Payment network tokens replace real card details during transactions to enhance security. Visa and Mastercard support various types of tokens:

• Device-based tokens work only on the device they were issued to, for example, Guide
  Apple Pay offers a secure and convenient payment option for iOS users. Apple Pay, Guide
  Google Pay enhances checkout experiences on Android and web platforms. Google Pay
• Non-device-based tokens can be used from any device, typically for online stores or apps where customers buy subscriptions

If you or your provider receive tokens directly from Visa or Mastercard, or if you accept Apple Pay/Google Pay for subscriptions and store those tokens, you can process them through Solidgate without being the token issuer.

This enables you to continue processing payments without needing to create new tokens when switching providers with key benefits:

• Keep tokens with your provider or in your vault; use Solidgate only for processing payments
• No need for new tokens when changing providers
• Apple Pay/Google Pay tokens continue to work smoothly for regular subscription payments, even if your provider changes
• Your setup stays the same while Solidgate manages payment processing behind the scenes

Token payment flow

Charge API request supports two types of one-time payments:

• pan Primary Account Number (PAN)
• dpan Device Primary Account Number (DPAN)

You can specify the token type using the optional card_data_type parameter with values like dpan , the default is pan . When processing payments with a dpan , specific parameters must be included depending on the DPAN source and payment scenario.

• dpan_source is required where the DPAN comes from:
  • apple-pay
  • google-pay
  • vts Visa Token Service (VTS)
  • mdes Mastercard Digital Enablement Service (MDES)
  • scof Secure Customer On File (SCOF)
• payment_type is required defines who initiates the payment:
  • 1-click Customer-Initiated Transactions (CIT)
  • recurring , retry , installment , rebill Merchant-Initiated Transactions (MIT)

MIT with DPAN from Apple Pay or Google Pay

If you or your provider accept Apple Pay or Google Pay payments for subscriptions and store device-based tokens, these tokens can only be used for merchant-initiated payments, such as recurring or scheduled payments.

• payment_type must not be 1-click , and must be one of the recurring , retry , installment , or rebill
• scheme_transaction_id is required
• force3ds must not be true , Guide
  This process is designed to enable secure and reliable payment processing through the use of 3D Secure (3DS) with challenge authentication flow. 3D Secure authentication should not be forced
• card_number, card_exp_month, card_exp_year, card_holder, pass DPAN details

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

{
  "card_data_type": "dpan",
  "dpan_source": "apple-pay",
  "type": "auth",
  "payment_type": "recurring",
  "scheme_transaction_id": "343453453",
  "force3ds": false,
  "card_number": "4441114467564454",
  "card_exp_month": "01",
  "card_exp_year": "2027",
  "card_holder": "John Snow"
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

{
  "card_data_type": "dpan",
  "dpan_source": "google-pay",
  "type": "auth",
  "payment_type": "recurring",
  "scheme_transaction_id": "343453453",
  "force3ds": false,
  "card_number": "5332345678901234",
  "card_exp_month": "12",
  "card_exp_year": "2028",
  "card_holder": "John Snow"
}

MIT with DPAN from Visa or Mastercard

If you use a third-party provider or orchestrator that receives, stores, and manages Visa or Mastercard tokens, you can use these tokens for merchant-initiated recurring or scheduled payments.

• payment_type must not be 1-click , and must be one of the recurring , retry , installment , or rebill
• scheme_transaction_id is required
• force3ds must not be true , Guide
  This process is designed to enable secure and reliable payment processing through the use of 3D Secure (3DS) with challenge authentication flow. 3D Secure authentication should not be forced
• card_number, card_exp_month, card_exp_year, card_holder, pass DPAN details

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

{
  "card_data_type": "dpan",
  "dpan_source": "vts/mdes/scof",
  "type": "auth",
  "payment_type": "recurring/retry/installment/rebill",
  "scheme_transaction_id": "343453453",
  "force3ds": false,
  "card_number": "4441114467564454",
  "card_exp_month": "01",
  "card_exp_year": "2027",
  "card_holder": "John Snow"
}

CIT with DPAN from Visa or Mastercard

If you use a third-party provider or orchestrator that receives, stores, and manages Visa or Mastercard tokens, you can use these tokens for customer-initiated recurring or scheduled payments.

• payment_type must be 1-click
• cryptogram is required , you must obtain the cryptogram yourself and send it
• eci is required , you must obtain Electronic Commerce Indicator (ECI) from VTS/MDES/SCOF yourself and send it

Payment authentication:

• It is highly recommended to set force3ds true if you want Solidgate to initiate Guide
  This process is designed to enable secure and reliable payment processing through the use of 3D Secure (3DS) with challenge authentication flow. 3D Secure authentication, as this helps optimize payment success rates.
• If the payment was already authenticated on your side, send the authentication results inside the external_mpi_data object

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

{
  "card_data_type": "dpan",
  "dpan_source": "vts",
  "type": "auth",
  "payment_type": "1-click",
  "cryptogram": "YwAAABkAg0+NbusA",
  "eci": 5,
  "force3ds": true,
  "card_number": "4441114467564454",
  "card_exp_month": "01",
  "card_exp_year": "2027",
  "card_holder": "John Snow"
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

{
  "card_data_type": "dpan",
  "dpan_source": "vts",
  "type": "auth",
  "payment_type": "1-click",
  "cryptogram": "YwAAABkAg0+NbusA",
  "force3ds": true,
  "external_mpi_data": {
    "three_ds_version": "2.2.0",
    "eci": "01",
    "cryptogram": "QURZRU4gM0RTMiBURVNUIENBVlY=",
    "ds_transaction_id": "6edcc246-23ee-4e94-ac5d-8ae620bea7d9",
    "cryptogram_algorithm": "A",
    "three_ds_flow": "frictionless",
    "three_ds_server_transaction_id": "6edcc246-23ee-4e94-ac5d-8ae620bea7d9",
    "ds_enrollment_response": "Y",
    "acs_challenge_mandated_ind": "Y",
    "transaction_challenge_exemption": "05",
    "authentication_response": "Y",
    "authentication_timestamp": "2024-12-05T12:00:00.000Z",
    "ds_transaction_reason": "01",
    "acs_transaction_id": "6edcc246-23ee-4e94-ac5d-8ae620bea7d9",
    "authentication_method": [
      "02",
      "03"
    ],
    "challenge_cancel_ind": "01"
  },
  "card_number": "5332345678901234",
  "card_exp_month": "12",
  "card_exp_year": "2028",
  "card_holder": "John Snow"
}

Token usage

When making a Charge API request, Solidgate generates a token from the DPAN data. However, we don’t recommend using this token for follow-up or recurring payments because:

• token is a tokenized version of the original DPAN
• Solidgate does not manage the lifecycle of this token
• using the token may result in declined transactions

Always use the original DPAN for follow-up or recurring payments by sending a new Charge API API request. Even if we generate a token, it is not recommended for Guide
Explore Solidgate subscriptions for seamless recurring customer payments. subscriptions payments.

If you do decide to use the token, it should only be for MIT payment_type with one of the recurring , retry , installment , or rebill values.