Direct Tokenization

This method allows PCI-compliant merchants to collect cardholder data directly and generate a secure token (One-Time Token or Recurring Token) via backend API.

🛡️
Direct Tokenization is available only for PCI-certified merchants. If you're not PCI-compliant, use the Tokenization Form instead.

Tokenization Endpoint

Send a POST request to the following endpoint with the merchant private key:

Environment	Endpoint
Staging	`https://directtoken.stage.bamboopayment.com/api/Token?commerceKey={{MerchantPrivateKey}}`
Production	`https://directtoken.bamboopayment.com/api/Token?commerceKey={{MerchantPrivateKey}}`

🌎
Error messages can be returned in multiple languages by including the lang header. For supported codes and usage, see the Multilanguage for Errors section.

Request Parameters

Parameter	Type	Required	Description
`Email`	`string`	Yes	Cardholder's email address.
`Pan`	`string`	Yes	Full card number.
`CVV`	`string`	Yes	Card security code.
`Expiration`	`string`	Yes	Expiration date in `MM/YY` format.
`Titular`	`string`	Yes	Cardholder's name.
`CrossBorderData`→ `TargetCountryISO`	`string`	No	Required only for CrossBorder merchants.
`CustomerId`	`string`	No	If provided, Bamboo generates a Recurring Token (CT) linked to the customer. Otherwise, a One-Time Token is created.

Example: One-Time Token (OTT)

{
  "Email": "[email protected]",
  "Pan": "5275412766556942",
  "CVV": "172",
  "Expiration": "07/26",
  "Titular": "Rodrigo Serrano",
  "CrossBorderData": {
    "TargetCountryISO": "AR"
  }
}

Example: Recurring Token

{
  "Email": "[email protected]",
  "Pan": "5275412766556942",
  "CVV": "172",
  "Expiration": "07/26",
  "Titular": "Rodrigo Serrano",
  "CrossBorderData": {
    "TargetCountryISO": "AR"
  },
  "CustomerId": 251179
}

Response Parameters

The API returns token details for use in future transactions.

Property	Type	Description
`TokenId`	`string`	Unique token to use in the `TrxToken` field of a purchase.
`IdCommerceToken`	`integer`	`0` for OTTs; unique ID for Recurring Tokens.
`Type`	`string`	`"OneTime"` or `"Commerce"`.
`Created`	`string`	Timestamp of token creation.
`Brand`	`string`	Card brand (e.g., Visa, Mastercard).
`Owner`	`string`	Cardholder’s name.
`Last4`	`string`	Last four digits of the card.
`Bin`	`string`	First six digits of the card number (issuer BIN).
`CardExpMonth`	`integer`	Expiration month.
`CardExpYear`	`integer`	Expiration year.
`IssuerBank`	`string`	Issuing bank name, if available.
`CardType`	`string`	Type of card (`CreditCard`, `DebitCard`, etc.).
`PaymentMediaId`	`integer`	Internal identifier for the payment method.
`AffinityGroup`	`string`	Affinity or loyalty program (if present).
`Error`	`object`	Error object if tokenization failed.

Response for One-Time Token

{
    "TokenId": "OT__OnZr7uB0WcBIxTZDYgelObTuqbROpSxJ4jiYpVJ8SzQ_",
    "IdCommerceToken": 0,
    "Created": "2023-09-04T12:29:56.0351102",
    "Type": "OneTime",
    "Brand": "MasterCard",
    "Owner": "Rodrigo Serrano",
    "Last4": "0015",
    "Bin": null,
    "CardExpMonth": 8,
    "CardExpYear": 30,
    "Error": null,
    "IssuerBank": null,
    "CommerceAction": null,
    "CardType": "CreditCard",
    "Installments": null,
    "PaymentMediaId": 2,
    "AffinityGroup": null,
    "CardId": null
}

Response for Recurring Tokens

{
    "TokenId": "CT__i10IcFjy3amyaNLK0D4isUI5PXmTO5ytnM5Xdz7VMRE_",
    "IdCommerceToken": 42909,
    "Created": "2023-09-04T12:29:10.4160761",
    "Type": "Commerce",
    "Brand": "MasterCard",
    "Owner": null,
    "Last4": "0015",
    "Bin": "529991",
    "CardExpMonth": 8,
    "CardExpYear": 30,
    "Error": null,
    "IssuerBank": null,
    "CommerceAction": null,
    "CardType": null,
    "Installments": null,
    "PaymentMediaId": 2,
    "AffinityGroup": null,
    "CardId": null
}