Server to Server tokenization with Hyperswitch Vault Service for PCI compliant merchants
Secure, Direct Card Tokenization from Your Server
Tokenize payment cards directly from your servers to Hyperswitch's Vault Service, bypassing client-side tokenization. This server-to-server approach provides enhanced security and flexibility, ideal for PCI-compliant businesses managing payment methods programmatically.
Key Features
Full Token Management – Create, retrieve, update, and delete payment tokens directly from your server.
PSP and Network Tokenization – Generate both PSP tokens and network tokens through a single API.
Secure Storage – Store tokens safely in Hyperswitch’s Vault.
Reduced Frontend Complexity – Shift tokenization processes to the backend, minimizing frontend dependencies.
Prerequisites
To implement server-to-server tokenization, you need:
PCI DSS compliance to handle card data securely: Make sure you have necessary PCI compliance to handle raw card data directly
Secure API authentication to protect transactions: Generate your Hyperswitch API key from Developers --> API Keys section on your Hyperswitch dashboard
Robust error handling for tokenization failures: Implement necessary handling for failure cases
How It Works
Collect Card Details – Your server collects card details (requires PCI compliance).
Send a Tokenization Request – Make a POST request to /payment_methods with the card details.
Token Creation & Validation – Hyperswitch validates the request and generates a secure token in the vault.
PSP & Network Tokenization (Optional) – If configured through your Hyperswitch dashboard, we also generate PSP and/or network tokens when you pass relevant parameters as mentioned below
Receive Payment Method ID – You get a pm_id, which can be used for future payments.
API Requests for Server to Server Tokenization
1. Create a Customer
Endpoint: POST /customers
Purpose: Create a customer to enable storing their payment methods