Forward API

Tokenization Supportanchor

availability

Use of the production Forward API is subject to eligibility.

Contact your Account Manager for more information or submit an inquiry to our Business Development team.

The Forward API currently supports Discover and Mastercard TPANs.

Discover TPANs are currently restricted to US-issued credit cards, PayPal accounts, and Venmo accounts.

Mastercard TPANs are currently restricted to credit cards issued in the European Union or United Kingdom and PayPal accounts.

In production, tokenization requires approval and linked PayPal credentials.

Capabilitiesanchor

Discover TPANMastercard TPAN
Region restrictionsUS onlyEuropean Union and United Kingdom
Supports amount restrictionsYes, via max_amountYes, via max_amount
Supports cryptogram-based authorizationsNoNo
Supports CVV-based authorizationsYes, required for authorization unless expire_at is specifiedYes, required for authorization unless expire_at is specified
Supports multiple authorizationsYes, if expire_at is specifiedYes, if expire_at is specified
Supports PayPalYes, currently only for channel-initiated billing agreements (CIBs)Yes, currently only for channel-initiated billing agreements (CIBs)
Supports TTL restrictionsYes, via expire_atYes, via expire_at
Supports VenmoYesNo

Usageanchor

Configs using TPANs are nearly identical to CreditCard configs, with two key differences:

  1. "NetworkTokenizedCard" will be included among the types
  2. $cvv will be available as a variable

Tokenization will be attempted automatically if a config supports the "NetworkTokenizedCard" type but not the payment method type of the specified payment_method_token or payment_method_nonce. If the config supports both, "tokenize_on_forward" parameter can be set to true to send tokenized card information.

You can optionally pass TSP Options when forwarding a specific payment method to a third party to limit what can be done with a TPAN. For example, if you passed max_amount as 10.00, and the third party tried to charge 900.00, the transaction would fail.

Example - Discover TPANanchor

  1. bash
curl https://forwarding.sandbox.braintreegateway.com/ \
  -H "Content-Type: application/json" \
  -X POST \
  -u "${BRAINTREE_PUBLIC_KEY}:${BRAINTREE_PRIVATE_KEY}" \
  -d '{
    "merchant_id": "'"$BRAINTREE_MERCHANT_ID"'",
    "payment_method_nonce": "fake-valid-nonce",
    "debug_transformations": true,
    "tokenize_on_forward": true,
    "url": "https://httpbin.org/post",
    "method": "POST",
    "config": {
      "name": "inline_example_debug",
      "methods": ["POST"],
      "url": "^https://httpbin\.org/post$",
      "request_format": {"/body": "json"},
      "types": ["NetworkTokenizedCard"],
      "transformations": [{
        "path": "/body/number",
        "value": "$number"
      },
      {"path": "/body/cvv", "value": "$cvv"}]
    }
  }'

Returns:

  1. JSON
{"number":"6011000991300009","cvv:":"123"}
# cvv will be three random digits

Example - Mastercard TPANanchor

  1. bash
curl https://forwarding.sandbox.braintreegateway.com/ \
  -H "Content-Type: application/json" \
  -X POST \
  -u "${BRAINTREE_PUBLIC_KEY}:${BRAINTREE_PRIVATE_KEY}" \
  -d '{
    "merchant_id": "'"$BRAINTREE_MERCHANT_ID"'",
    "payment_method_nonce": "fake-valid-nonce",
    "debug_transformations": true,
    "tokenize_on_forward": true,
    "url": "https://httpbin.org/post",
    "tsp": {"currency_code": "EUR"},
    "method": "POST",
    "config": {
      "name": "inline_example_debug",
      "methods": ["POST"],
      "url": "^https://httpbin\.org/post$",
      "request_format": {"/body": "json"},
      "types": ["NetworkTokenizedCard"],
      "transformations": [{
        "path": "/body/number",
        "value": "$number"
      },
      {"path": "/body/cvv", "value": "$cvv"}]
    }
  }'

Returns:

  1. JSON
{"number":"5555555555554444","cvv":"123"}
# cvv will be three random digits

See alsoanchor


Next Page: Capital One Enhanced Decision Making