Beam logo

Card Tokenization

Why use Card Tokenization?

A fundamental understanding of PCI DSS compliance is required before the acceptance of card payment.

PCI DSS stands for Payment Card Industry Data Security Standard. It provides a baseline of technical and operational requirements designed to protect payment account data. By adhering to PCI DSS compliance, businesses can safeguard sensitive data from potential data breaches, thereby preventing severe harm to the business and its customers.

CAUTION

Unless you are PCI-DSS certified, we DO NOT recommend handling raw card information on your servers in any case. This includes processing, logging or storing them. Instead, you can utilize our card tokenization API.

You can learn more about PCI DSS from the official website.

What is Card Tokenization?

Card Tokenization provides a way for you to send card details securely and directly from your client-side to Beam's server in exchange for a card token. This card token does not contain any sensitive information found on the card which means that you can process or store them in your server without the risk of violating the PCI-DSS compliance.

Here is an example of how to integrate card tokenization in credit card payment process:

card-tokenization

Please refer to API Reference for more details of each API endpoint in this flow.

Card Tokenization API

To create a charge using card tokenization, you first need to create a card token. A card token is a unique identifier for a card that can be used to create a charge without exposing the card details. This is done to ensure that your application remains PCI-DSS compliant while still allowing you to process card payments.

For Beam's card tokenization API, you will need to use your publishable key and merchant ID to authenticate the request.

What is a Publishable Key?

A publishable key is a public key that is used to authenticate your requests to Beam's API. It is safe to share this key and expose it in your client-side code, as it does not contain any sensitive information.

You can find your publishable key in the Beam Lighthouse under the Developers section.

NOTE

Do note that the publishable key is different from the secret key. The secret key should never be exposed in your client-side code or shared publicly. It is used to authenticate your requests to Beam's API and should be kept confidential.

Creating a Card Token

You can create a card token by sending a POST request to the /client/v1/card-tokens endpoint with your publishable key and the card details in the request body. The response will contain an id of the card token that you can use to create a charge.

Here is an example of a request to create a card token:


POST https://api.beamcheckout.com/client/v1/card-tokens
Content-Type: application/json
Authorization: Basic {{yourMerchantId}} {{yourPublishableKey}}

{
      "cardHolderName": "CARDHOLDER NAME",
      "expiryMonth": 12,
      "expiryYear": 30,
      "pan": "4111111111111111",
}