Tokenization is the process where we take the card information, encrypt using the highest standards, and returning a code that only your API keys can read.
Because of the PCI requirements, Inyo doesn't allow any of the participants of the payment flow to store card holder data, unless they hold the approved PCI certification and the necessary compliance approvals are issued. As a modern and robust alternative, we employ card tokenization, using vaults and HSM to securely encrypt data, providing our partners a complete solution that is ready to be implemented and deployed in any scenario.
The only way to interact with the tokenization is utilizing our tokenizer library. Over the next months, native SDKs to the iOS and Android platform will also be available.
Tokenizer is a component that takes over an existing form and requires the additional of a few javascript lines to interact, but provides greater customization.
Parameters available to the tokenizer class
Param
Expected values
Description
targetId
#id
Id of the container that contains the inputs with the card holder data (pan, expiration date, name and cvv).
sandbox
true or false
Whether using sandbox or production.
publicKey
12323:123:12313:1231231
Public key used to identify the merchant and generate the tokens.
successCallback
function
Callback that will be called when a token has created succesfully.
errorCallback
function
Callback that will be called when an error happens during the token creating.
storeLaterUse
true or false
Whether it's an one-time token or recurring.
threeDSData
{
enable: true,
successUrl: "",
failUrl: "",
}
3DS component.
Inform the server if should be enforced or not. Please note that enforcement is not mandating 3ds, as not all the banks support and it's up to the bank to accept or not.
Instantiate the tokenizer object when the DOM is ready, by passing the following params:
tokenizer = new InyoTokenizer({
targetId: '#_pay', //container the holds the payment fields
sandbox: true, // whether using test or production
publicKey: 'yourpublickey', // key provided by inyo
successCallback: successCallback, //success callback
errorCallback: errorCallback // error callback
});
Add the necessary attributes to the fields “card holder, pan, expiration date and cvv”. Those attributes will instruct the library to perform the necessary bindings.
To finalize, register the callbacks to receive notifications when the token was created, or if an error has prevented it to finalize.
function errorCallback(responseObj) {
console.log(responseObj);
var elements = ['#cc-number', '#cc-expiration', '#cc-cvv'];
elements.forEach(function(selector) {
var element = document.querySelector(selector);
if (element) {
element.classList.remove('is-invalid');
}
});
if (responseObj.code == 'INVALID_PAN')
document.querySelector('#cc-number').classList.add('is-invalid');
else if (responseObj.code == 'INVALID_EXPIRY_DATE')
document.querySelector('#cc-expiration').classList.add('is-invalid');
else if (responseObj.code == 'INVALID_CVV')
document.querySelector('#cc-cvv').classList.add('is-invalid');
}
function successCallback(responseObj) {
console.log(responseObj);
if (responseObj.step == 'WAITING_TRANSACTION')
{
alert('Success tokenizing');
// send data to the backend server
// see sample above
}
else
{
alert('Couldnt process the request');
}
}
With the card tokenized, you should be able to communicate with your backend, to execute internal activities, as well as interact with our payment api to charge the customer card. You should not store one-time tokens, but you are allowed to store the recurring ones, keeping in mind that no card holder data can be collected and stored.