Server-to-Server External Tokens

Server-to-Server External Tokens

Last updated:April 11th, 2024

This Server-to-Server guide describes how you can store the data, create an external token with the third party vendor and then subsequently use the token for the payment.

To collect card data, you must be PCI-DSS compliant. To minimize your compliance requirements, please use COPYandPAY External Tokens.

Use cases

Standalone tokenization

The merchant collects card data from shopper and initiates external tokenization. No payment request/flow involved. An external token is synchronously created with the third party vendor and returned to the merchant along with the registration token. Either the registration token or the external token, can then be used in subsequent payments.

How it works

Create the token

Send the tokenization request to the external third party vendor.


1. Create the token

Perform a server-to-server POST request with createToken=EXTERNAL and the required customer data, but excluding paymentType. The response to a successful request is an id and a tokenAccount.number to have one of them stored and used in subsequent payments.

Sample request:

See also