One-Time Token

A One-Time Token (OTT) allows capturing card data securely for a single purchase without storing sensitive information. It is ideal for one-time transactions where the customer is not registered or when the card should not be saved for future use.

⏳
OTTs are valid for 10 minutes and can be used only once.

How OTTs Are Generated

One-Time Tokens are automatically created when capturing card data through:

Tokenization Form

Hosted form for securely collecting card details in non-PCI environments.

Direct Tokenization

Backend API tokenization for PCI-compliant merchants.

⚠️
Do not include a CustomerId when generating a One-Time Token. If provided, the token will be created as a Recurring Token instead.

How to Use the One-Time Token

Once the OTT is generated, it must be sent to your backend and used in the TrxToken field when creating a purchase. Refer to the Create a Purchase guide for details on how to include the token in the purchase request.

🖼️
To visualize the full end-to-end tokenization flow, including how the OTT is created and used in a payment, see the Tokenization Form guide.

Best Practices

✅

Use OTTs only for anonymous or one-time transactions.

Always send the token to your server immediately after generation.

Complete the purchase within 10 minutes of generating the token.

Do not attempt to reuse an OTT. It is single-use by design.

Avoid exposing the OTT in the frontend once generated.

Next Steps

Tokenization Form

See how the OTT is generated securely through the hosted tokenization flow.

Create a Purchase

Use the OTT as the TrxToken to initiate the payment.

Recurring Token

Need reusable tokens? Learn how to store cards for future payments.