Tokenize a payment method
Use Spreedly to securely store payment method information for use in future transactions.
Rye uses Spreedly as its credit card vault, and when you register a Rye developer account we automatically create a Spreedly account for you as well. This guide steps you through the process of acquiring your Spreedly account credentials and then using them to tokenize a credit cart for future use.
Tutorial
Get payment gateway headers
Navigate to the Rye Console and navigate to the “Account” section. Make a note of the payment gateway headers.
Gather card details
For testing and development purposes, you can use a variety of test cards to simulate different scenarios. Select one that is most appropriate for what you are trying to do.
For production use cases, you should only be following this guide in cases where you are trying to implement backend ordering. In this case, you would use a card that belongs to your business.
Under no circumstances should you handle a customer’s card details directly, as this would require you to be PCI DSS compliant.
Create a payment method token
With the payment gateway headers and a card in hand, you can now create a payment method token. This token can be used in future transactions to charge the card. Documentation for this Spreedly endpoint can be found here.
The Spreedly API uses the same URL for both staging and production. Whether you are in staging or production is determined by the credentials you use in the Authorization
header.
The following cURL command demonstrates how to make this request:
Good to know: Spreedly tokens expire after 5-10 minutes by default as a security measure. You can opt out of this behavior when creating your production token by following the instructions in the next section.
Retrieve the payment method token
Spreedly will return a JSON object in response which contains the payment method token. Note that the payment method token is wrapped inside a transaction
object, and the transaction
object contains a token of its own. The transaction
token is different from the payment_method
token. Be careful to use the correct value.
You're done!
The payment method token can now be used to pay for orders via the submitCart
mutation.
Retaining a payment method
Spreedly payment method tokens will expire 5-10 minutes after they are created. This is a security feature to prevent unauthorized use of the token, and we recommend this behavior while you are testing.
For production use cases it is not recommended to retokenize for every order. Retokenizing for every order would require you to store credit card details in plain text, and Spreedly’s rate limits will only allow you to tokenize a specific card 1,000 times per day. To avoid these issues, you can create a permanent payment token for use with Rye by passing "retained": true
inside the credit_card
object when making your Spreedly call:
Be careful to store the returned payment method token in a secure location, as someone with access to your token will be able to make charges to it via Spreedly. If you are worried that your token might have leaked you can redact it by calling their redact endpoint.
Was this page helpful?