Intro
Malga has created this tokenization service to allow sensitive card data to be safely processed.
Through the tokenization’s API you can ensure that sensitive card data (holder name, pan, cvv) does not pass through your backend and can be sent to Malga's servers directly from your client application. A token represents sensitive card data securely stored on Malga, following PCI’s best practices, and the data is sent directly from your frontend to Malga's servers.
It is highly recommended that you perform the tokenization process directly client-side, collecting sensitive card data in your interface and sending it directly to the token API, from a token client created for this purpose, sending to your backend the identifier of the generated token that does not store sensitive data and can be transmitted normally by your servers.
caution
Tokens are invalidated after the first use, and you cannot store the token generated for future use in recurring purchases. If you want to save the data of a card for future use, you must create a token and then request the creation of a card from the token created, so the card will be stored permanently in our vault, our secure card storage server, and you will only need to send the generated card id for future transactions.
You can create cards from tokens you generate, and you can assign multiple cards to the same buyer to enable future charges.
caution
The token expiration time is 2 hours.
Creating CardId
Once a card is created, a unique cardId is generated, which can be stored in your system, since it does not contain sensitive card data, just a card identifier saved securely in the Malga’s vault.
From a generated cardId it is possible to make recurring charges, simply by sending this identifier when creating the charge.
note
The card's security code (CVV), which was sent during tokenization, is validated through a zero-value transaction with the card issuer, so Malga can validate that the tokenized card data is valid without the need to make an actual charge. After a successful validation of the card's data, the card’s status is: active and available for future purchases. Otherwise, the card will present status: failed and invalidated, and a new token and a new card must be generated.
Card Status
The possible statuses for a card on Malga are:
| Status | Description |
|---|---|
| active | If the card data is validated, the status is returned as active and cvvchecked true |
| failed | If the card data is not validated, the status is returned as failed and cvvchecked false |
| pending | If the card data validation service is unavailable, the status is returned as pending and cvvchecked: false; While the status is pending the card can be used to create transactions, ensuring greater transactional resilience. |
tip
It is possible to send the card's CVV as an option in the billing request, being useful in scenarios where the card is in pending or active status, and this CVV is passed on to the provider, thus increasing the chances of approval in cases where you can request the security code when billing.
Credit Card’s brands Accepted
Credit Card’s brands accepted for transactions on Malga's platform are:
| Brand | Credit | Debit | Voucher |
|---|---|---|---|
| Visa | YES | NO | YES |
| Master | YES | NO | NO |
| Amex | YES | NO | NO |
| Elo | YES | NO | YES |
| Diners | YES | NO | NO |
| Discover | YES | NO | NO |
| Jcb | YES | NO | NO |
| Vr | NO | NO | YES |
| Sodexo | NO | NO | YES |