Direct Tokenization
This method allows PCI-compliant merchants to collect cardholder data directly and generate a secure token (One-Time Token or Recurring Token) via backend API.
Direct Tokenization is available only for PCI-certified merchants.
If you're not PCI-compliant, use the Tokenization Form instead.
Tokenization Endpoint
Send a POST request to the following endpoint with the merchant private key:
| Environment | Endpoint |
|---|---|
| Staging | https://directtoken.stage.bamboopayment.com/api/Token?commerceKey={{MerchantPrivateKey}} |
| Production | https://directtoken.bamboopayment.com/api/Token?commerceKey={{MerchantPrivateKey}} |
Error messages can be returned in multiple languages by including the
langheader. For supported codes and usage, see the Multilanguage for Errors section.
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
Email | string | Yes | Cardholder's email address. |
Pan | string | Yes | Full card number. |
CVV | string | Yes | Card security code. |
Expiration | string | Yes | Expiration date in MM/YY format. |
Titular | string | Yes | Cardholder's name. |
CrossBorderData→ TargetCountryISO | string | No | Required only for CrossBorder merchants. |
CustomerId | string | No | If provided, Bamboo generates a Recurring Token (CT) linked to the customer. Otherwise, a One-Time Token is created. |
Example: One-Time Token (OTT)
{
"Email": "[email protected]",
"Pan": "5275412766556942",
"CVV": "172",
"Expiration": "07/26",
"Titular": "Rodrigo Serrano",
"CrossBorderData": {
"TargetCountryISO": "AR"
}
}Example: Recurring Token
{
"Email": "[email protected]",
"Pan": "5275412766556942",
"CVV": "172",
"Expiration": "07/26",
"Titular": "Rodrigo Serrano",
"CrossBorderData": {
"TargetCountryISO": "AR"
},
"CustomerId": 251179
}Response Parameters
The API returns token details for use in future transactions.
| Property | Type | Description |
|---|---|---|
TokenId | string | Unique token to use in the TrxToken field of a purchase. |
IdCommerceToken | integer | 0 for OTTs; unique ID for Recurring Tokens. |
Type | string | "OneTime" or "Commerce". |
Created | string | Timestamp of token creation. |
Brand | string | Card brand (e.g., Visa, Mastercard). |
Owner | string | Cardholder’s name. |
Last4 | string | Last four digits of the card. |
Bin | string | First six digits of the card number (issuer BIN). |
CardExpMonth | integer | Expiration month. |
CardExpYear | integer | Expiration year. |
IssuerBank | string | Issuing bank name, if available. |
CardType | string | Type of card (CreditCard, DebitCard, etc.). |
PaymentMediaId | integer | Internal identifier for the payment method. |
AffinityGroup | string | Affinity or loyalty program (if present). |
Error | object | Error object if tokenization failed. |
Response for One-Time Token
{
"TokenId": "OT__OnZr7uB0WcBIxTZDYgelObTuqbROpSxJ4jiYpVJ8SzQ_",
"IdCommerceToken": 0,
"Created": "2023-09-04T12:29:56.0351102",
"Type": "OneTime",
"Brand": "MasterCard",
"Owner": "Rodrigo Serrano",
"Last4": "0015",
"Bin": null,
"CardExpMonth": 8,
"CardExpYear": 30,
"Error": null,
"IssuerBank": null,
"CommerceAction": null,
"CardType": "CreditCard",
"Installments": null,
"PaymentMediaId": 2,
"AffinityGroup": null,
"CardId": null
}Response for Recurring Tokens
{
"TokenId": "CT__i10IcFjy3amyaNLK0D4isUI5PXmTO5ytnM5Xdz7VMRE_",
"IdCommerceToken": 42909,
"Created": "2023-09-04T12:29:10.4160761",
"Type": "Commerce",
"Brand": "MasterCard",
"Owner": null,
"Last4": "0015",
"Bin": "529991",
"CardExpMonth": 8,
"CardExpYear": 30,
"Error": null,
"IssuerBank": null,
"CommerceAction": null,
"CardType": null,
"Installments": null,
"PaymentMediaId": 2,
"AffinityGroup": null,
"CardId": null
}Updated 7 months ago