Tokens

Tokenization is the process Stripe uses to collect sensitive card or bank account details, or personally identifiable information (PII), directly from your customers in a secure manner. A token representing this information is returned to your server to use. Use our recommended payments integrations to perform this process on the client-side. This guarantees that no sensitive card data touches your server, and allows your integration to operate in a PCI-compliant way.

If you can’t use client-side tokenization, you can also create tokens using the API with either your publishable or secret API key. If your integration uses this method, you’re responsible for any PCI compliance that it might require, and you must keep your secret API key safe. Unlike with client-side tokenization, your customer’s information isn’t sent directly to Stripe, so we can’t determine how it’s handled or stored.

You can’t store or use tokens more than once. To store card or bank account information for later use, create Customer objects or External accounts. Radar, our integrated solution for automatic fraud protection, performs best with integrations that use client-side tokenization.

The Token object

Attributes

  • idstring

    Unique identifier for the object.

  • cardnullable map

    Hash describing the card used to make the charge.

More attributes

  • objectstring

  • bank_accountnullable map

  • client_ipnullable string

  • createdtimestamp

  • descriptionnullable string

  • livemodeboolean

  • typestring

  • usedboolean

The Token object
{
"id": "tok_1N3T00LkdIwHu7ixt44h1F8k",
"object": "token",
"card": {
"id": "card_1N3T00LkdIwHu7ixRdxpVI1Q",
"object": "card",
"address_city": null,
"address_country": null,
"address_line1": null,
"address_line1_check": null,
"address_line2": null,
"address_state": null,
"address_zip": null,
"address_zip_check": null,
"brand": "Visa",
"country": "US",
"cvc_check": "unchecked",
"dynamic_last4": null,
"exp_month": 5,
"exp_year": 2024,
"fingerprint": "mToisGZ01V71BCos",
"funding": "credit",
"last4": "4242",
"metadata": {},
"name": null,
"tokenization_method": null,
"wallet": null
},
"client_ip": "52.35.78.6",
"created": 1683071568,
"livemode": false,
"type": "card",
"used": false
}

Create an account token

Creates a single-use token that wraps a user’s legal entity information. Use this when creating or updating a Connect account. Learn more about account tokens.

In live mode, you can only create account tokens with your application’s publishable key. In test mode, you can only create account tokens with your secret key or publishable key.

Parameters

  • accountmapRequired

    Information for the account this token represents.

Returns

Returns the created account token if it’s successful. Otherwise, this call returns an error.

POST /v1/tokens
stripe.Key = "sk_test_4eC39Hq...arjtT1zdp7dcsk_test_4eC39HqLyjWDarjtT1zdp7dc"
params := &stripe.TokenParams{
Account: &stripe.TokenAccountParams{
Individual: &stripe.PersonParams{
FirstName: stripe.String("Jane"),
LastName: stripe.String("Doe"),
},
TOSShownAndAccepted: stripe.Bool(true),
},
};
result, err := token.New(params);
Response
{
"id": "ct_1BZ6xr2eZvKYlo2CsSOhuTfi",
"object": "token",
"client_ip": "104.198.25.169",
"created": 1513297331,
"livemode": false,
"redaction": null,
"type": "account",
"used": false
}

Create a bank account token

Creates a single-use token that represents a bank account’s details. You can use this token with any API method in place of a bank account map. You can only use this token once. To do so, attach it to a connected account where controller.requirement_collection is application, which includes Custom accounts.

Parameters

  • bank_accountmap

    The bank account this token will represent.

More parameters

  • customerstringConnect only

Returns

Returns the created bank account token if it’s successful. Otherwise, this call returns an error.

POST /v1/tokens
stripe.Key = "sk_test_4eC39Hq...arjtT1zdp7dcsk_test_4eC39HqLyjWDarjtT1zdp7dc"
params := &stripe.TokenParams{
BankAccount: &stripe.BankAccountParams{
Country: stripe.String("US"),
Currency: stripe.String(string(stripe.CurrencyUSD)),
AccountHolderName: stripe.String("Jenny Rosen"),
AccountHolderType: stripe.String("individual"),
RoutingNumber: stripe.String("110000000"),
AccountNumber: stripe.String("000123456789"),
},
};
result, err := token.New(params);
Response
{
"id": "tok_1N3T00LkdIwHu7ixt44h1F8k",
"object": "token",
"bank_account": {
"id": "ba_1NWScr2eZvKYlo2C8MgV5Cwn",
"object": "bank_account",
"account_holder_name": "Jenny Rosen",
"account_holder_type": "individual",
"account_type": null,
"bank_name": "STRIPE TEST BANK",
"country": "US",
"currency": "usd",
"fingerprint": "1JWtPxqbdX5Gamtz",
"last4": "6789",
"routing_number": "110000000",
"status": "new"
},
"client_ip": null,
"created": 1689981645,
"livemode": false,
"redaction": null,
"type": "bank_account",
"used": false
}

Create a card token

Creates a single-use token that represents a credit card’s details. You can use this token in place of a credit card map with any API method. You can only use these tokens once by creating a new Charge object or by attaching them to a Customer object.

In most cases, you can use our recommended payments integrations instead of using the API.

Parameters

  • cardobject | string

    The card this token will represent. If you also pass in a customer, the card must be the ID of a card belonging to the customer. Otherwise, if you do not pass in a customer, this is a map containing a user’s credit card details, with the options described below.

Returns

Returns the created card token if it’s successful. Otherwise, this call raises an error.

POST /v1/tokens
stripe.Key = "sk_test_4eC39Hq...arjtT1zdp7dcsk_test_4eC39HqLyjWDarjtT1zdp7dc"
params := &stripe.TokenParams{
Card: &stripe.CardParams{
Number: stripe.String("4242424242424242"),
ExpMonth: stripe.String("5"),
ExpYear: stripe.String("2024"),
CVC: stripe.String("314"),
},
};
result, err := token.New(params);
Response
{
"id": "tok_1N3T00LkdIwHu7ixt44h1F8k",
"object": "token",
"card": {
"id": "card_1N3T00LkdIwHu7ixRdxpVI1Q",
"object": "card",
"address_city": null,
"address_country": null,
"address_line1": null,
"address_line1_check": null,
"address_line2": null,
"address_state": null,
"address_zip": null,
"address_zip_check": null,
"brand": "Visa",
"country": "US",
"cvc_check": "unchecked",
"dynamic_last4": null,
"exp_month": 5,
"exp_year": 2024,
"fingerprint": "mToisGZ01V71BCos",
"funding": "credit",
"last4": "4242",
"metadata": {},
"name": null,
"tokenization_method": null,
"wallet": null
},
"client_ip": "52.35.78.6",
"created": 1683071568,
"livemode": false,
"type": "card",
"used": false
}