Save card
Learn how to enable save card functionality for later use.
You can provide your mobile app users with the ability to save their card information securely for future use. This allows users to choose a preferred payment method, reducing their need to enter card information repeatedly. This is a nice-to-have, but optional feature for your app.
The following gif is a demonstration of this feature in a mobile app.
Enabling save card
To enable save card functionality in your app, do the following:
- Dojo understands that each app is built differently. The steps listed serve as a good reference to build this feature into your app.
userandcustomermight be used interchangeably in this guide except forcustomerAPI endpoints.

Step 1: Ensure you have a customer ID
- If you don’t have a Dojo user to link to your backend user, create a new one using POST /customers.
- If you already have a
customerId, retrieve it.
- Don't create a new customer for each transaction. This avoids customers from accessing their saved cards.
Step 2: Authorize your app to retrieve customer’s saved cards
For mobile SDK to retrieve information about saved cards for a specific user, you must create and pass a customer secret using POST /customers/{customerId}/create-secret.
- To create a customer
secret, ensure you have acustomerIdfrom step 1 and, your API Key. - You must always create a customer
secretin your backend and then pass it to your app. - Never store sensitive data such as API Keys inside your app.
- Customer
secretis short-lived, hence Dojo recommends creating a new one each time your app might need to access stored payment methods.
The following code samples demonstrate how to create a customer secret.
- Python
- cURL
- PowerShell
- C#
- PHP
# The sandbox API key passed in 'authorization' is public.
# Don't submit any personally identifiable information in any requests made with this key.
# Sign in to developer.dojo.tech to create your own private sandbox key and use that instead
# for secure testing.
import http.client
import json
conn = http.client.HTTPSConnection("api.dojo.tech")
payload = ''
headers = {
'Version': '2024-02-05',
'Content-Type': 'application/json',
'Authorization': 'Basic sk_sandbox_c8oLGaI__msxsXbpBDpdtwJEz_eIhfQoKHmedqgZPCdBx59zpKZLSk8OPLT0cZolbeuYJSBvzDVVsYvtpo5RkQ'
}
conn.request("POST", "/customers/cust_sandbox_6g-HvPv6VkG_Q_PXCpJqmw/create-secret", payload, headers) #"/customers/{customer-secret id you created}/create-secret
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
conn.close()
# The sandbox API key passed in 'authorization' is public.
# Don't submit any personally identifiable information in any requests made with this key.
# Sign in to developer.dojo.tech to create your own private sandbox key and use that instead
# for secure testing.
curl -v --request POST \
--url https://api.dojo.tech/customers/cust_sandbox_6g-HvPv6VkG_Q_PXCpJqmw/create-secret \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic sk_sandbox_c8oLGaI__msxsXbpBDpdtwJEz_eIhfQoKHmedqgZPCdBx59zpKZLSk8OPLT0cZolbeuYJSBvzDVVsYvtpo5RkQ' \
--header 'Version: 2024-02-05'
# This is a public sandbox API key.
# Don’t submit any personally identifiable information in any requests made with this key.
# Sign in to developer.dojo.tech to create your own private sandbox key and use that instead
# for secure testing.
$publicSandboxKey = "sk_sandbox_c8oLGaI__msxsXbpBDpdtwJEz_eIhfQoKHmedqgZPCdBx59zpKZLSk8OPLT0cZolbeuYJSBvzDVVsYvtpo5RkQ"
Invoke-WebRequest `
-Uri 'https://api.dojo.tech/customers/cust_sandbox_6g-HvPv6VkG_Q_PXCpJqmw/create-secret' `
-Method POST `
-Headers @{
"Version" = "2024-02-05"
"Authorization" = "Basic $publicSandboxKey"
} `
-ContentType 'application/json'
// The sandbox API key passed in 'ApiKeyClientAuthorization' is public.
// Don't submit any personally identifiable information in any requests made with this key.
// Sign in to developer.dojo.tech to create your own private sandbox key and use that instead
// for secure testing.
using Dojo.Net;
using System.Text.Json;
var customersClient = new CustomersClient(new HttpClient(), new ApiKeyClientAuthorization("sk_sandbox_c8oLGaI__msxsXbpBDpdtwJEz_eIhfQoKHmedqgZPCdBx59zpKZLSk8OPLT0cZolbeuYJSBvzDVVsYvtpo5RkQ"));
var result = await customersClient.CreateCustomerSecretAsync("<CUSTOMER_ID>");
<?php
// The sandbox API key used in this example is public.
// Don't submit any personally identifiable information in any requests made with this key.
// Sign in to developer.dojo.tech to create your own private sandbox key and use that instead
// for secure testing.
namespace Test;
require_once "vendor/autoload.php";
use Dojo_PHP\ApiFactory;
$apiKey = "sk_sandbox_c8oLGaI__msxsXbpBDpdtwJEz_eIhfQoKHmedqgZPCdBx59zpKZLSk8OPLT0cZolbeuYJSBvzDVVsYvtpo5RkQ";
$apiCustomers = ApiFactory::createCustomersApi($apiKey);
$secret = $apiCustomers->customersCreateCustomerSecret("cust_sandbox_6g-HvPv6VkG_Q_PXCpJqmw", \Dojo_PHP\API_VERSION);
Step 3: Create a payment intent linked to the customerId
When creating a payment intent, pass the customerId to the payment intent request body.
"customer": {
"customerId": "cust_sandbox_9WibJ2zeMU2C9gkRnDgs1g"
}