This Server-to-Server guide describes how you can store the data and subsequently use the
stored card details to perform payment transactions.
To better understand omni tokens in eCommerce and inStore, please read
Tokenization guide.
To collect card data, you must be PCI-DSS compliant. To minimize your compliance requirements,
please use SecurePay Omni Tokens.
To use network tokens issued by the card networks for your payments,
please be informed that an enhanced integration will be made available.
The merchant collects card data from shopper and initiates omni tokenization along an account verification (zero amount auth)
or initial purchase. An omni token is synchronously provisioned and returned to the merchant once payment is complete. The omni token
can then be used in subsequent payments.
Send the payment request with the collected card data asking for the card to be tokenized once the payment ends successfully.
Transactions:
1. Create the token during payment
Perform a server-to-server POST request with createOmniToken=true and all required payment
and customer data, including payment type, amount and currency. The response to a successful request is a card.omniToken
that should be stored and used in subsequent payments. A new token transaction will be created in the system, identified by the
TK paymentType.
Sample request:
Standalone tokenization
The merchant collects card data from the shopper and initiates the omni tokenization. No payment request/flow involved.
An omni token is synchronously provisioned and returned to the merchant. The omni token can then be used in subsequent payments.
Perform a server-to-server POST request with the required customer data, but excluding paymentType. The response to
a successful request is a card.omniToken that should be stored and used in subsequent payments.
Sample request:
2. Send payment using the token
Perform a server-to-server POST request using the omniToken retrieved in the previous step. The omniToken will be
detokenized using Token Vault to retrieve the card details necessary for the transaction. This detokenization operation will
now appear as a separate transaction in the system, identified by the DT paymentType.
Sample request:
One-click payment
Speed up of the checkout process by re-using the raw card data a shopper entered previously. When the shopper returns on the
merchant’s website an unscheduled one-click purchase with one of the saved omni tokens is performed. The cardholder
initiated (CIT) payment is authorized with the real card data.
Send the payment over the selected omni token once shopper checkouts.
Transactions:
1. Authenticate the customer
You will need to authenticate the shopper against your records to obtain the respective omni
tokens associated with the shopper's account. To prepare showing the one-click payment form you should retrieve
the additional stored token data points that should enable the shopper checking out with the desired stored card:
omni token identifier
account brand
last four digits of account number
expiry date (if applicable)
2. Show the checkout form
Once you were able to retrieve the stored token information, you should offer them as options to shopper for checkout.
We recommend offering normal payment methods alongside your One-Click payment page.
3. Send the payment
When the shopper checks out via the one-click form, perform a server-to-server POST request for a new payment using the selected
omniToken. The omniToken will be detokenized using Token Vault to retrieve the card details necessary for the transaction.
This detokenization operation will now appear as a separate transaction in the system, identified by the DT paymentType.
Sample request:
Payment with token
The merchant submits a subsequent payment based on the card-on-file agreement available with the shopper.
It can be a cardholder (CIT) or merchant (MIT) initiated payment transaction.
Perform a server-to-server POST request using the stored omniToken with all required payment and customer data, including
payment type, amount, and currency. The omniToken will be detokenized using Token Vault to retrieve the card details necessary
for the transaction. This detokenization operation will now appear as a separate transaction in the system, identified by the
DT paymentType.
Sample request:
Token deletion
The merchant initiates a deletion request on the omni token. The deleted token cannot be used anymore in subsequent payments.
Perform a server-to-server DELETE request using the stored omniToken. This operation will delete the stored card data associated
with the omniToken. A new transaction will be created in the system, identified by the DL paymentType.