Card on file


Allow customers to securely save their details on your website with the Save Card option, reducing their payment time at checkout for future purchases.

The current implementation of tokenisation supports cardholder-driven payment from the PayPage. Below is a high-level sequence diagram of the flow.


When a merchant is enabled, after the first successful transaction using the PAN/Expiry/CSC the merchant will receive a ‘savedCard’ block in the API response:

"saveCard": {
      "expiry": "2025-04",
      "cardholdername":"Mr Tokenisation",
      "cardToken": "dG9rZWSpemVkUGFuLy92MS8vU0hPV19GSVJTVU1RfNC8vNDAxMjAwcHhncXM0MTExMg==",

The merchant should store these details alongside the stored credentials in their systems to identify a returning customer, i.e. username/ password.

These details will need to be sent as part of the next order the payer is going to

    "action" : "AUTH",
    "amount" : {
        "currencyCode" : "AED",
        "value" : "100"
    "emailAddress" : "[email protected]",
    "language" : "en",
    "billingAddress" : {
        "firstName" : "TT",
        "lastName" : "Token",
        "address1" : "221A Baker Street",
        "city" : "London",
        "countryCode" : "GB"
    "savedCard" : {
        "maskedPan" : "401200******1112",
        "expiry" : "2025-04",
        "cardholderName" : "Mr Tokenization",
        "scheme" : "VISA",
        "cardToken" : "dG9rZW5pemVkUGFuLy92MS8vU0hPV19GSVJTVF82X0xBU1RfNC8vNDAxMjAwcHhncXM0MTExMg=="
    "description" : "Generic Item",
    "orderSummary" : {
        "shipping" : {
            "currencyCode" : "AED",
            "value" : 1

If all data elements in the savedCard block are sent correctly at the order-creation stage, the payer will be presented the option to pay with the previously saved card when the merchant re-directs the payer to the payment page.


The payer only needs to input the security code and click Pay to complete the order.

What’s Next

Contact us to enable Tokenisation