Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tonder.io/llms.txt

Use this file to discover all available pages before exploring further.

Due to PCI DSS requirements, your company must share relevant attestation documents before Tonder activates production endpoint access. Contact your Tonder representative for compliance requirements.
The Authorization needs to be in the following format:Authorization: Token <YOUR_API_KEY>
Obtain an access token required for card tokenization requests. This token should be used immediately for tokenizing card data through Tonder’s secure tokenization service.

Tokenization Flow

The complete tokenization process follows these steps:
  1. Get access token using this endpoint (POST request)
  2. Tokenize card data using the access token with Tonder’s vault service
  3. Use tokens in payment requests instead of raw card data

Token Properties

  • Format: JWT (JSON Web Token)
  • Validity: Short-lived (typically 15-30 minutes)
  • Usage: Single-use recommended for security
  • Scope: Card tokenization operations only

Security Requirements

PCI Compliance

Before using tokenization in production:
  • Submit PCI DSS compliance documentation
  • Complete security questionnaire
  • Undergo security review process
  • Receive production endpoint access approval

Best Practices

  • Use immediately: Don’t store access tokens
  • Single use: Request new tokens for each tokenization session
  • Secure transmission: Always use HTTPS
  • Client-side: Only use access tokens in secure, PCI-compliant environments

Next Steps

For a complete step-by-step guide on using this access token to tokenize card data and process payments, see Create a Payment with Card Tokenization.