Skip to content
/
Create tokens

Create tokens

Convert card details into a gateway or scheme token.

Create a gateway token

POST
/v1/token-vault/{ownerType}/{ownerId}/vaults/gateway-tokens

Request example

Use the following request to create a gateway token.

curl -i -X POST \
  https://api-services.pxp.io/api/v1/token-vault/MerchantGroup/MERCHANT-GROUP-1/vaults/gateway-tokens \
  -H 'Content-Type: application/json' \
  -d '{
    "primaryAccountNumber": "4111111111111111111",
    "expiryMonth": "03",
    "expiryYear": "2025",
    "cardVerificationCode": "123",
    "holderName": "Mr John Doe"
  }'

Path parameters

ParameterDescription
ownerId
string (0 to 20 characters)
required		The unique identifier of the entity that owns the token.
ownerType
string (enum)
required		The type of entity that owns the token.

Possible values:
  • Referrer
  • MerchantGroup
  • Merchant
  • Site

Body parameters

ParameterDescription
primaryAccountNumber
string
required		The unique number assigned to a payment card, such as a credit or debit card. This number typically contains 16 digits, structured in a specific format to indicate the card network, issuing bank, and account number.
expiryMonth
string (1 to 2 characters)
required		The expiry month of the card.
expiryYear
string (4 characters)
required		The expiry year of the card.
cardVerificationCode
string (3-4 characters) or null		The Card Verification Code (CVC) associated with the payment card, a security feature for transactions where the card is not physically present. The security code is typically a 3 or 4 digit number found on the card, used to verify that the cardholder is in possession of the card during non-face-to-face transactions.
holderName
string
required		"The full name of the individual who owns the payment card. This is printed on the physical card and is used to verify the cardholder's identity. It should be treated with confidentiality to safeguard the cardholder's privacy and prevent potential misuse.

Response example

If your request is successful, you'll receive a 200 response containing a gatewayTokenId.

{
  "gatewayTokenId": "7f46c09d-d1d1-4f94-9a88-6e8ac32e6341",
  "maskedPrimaryAccountNumber": "123456******7890",
  "fundingSource": "Credit"
}
ParameterDescription
gatewayTokenId
string (UUID)		The gateway token ID represents a securely stored token that corresponds to a previously saved payment card. This token is generated and maintained by PXP to facilitate recurring transactions or transactions using stored card details, ensuring enhanced security and convenience. When a transaction is performed with a saved card, this token Id should be provided instead of the full card details. This approach enhances security by reducing the exposure of sensitive card information and simplifies the transaction process for returning customers.
maskedPrimaryAccountNumber
string		The masked primary account number (PAN) of the card.
fundingSource
string or null		The funding source type.

Create a scheme token

POST
/v1/token-vault/{ownerType}/{ownerId}/vaults/scheme-tokens

Request example

Use the following request to create a scheme token.

curl -i -X POST \
  https://api-services.pxp.io/api/v1/token-vault/MerchantGroup/MERCHANT-GROUP-1/vaults/scheme-tokens \
  -H 'Content-Type: application/json' \
  -d '{
    "primaryAccountNumber": "4111111111111111111",
    "expiryMonth": "03",
    "expiryYear": "2025",
    "cardVerificationCode": "123",
    "holderName": "Mr John Doe"
  }'

Path parameters

ParameterDescription
ownerId
string (0 to 20 characters)
required		The unique identifier of the entity that owns the token.
ownerType
string (enum)
required		The type of entity that owns the token.

Possible values:
  • Referrer
  • MerchantGroup
  • Merchant
  • Site

Body parameters

ParameterDescription
primaryAccountNumber
string
required		The unique number assigned to a payment card, such as a credit or debit card. This number typically contains 16 digits, structured in a specific format to indicate the card network, issuing bank, and account number.
expiryMonth
string (1 to 2 characters)
required		The expiry month of the card.
expiryYear
string (4 characters)
required		The expiry year of the card.
cardVerificationCode
string (3-4 characters) or null		The Card Verification Code (CVC) associated with the payment card, a security feature for transactions where the card is not physically present. The security code is typically a 3 or 4 digit number found on the card, used to verify that the cardholder is in possession of the card during non-face-to-face transactions.
holderName
string
required		"The full name of the individual who owns the payment card. This is printed on the physical card and is used to verify the cardholder's identity. It should be treated with confidentiality to safeguard the cardholder's privacy and prevent potential misuse.

Response example

If your request is successful, you'll receive a 200 response containing a schemeTokenId.

{
  "schemeTokenId": "46cae041-de60-44cc-8539-c482d83e38fa",
  "fundingSource": "Debit"
}
ParameterDescription
schemeTokenId
string		The unique scheme token ID generated by PXP. It's used as a reference to extract the schemeTokenNumber.
fundingSource
string		The funding source type.
©2025 PXP Financial. PXP Financial Registered Office: The Corn Mill - 1 Roydon Road - Stanstead Abbotts - Hertfordshire - SG12 8XL - United Kingdom Phone +44 2038850598. PXP Financial is Authorised By The Financial Conduct Authority And Our Financial Services Register Number is 504318.