Carbon

Documentation

Welcome to Carbon's docs!

Get Started    

Tokenize Credit/Debit Card

Overview

To prevent transmitting sensitive payment card data via your checkout form, we offer functionality to tokenize credit/debit cards and pass in tokenized credit/debit card fields to our 'Adding a credit/debit card' endpoint. This is the same functionality our checkout widget utilizes. API integrators can also utilize this functionality if they want to host their own checkout form but still tokenize payment card information themselves, although you will still have PCI burden since you are collecting and transmitting sensitive unencrypted payment card data on your end. In order to be completely PCI-compliant, we strongly recommend integrating our checkout widget to isolate dealing with raw cardholder data to us!

Tokenize credit/debit card

Check out https://docs.carbon.money/docs/credit-debit#section-2-adding-a-credit-debit-card-post- for more information.

Public Authorization Required

The request authorization header is exactly the same as legacy superuser auth except you substitute your public key for the JWT.

If you do not know your public key, please reach out to [email protected]

Checkout Widget Integration

If you are integrating the checkout widget, tokenization is performed automatically and you will receive the tokenObject with tokenized credit/debit card fields at your form submission url.

const axios = require('axios');

let publicKey = 'pk_test_i405dzcO122ad1833SMeTdah';

let headers = {
  headers: {
    Authorization: `Bearer ${publicKey}`
  }
};
let url = `${ROOT}/v1/token`;


let data = {  
    cardNumber: "5100000000000511",
    expiry: "12/2030",
    cvc: "123",
    billingPremise: "No 789",
    billingStreet: "The Street",
    billingPostal: "55555"
};

axios.post(url, data, headers)
    .then(resp => {console.log(resp.data);})
    .catch(err => {console.log(err)})



{ 
  message: 'Successfully tokenized credit/debit card data.',
  code: 200,
  details: 
   { tokenObject: 
      { billingPostal: 'tok_sandbox_cX7qASdFWyDY3KbCXUZeMs',
        billingPremise: 'tok_sandbox_tbLwipMuUxoqZcwXuKwv8w',
        billingStreet: 'tok_sandbox_cQJ8WxYtgNj2faEiu61sP6',
        cardNumber: 'tok_sandbox_wCGBiawWVS2AX1rQfDj4x7',
        cvc: 'tok_sandbox_381fpMbdzMwyaoeiSKg732',
        expiry: 'tok_sandbox_eoXXh6Et8bssJD7r4bRGfF' } 
   } 
}

Add tokenized credit/debit card

You can pass in tokenized credit/debit card fields instead of plaintext fields to add a credit/debit card. Everything is the same except you replace the plaintext fields with the tokenized fields ,update the keys accordingly, and add in a 'tokenized' boolean.

For more on adding a credit/debit card, please go here.

Secret Auth v Legacy Auth

While you can use your superuser JWT to add a tokenized credit/debit card, we strongly recommend using your secret key to authenticate. The request authorization header is exactly the same except you substitute your secret key for the JWT.

If you do not know your secret key, please reach out to [email protected] from your superuser email!

// legacy auth that will be deprecated in our v2 api
/*
let jwtToken = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJlMzE3YjdlNy0yMzQ1LTQ0MWMtODA0Ni1kYjgxNTkyYmEyN2YiLCJzdXBlclVzZXIiOnRydWUsImNvbnRhY3QiOmZhbHNlLCJlbWFpbCI6ImRhbmllbEBjYXJib24ubW9uZXkiLCJpYXQiOjE1NTczMjc5MTR9.WZnSR5N1FebmT9nMu97PJvku49NY0jk4aKVPKm_1MlM';
*/
// we strongly recommend using your secret key to more securely authenticate your superuser instead
let secretKey = 'sk_test_A41Hm6IY3Q5LJ7ham34Zpkcj';

let headers = {
  headers: {
    Authorization: `Bearer ${secretKey}`
  }
};

let url = `${ROOT}/v1/card/addNew`;

let contactId = 'f96ad808-7cb0-481d-b5ea-91f2137c5bc6';

let data = {  
  nameOnCard: "Satoshi Nakamoto",
  tokenized: true,
  tokenizedCardNumber: 'tok_sandbox_wCGBiawWVS2AX1rQfDj4x7',
  tokenizedExpiry: 'tok_sandbox_eoXXh6Et8bssJD7r4bRGfF', 
  tokenizedCvc: 'tok_sandbox_381fpMbdzMwyaoeiSKg732',
  tokenizedBillingPremise: 'tok_sandbox_tbLwipMuUxoqZcwXuKwv8w',
  tokenizedBillingStreet: 'tok_sandbox_cQJ8WxYtgNj2faEiu61sP6',
  tokenizedBillingPostal: 'tok_sandbox_cX7qASdFWyDY3KbCXUZeMs',  
  contactId: '',
  rememberMe: "true",
  fiatBaseCurrency: "USD"
}

axios.post(url, data, headers).then(result => console.log(result)).catch(err => console.log(err));
{ 
  message: 'Card added successfully!',
  details: 
   { 
     creditDebitId: '1b1f2197-00b9-47a0-81a4-3193e416086e',
     contactId: 'f96ad808-7cb0-481d-b5ea-91f2137c5bc6' 
   },
  code: 200 
}

Updated 3 months ago

Tokenize Credit/Debit Card


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.