Network Tokens

Provision

post
/cards/{card_id}/network-tokens

When Network Tokens are enabled for an account, VGS automatically provisions a token for each card stored. This provisioned token is mapped to the Card ID and kept in sync with the card’s network lifecycle. As the card is updated or reissued, network token metadata is refreshed, enabling businesses to maintain valid and up-to-date payment credentials with no extra effort. Provisioning Network Tokens offers merchants a future-proof, secure foundation for handling customer payments. The provisioning is skipped if there is an active network token already exists for the card. This provisioning process is applicable regardless of the network token type - Card on File or Ecommerce Network Token.

Authorizations
Path parameters
card_idstringRequired
Responses
200

Card's network token

application/vnd.api+json
post
/cards/{card_id}/network-tokens
POST /cards/{card_id}/network-tokens HTTP/1.1
Host: sandbox.vgsapi.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
  "data": {
    "type": "network_tokens",
    "id": "NTKu5rM55z4PNMLW9Rqrhd466",
    "attributes": {
      "payment_account_reference": "V0010013025209632906568838169",
      "network_token": 5580043943638177,
      "last4": 8177,
      "bin": 558004,
      "exp_month": 4,
      "exp_year": 26,
      "created_at": "2025-01-10T17:56:12.783411",
      "updated_at": "2025-01-10T17:56:12.783429",
      "state": "active"
    }
  }
}

Delete

delete
/cards/{card_id}/network-tokens

The Delete Network Token operation allows you to deactivate a previously provisioned network token on the card. Once deleted -

  • The Network Token becomes invalid and stops receiving updates.

  • The card’s network token data is removed from the CMP system.

  • Network Token-based operations like cryptogram generation (e.g., POST /cards/{CardID}/cryptogram) are no longer allowed. This is typically done when the card is no longer in use, has been removed from the system, or must be de-tokenized for compliance reasons. When deleted, the Network Token is excluded from the card response object and becomes non-functional for payments.

Authorizations
Path parameters
card_idstringRequired
Responses
204

Network token deleted

No content

delete
/cards/{card_id}/network-tokens
DELETE /cards/{card_id}/network-tokens HTTP/1.1
Host: sandbox.vgsapi.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

No content

Request cryptogram

post
/cards/{card_id}/cryptogram

Fetch Cryptogram by Card ID

Authorizations
Path parameters
card_idstringRequired
Body
Responses
200

Successful cryptogram fetch response

application/vnd.api+json
post
/cards/{card_id}/cryptogram
curl -X POST https://sandbox.vgsapi.com/cards/card_123/cryptogram \
  -H "Authorization: Bearer <JWT_TOKEN>" \
  -H "Content-Type: application/vnd.api+json" \
  -d '{
    "data": {
      "attributes": {}
    }
  }'
{
  "data": {
    "id": "NTK6j75fBx46Lzd3G3aVkfGQF",
    "type": "network_tokens",
    "attributes": {
      "bin": "411321",
      "created_at": "2025-01-17T12:53:17.94829",
      "cryptogram": {
        "eci": "07",
        "type": "TAVV",
        "value": "JWrMYLqNQjmEHQDAZbSx+A=="
      },
      "exp_month": 9,
      "exp_year": 27,
      "last4": "2304",
      "network_token": "4113216317012304",
      "payment_account_reference": "V4243058293132582787411225618",
      "state": "active",
      "updated_at": "2025-01-17T12:53:17.948293"
    }
  },
  "metadata": {
    "observability": {
      "client_id": "ACoKRUTV7-config-ci-5I76w",
      "fingerprint": "4GqVMr6PvdWHn5qfb66TquParUHsTiFsjJCFaDpVed8KbAmz4bSftQeNQBb",
      "account_id": "37199757-3a4f-418f-bcf4-4119d1dbd39e",
      "trace_id": "f2046b6548e7dbe5793adee1f4a13c63",
      "vault_id": "tntipby064g"
    }
  }
}

Last updated