Jetpay Developer Guide
Manage payment methods
Tokenize a contact credit card
9 min
to enable card on file features such as this one, you must contact mailto\ jetpay\@baselinepayments com directly use this flow when you want to securely store a customer's credit card for future payments this is typically used if your platform allows users to save cards to their account, you want to support one click payments, and/or you plan to use the docid\ fqy5afjmmgj3h5ioyttfd or docid 24zjosksikmhbluvdymgq flows unlike docid\ vr87t15eacohe 60ckeqv , card details are never handled by your servers jetpay provides a secure hosted tokenization component that communicates directly with the card network prerequisites docid zgmim7qkrraox9jjaqrl docid\ bzwf0wyooqbkgsfugenh0 a configured webhook endpoint to receive tokenization events flow overview sequencediagram actor customer participant platform frontend participant platform backend participant jetpay api participant card service platform backend >>jetpay api post /contact/{identifier}/creditcards/url jetpay api >>platform backend url + credit card id platform backend >>platform frontend url platform frontend >>customer render iframe (url) customer >>jetpay api enter card details (via hosted iframe) jetpay api >>card service tokenize card card service >>jetpay api tokenization result jetpay api >>platform backend webhook credit card tokenized (success/failure) implementation details request a single use tokenization url endpoint post /contact/{identifier}/creditcards/url https //extapi jetpay baselinepayments com/docs#tag/contacts (v0)/operation/generate credit card tokenization url contact identifier creditcards url post curl https //extapi demo jetpay baselinepayments com/contact/contact 123/creditcards/url \\ x post \\ h "authorization bearer \<your api token>" \\ h "content type application/json"import requests base url = "https //extapi demo jetpay baselinepayments com" api token = "\<your api token>" contact id = "contact 123" url = f"{base url}/contact/{contact id}/creditcards/url" headers = { "authorization" f"bearer {api token}", "content type" "application/json" } response = requests post(url, headers=headers) print("status code ", response status code) print("response body ", response json())const base url = "https //extapi demo jetpay baselinepayments com"; const api token = "\<your api token>"; const contact id = "contact 123"; async function createtokenizationsession() { const response = await fetch( `${base url}/contact/${contact id}/creditcards/url`, { method "post", headers { "authorization" `bearer ${api token}`, "content type" "application/json" } } ); const data = await response json(); console log("status code ", response status); console log("response body ", data); } createtokenizationsession(); the api will respond with an http response code of 200, and the following response body { "url" "https //secure jetpay com/tokenize/session abc", "credit card id" "card 456" } you should store the credit card id immediately, but the card is not usable until tokenization succeeds display the hosted card component render the returned url inside an iframe in your frontend card details are entered directly into jetpay's secure environment card info is never exposed to your frontend and never transmitted through your backend this significantly reduces your pci scope wait for tokenization confirmation (webhook) once the customer submits their card details, jetpay processes the tokenization although this process is typically quite fast, it can take up to a couple minutes therefore, we will send you docid bnn6n5bf afner 9sddr webhook event indicating that the tokenization succeeded only after receiving a successful event should you mark the card as active in your system and allow it to be selected for payments do not assume success based on iframe behaviour alone using the tokenized credit card with a contact ( contact id ) and a tokenized credit card ( credit card id ), you can proceed with the following credit card payment flows docid\ fqy5afjmmgj3h5ioyttfd docid 24zjosksikmhbluvdymgq if you are unsure of exactly what flow fits your use case, check out the docid\ unbjnk vn 70w4vs zd9o and docid 08lam2gi8077asxe8snp6 guides
