Tokenization

Availability

Use of the production Forward API is subject to eligibility.

Contact your Account Manager for more information or submit an inquiry to our Business Development team.

Example - Discover TPAN

bash

curl https://forwarding.sandbox.braintreegateway.com/ \
  -H "Content-Type: application/json" \
  -X POST \
  -u "\${BRAINTREE_PUBLIC_KEY}:\${BRAINTREE_PRIVATE_KEY}" \
  -d '{
    "merchant_id": "'"$BRAINTREE_MERCHANT_ID"'",
    "payment_method_nonce": "fake-valid-nonce",
    "debug_transformations": true,
    "tokenize_on_forward": true,
    "url": "https://httpbin.org/post",
    "method": "POST",
    "config": {
      "name": "inline_example_debug",
      "methods": ["POST"],
      "url": "^https://httpbin\\.org/post$",
      "request_format": {"/body": "json"},
      "types": ["NetworkTokenizedCard"],
      "transformations": [{
        "path": "/body/number",
        "value": "$number"
      },
      {"path": "/body/cvv", "value": "$cvv"}]
    }
  }'

Returns:

json

{"number":"6011000991300009","cvv:":"123"}
# cvv will be three random digits

Example - Mastercard TPAN

bash

curl https://forwarding.sandbox.braintreegateway.com/ \
  -H "Content-Type: application/json" \
  -X POST \
  -u "\${BRAINTREE_PUBLIC_KEY}:\${BRAINTREE_PRIVATE_KEY}" \
  -d '{
    "merchant_id": "'"$BRAINTREE_MERCHANT_ID"'",
    "payment_method_nonce": "fake-valid-nonce",
    "debug_transformations": true,
    "tokenize_on_forward": true,
    "url": "https://httpbin.org/post",
    "tsp": {"currency_code": "EUR"},
    "method": "POST",
    "config": {
      "name": "inline_example_debug",
      "methods": ["POST"],
      "url": "^https://httpbin\\.org/post$",
      "request_format": {"/body": "json"},
      "types": ["NetworkTokenizedCard"],
      "transformations": [{
        "path": "/body/number",
        "value": "$number"
      },
      {"path": "/body/cvv", "value": "$cvv"}]
    }
  }'

Returns:

json

{"number":"5555555555554444","cvv":"123"}
# cvv will be three random digits

Additional parameters

device_dataString

The device_data parameter contains session identifiers ultimately used for Risk decisions. Provide the full string received from the Braintree client SDK.

tokenize_on_forwardboolean

If the config supports both NetworkTokenizedCards and the underlying payment method type, tokenization will only be attempted if tokenize_on_forward is true.

tspobject

Tokenization Service Provider options

currency_codeString

The currency code the max amount should apply to. Default: USD.

expire_atString

If provided, the tokenized PAN may be used any number of times until expire_at, an ISO 8601 date with optional time. This does not set $expiration_month and/or $expiration_year.

max_amountString

The maximum amount the tokenized PAN can be charged. Default: 2000.00

require_cryptogramboolean

If set to true, a cryptogram will be returned instead of a dynamic CVV. Currently only compatible with Visa network tokens. Default false.

AVS and CVV

Authorizations against a Discover TPAN require the generated CVV unless the expire_at option was set; failing to provide it will result in a decline.
The TPAN does not have an associated postal code, and any postal code provided during an authorization will result in an AVS response of M (matches).

Errors

If tokenization is attempted on an unsupported or invalid payment instrument, the Forward API will return an error response.