Network Tokens
When Network Tokens are enabled for an account, VGS automatically provisions a token for each card stored. This provisioned token is mapped to the Card ID and kept in sync with the card’s network lifecycle. As the card is updated or reissued, network token metadata is refreshed, enabling businesses to maintain valid and up-to-date payment credentials with no extra effort. Provisioning Network Tokens offers merchants a future-proof, secure foundation for handling customer payments. The provisioning is skipped if there is an active network token already exists for the card. This provisioning process is applicable regardless of the network token type - Card on File or Ecommerce Network Token.
Card's network token
Card's network token
The request was invalid.
No credentials were provided, or the provided credentials were expired.
Valid credentials were provided, but they do not permit access to this resource.
Resource not found.
Internal Server Error
Service Unavailable
POST /cards/{card_id}/network-tokens HTTP/1.1
Host: sandbox.vgsapi.com
Authorization: Bearer JWT
Accept: */*
{
"data": {
"type": "network_tokens",
"id": "NTKu5rM55z4PNMLW9Rqrhd466",
"attributes": {
"payment_account_reference": 3.2962322395136416e+28,
"network_token": 5580043943638177,
"last4": 8177,
"bin": 558004,
"exp_month": 4,
"exp_year": 26,
"created_at": "2025-01-10T17:56:12.783411",
"updated_at": "2025-01-10T17:56:12.783429",
"state": "active"
}
}
}The Delete Network Token operation allows you to deactivate a previously provisioned network token on the card. Once deleted -
The Network Token becomes invalid and stops receiving updates.
The card’s network token data is removed from the CMP system.
Network Token-based operations like cryptogram generation (e.g., POST /cards/{CardID}/cryptogram) are no longer allowed. This is typically done when the card is no longer in use, has been removed from the system, or must be de-tokenized for compliance reasons. When deleted, the Network Token is excluded from the card response object and becomes non-functional for payments.
Network token deleted
No credentials were provided, or the provided credentials were expired.
Valid credentials were provided, but they do not permit access to this resource.
Resource not found.
Internal Server Error
Service Unavailable
DELETE /cards/{card_id}/network-tokens HTTP/1.1
Host: sandbox.vgsapi.com
Authorization: Bearer JWT
Accept: */*
No content
Fetch Cryptogram by Card ID
Successful cryptogram fetch response
The request was invalid.
No credentials were provided, or the provided credentials were expired.
Valid credentials were provided, but they do not permit access to this resource.
Resource not found.
The server was unable to process the request because it contains invalid data.
Network Token Not Provisioned or Not Active
Internal Server Error
Service Unavailable
curl -X POST https://sandbox.vgsapi.com/cards/card_123/cryptogram \
-H "Authorization: Bearer <JWT_TOKEN>" \
-H "Content-Type: application/vnd.api+json" \
-d '{
"data": {
"attributes": {}
}
}'
{
"data": {
"id": "NTK6j75fBx46Lzd3G3aVkfGQF",
"type": "network_tokens",
"attributes": {
"bin": "411321",
"created_at": "2025-01-17T12:53:17.94829",
"cryptogram": {
"eci": "07",
"type": "TAVV",
"value": "JWrMYLqNQjmEHQDAZbSx+A=="
},
"exp_month": 9,
"exp_year": 27,
"last4": "2304",
"network_token": "4113216317012304",
"payment_account_reference": "V4243058293132582787411225618",
"state": "active",
"updated_at": "2025-01-17T12:53:17.948293"
}
},
"metadata": {
"observability": {
"client_id": "ACoKRUTV7-config-ci-5I76w",
"fingerprint": "4GqVMr6PvdWHn5qfb66TquParUHsTiFsjJCFaDpVed8KbAmz4bSftQeNQBb",
"account_id": "37199757-3a4f-418f-bcf4-4119d1dbd39e",
"trace_id": "f2046b6548e7dbe5793adee1f4a13c63",
"vault_id": "tntipby064g"
}
}
}