Tokenization is the process of exchanging sensitive account information for a token. PayJunction can collect sensitive card details directly from your customers in a secure manner and return a token representing this information to you for use in payment processing. By tokenizing sensitive data, your liability is reduced and you greatly simplify PCI compliance requirements.
To process a transaction using tokens, the general workflow is as follows:
- Include the PayJunction client-side SDK and publishable key on your webpage.
- Create the token information using the PayJunction SDK.
- Send the token id to your server.
- At this point, you can use the token with the PayJunction API to either:
Tokens are short-lived, single-use entities meant to be used immediately.
Tokens expire within 30 minutes and should not be stored. To store card information for later use, create Customer Vault objects.
In order to use the SDK and create tokens, you need a publishable key. Unlike Application Keys, publishable keys are meant to be public and can be safely added to your website. Each publishable key is unique to a merchant, and different between Test and Production environments.
You can create a publishable key with the dedicated API.