A token representing a payment instrument.
Tokens (1)
Minimize the exposure of sensitive card details and increase the security of your customer's card details.
Authentication header
Authorization: {your_credentials}Replace {your_credentials} with your base64-encoded Basic Auth username and password given to you by your Worldpay Implementation Manager.
You must use the Authorization header for any request you send to our Tokens API.
Accept & Content-Type headers
Accept: application/vnd.worldpay.tokens-v1.hal+json
Content-Type: application/vnd.worldpay.tokens-v1.hal+jsonWe use the Accept header to identify which version of our API you are using. You must use the Accept header for any request you send to our Tokens API.
For detokenization requests, adapt the Accept header to also pass masked = false, as follows: Accept: 'application/vnd.worldpay.tokens-v1.hal+json; masked=false'
Important
Detokenizing exposes your business to high levels of PCI auditing, required to remain PCI compliant.
We require the Content-Type header if the request you're sending includes a request body, and if the HTTP method is a POST or a PUT.
DNS whitelisting
Whitelist the following URLs:
https://try.access.worldpay.com/https://access.worldpay.com/
Please ensure you use DNS whitelisting, not explicit IP whitelisting. When you make a request within Access Worldpay, you should always cache the response returned.
Download OpenAPI description
Languages
Servers
Test (Try)
https://try.access.worldpay.com
Live
https://access.worldpay.com