and values between ecommerce and point of sale. If you implemented tokenization of in-person payments before software version 1.85, you are using that old system. We backward-support the old system, but encourage you to migrate to the new system.\n\nWe do not support using both the old and the new tokenization parameters in the same payment request.\n\nTo help you migrate to the new system, see the following table.\n\n\n\nParameter or value\nOld\nNew\n\n\n\n\nparameter\nrecurringContract\nrecurringProcessingModel\n\n\nvalue\nONECLICK\nCardOnFile\n\n\nvalue\nRECURRING\nSubscription or UnscheduledCardOnFile\n\n\nvalue\nONECLICK, RECURRING\nUse a single value that best represents your use case: CardOnFile, Subscription, or UnscheduledCardOnFile\n\n\n\n\n        \n    \n\n\nEnable receiving tokenization details\nTo make later payments using saved payment details, you must keep track of the following identifiers:\n\nRecurring detail reference: this is the token you need to use in future recurring payments. You receive this  in the  AdditionalResponse   to the initial payment in recurring.recurringDetailReference and tokenization.storedPaymentMethodId.\nShopper reference (shopperReference): this is your own reference to the shopper. You submit it with the initial payment, and receive it back  in the  AdditionalResponse  . In a future recurring payment, you submit it again. The shopper reference must have a minimum length of three characters, and should not include personally identifiable information (PII) such as name or email address.\n\nIn addition, it can be useful to keep track of other identifiers like the card alias and the payment account reference (PAR).\nTo enable receiving these identifiers in API responses:\n\nIn your Customer Area, go to Developers &gt; Additional data.\n\nSelect options:\n\n\n\nIdentifier\nInstruction\nResult\n\n\n\n\nRecurring detail reference\nSelect Payment &gt; Recurring details\nReturns the recurring detail reference and the shopper reference in the   AdditionalResponse  .\n\n\nShopper reference\nSelect Payment &gt; Recurring details\nReturns the recurring detail reference and the shopper reference in the   AdditionalResponse  .\n\n\nCard alias\nSelect Payment &gt; Include alias info\nReturns the alias in the   AdditionalResponse  .\n\n\nPayment account reference (PAR)\nSelect Acquirer &gt; Payment account reference\nReturns the PAR, if available.\n\n\n\n\n\nMake the initial payment\nTo create a token from a point-of-sale transaction:\n\n\nGet the shopper's consent to save their payment details for future online payments, and collect any contact details you need.\nYou can let your staff enter the information in your POS app, but you can also make input requests to collect the information on the terminal. For example:\n\nA confirmation input request or signature input request to ask the shopper's consent.\n\nText input requests and a phone number input request to collect the shopper's contact details.\n\n\n\n\n\nMake a payment request including a  SaleData object with:\n\n\n\nParameter\nRequired\nDescription\n\n\n\n\nTokenRequestedType\n\nCustomer. Returns the card alias in the TokenValue field of the response. Note that the card alias is always returned in the AdditionalResponse.\n\n\n SaleToAcquirerData\n\nData to create the token and shopper identifiers. In SaleData.SaleToAcquirerData include: shopperReference: Your unique reference for this shopper. Minimum length: Three characters. Note that the value is case-sensitive. Do not include personally identifiable information (PII), such as name or email address.  shopperEmail: optional. The shopper's email address, if you collected that in the first step.  recurringProcessingModel: CardOnFile, Subscription, or UnscheduledCardOnFile. We will create a token for later payments, and save the shopper reference and shopper email on our platform. See Tokenization parameters. \n\n\n\nPass the SaleToAcquirerData value in one of the following formats (refer to Add information to a payment):\n\n\nOption 1: a JSON object converted to a Base64 encoded string. For example:\n\n\n\n\n\n\n\n\nOption 2: form-encoded key-value pairs, using &amp; as a separator. For example:\nrecurringProcessingModel=UnscheduledCardOnFile&amp;shopperReference=12345&amp;shopperEmail=S.Hopper@example.com\n\n\nThe format that you use here, will also be the format of the AdditionalResponse that you receive.\n\n\n\n\n\nWhen you receive the  PaymentResponse, note that the AdditionalResponse (you may need to Base64-decode first) contains:\n\ntokenization.store.operationType: informs you whether a token was successfully created. Possible values: created, alreadyExisting, updated.\n\nSave the following fields from the AdditionalResponse in your back-end system:\n\nrecurring.recurringDetailReference and tokenization.storedPaymentMethodId: the token representing the shopper's payment method, for use in online recurring payments.\nrecurring.shopperReference and tokenization.shopperReference: your unique reference for this shopper that you specified in the request.\n\nOptionally also keep the following card and shopper identifiers, for easier shopper recognition:\n\nshopperEmail: the shopper's email address, if you specified that in the request.\nalias: the card alias.\nPaymentAccountReference: a reference to the payment account that is linked to the shopper's card and\/or NFC wallet.\n\n\n\n\n\nNote that the PaymentToken object contains the card alias. You cannot use this for making payments. It is intended only for recognizing the card.\n\n\n\nThe token and the shopper reference are now saved on the plataforma de pagamentos da Adyen, as well as the shopper's email address if you specified that in the request.\nMake a recurring online payment\nFor an online payment using saved payment details you make a request to the Adyen back end directly. This is not a Terminal API request to either the terminal itself or the cloud endpoint for the terminal. You need to generate an API key to authenticate your request to the back end.\n\nIf you are using a Terminal API integration with cloud-based communications, you can use the existing API key that you use for Terminal API requests.\n\nTo make an online payment using a token you created with a point-of-sale payment:\n\n\nMake a POST  \/payments request including:\n\nstoredPaymentMethodId: the recurringDetailReference, or storedPaymentMethodId, returned in the Terminal API payment response for the initial point-of-sale payment. This is the token.\nshopperReference: your unique identifier for the shopper, that you created with the initial point-of-sale payment.\nFor the other parameters and values to use, refer to:\n\nOne-off payment\nSubscription payment\nAuto top-up payment\n\n\n\n\nWhen you receive the response, check that it has a resultCode of Authorised. This means the payment using the saved payment details was successful.\n\n\nToken management\nYou can view, update, and remove saved payment details by making API calls to various online payments endpoints.\n\nTo authenticate API calls for token management, you need an API credential. This API credential must have an API key.\n\nIf you are using a Terminal API integration with cloud-based communications, you can use the existing API key that you use for Terminal API requests.\n\n\nFor instructions, see Manage tokens.\n\nSee also\n\n\n                    Blog: Everything you need to know about card-on-file\n                \n                    Pass additional data\n                \n                    Ask for input on the terminal\n                \n","type":"page","locale":"pt","boost":18,"hierarchy":{"lvl0":"Home","lvl1":"Terminais","lvl2":"Tokenization"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/point-of-sale","lvl2":"\/pt\/point-of-sale\/recurring-payments"},"levels":3,"category":"In-person payments","category_color":"green","tags":["Tokenization"]}}