Hi,
I have the following questions regarding OmniTokens:
- Is there an API for deleting a previously received OmniToken?
- Is there an API to update the credit card number associated with an existing OmniToken?
Thanks,
Tausif
Hi,
I have the following questions regarding OmniTokens:
Thanks,
Tausif
Hi,
If anyone can provide some information on this it will be very helpful.
Thanks!
You need to explain the use case (your problem).
A token (omni just means it works for both Ecom and Card Present, or other multiple environments) represents the card number, and provides a unique 1:1 association you do not and should not undo.
That is what they are for, to uniquely identify some entity (a customer, an order, etc) where in the past you may have used the card number. Or to do follow on transactions for an entity (the customer)
Hi Bart, the use cases are what Tom has mentioned below. Thanks!
Hi,
Sorry for the delay in replying, but I thought I had replied to this earlier. It must have been a similar question posed by someone else.
So, to my knowledge there is not an API call to delete a token, but I'm not sure I see a use case for one. Once you receive a token, you can use it or not as needed. If you decide to purge it from your system for some reason, or leave it there and never use it in any transactions, that's up to you. It will remain in our system, ready for use without impacting your operations in any way. Since you only pay for the initial generation of the token (no storage fee), there is no financial impact either.
As for replacing a card associated with a token, once again that is not possible or necessary. when you submit a new card number, your receive a new token. If you know this token should replace another in your system (for example, if you are storing credentials and the customer wants to replace one card with another), simply replace the token associated with that customer. If you have a different scenario in mind, please let me know and I'll try to offer a more specific explanation.
Tom
Thank you, Tom. Yes, those are exactly the use cases I have. My next question is that is there a JavaScript API just to get an OmniToken? I know that when we authorize a payment using eProtect we get an OmniToken as part of the authorization response. Is it possible to get an OmniToken without requiring an authorization call? I want customers to have the option of saving credit cards on their profile without needing to place an order.
There is a transaction type to submit a card number and receive a token. It is a Register Token transaction. If you code directly to our platform, the messages are XML. Please refer to Worldpay cnpAPI Reference Guide API 12.9 V2.9, section 3.3.30. There is no JavaScript API.
This transaction type is also supported in all our SDKs (PHP, Ruby, Java, .NET, and Python).
Tom
Thanks Tom! So if I don't want to pass credit card information through my servers, I should first get a Registration ID using eProtect and then I should use the Register Token API (passing the Registration ID in the request body) to get an OmniToken.
Correct. Using eProtect and ensuring your systems handle only low value (Registration Ids) and high value tokens (OmniTokens) provides protection against breaches (or at least the damage from a breach), as well as potentially reducing your PCI compliance requirements.
Tom
Hi,
Sorry for the delay in replying, but I thought I had replied to this earlier. It must have been a similar question posed by someone else.
So, to my knowledge there is not an API call to delete a token, but I'm not sure I see a use case for one. Once you receive a token, you can use it or not as needed. If you decide to purge it from your system for some reason, or leave it there and never use it in any transactions, that's up to you. It will remain in our system, ready for use without impacting your operations in any way. Since you only pay for the initial generation of the token (no storage fee), there is no financial impact either.
As for replacing a card associated with a token, once again that is not possible or necessary. when you submit a new card number, your receive a new token. If you know this token should replace another in your system (for example, if you are storing credentials and the customer wants to replace one card with another), simply replace the token associated with that customer. If you have a different scenario in mind, please let me know and I'll try to offer a more specific explanation.
Tom