Hi,
I have the following questions regarding OmniTokens:
- Is there an API for deleting a previously received OmniToken?
- Is there an API to update the credit card number associated with an existing OmniToken?
Thanks,
Tausif
Hi,
I have the following questions regarding OmniTokens:
Thanks,
Tausif
Hi,
If anyone can provide some information on this it will be very helpful.
Thanks!
You need to explain the use case (your problem).
A token (omni just means it works for both Ecom and Card Present, or other multiple environments) represents the card number, and provides a unique 1:1 association you do not and should not undo.
That is what they are for, to uniquely identify some entity (a customer, an order, etc) where in the past you may have used the card number. Or to do follow on transactions for an entity (the customer)
Hi Bart, the use cases are what Tom has mentioned below. Thanks!
Hi,
Sorry for the delay in replying, but I thought I had replied to this earlier. It must have been a similar question posed by someone else.
So, to my knowledge there is not an API call to delete a token, but I'm not sure I see a use case for one. Once you receive a token, you can use it or not as needed. If you decide to purge it from your system for some reason, or leave it there and never use it in any transactions, that's up to you. It will remain in our system, ready for use without impacting your operations in any way. Since you only pay for the initial generation of the token (no storage fee), there is no financial impact either.
As for replacing a card associated with a token, once again that is not possible or necessary. when you submit a new card number, your receive a new token. If you know this token should replace another in your system (for example, if you are storing credentials and the customer wants to replace one card with another), simply replace the token associated with that customer. If you have a different scenario in mind, please let me know and I'll try to offer a more specific explanation.
Tom
Thank you, Tom. Yes, those are exactly the use cases I have. My next question is that is there a JavaScript API just to get an OmniToken? I know that when we authorize a payment using eProtect we get an OmniToken as part of the authorization response. Is it possible to get an OmniToken without requiring an authorization call? I want customers to have the option of saving credit cards on their profile without needing to place an order.
There is a transaction type to submit a card number and receive a token. It is a Register Token transaction. If you code directly to our platform, the messages are XML. Please refer to Worldpay cnpAPI Reference Guide API 12.10, V2.12, section 3.3.30. There is no JavaScript API.
This transaction type is also supported in all our SDKs (PHP, Ruby, Java, .NET, and Python).
Tom
Thanks Tom! So if I don't want to pass credit card information through my servers, I should first get a Registration ID using eProtect and then I should use the Register Token API (passing the Registration ID in the request body) to get an OmniToken.
Correct. Using eProtect and ensuring your systems handle only low value (Registration Ids) and high value tokens (OmniTokens) provides protection against breaches (or at least the damage from a breach), as well as potentially reducing your PCI compliance requirements.
Tom
I have a use case for a delete or update feature. Due to an incorrect value being used in creating the token (the customer's city BillingCity was mistakenly submitted also as BillingState rather than the correct state value) that when the token is attempted to be used a 101: INVALID CARD INFO error is returned from the Express system. There appears to be no way to update the tokens or replace them with the corrected information as the CreateToken call returns successfully when passed the corrected information but the error remains as the bad value is permanently associated with that customer's payment card and token. This permanently prevents the token from being used. Unfortunately, this issue was not detected quickly on our end and we have approximately 3,000 tokens that are "broken" across about 50 MIDs and are unable to be corrected. Please advise if there is any way to remove these broken tokens from the system.
Hi,
Sorry for the delay in replying, but I thought I had replied to this earlier. It must have been a similar question posed by someone else.
So, to my knowledge there is not an API call to delete a token, but I'm not sure I see a use case for one. Once you receive a token, you can use it or not as needed. If you decide to purge it from your system for some reason, or leave it there and never use it in any transactions, that's up to you. It will remain in our system, ready for use without impacting your operations in any way. Since you only pay for the initial generation of the token (no storage fee), there is no financial impact either.
As for replacing a card associated with a token, once again that is not possible or necessary. when you submit a new card number, your receive a new token. If you know this token should replace another in your system (for example, if you are storing credentials and the customer wants to replace one card with another), simply replace the token associated with that customer. If you have a different scenario in mind, please let me know and I'll try to offer a more specific explanation.
Tom