Tokenization
Before proceeding with development against this API specification, please note that you will need to be able to provide evidence of attestation of PCI DSS SAQ-D, indicating that you are compliant with industry requirements with regard to safely handling cardholder data.
A certificate of compliance must be provided to Dojo annually for continued usage of our tokenization services.
The Tokenization API allows for customer card details captured by your server (such as through an i-frame) to be passed to Dojo for authorization. These card details can then be charged immediately or stored against a token for a later time.
Setup Intents
Using a Setup Intent is an easy way to collect card details for a future payment. You can configure the object with or without an intended amount based on the business’ terms and conditions.
The Setup IntentAPI, within the context of Tokenization is ideal for scheduling a payment for the future using card details entered client-side and captured by your server. These details are tokenized during the authorization process and a token ID will be returned (subsequently referred to as setupIntentId). A setup intent does not charge the customer's card right away: to then charge the card, you need to create a payment intent referencing the aforementioned token ID.
For the full API specification, see the Setup Intent API guide.
Business use cases
The following are some common business use cases for the Tokenization API.
- Online Hotel Reservation systems in which customer card details are required to be collected in advance when making a booking. The hotel is then able to charge the customer during check-out without re-presenting of the card.
- Online table booking in a restaurant that collects customer card details in advance when booking a table for a party of 10 or more. The restaurant is then able to charge the card once the booking is completed.