Tokenization is the process of exchanging sensitive account information for a token. PayJunction can collect sensitive card details directly from your customers in a secure manner and return a token representing this information to you for use in payment processing. By tokenizing sensitive data, your liability is reduced and you greatly simplify PCI compliance requirements.
We provide a JavaScript SDK to perform this process in the customer's browser. This ensures that no sensitive card data touches your servers, and drastically reduces your PCI scope..
General Overview
To process a transaction using tokens, the general workflow is as follows:
- Include the PayJunction client-side SDK and publishable key on your webpage.
- Create the token information using the PayJunction SDK.
- Send the token id to your server.
- At this point, you can use the token with the PayJunction API to either:
- Process a transaction.
- Create a customer vault for later use.
See the JavaScript Tokenization Examples for code samples.
Tokens
Tokens are short-lived, single-use entities meant to be used immediately.
Tokens expire within 30 minutes and should not be stored. To store card information for later use, create Customer Vault objects.
Publishable Keys
In order to use the SDK and create tokens, you need a publishable key. Unlike Application Keys, publishable keys are meant to be public and can be safely added to your website. Each publishable key is unique to a merchant, and different between Test and Production environments.
You can create a publishable key with the dedicated API.