The Tokenized Card Payment specification describes the data formats used by the PaymentRequest API [[!PAYMENTREQUESTAPI]] to support payment by tokenized payment cards.
This specification is a Payment Transaction Message Specification used by the PaymentRequest API [[!PAYMENTREQUESTAPI]] to support payment by tokenized payment cards. Merchants should favor tokenized card payment methods over basic card payments.
This specification relies on several other underlying specifications.
The following payment method identifier strings are supported by the Tokenized Card Payment data formats.
| Identifier String | Description |
|---|---|
| urn:payment-method:tokenized-card-payment:network | Network Tokenized Cards |
| urn:payment-method:tokenized-card-payment:gateway | Gateway Tokenized Cards |
| urn:payment-method:tokenized-card-payment:issuer | Issuer Tokenized Cards |
The payment method can be further specified by using the optional supportedTokenTypes data attribute.
Payment Mediators will take the supported token types into consideration when presenting Payment Apps to the user.
This section describes payment method specific data that is supplied as part of the data
argument to the PaymentRequest constructor.
dictionary TokenizedCardSpecificData {
required sequence<DOMString> supportedTokenTypes;
DOMString? merchantID;
};
The TokenizedCardSpecificData dictionary contains the following fields:
supportedTokenTypessupportedTokenTypes specifies which network, gateway, or issuer token providers you support.
merchantIDmerchantID is used for gateway tokenization to determine if the merchant has been onboarded to support gateway tokens via this Payment App.
As an example, you might construct a Payment Request with supported payment methods as follows:
var supportedMethods = [{
supportedMethods: ['urn:payment-method:tokenized-card-payment:gateway'],
data: {
supportedTokenTypes: ['roypay'],
merchantID: '12345abcdef'
},
}];
The TokenizedCardResponse dictionary contains the response from the
PaymentRequest API when a user accepts payment with a Tokenized Payment Card payment method.
dictionary TokenizedCardResponse {
DOMString cardholderName;
required DOMString cardLast4;
DOMString cardType;
DOMString tokenType;
required DOMString tokenNumber;
required DOMString expiryMonth;
required DOMString expiryYear;
DOMString tokenCryptogram;
DOMString tokenRequesterId;
DOMString gatewayToken;
DOMString gatewayTokenType;
BillingAddress? billingAddress;
};
The TokenizedCardResponse dictionary contains the following fields:
cardholderNamecardholderName field contains the cardholder's name as it appears on the card.cardLast4cardLast4 field contains the last 4 digits of the original (non-token) primary account number (PAN) for the payment card.cardTypecardType field contains the type (Visa, Mastercard, etc.) of the original (non-token) payment card.tokenTypetokenType field contains the type (Network, Issuer, Gateway) of token.tokenNumbertokenNumber field contains the token number for the payment card.expiryMonthexpiryMonth field contains a two-digit string for the expiry month
of the token in the range 01 to 12.expiryYearexpiryYear field contains a two-digit string for the expiry year
of the token in the range 00 to 99.tokenCryptogramtokenCryptogram field contains the cryptogram for the token. The cryptogram+token combination establishes a one time use credential. This field is only applicable to network tokenization and issuer tokenization. For issuer tokenization, this field should be a CVV.tokenRequesterIdtokenRequesterId field contains ID of the requester of the token (likely the creator of the payment app). This field is only applicable to network tokenization.gatewayTokengatewayToken field contains the gateway token used to process the payment.gatewayTokenTypegatewayTokenType field contains the type of gateway tokenization used (i.e. braintree, stripe, etc.)