Tokenization is the process Stripe uses to collect sensitive card or bank account details, or personally identifiable information (PII), directly from your customers in a secure manner. A token representing this information is returned to your server to use. Use our recommended payments integrations to perform this process on the client-side. This guarantees that no sensitive card data touches your server, and allows your integration to operate in a PCI-compliant way.
If you can’t use client-side tokenization, you can also create tokens using the API with either your publishable or secret API key. If your integration uses this method, you’re responsible for any PCI compliance that it might require, and you must keep your secret API key safe. Unlike with client-side tokenization, your customer’s information isn’t sent directly to Stripe, so we can’t determine how it’s handled or stored.
You can’t store or use tokens more than once. To store card or bank account information for later use, create Customer objects or External accounts. Radar, our integrated solution for automatic fraud protection, performs best with integrations that use client-side tokenization.
Attributes
- idstring
Unique identifier for the object.
- cardnullable object
Hash describing the card used to make the charge.
More attributes
- objectstring
- bank_
accountnullable object - client_
ipnullable string - createdtimestamp
- descriptionnullable string
- livemodeboolean
- typestring
- usedboolean
{ "id": "tok_1N3T00LkdIwHu7ixt44h1F8k", "object": "token", "card": { "id": "card_1N3T00LkdIwHu7ixRdxpVI1Q", "object": "card", "address_city": null, "address_country": null, "address_line1": null, "address_line1_check": null, "address_line2": null, "address_state": null, "address_zip": null, "address_zip_check": null, "brand": "Visa", "country": "US", "cvc_check": "unchecked", "dynamic_last4": null, "exp_month": 5, "exp_year": 2026, "fingerprint": "mToisGZ01V71BCos", "funding": "credit", "last4": "4242", "metadata": {}, "name": null, "tokenization_method": null, "wallet": null }, "client_ip": "52.35.78.6", "created": 1683071568, "livemode": false, "type": "card", "used": false}
Creates a single-use token that wraps a user’s legal entity information. Use this when creating or updating a Connect account. Learn more about account tokens.
In live mode, you can only create account tokens with your application’s publishable key. In test mode, you can only create account tokens with your secret key or publishable key.
Parameters
- accountobjectRequired
Information for the account this token represents.
Returns
Returns the created account token if it’s successful. Otherwise, this call raises an error.
{ "id": "ct_1BZ6xr2eZvKYlo2CsSOhuTfi", "object": "token", "client_ip": "104.198.25.169", "created": 1513297331, "livemode": false, "redaction": null, "type": "account", "used": false}
Creates a single-use token that represents a bank account’s details. You can use this token with any v1 API method in place of a bank account dictionary. You can only use this token once. To do so, attach it to a connected account where controller.requirement_collection is application
, which includes Custom accounts.
Parameters
- bank_
accountobject The bank account this token will represent.
More parameters
- customerstringConnect only
Returns
Returns the created bank account token if it’s successful. Otherwise, this call raises an error.
{ "id": "tok_1N3T00LkdIwHu7ixt44h1F8k", "object": "token", "bank_account": { "id": "ba_1NWScr2eZvKYlo2C8MgV5Cwn", "object": "bank_account", "account_holder_name": "Jenny Rosen", "account_holder_type": "individual", "account_type": null, "bank_name": "STRIPE TEST BANK", "country": "US", "currency": "usd", "fingerprint": "1JWtPxqbdX5Gamtz", "last4": "6789", "routing_number": "110000000", "status": "new" }, "client_ip": null, "created": 1689981645, "livemode": false, "redaction": null, "type": "bank_account", "used": false}
Creates a single-use token that represents a credit card’s details. You can use this token in place of a credit card dictionary with any v1 API method. You can only use these tokens once by creating a new Charge object or by attaching them to a Customer object.
To use this functionality, you need to enable access to the raw card data APIs. In most cases, you can use our recommended payments integrations instead of using the API.
Parameters
- cardobject | string
The card this token will represent. If you also pass in a customer, the card must be the ID of a card belonging to the customer. Otherwise, if you do not pass in a customer, this is a dictionary containing a user’s credit card details, with the options described below.
Returns
Returns the created card token if it’s successful. Otherwise, this call raises an error.
{ "id": "tok_1N3T00LkdIwHu7ixt44h1F8k", "object": "token", "card": { "id": "card_1N3T00LkdIwHu7ixRdxpVI1Q", "object": "card", "address_city": null, "address_country": null, "address_line1": null, "address_line1_check": null, "address_line2": null, "address_state": null, "address_zip": null, "address_zip_check": null, "brand": "Visa", "country": "US", "cvc_check": "unchecked", "dynamic_last4": null, "exp_month": 5, "exp_year": 2026, "fingerprint": "mToisGZ01V71BCos", "funding": "credit", "last4": "4242", "metadata": {}, "name": null, "tokenization_method": null, "wallet": null }, "client_ip": "52.35.78.6", "created": 1683071568, "livemode": false, "type": "card", "used": false}