I have the following questions regarding OmniTokens:
Sorry for the delay in replying, but I thought I had replied to this earlier. It must have been a similar question posed by someone else.
So, to my knowledge there is not an API call to delete a token, but I'm not sure I see a use case for one. Once you receive a token, you can use it or not as needed. If you decide to purge it from your system for some reason, or leave it there and never use it in any transactions, that's up to you. It will remain in our system, ready for use without impacting your operations in any way. Since you only pay for the initial generation of the token (no storage fee), there is no financial impact either.
As for replacing a card associated with a token, once again that is not possible or necessary. when you submit a new card number, your receive a new token. If you know this token should replace another in your system (for example, if you are storing credentials and the customer wants to replace one card with another), simply replace the token associated with that customer. If you have a different scenario in mind, please let me know and I'll try to offer a more specific explanation.
If anyone can provide some information on this it will be very helpful.
You need to explain the use case (your problem).
A token (omni just means it works for both Ecom and Card Present, or other multiple environments) represents the card number, and provides a unique 1:1 association you do not and should not undo.
That is what they are for, to uniquely identify some entity (a customer, an order, etc) where in the past you may have used the card number. Or to do follow on transactions for an entity (the customer)
Hi Bart, the use cases are what Tom has mentioned below. Thanks!
This transaction type is also supported in all our SDKs (PHP, Ruby, Java, .NET, and Python).
Thanks Tom! So if I don't want to pass credit card information through my servers, I should first get a Registration ID using eProtect and then I should use the Register Token API (passing the Registration ID in the request body) to get an OmniToken.
Correct. Using eProtect and ensuring your systems handle only low value (Registration Ids) and high value tokens (OmniTokens) provides protection against breaches (or at least the damage from a breach), as well as potentially reducing your PCI compliance requirements.
Retrieving data ...