Client Authorization


Client SDKs require a form of authorization to interact with the Braintree gateway. The type of authorization you provide to your client determines what the client can do.

Types of authorizationanchor

We offer two forms of client authorization:

  • A tokenization key is a lightweight reusable value that authorizes payment method tokenization.
  • A client token is a short-lived value that authorizes payment method tokenization, payment method retrieval, and client-side vaulting.


Client TokenTokenization Key
CreationGenerated using server-side libraryGenerated in Control Panel
DeactivationAt Braintree's discretion prior to JWT expirationVia the Control Panel
Delivery to your clientMust be sent from your serverCan be shipped with your app
Payment method vaultingYes, with customer IDRequires sending a payment method single-use token to your server
List payment methodsYes, with customer IDNo
Supply configuration informationYesNo
ReusableYes, up to 24 hoursYes
Payment method tokenizationYesYes
Credit cardsYesYes
Apple Pay and Google PayYesYes
3D SecureYesNo

When to use tokenization keysanchor

Tokenization keys do not require any interaction with your server until after payment information is tokenized. If you want to collect payment information to hand off to your server, tokenization keys are ideal.

Tokenization keys are also useful for situations where you want to tokenize payment information as simply as possible. If you do not require 3D Secure, tokenization keys should do everything you need.

When to use client tokensanchor

Client tokens allow use of the full range of Drop-in functionality. If you want customers to save their payment methods directly from your client or want to present returning customers with a list of their saved payment methods, use client tokens.

Compared to tokenization keys, client tokens also reduce the latency of tokenization – particularly for clients outside the US – because they rely on public key cryptography rather than retrieval for authentication.

Using bothanchor

If your client apps allow both guests and registered users to make purchases, you may wish to use both tokenization keys and client tokens. If this applies, instantiate a new Braintree instance with your authentication method of choice.

See also