Default icon

Tokenization

Store and use stored payment details with our tokenization feature with Drop-in.

View source

You can store your shoppers' payment details so that they can pay without entering their payment details again. Storing payment details creates an associated token that can be used for subsequent payments.

Because the payment session contains all the information needed to securely create and pay with tokens, Drop-in handles the sensitive payment data for you. This minimizes your PCI DSS scope and qualifies you for the simplest form of PCI validation (SAQ A).

You can:

Requirements

Before you begin, take into account the following requirements, limitations, and preparations.

Requirement Description
Integration type A standard integration.
API credential roles Make sure that you have the following roles:
  • Checkout webservice role
  • Merchant Recurring role
Webhooks Subscribe to the Recurring tokens life cycle events webhook type.
Setup steps Before you begin:

How it works

The following diagrams show the flow for storing payment details and making a one-click payment.

Storing payment details:

  1. The shopper proceeds to checkout on your website.
  2. Your server creates a payment session with additional tokenization parameters. Adyen returns session data.
  3. Your client website creates an instance of AdyenCheckout and initializes Drop-in with the session data.
  4. The shopper selects their payment method, selects the checkbox to store their payment details, and submits their payment. Drop-in handles the payment flow.
  5. Adyen authorizes the payment and creates a token for the shopper's payment details.
  6. Your webhook server receives a webhook message with the token associated with the shopper's stored payment details.
  7. You store the token and the shopper reference in your database.
CnNlcXVlbmNlRGlhZ3JhbQogICAgcGFydGljaXBhbnQgU2hvcHBlcgogICAgcGFydGljaXBhbnQgQ2xpZW50IGFzIFlvdXIgY2xpZW50IHdlYnNpdGUKICAgIHBhcnRpY2lwYW50IFNlcnZlciBhcyBZb3VyIHBheW1lbnQgc2VydmVyCiAgICBwYXJ0aWNpcGFudCBBZHllbgogICAgcGFydGljaXBhbnQgV2ViaG9vayBhcyBZb3VyIHdlYmhvb2sgc2VydmVyCgogICAgU2hvcHBlci0+PkNsaWVudDogMS4gR28gdG8gY2hlY2tvdXQgcGFnZQogICAgQ2xpZW50LT4+U2VydmVyOiBUcmlnZ2VyIHJlcXVlc3QgZm9yIHBheW1lbnQgc2Vzc2lvbgogICAgU2VydmVyLT4+QWR5ZW46IDIuIENyZWF0ZSBwYXltZW50IHNlc3Npb24gd2l0aCB0b2tlbml6YXRpb24gcGFyYW1ldGVycyAoUE9TVCAvc2Vzc2lvbnMpCiAgICBBZHllbi0tPj5TZXJ2ZXI6IFNlc3Npb24gZGF0YQogICAgU2VydmVyLT4+Q2xpZW50OiBQYXNzIHNlc3Npb24gZGF0YQogICAgQ2xpZW50LT4+Q2xpZW50OiAzLiBDcmVhdGUgaW5zdGFuY2Ugb2YgQWR5ZW5DaGVja291dCBhbmQgaW5pdGlhbGl6ZSBEcm9wLWluCiAgICBDbGllbnQtPj5TaG9wcGVyOiBTaG93IHBheW1lbnQgVUkKICAgIFNob3BwZXItPj5DbGllbnQ6IDQuIFNlbGVjdCBwYXltZW50IG1ldGhvZCwgY29uc2VudCB0byBzdG9yZSBkZXRhaWxzLCBhbmQgc3VibWl0IHBheW1lbnQKICAgIENsaWVudC0+PkFkeWVuOiBEcm9wLWluIGhhbmRsZXMgdGhlIHBheW1lbnQgZmxvdwogICAgQWR5ZW4tPj5BZHllbjogNS4gQXV0aG9yaXplIHBheW1lbnQgYW5kIGNyZWF0ZSB0b2tlbgogICAgQWR5ZW4tPj5XZWJob29rOiA2LiBXZWJob29rIG1lc3NhZ2Ugd2l0aCB0b2tlbiAocmVjdXJyaW5nVG9rZW5DcmVhdGVkKQogICAgV2ViaG9vay0+PldlYmhvb2s6IDcuIFN0b3JlIHRva2VuIGFuZCBzaG9wcGVyIHJlZmVyZW5jZQo=

Making a one-click payment:

  1. The shopper proceeds to checkout on your website.
  2. Your server creates a payment session with additional tokenization parameters. Adyen returns session data.
  3. Your client website creates an instance of AdyenCheckout and initializes Drop-in with the session data.
  4. The shopper selects their stored payment method and submits the payment. Drop-in handles the payment flow.
  5. Your webhook server receives a webhook message with the outcome of the payment.
CnNlcXVlbmNlRGlhZ3JhbQogICAgcGFydGljaXBhbnQgU2hvcHBlcgogICAgcGFydGljaXBhbnQgQ2xpZW50IGFzIFlvdXIgY2xpZW50IHdlYnNpdGUKICAgIHBhcnRpY2lwYW50IFNlcnZlciBhcyBZb3VyIHBheW1lbnQgc2VydmVyCiAgICBwYXJ0aWNpcGFudCBBZHllbgogICAgcGFydGljaXBhbnQgV2ViaG9vayBhcyBZb3VyIHdlYmhvb2sgc2VydmVyCgogICAgU2hvcHBlci0+PkNsaWVudDogMS4gR28gdG8gY2hlY2tvdXQgcGFnZQogICAgQ2xpZW50LT4+U2VydmVyOiBUcmlnZ2VyIHJlcXVlc3QgZm9yIHBheW1lbnQgc2Vzc2lvbgogICAgU2VydmVyLT4+QWR5ZW46IDIuIENyZWF0ZSBwYXltZW50IHNlc3Npb24gd2l0aCB0b2tlbml6YXRpb24gcGFyYW1ldGVycyAoUE9TVCAvc2Vzc2lvbnMpCiAgICBBZHllbi0tPj5TZXJ2ZXI6IFNlc3Npb24gZGF0YQogICAgU2VydmVyLT4+Q2xpZW50OiBQYXNzIHNlc3Npb24gZGF0YQogICAgQ2xpZW50LT4+Q2xpZW50OiAzLiBDcmVhdGUgaW5zdGFuY2Ugb2YgQWR5ZW5DaGVja291dCBhbmQgaW5pdGlhbGl6ZSBEcm9wLWluCiAgICBDbGllbnQtPj5TaG9wcGVyOiBTaG93IHN0b3JlZCBwYXltZW50IG1ldGhvZHMKICAgIFNob3BwZXItPj5DbGllbnQ6IDQuIFNlbGVjdCBzdG9yZWQgcGF5bWVudCBtZXRob2QgYW5kIHN1Ym1pdCBwYXltZW50CiAgICBDbGllbnQtPj5BZHllbjogRHJvcC1pbiBoYW5kbGVzIHRoZSBwYXltZW50IGZsb3cKICAgIEFkeWVuLS0+PkNsaWVudDogUmVzdWx0IG9mIHRoZSBwYXltZW50IHNlc3Npb24KICAgIEFkeWVuLT4+V2ViaG9vazogNS4gV2ViaG9vayBtZXNzYWdlIHdpdGggcGF5bWVudCBvdXRjb21lCg==

Store payment details

To store your shopper's payment details and get a token that you can use for future payments:

  1. Before the shopper pays on your website, ask for their consent to store their payment details for future payments.
  2. Create a session with tokenization parameters.
  3. Get the token from the webhook.

Create a session with tokenization parameters

When the shopper proceeds to make a payment, create a session and include the following additional parameters for tokenization:

Parameter Required Description
shopperInteraction Required Indicates the sales channel through which the shopper gives their card details. Set to Ecommerce.
recurringProcessingModel Required The type of recurring payment the token is intended for. Set to CardOnFile.
storePaymentMethodMode Required Indicates if the shopper's payment details will be stored.
Possible values:
  • askForConsent: The payment form shows a checkbox that the shopper can select to store their payment details. We create an associated token.
  • enabled: Store the payment details and create an associated token, without showing a checkbox in the payment form.

To store the shopper's payment details without collecting a payment, you can use a zero-value authorization: set the amount.value to 0 to verify the payment details. If you want to store the payment details as part of an actual transaction, use the amount for the current transaction.

Some payment methods, like iDEAL, require a minimum amount more than 0.

The token is created after a successful payment authorization to ensure that the shopper's payment details are linked to an active account that can be charged.

Get the token from the webhook

After the transaction is authorized, you receive a recurring.token.created webhook with the token you can use for future payments. Store the storedPaymentMethodId together with the shopperReference, so that you associate the token with the shopper.

To receive these updates, enable the Recurring tokens life cycle events webhook. We recommend that you set up the webhook with all default events.

Make a one-click payment

After you have stored a shopper's payment details, you can use the token for one-click payments where the returning shopper uses their stored payment details for a faster checkout.

  1. From your server, make a POST /sessions request including:

    Parameter Required Description
    shopperReference Required Your unique identifier for the shopper. We use it to check if you have stored payment details associated with this shopper.
    shopperInteraction Required Indicates the sales channel through which the shopper uses the stored payment details. Set to Ecommerce.
    recurringProcessingModel Required The type of recurring payment. Set to CardOnFile. If you set this to any other value, we internally change it to CardOnFile.

    If you use 3D Secure for PSD2 SCA compliance, some issuing banks require SCA for ContAuth with CardOnFile transactions. See the PSD2 SCA compliance guide for more information.

  2. If the shopper selects the option to pay with their stored payment details, Drop-in handles the payment flow.

  3. Get the outcome of the payment in a webhook message.

Test and go live

Follow our testing guide for tokenization and make sure that you can successfully store payment details and make payments with a token.

When you are ready to go live: