Value Added Services

Tokenization

Tokenization is a value-added service provided free to all of our API consumers.  By tokenizing payment data, EVO Snap reduces the burden of PCI compliance on merchants by eliminating the need to store cardholder account data locally with their commerce solutions.

Tokenization allows the merchant application to store and send only the token, rather than sending consumer account data for new transactions that use the Authorize and AuthorizeAndCapture operations. It should be noted that tokens cannot be used for PIN Debit transactions.

When raw payment data is sent in on a request, the platform encrypts and securely stores the payment data.  A unique token is then returned to the requesting application in the transaction response message, where it can be stored locally with other non-sensitive customer data. The token that has been returned may then be used in subsequent transaction requests for that customer.

To support saved account payments using tokenization, you will need to implement functionality that allows the application to store and retrieve tokens from a customer’s account profile stored in a local application database. The tokens returned from the platform are unique for each customer credit card, which allows a customer to have multiple credit cards associated with their account.

With the addition of Customer Management Service (CMS) endpoint to the platform, you now have the ability to send in your unique Customer ID on a transaction.  The platform will automatically associate any new cards to the customer.

AuthorizeAndCapture with Token – REST Example

AuthorizeAndCapture with Token
Header POST /2.1.29/REST/TPS.svc/39C6700001 HTTP/1.1
Accept application/json
User-Agent EVO Snap API/1.0
Authorization Basic UEhOaGJXdzZ…
Note: This is the session token passed in with each request.
Content-Type application/json; charset=utf-8
Host api.cipcert.goevo.com
Content-Length 2547
Expect 100-continue

Request

 
Response

 

AuthorizeAndCapture with Token – SOAP Example

AuthorizeAndCapture with Token
Header POST /2.1.30/TPS.svc HTTP/1.1
Content-Type text/xml; charset=utf-8
SOAP-Action “http://schemas.evosnap.com/CWS/v2.0/TransactionProcessing/ICwsTransactionProcessing/AuthorizeAndCapture”
Host api.cipcert.goevo.com
Expect 100-continue
Accept-Encoding gzip, deflate
Content-Length 10866

Request

Note: the entity sessionToken is the session token passed in with each request.

 

Response