Card Tokenization
What is card tokenization?
Credit card tokenization is a process that involves replacing sensitive credit card information, such as the card number, with a unique identifier called a token. The token serves as a reference to the original credit card data but does not contain any sensitive information itself.
The purpose of credit card tokenization is to enhance the security of credit card transactions and protect sensitive customer data. Here's how it works:
- When a payer provides their credit card information for an approved transaction, the data is securely captured using encryption techniques.
- Token generation: The captured credit card information is sent to an internal tokenization system, which generates a unique token to represent that card. The token is typically a randomized alphanumeric string.
- Storage and usage: Instead of storing the actual credit card details, the token is stored in the merchant's BridgerPay dashboard. The token is useless to potential attackers, as it does not contain any sensitive information.
How to tokenize a card?
To achieve card tokenization, there are four methods available:
- Transaction-based tokenization: Following a successful transaction, upon completion by the payer, the merchant will receive a notification containing the generated card token.

Please be informed that Transaction-based tokenization will only be generated if the payer explicitly requests to save their card details for future payments.
- Card tokenization API: In situations where a card number is received for future charging purposes, rather than storing the actual card number, it is recommended to utilize the designated endpoint for card tokenization.
Kindly be advised that in the process of generating a tokenized card number that excludes the card holder's name and email, it is necessary to utilize both parameters when initiating the MPI deposit request.
- BLOX: BLOX offers a robust and secure way to handle online payments by generating payment card tokens via secure iframes. Designed to simplify the often complicated task of payment processing, the SDK embeds secure iframes into your checkout pages, allowing for PCI-compliant collection of payment card details.
- Card tokenization widget: The Card Tokenization Widget functions as a user interface component seamlessly integrated into your website, achieved through direct script embedding or through an iframe within any chosen web resource. It facilitates the creation of unique payment card tokens and encrypted CVV values for subsequent use.
How to get saved cards by customer ID?
Please follow the requirements below:
- Get authorized as a merchant.
- User the Retrieve token by customer ID endpoint.
GET https://api.bridgerpay.com/v2/ma/n/payment-card-tokens?customerId={customer_id}
Content-Type: application/json
Authorization: Bearer {{ACCESS_TOKEN}}
How to get saved cards by email?
Please follow the requirements below:
- Get authorized as a merchant.
- User the Retrieve token by email endpoint.
GET https://api.bridgerpay.com/v2/ma/n/payment-card-tokens?email={email}
Content-Type: application/json
Authorization: Bearer {{ACCESS_TOKEN}}
How to get saved cards by email and customer ID?
Please follow the requirements below:
- Get authorized as a merchant.
- User the Retrieve token by email & customer ID endpoint.
GET https://api.bridgerpay.com/v2/ma/n/payment-card-tokens?email={email}&customerId={customer_id}
Content-Type: application/json
Authorization: Bearer {{ACCESS_TOKEN}}
How to revoke a token?
Please follow the requirements below:
- Get authorized as a merchant.
- User the revoke token endpoint.
DELETE https://api.bridgerpay.com/v2/ma/n/payment-card-tokens/{card_token}
Content-Type: application/json
Authorization: Bearer {{ACCESS_TOKEN}}
Updated 7 days ago