Skip to main content
Tonder offers two paths for processing card payments through Direct Integration. The right choice depends on your PCI DSS compliance status and infrastructure.

Tokenized Flow

For most merchants. Tokenize card data first, then process payments using tokens. Minimizes your PCI scope.

Raw Card Data Flow

For PCI Level 1 certified merchants only. Process payments with raw card numbers directly. Requires full compliance infrastructure.

Comparison

AspectTokenized FlowRaw Card Data Flow
PCI RequirementSAQ A or SAQ A-EPFull PCI DSS Level 1
Best ForMost merchants, startups, mid-marketEnterprise, payment processors, high-volume platforms
Integration Steps3 steps (get token → tokenize → process)2 steps (get token → process)
LatencySlightly higher (extra tokenization call)Lower (direct processing)
Card Data HandlingNever touches your serversPasses through your servers
Compliance CostLowerSignificantly higher

Choose Your Path

  • You are not PCI DSS Level 1 certified
  • You want to minimize compliance burden and cost
  • You’re building a new payment integration
  • You need to store cards for recurring payments (tokens are reusable)
  • Your transaction volume doesn’t require sub-millisecond optimization
  • You are already PCI DSS Level 1 certified
  • You have existing infrastructure for handling raw card data
  • You’re a payment processor or large enterprise
  • Reduced latency is critical for your use case
  • You process high volumes and can justify compliance costs
Raw Card Data processing requires proof of PCI DSS Level 1 certification. You must share your Attestation of Compliance (AOC) with Tonder before we activate production access to the raw card endpoints.

API Endpoints

Each flow uses different endpoints. Reference the table below for your environment.

Tokenized Flow Endpoints

The tokenized flow requires three endpoints: one for access tokens, one for tokenization, and one for processing payments.
PurposeEndpoint
Get Access TokenPOST https://stage.tonder.io/tokenization/auth
Tokenize Card DataPOST https://token-sandbox.tonder.io/v1/gateway/inboundRoutes/{route_id}/token
Process PaymentPOST https://stage.tonder.io/api/v1/process/
Your route_id is provided in your Tonder dashboard after onboarding. Contact support if you don’t have one.

Raw Card Data Flow Endpoints

The raw card flow requires two endpoints: one for access tokens and one for direct processing.
PurposeEndpoint
Get Access TokenPOST https://stage.tonder.io/tokenization/auth
Process PaymentPOST https://process-sandbox.tonder.io/raw-data

Integration Flow Diagrams

Tokenized Flow

Raw Card Data Flow

Next Steps

Tokenized Flow Guide

Step-by-step guide for tokenizing cards and processing payments.

Raw Card Data Guide

Direct card processing for PCI Level 1 merchants.

3D Secure Payments

Add 3D Secure authentication to either flow.

Non-Card Payments

Process SPEI, OXXO, and other alternative payment methods.