# Tokens

Minimize the exposure of sensitive card details and increase the security of your customer's card details. 

__Authentication header__

  ```
    Authorization: {your_credentials}
  ```
  Replace `{your_credentials}` with your base64-encoded Basic Auth username and password given to you by your Worldpay Implementation Manager.
  <br /> <br />
  You **must** use the `Authorization` header for any request you send to our Tokens API.
  <br /><br />
  __Accept & Content-Type headers__
  ```
    Accept: application/vnd.worldpay.tokens-v2.hal+json
    Content-Type: application/vnd.worldpay.tokens-v2.hal+json
  ```

We use the Accept header to identify which version of our API you are using. You must use the Accept header for any request you send to our Tokens API. 
<br><br>
For detokenization requests, adapt the Accept header to also pass masked = false, as follows: `Accept:` `'application/vnd.worldpay.tokens-v2.hal+json; masked=false'`<br>
{% admonition type="warning" name="Important" %}Detokenizing exposes your business to high levels of PCI auditing, required to remain PCI compliant.{% /admonition %}    
We require the Content-Type header if the request you're sending includes a request body, and if the HTTP method is a POST or a PUT.
<br /><br />
__DNS whitelisting__

Whitelist the following URLs:
* `https://try.access.worldpay.com/`
* `https://access.worldpay.com/`

Please ensure you use DNS whitelisting, not explicit IP whitelisting. When you make a request within Access Worldpay, you should always cache the response returned.

Version: 2

## Servers

Test (Try)
```
https://try.access.worldpay.com
```

Live
```
https://access.worldpay.com
```

## Security

### BasicAuth

Type: http
Scheme: basic

## Download OpenAPI description

[Tokens](https://worldpay-portal.eu.redocly.app/access/_bundle/products/tokens/@v2/openapi.yaml)

## Token

A token representing a payment instrument.

### Create a new token

 - [POST /tokens](https://worldpay-portal.eu.redocly.app/access/products/tokens/v2/openapi/token/createsecuritytoken.md): Creating a new token for the payment instrument.

### Retrieve the detail for this token

 - [GET /tokens/{tokenId}](https://worldpay-portal.eu.redocly.app/access/products/tokens/v2/openapi/token/getsecuritytoken.md): A token representing a payment instrument.

### Update this token

 - [PUT /tokens/{tokenId}](https://worldpay-portal.eu.redocly.app/access/products/tokens/v2/openapi/token/updatesecuritytoken.md): Updating different fields represented by the token

### Delete this token

 - [DELETE /tokens/{tokenId}](https://worldpay-portal.eu.redocly.app/access/products/tokens/v2/openapi/token/deletesecuritytoken.md): Deleting a token based on an encrypted tokenId