# Create gateway token Request to create a gateway token, which is used to represent sensitive payment data in a secure and tokenised form. Endpoint: POST /token-vault/{ownerType}/{ownerId}/vaults/gateway-tokens Version: 1.0.0 ## Path parameters: - `ownerId` (string, required) The unique identifier of the entity owning the token (e.g., Referrer, Merchant Group, Merchant or Site). Example: "MERCHANT-GROUP-1" - `ownerType` (string, required) The type of entity owning the token (e.g., Referrer, MerchantGroup, Merchant or Site). Enum: "Referrer", "MerchantGroup", "Merchant", "Site" ## Request fields (application/json): - `card` (object, required) Details about the card for tokenisation. - `card.primaryAccountNumber` (string, required) The unique number assigned to a payment card, such as a credit or debit card. This number typically contains 16 digits, structured in a specific format to indicate the card network, issuing bank, and account number. Example: "4111111111111111111" - `card.expiryMonth` (string, required) The expiry month of the card. Example: "03" - `card.expiryYear` (string, required) The expiry year of the card. Example: "2025" - `card.holderName` (string, required) The full name of the individual who owns the payment card. This name is printed on the physical card and is used for verifying the cardholder's identity during transactions. The cardholder name is a vital component for transaction processing, especially in cases of card-not-present transactions like online purchases. It should be treated with confidentiality to safeguard the cardholder's privacy and prevent potential misuse. Example: "Mr John Doe" - `card.cardVerificationCode` (string,null) The Card Verification Code (CVC) associated with the payment card, a security feature for transactions where the card is not physically present. The security code is typically a 3 or 4 digit number found on the card, used to verify that the cardholder is in possession of the card during non-face-to-face transactions. Example: "123" - `customerConsent` (object) Details about customer consent for token storage. - `customerConsent.hasCustomerConsent` (boolean,null) Whether the customer has provided consent for storing their payment card details. - `customerConsent.merchantShopperId` (string,null) A unique identifier for the shopper. Example: "shopper-123" ## Response 200 fields (application/json): - `gatewayTokenId` (string) The gateway token Id represents a securely stored token that corresponds to a previously saved payment card. This token is generated and maintained by PXP to facilitate recurring transactions or transactions using stored card details, ensuring enhanced security and convenience. When a transaction is performed with a saved card, this token Id should be provided instead of the full card details. This approach enhances security by reducing the exposure of sensitive card information and simplifies the transaction process for returning customers." Example: "7f46c09d-d1d1-4f94-9a88-6e8ac32e6341" - `maskedPrimaryAccountNumber` (string) The masked primary account number (PAN) of the card. Example: "123456******7890" - `fundingSource` (string,null) The funding source type of the card. Enum: "Credit", "Debit", "Prepaid" ## Response 400 fields (application/json): - `correlationId` (string) A unique identifier generated by PXP, serving as a critical tool for tracing and diagnosing transaction errors. This Id allows for the precise location of transactional issues, facilitating swift investigation and resolution by correlating specific transaction attempts or processes with error logs. Essential for support and operational teams, the correlationId enhances PXP's ability to maintain high-quality service and transaction reliability. Example: "81f32b80-2ba0-4430-8ecd-0b559274ba9c" - `details` (array) Additional details about the error. - `errorCode` (string) This is the error code returned for the operation. Example: "INVALID_REQUEST" - `errorReason` (string) This is the error reason returned for the operation. Example: "The request parameters are invalid." ## Response 401 fields (application/json): - `correlationId` (string) A unique identifier generated by PXP, serving as a critical tool for tracing and diagnosing transaction errors. This Id allows for the precise location of transactional issues, facilitating swift investigation and resolution by correlating specific transaction attempts or processes with error logs. Essential for support and operational teams, the correlationId enhances PXP's ability to maintain high-quality service and transaction reliability. Example: "81f32b80-2ba0-4430-8ecd-0b559274ba9c" - `details` (array) Additional details about the error. - `errorCode` (string) This is the error code returned for the operation. Example: "INVALID_REQUEST" - `errorReason` (string) This is the error reason returned for the operation. Example: "The request parameters are invalid." ## Response 403 fields (application/json): - `correlationId` (string) A unique identifier generated by PXP, serving as a critical tool for tracing and diagnosing transaction errors. This Id allows for the precise location of transactional issues, facilitating swift investigation and resolution by correlating specific transaction attempts or processes with error logs. Essential for support and operational teams, the correlationId enhances PXP's ability to maintain high-quality service and transaction reliability. Example: "81f32b80-2ba0-4430-8ecd-0b559274ba9c" - `details` (array) Additional details about the error. - `errorCode` (string) This is the error code returned for the operation. Example: "INVALID_REQUEST" - `errorReason` (string) This is the error reason returned for the operation. Example: "The request parameters are invalid." ## Response 404 fields (application/json): - `correlationId` (string) A unique identifier generated by PXP, serving as a critical tool for tracing and diagnosing transaction errors. This Id allows for the precise location of transactional issues, facilitating swift investigation and resolution by correlating specific transaction attempts or processes with error logs. Essential for support and operational teams, the correlationId enhances PXP's ability to maintain high-quality service and transaction reliability. Example: "81f32b80-2ba0-4430-8ecd-0b559274ba9c" - `details` (array) Additional details about the error. - `errorCode` (string) This is the error code returned for the operation. Example: "INVALID_REQUEST" - `errorReason` (string) This is the error reason returned for the operation. Example: "The request parameters are invalid." ## Response 413 fields (application/json): - `correlationId` (string) A unique identifier generated by PXP, serving as a critical tool for tracing and diagnosing transaction errors. This Id allows for the precise location of transactional issues, facilitating swift investigation and resolution by correlating specific transaction attempts or processes with error logs. Essential for support and operational teams, the correlationId enhances PXP's ability to maintain high-quality service and transaction reliability. Example: "81f32b80-2ba0-4430-8ecd-0b559274ba9c" - `details` (array) Additional details about the error. - `errorCode` (string) This is the error code returned for the operation. Example: "INVALID_REQUEST" - `errorReason` (string) This is the error reason returned for the operation. Example: "The request parameters are invalid." ## Response 422 fields (application/json): - `correlationId` (string) A unique identifier generated by PXP, serving as a critical tool for tracing and diagnosing transaction errors. This Id allows for the precise location of transactional issues, facilitating swift investigation and resolution by correlating specific transaction attempts or processes with error logs. Essential for support and operational teams, the correlationId enhances PXP's ability to maintain high-quality service and transaction reliability. Example: "81f32b80-2ba0-4430-8ecd-0b559274ba9c" - `details` (array) Additional details about the error. - `errorCode` (string) This is the error code returned for the operation. Example: "INVALID_REQUEST" - `errorReason` (string) This is the error reason returned for the operation. Example: "The request parameters are invalid." ## Response 500 fields (application/json): - `correlationId` (string) A unique identifier generated by PXP, serving as a critical tool for tracing and diagnosing transaction errors. This Id allows for the precise location of transactional issues, facilitating swift investigation and resolution by correlating specific transaction attempts or processes with error logs. Essential for support and operational teams, the correlationId enhances PXP's ability to maintain high-quality service and transaction reliability. Example: "81f32b80-2ba0-4430-8ecd-0b559274ba9c" - `details` (array) Additional details about the error. - `errorCode` (string) This is the error code returned for the operation. Example: "INVALID_REQUEST" - `errorReason` (string) This is the error reason returned for the operation. Example: "The request parameters are invalid."