Tokenization - csob/paymentgateway GitHub Wiki
This extension returns to the merchant card token information in addition to the payment/status response. Tokenization is primarily intended for identifying transactions paid by the same payment card. In case the payment transaction is successfully authorised, this extension returns cardToken value.
This extension is not available in the basic setup. Please contact [email protected] for activation of the extension for your merchant account.
Token
Token substitutes sensitive card number value, so it can be used in merchant systems without need for PCI DSS certification. Computed token value is based on card number and card expiration values. Tokenization algorithm uses one-way cryptographic function, it is not possible to acquire card number from card token, token length is currently 66 chars (hex value of 33 bytes). Token - unlike a card number - can't be misused for fraud transactions.
Token creation
Token is created for successfully authorised transactions only, i.e. cardholder is successfully verified during authorisation.
Extension parameters in payment/status response
Newly added parameter is extensions, contains a list of all activated extensions for a given operation. Extension cardToken will be returned in payment/status response only if transaction is in Authorized (4) state or in Waiting for settlement (7) or in Settled (8) state.
Description of cardToken extension parameters
Parameters in bold will always be returned
| Item | Type | Description |
|---|---|---|
| extension | String | Extension ID (assigned by gateway). It is always cardToken for this particular extension. |
| dttm | String | Date and Time of the response (format YYYYMMDDHHMMSS). |
| cardToken | String | Card token value. |
| signature | String | Extension signature, BASE64 encoded. |
Example of response to payment/status call with the cardToken extension
{
"dttm": "20151119113916",
"signature": "base64-encoded-response-signature",
"payId": "3090adf87eda7AK",
"resultCode": 0,
"resultMessage": "OK",
"paymentStatus": 7,
"authCode": "453708",
"extensions": [
{
"extension": "cardToken",
"dttm": "20220125131601",
"cardToken": "102eb880650bbd47742de9b0282c875fb1fa9180453d04a6022030909647e9b840",
"signature": "base64-encoded-extension-signature"
}
]
}
Cryptographic signature calculation is based on the string of parameters in exactly the same order as listed in the specification (see above).
cardToken|20220125131601|102eb880650bbd47742de9b0282c875fb1fa9180453d04a6022030909647e9b840
Note: Signature of the core parameters remains unchanged. The extensions item does not affect the calculation of the payment/status response. Each extension has its own signature.
Extension signature and its validation uses the same algorithm SHA1withRSA (for API 1.7 and older) or SHA256withRSA (for API 1.8 and newer).