In the SDKs, a payment method nonce is a secure, one-time-use reference to payment information. It's the key element that allows your server to communicate sensitive payment information to Braintree without ever touching the raw data.
In the GraphQL API, a payment method nonce is refered to as a single-use payment method and has the same functionality.
In this article, a single-use token will refer to both a payment method nonce and single-use payment method.
A single-use token can reference any payment method. This can help keep your integration simple and lightweight; for example, you could use the same server-side code for creating a PayPal transaction as you use for creating a credit card transaction.
Security is important for all payment method types, but it's particularly critical for cards.
The Payment Card Industry Security Standards Council mandates compliance with their Data Security Standard (PCI DSS), and the less exposure your business has to raw card data, the easier it is to demonstrate compliance. Using single-use tokens in place of raw card data helps keep your PCI compliance burden to a minimum.
Braintree's servers will generate single-use tokens in response to requests from merchant clients and servers.
In general, your client will be responsible for handling the responses from Braintree and sending them to your server. Your server is then responsible for sending those single-use tokens back to Braintree on requests to perform certain actions.
You'll need a single-use token for two main purposes:
- To create transactions with the SDK or GraphQL API
- To create or update payment methods in your Vault for repeat use with the SDK or GraphQL API
A single-use token may only be used once. If it is not used, it expires 3 hours after being created.
See more documentation on single-use tokens.
- Basic Braintree-client-server interaction in our Get Started guide
- Simple transaction sale calls in our credit cards and PayPal guides
- Simple payment method create call in our API reference
- Advanced payment method nonce usage in our 3D Secure guide and API reference
- Sandbox testing details including static payment method nonce test values