Skip to main content
POST
/
api
/
v1
/
tokenization
/
generate
Tokenization Generate
curl --request POST \
  --url http://localhost:8080/cardcenter/api/v1/tokenization/generate \
  --header 'Content-Type: application/json' \
  --data '
{
  "tokenRequestId": "<string>",
  "merchantUserId": "<string>",
  "tokenType": "<string>",
  "merchantInfo": {
    "merchantId": "<string>",
    "subMerchantId": "<string>"
  },
  "notifyUrl": "<string>",
  "tokenData": {
    "pan": "<string>",
    "expiry": "<string>",
    "name": "<string>",
    "cvv": "<string>"
  },
  "billingAddress": {
    "countryCode": "<string>",
    "region": "<string>",
    "city": "<string>",
    "postalCode": "<string>",
    "address": "<string>"
  }
}
'
{
  "code": "<string>",
  "msg": "<string>",
  "msgParams": {},
  "data": {
    "tokenRequestId": "<string>",
    "tokenSessionId": "<string>",
    "merchantUserId": "<string>",
    "tokenId": "<string>"
  },
  "success": true,
  "fail": true
}

Body

application/json
tokenRequestId
string
required

Tokenization request ID sent from Merchant. It will also be used for idempotent check. For example: use uuid to generate a unique serial no.

Maximum string length: 64
merchantUserId
string
required

The merchant's userId must be unique for each user of merchants.

Maximum string length: 64
tokenType
string
required

Types of requested tokenization: CARD.

Maximum string length: 32
merchantInfo
object
required

Merchant info.

notifyUrl
string

The callback address to notify the merchant after the Tokenization is completed or failed.

Maximum string length: 256
tokenData
object

If your organization possesses the necessary PCI-DSS certification to store and process raw cardholder data, you may pass the sensitive card details (including pan, expiry, cvv, and name) directly within the tokenData object when calling this endpoint.

billingAddress
object

The cardholder's billing address.

Callbacks

POST
{$request.body#/notifyUrl}tokenizationNotification

Body

application/json

Webhook payload POSTed to merchant's notifyUrl when token status or data changes.

eventType
string

Event type of the notification. Fixed value: TOKENIZATION_NOTIFICATION.

Example:

"TOKENIZATION_NOTIFICATION"

result
object

Notification result object containing the latest tokenization data.

Response

200 - */*

Merchant acknowledgement

Merchant's acknowledgement to the tokenization notification webhook. If failed/unknown is received, Waffo will retry the notification for up to 24 hours.

message
enum<string>

Processing result. Allowed values: success, failed, unknown.

Available options:
success,
failed,
unknown
Example:

"success"

Response

200 - */*

OK

Standard API response envelope.

code
string

Result code. "0" indicates success; any other value indicates failure.

msg
string

Human-readable message corresponding to the result code.

msgParams
object

Key-value parameters associated with the error message, used for templated errors.

data
object

Response payload. Empty when the request fails.

success
boolean
fail
boolean