Network Tokens
Network Tokens enables merchants to convert raw card details into secure, network-issued tokens. The network token endpoints support one-time purchases, card-on-file transactions, subscriptions and other recurring or cross-border payments by issuing tokens that automatically update on card reissues and boost authorization rates—all without ever storing PANs.
Create a Network Token
Creates a Network Token.
Permissions
network-token:create
Request
- cURL
- Node
- C#
- Java
- Python
# Using an existing token ID
curl -L 'https://api.basistheory.com/network-tokens' \
-H 'BT-API-KEY: <API_KEY>' \
-H 'Content-Type: application/json' \
-d '{
"token_id": "c06d0789-0a38-40be-b7cc-c28a718f76f1",
"cardholder_info": {
"name": "Jonh Doe",
"address": {
"line1": "123 Main Street",
"line2": "Apt 4B",
"line3": "Building 7",
"postal_code": "90210",
"city": "Beverly Hills",
"state_code": "CA",
"country_code": "USA"
}
}
}'
# Using an existing token intent ID
curl -L 'https://api.basistheory.com/network-tokens' \
-H 'BT-API-KEY: <API_KEY>' \
-H 'Content-Type: application/json' \
-d '{
"token_intent_id": "c06d0789-0a38-40be-b7cc-c28a718f76f1",
"cardholder_info": {
"name": "Jonh Doe",
"address": {
"line1": "123 Main Street",
"line2": "Apt 4B",
"line3": "Building 7",
"postal_code": "90210",
"city": "Beverly Hills",
"state_code": "CA",
"country_code": "USA"
}
}
}'
# Using raw card data
curl -L 'https://api.basistheory.com/network-tokens' \
-H 'BT-API-KEY: <API_KEY>' \
-H 'Content-Type: application/json' \
-d '{
"data": {
"number": "4111111111111111",
"expiration_month": "03",
"expiration_year": "2027",
"cvc": "123"
},
"cardholder_info": {
"name": "Jonh Doe",
"address": {
"line1": "123 Main Street",
"line2": "Apt 4B",
"line3": "Building 7",
"postal_code": "90210",
"city": "Beverly Hills",
"state_code": "CA",
"country_code": "USA"
}
}
}'
// Using an existing token ID
await client.networkTokens.create({
token_id: "c06d0789-0a38-40be-b7cc-c28a718f76f1",
cardholder_info: {
name: "Jonh Doe",
address: {
line1: "123 Main Street",
line2: "Apt 4B",
line3: "Building 7",
postal_code: "90210",
city: "Beverly Hills",
state_code: "CA",
country_code: "USA"
}
}
}
);
// Using an existing token intent ID
await client.networkTokens.create({
token_intent_id: "c06d0789-0a38-40be-b7cc-c28a718f76f1",
cardholder_info: {
name: "Jonh Doe",
address: {
line1: "123 Main Street",
line2: "Apt 4B",
line3: "Building 7",
postal_code: "90210",
city: "Beverly Hills",
state_code: "CA",
country_code: "USA"
}
}
}
);
// Using raw card data
await client.networkTokens.create({
data: {
number: "4111111111111111",
expiration_month: "03",
expiration_year: "2027",
cvc: "123"
},
cardholder_info: {
name: "Jonh Doe",
address: {
line1: "123 Main Street",
line2: "Apt 4B",
line3: "Building 7",
postal_code: "90210",
city: "Beverly Hills",
state_code: "CA",
country_code: "USA"
}
}
}
);
// Using an existing token ID
await client.NetworkTokens.CreateAsync(
new CreateNetworkTokenRequest
{
TokenId = "c06d0789-0a38-40be-b7cc-c28a718f76f1",
CardholderInfo = new CardholderInfo
{
Name = "John Doe",
Address = new Address
{
Line1 = "123 Main Street",
Line2 = "Apt 4B",
Line3 = "Building 7",
PostalCode = "90210",
City = "Beverly Hills",
StateCode = "CA",
CountryCode = "USA"
}
}
});
// Using an existing token intent ID
await client.NetworkTokens.CreateAsync(
new CreateNetworkTokenRequest
{
TokenIntentId = "c06d0789-0a38-40be-b7cc-c28a718f76f1",
CardholderInfo = new CardholderInfo
{
Name = "John Doe",
Address = new Address
{
Line1 = "123 Main Street",
Line2 = "Apt 4B",
Line3 = "Building 7",
PostalCode = "90210",
City = "Beverly Hills",
StateCode = "CA",
CountryCode = "USA"
}
}
});
// Using raw card data
await client.NetworkTokens.CreateAsync(
new CreateNetworkTokenRequest
{
Data = new Card
{
Number = "4111111111111111",
ExpirationMonth = 03,
ExpirationYear = 2027,
Cvc = "123"
},
CardholderInfo = new CardholderInfo
{
Name = "John Doe",
Address = new Address
{
Line1 = "123 Main Street",
Line2 = "Apt 4B",
Line3 = "Building 7",
PostalCode = "90210",
City = "Beverly Hills",
StateCode = "CA",
CountryCode = "USA"
}
}
});
// Using an existing token ID
NetworkToken networkToken2 = new NetworkTokensClient(ClientOptions.builder().build())
.create(CreateNetworkTokenRequest.builder()
.tokenId("c06d0789-0a38-40be-b7cc-c28a718f76f1")
.cardholderInfo(CardholderInfo.builder()
.name("Jonh Doe")
.address(Address.builder()
.line1("123 Main Street")
.line2("Apt 4B")
.line3("Building 7")
.postalCode("90210")
.city("Beverly Hills")
.stateCode("CA")
.countryCode("USA")
.build())
.build())
.build());
// Using an existing token intent ID
NetworkToken networkToken3 = new NetworkTokensClient(ClientOptions.builder().build())
.create(CreateNetworkTokenRequest.builder()
.tokenIntentId("c06d0789-0a38-40be-b7cc-c28a718f76f1")
.cardholderInfo(CardholderInfo.builder()
.name("Jonh Doe")
.address(Address.builder()
.line1("123 Main Street")
.line2("Apt 4B")
.line3("Building 7")
.postalCode("90210")
.city("Beverly Hills")
.stateCode("CA")
.countryCode("USA")
.build())
.build())
.build());
// Using raw card data
NetworkToken networkToken1 = new NetworkTokensClient(ClientOptions.builder().build())
.create(CreateNetworkTokenRequest.builder()
.cardholderInfo(CardholderInfo.builder()
.name("Jonh Doe")
.address(Address.builder()
.line1("123 Main Street")
.line2("Apt 4B")
.line3("Building 7")
.postalCode("90210")
.city("Beverly Hills")
.stateCode("CA")
.countryCode("USA")
.build())
.build())
.data(Card.builder()
.number("4111111111111111")
.expirationMonth(3)
.expirationYear(2027)
.cvc("123")
.build())
.build());
# Using an existing token ID
await client.network_tokens.create(
token_id="c06d0789-0a38-40be-b7cc-c28a718f76f1",
cardholder_info=CardholderInfo(
name="John Doe",
address=Address(
line1="123 Main Street",
line2="Apt 4B",
line3="Building 7",
postal_code="90210",
city="Beverly Hills",
state_code="CA",
country_code="US"
)
)
)
# Using an existing token intent ID
await client.network_tokens.create(
token_intent_id="c06d0789-0a38-40be-b7cc-c28a718f76f1",
cardholder_info=CardholderInfo(
name="John Doe",
address=Address(
line1="123 Main Street",
line2="Apt 4B",
line3="Building 7",
postal_code="90210",
city="Beverly Hills",
state_code="CA",
country_code="US"
)
)
)
# Using raw card data
await client.network_tokens.create(
data=Card(
number="4111111111111111",
expiration_month=3,
expiration_year=2027,
cvc="123"
),
cardholder_info=CardholderInfo(
name="John Doe",
address=Address(
line1="123 Main Street",
line2="Apt 4B",
line3="Building 7",
postal_code="90210",
city="Beverly Hills",
state_code="CA",
country_code="US"
)
)
)
Request Parameters
Attribute | Required | Type | Description |
---|---|---|---|
data | No | object | The card data to create a Network Token |
token_intent_id | No | string | The ID of a Token Intent to use as source for creating a Network Token |
token_id | No | string | The ID of a Token to use as source for creating a Network Token |
cardholder_info | No | object | The cardholder information |
data
, token_intent_id
or token_id
when creating a Network Token.data
object with raw card details, your system must be PCI DSS compliant. Consider using token_id
or token_intent_id
instead to reduce compliance scope.number
, expiration_month
and expiration_year
attributes.Card Data Object
Attribute | Required | Type | Description |
---|---|---|---|
number | Yes | string | The card number to tokenize |
expiration_month | Yes | string | The card's expiration month |
expiration_year | Yes | string | The card's four-digit expiration year |
cvc | No | string | The card's verification code |
Cardholder Information
Attribute | Required | Type | Description |
---|---|---|---|
name | No | string | The full name of the cardholder |
address | No | object | The cardholder address details |
Address Details
Attribute | Required | Type | Description |
---|---|---|---|
line1 | No | string | The first line of the street address |
line2 | No | string | The second line of the street address |
line3 | No | string | The third line of the street address |
postal_code | No | string | The postal code of the address |
city | No | string | The city of the address |
state_code | No | string | The state or province code of the address |
country_code | No | string | The country code of the address |
Response
Returns a network token object if successful. Returns an error if there were validation errors, or the network token failed to create.
{
"id": "1a97a7f6-5d7e-4a8e-ad08-c2472cfedf7f",
"tenant_id": "a4ed655d-325e-4490-8c5a-2ff288db7aa5",
"data": {
"number": "XXXXXXXXXXXX2426",
"expiration_month": 12,
"expiration_year": 2029
},
"network_token": {
"bin": "433561",
"last4": "2426",
"expiration_month": 12,
"expiration_year": 2029,
"brand": "visa",
"funding": "debit",
"issuer": {
"country": "US",
"name": "CENTRAL FEDERAL SAVINGS AND LOAN ASSOCIATION"
},
"issuer_country": {
"alpha2": "US",
"name": "UNITED STATES OF AMERICA",
"numeric": "840"
},
"segment": "Consumer",
"additional": [
{
"brand": "star",
"funding": "debit",
"issuer": {
"country": "US"
}
}
]
},
"status": "active",
"created_by": "f8dee6b4-2f92-4052-81f9-8b0fc8078a6e",
"created_at": "2025-05-07T17:04:06.3338559+00:00",
"token_id": "c06d0789-0a38-40be-b7cc-c28a718f76f1", // If network token was created using a token_id
"token_intent_id": "c06d0789-0a38-40be-b7cc-c28a718f76f1" // If network token was created using a token_intent_id
}
Get a network token
Retrieves a Network Token.
Permissions
network-token:read
network-token:reveal
At least one of these permissions is required to access the information.
The network-token:read
permission displays the card number in data.number
with a masked format (showing only the last 4 digits), while the network-token:reveal
permission provides access to view the complete unmasked card number.
network-token:reveal
permission will take precedence and display the complete unmasked card number.Request
- cURL
- Node
- C#
- Java
- Python
curl -L 'https://api.basistheory.com/network-tokens/485fcc69-e105-4239-b821-92c612f9b03d' \
-H 'BT-API-KEY: <API_KEY>' \
-H 'Content-Type: application/json'
await client.networkTokens.get("485fcc69-e105-4239-b821-92c612f9b03d");
await client.NetworkTokens.GetAsync("485fcc69-e105-4239-b821-92c612f9b03d");
NetworkToken networkToken = new NetworkTokensClient(ClientOptions.builder().build())
.get("485fcc69-e105-4239-b821-92c612f9b03d");
await client.network_tokens.get("485fcc69-e105-4239-b821-92c612f9b03d")
Request Parameters
Attribute | Required | Type | Description |
---|---|---|---|
id | Yes | string | The ID of the network token to retrieve |
Response
Returns a network token object if successful. Returns an error if there were validation errors, or the network token failed to retrieve.
{
"id": "1a97a7f6-5d7e-4a8e-ad08-c2472cfedf7f",
"tenant_id": "a4ed655d-325e-4490-8c5a-2ff288db7aa5",
"data": {
"number": "XXXXXXXXXXXX2426",
"expiration_month": 12,
"expiration_year": 2029
},
"network_token": {
"bin": "433561",
"last4": "2426",
"expiration_month": 12,
"expiration_year": 2029,
"brand": "visa",
"funding": "debit",
"issuer": {
"country": "US",
"name": "CENTRAL FEDERAL SAVINGS AND LOAN ASSOCIATION"
},
"issuer_country": {
"alpha2": "US",
"name": "UNITED STATES OF AMERICA",
"numeric": "840"
},
"segment": "Consumer",
"additional": [
{
"brand": "star",
"funding": "debit",
"issuer": {
"country": "US"
}
}
]
},
"status": "active",
"created_by": "f8dee6b4-2f92-4052-81f9-8b0fc8078a6e",
"created_at": "2025-05-07T17:04:06.3338559+00:00"
}
Generate a Cryptogram
Generate a cryptogram for a network token.
Permissions
network-token:cryptogram
Request
- cURL
- Node
- C#
- Java
- Python
curl -L -X POST 'https://api.flock-dev.com/network-tokens/2c1577f3-6c1b-4575-9488-13202405fefe/cryptogram' \
-H 'BT-API-KEY: <API_KEY>' \
-H 'Content-Type: application/json'
await client.networkTokens.cryptogram("2c1577f3-6c1b-4575-9488-13202405fefe");
await client.NetworkTokens.CryptogramAsync("2c1577f3-6c1b-4575-9488-13202405fefe");
NetworkTokenCryptogram cryptogram = new NetworkTokensClient(ClientOptions.builder().build())
.cryptogram("2c1577f3-6c1b-4575-9488-13202405fefe");
await client.network_tokens.cryptogram("2c1577f3-6c1b-4575-9488-13202405fefe")
Request Parameters
Attribute | Required | Type | Description |
---|---|---|---|
id | Yes | string | The ID of the network token to create cryptogram |
Response
Returns a cryptogram object if successful. Returns an error if there were validation errors, or the cryptogram failed to create.
{
"cryptogram": "2z8pd6WGPUi/BBesvjJcyw==",
"eci": "07"
}
Delete a Network Token
Deletes a Network Token.
Permissions
network-token:delete
Request
- cURL
- Node
- C#
- Java
- Python
curl -L -X DELETE 'https://api.basistheory.com/network-tokens/485fcc69-e105-4239-b821-92c612f9b03d' \
-H 'BT-API-KEY: <API_KEY>' \
-H 'Content-Type: application/json'
await client.networkTokens.delete("485fcc69-e105-4239-b821-92c612f9b03d");
await client.NetworkTokens.DeleteAsync("485fcc69-e105-4239-b821-92c612f9b03d");
new NetworkTokensClient(ClientOptions.builder().build())
.delete("485fcc69-e105-4239-b821-92c612f9b03d");
await client.network_tokens.delete("485fcc69-e105-4239-b821-92c612f9b03d")
Request Parameters
Attribute | Required | Type | Description |
---|---|---|---|
id | Yes | string | The ID of the network token to delete |
Response
Returns a 204 No Content response if successful. Returns an error if there were validation errors, or the network token failed to delete.
Network Token Object
Attribute | Type | Description |
---|---|---|
id | string | Unique identifier of the network token |
tenant_id | uuid | The tenant ID associated with the network token |
data.number | string | Masked card number |
data.expiration_month | integer | Card's expiration month |
data.expiration_year | integer | Card's expiration year |
network_token | object | An object containing the card data. See Card Details for more information. |
status | string | The status of the network token. Possible values: active , inactive or suspended |
created_by | uuid | ID of the entity that created the network token |
created_at | date | Timestamp of when the network token was created |
token_id | uuid | The ID of the token if created using a token_id |
token_intent_id | uuid | The ID of the token intent if created using a token_intent_id |
token_id
and token_intent_id
can be present if a token intent is eventually transformed into a token.Card Details
Attribute | Type | Description |
---|---|---|
bin | string | Six to eight digit BIN of the card |
last4 | string | Last four digits of the card |
expiration_month | number | The 2-digit expiration month of the card |
expiration_year | number | The 4-digit expiration year of the card |
brand | string | The primary card brand |
funding | string | The primary funding type of the card |
segment | string | The segmentation of the card (eg., Consumer, Commercial) |
issuer | object | Describes the contry and issuing bank. See Issuer for details |
issuer_country | object | |
.alpha2 | string | Issuing country ISO3166 alpha country code |
.numeric | string | Issuing country ISO3166 numeric country code |
.name | string | Issuing country name |
authentication | string | The authentication type required for this card |
additional | array | Contains additional details associated to the same BIN number. See Card Additional for details. |
Card
properties shows the primary card details, while Card.additional
provides additional card details found for the same BIN.brand
, funding
, issuer_country
, and authentication
will default to null
and the default BIN will be returned.Card Additional
Attribute | Type | Description |
---|---|---|
brand | string | An additional card brand |
funding | string | An additional funding type of the card |
authentication | string | An additional authentication type required for this card |
issuer | object | Describes the contry and issuing bank. See Issuer for details |
Issuer
Attribute | Type | Description |
---|---|---|
country | string | Issuing country ISO3166 alpha country code |
name | string | Issuing bank name |
Card Brands
card
property (primary details). Please note that the additional
property may contain extra card brands not listed in this table.Brand | Description |
---|---|
american-express | American Express |
diners-club | Diners Club |
discover | Discover |
ebt | EBT |
elo | Elo |
hipercard | Hipercard |
jcb | JCB |
mastercard | Mastercard |
mir | MIR |
private-label | Private Label |
proprietary | Proprietary |
unionpay | UnionPay |
visa | Visa |
Card Funding Types
Funding Type | Description |
---|---|
credit | Credit Card |
debit | Debit Card |
prepaid | Prepaid Card |
Authentication Types
Authentication Type | Description |
---|---|
sca_required | Indicates that Strong Customer Authentication (SCA) is required (e.g. 3DS) |
Cryptogram Object
Attribute | Type | Description |
---|---|---|
cryptogram | string | The cryptogram generated for the network token |
eci | string | The ECI value associated with the cryptogram |
Test Cards
The following test cards can be used to test different error and success scenarios when creating network tokens.
Visa Cards
Test PAN | Response |
---|---|
4111111111111111 | Success |
4012888888881881 | Provision Data Expired |
4330251207506660 | Card Verification Failed |
4539097887163333 | Card Not Eligible |
4929980395567582 | Card Not Allowed |
4929544240318920 | Card Declined |
4916725297925395 | Provision Not Allowed |
4711358892785746 | Card Eligibility Error |
Mastercard Cards
Test PAN | Response |
---|---|
5555555555554444 | Success |
5105105105105100 | Provision Data Expired |
5461310156953048 | Card Verification Failed |
5325191087030619 | Card Not Eligible |
5580422612666704 | Card Not Allowed |
5157204564548129 | Card Declined |
5336475987107024 | Provision Not Allowed |
5233580618829955 | Card Eligibility Error |
Discover Cards
Test PAN | Response |
---|---|
6011111111111117 | Success |
6011601160116611 | Provision Data Expired |
6011168802268945 | Card Verification Failed |
6011690151507086 | Card Not Eligible |
6011444770992901 | Card Not Allowed |
6011760519541711 | Card Declined |
6011490740263725 | Provision Not Allowed |
6011000990139424 | Card Eligibility Error |
American Express Cards
Test PAN | Response |
---|---|
378282246310005 | Success |
371449635398431 | Provision Data Expired |
370488998077498 | Card Verification Failed |
373555735376156 | Card Not Eligible |
378025849667382 | Card Not Allowed |
348322853530243 | Card Declined |
375155165213132 | Provision Not Allowed |
348835199015504 | Card Eligibility Error |