Skip to main content

Tokenization Guide

Tokenization allows you to securely save a customer's card details for future payments. This improves the checkout experience for returning customers by eliminating the need to re-enter card information.

How it Works

When you request to save a card, Little Pay interacts with the payment gateway to create a secure token (Customer ID). This token represents the cardholder's information and can be used for subsequent transactions.

1. Creating a Token (Saving a Card)

To save a card during a payment, you must set the createCustomer flag in the metadata of your payment intent.

Request Example (Create Intent)

const https = require("https");

const data = JSON.stringify({
  amount: 100,
  currency: "KES",
  description: "Saving card for future use",
  callbackUrl: "https://your-domain.com/callback",
  key: "SAVE_CARD_123",
  payload: {
    billingAddress: {
      firstName: "John",
      lastName: "Doe",
      email: "john@example.com",
    },
  },
  metadata: {
    createCustomer: true, // This triggers tokenization
  },
});

const options = {
  hostname: "pay.little.africa",
  path: "/api/payments/{tokenId}/pay",
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization:
      "Basic " + Buffer.from("CLIENT_ID:CLIENT_SECRET").toString("base64"),
    "Content-Length": data.length,
  },
};

const req = https.request(options, (res) => {
  let body = "";
  res.on("data", (chunk) => (body += chunk));
  res.on("end", () => console.log(JSON.parse(body)));
});

req.write(data);
req.end();

When the payment is successfully processed, the response from the payment gateway will include a token identifier. Little Pay automatically creates a Customer record in its database linked to this token.

2. Retrieving the Token

After a successful payment where createCustomer was set to true, the payment callback or the status check response will contain the tokenInformation.

{
  "status": "COMPLETED",
  "data": {
    "tokenInformation": {
      "customer": {
        "id": "1FCA46377B709D13E0631E588D0AC763" // This is the Saved Customer ID
      }
    }
  }
}

You should store this customer.id in your system, associated with your user's profile.

3. Paying with a Saved Card (Using a Token)

To process a payment using a saved card, you only need the customer.id (the token). You do not need to provide the full card details.

Request Example (Process Payment)

When calling the /process endpoint for an intent, pass the customer.id in the payment object:

const https = require("https");

const data = JSON.stringify({
  type: "CARDS",
  payment: {
    customer: {
      id: "1FCA46377B709D13E0631E588D0AC763", // Saved Customer ID
    },
  },
});

const options = {
  hostname: "pay.little.africa",
  path: "/pay/{reference}/process",
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "Content-Length": data.length,
  },
};

const req = https.request(options, (res) => {
  let body = "";
  res.on("data", (chunk) => (body += chunk));
  res.on("end", () => console.log(JSON.parse(body)));
});

req.write(data);
req.end();

Security & Compliance

  • PCI Compliance: Little Pay handles the secure communication with the payment gateway. Your system never needs to store raw card data (PAN, CVV).
  • Merchant Specific: Tokens are linked to a specific merchant account. Tokens created for one merchant account cannot be used with another merchant account.
  • Sandbox vs Production: Tokens created in the sandbox environment are not valid in production and vice-versa.

Relevant Endpoints

  • Create Intent: POST /payments/{tokenId}/pay (Set metadata.createCustomer: true)
  • Process Payment: POST /pay/{reference}/process (Provide payment.customer.id)