Skip to main content

Token Intents

A Token Intent is a short-lived resource that simplifies the collection and validation of sensitive data from public applications. Token Intents serve as placeholders for sensitive data similarly to Tokens, and allow for additional validation to be performed (e.g. Credit Card Authentication, 3DS, Fraud Checks) before being converted into a Token for long-term retention.

A Token Intent automatically expires after 1 day. You may request a change to this default TTL (up to 48 hours) in your Tenant Quotas in the portal.

Create Token Intent

Create a new token intent.

POST
https://api.basistheory.com/token-intents
Copy

Permissions

token-intent:create

Request

curl "https://api.basistheory.com/token-intents" \
-H "BT-API-KEY: <API_KEY>" \
-H "Content-Type: application/json" \
-X "POST" \
-d '{
  "type": "card",
  "data": {
    "number": "4242424242424242",
    "expiration_month": 12,
    "expiration_year": 2025,
    "cvc": "123"
  }
}'

Request Parameters

AttributeRequiredTypeDefaultDescription
typetruestringnullThe type of token intended to be created
datatrueanynullThe data to tokenize - must satisfy validation rules for the chosen token type
The type network_token is not available at this time.

Response

Returns a 201 status code with a response body containing a Token Intent on success. Returns an error if there were validation errors, or the Token Intent failed to create.

{
  "id": "665bf471-d675-4165-9336-4fc9c1a73fad",
  "tenant_id": "8935ed5e-c082-4837-9063-6f0a2b4265dc",
  "type": "card",
  "card": {
    "bin": "42424242",
    "last4": "4242",
    "expiration_month": 12,
    "expiration_year": 2025,
    "brand": "visa",
    "funding": "credit",
    "issuer_country": {
      "alpha2": "PL",
      "name": "Bermuda",
      "numeric": "369"
    }
    "authentication": "sca_required"
  },
  "fingerprint": "BzQfn8W5PTjHMZgmJfbTjNceWNTnqLEEoEEuhtS7fHca",
  "created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
  "created_at": "2020-09-15T15:53:00+00:00",
  "expires_at": "2024-10-30T19:23:57+00:00"
}

Get a Token Intent

Retrieves a Token Intent by its ID.

GET
https://api.basistheory.com/token-intents/{id}
Copy

Permissions

token-intent:read

Request

curl "https://api.basistheory.com/token-intents/665bf471-d675-4165-9336-4fc9c1a73fad" \
-H "BT-API-KEY: <API_KEY>"

URI Parameters

AttributeRequiredTypeDefaultDescription
idtruestringnullThe ID of the token intent

Response

Returns a 200 status code with a response body containing a Token Intent on success. Returns an error if the Token Intent was not found or you don't have permission to access it.

{
  "id": "665bf471-d675-4165-9336-4fc9c1a73fad",
  "tenant_id": "8935ed5e-c082-4837-9063-6f0a2b4265dc",
  "type": "card",
  "card": {
    "bin": "42424242",
    "last4": "4242",
    "expiration_month": 12,
    "expiration_year": 2025,
    "brand": "visa",
    "funding": "credit",
    "issuer_country": {
      "alpha2": "PL",
      "name": "Bermuda",
      "numeric": "369"
    }
    "authentication": "sca_required"
  },
  "fingerprint": "BzQfn8W5PTjHMZgmJfbTjNceWNTnqLEEoEEuhtS7fHca",
  "created_by": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
  "created_at": "2020-09-15T15:53:00+00:00",
  "expires_at": "2024-10-30T19:23:57+00:00"
}

Delete Token Intent

Deletes a Token Intent without waiting for expiration. Use this endpoint to remove Token Intents that fail validation.

DELETE
https://api.basistheory.com/token-intents/{id}
Copy

Permissions

token-intent:delete

Request

curl "https://api.basistheory.com/token-intents/dda42a6b-964b-46d8-b315-eb6dfda37c32" \
-H "BT-API-KEY: <API_KEY>" \
-X "DELETE"

URI Parameters

AttributeRequiredTypeDefaultDescription
idtruestringnullThe ID of the token intent

Response

Returns a 204 status code and empty body on success. Returns an error if the Token Intent failed to delete.

Convert Token Intent to Token

To convert a Token Intent into a Token, you'll utilize the Create Token or Tokenize endpoint by passing in a token_intent_id instead of type and data. All other attributes of a token are available during the conversion.

Conversion Rules

Card

AttributeRule
cvcThe CVC will not be moved to the Token, as the Card has been authorized. Ensure all actions have been completed with the CVC before conversion.

Deduplication

If token deduplication is enabled, and a Token exists in your Tenant with the same fingerprint and container as the converted token, then the existing Token will be updated. This update operation follows the same merge-patch behaviors that are used when updating a Token.

Token Intent Object

AttributeTypeDescription
idstringUnique identifier of the Token Intent, which can be used in detokenization expressions or to convert to a token
tenant_iduuidThe Tenant ID which owns the Token Intent
typestringThe type of token intended to be created
cardobjectThe Card Details when type is card or card_number, otherwise null.
bankobjectThe Bank Details when type is bank, otherwise null.
network_tokenobjectThe Card Details when type is network_token, otherwise null.
authenticationobjectThe 3DS authentication information (ie: cryptogram) when type is network_token, otherwise null.
fingerprintstringUniquely identifies the contents of this Token Intent using the default fingerprint expression for the Token Types
expires_atstringThe expiration date for this Token Intent
created_byuuidThe Application ID which created the Token Intent
created_atdateCreated date of the Token Intent in ISO 8601 format
_extrasobject(Response-Only) An object containing information regarding the tokenization process

Extras Object

AttributeTypeDescription
network_token_idsarrayA list of network token IDs that were created based on the current token intent

Card Details

AttributeTypeDescription
binstringSix to eight digit BIN of the card
last4stringLast four digits of the card
expiration_monthnumberThe 2-digit expiration month of the card
expiration_yearnumberThe 4-digit expiration year of the card
brandstringThe primary card brand
fundingstringThe primary funding type of the card
segmentstringThe segmentation of the card (eg., Consumer, Commercial)
issuerobjectDescribes the country and issuing bank. See Issuer for details
issuer_countryobject
 .alpha2stringIssuing country ISO3166 alpha country code
 .numericstringIssuing country ISO3166 numeric country code
 .namestringIssuing country name
authenticationstringThe authentication type required for this card
additionalarrayContains additional details associated to the same BIN number. See Card Additional for details.
Card properties shows the primary card details, while Card.additional provides additional card details found for the same BIN.
If a card number does not correspond to any known BIN Details, then brand, funding, issuer_country, and authentication will default to null and the default BIN will be returned.

Card Additional

AttributeTypeDescription
brandstringAn additional card brand
fundingstringAn additional funding type of the card
authenticationstringAn additional authentication type required for this card
issuerobjectDescribes the country and issuing bank. See Issuer for details

Authentication Types

Authentication TypeDescription
sca_requiredIndicates that Strong Customer Authentication (SCA) is required (e.g. 3DS)

Card Brands

The following card brands are supported in the card property (primary details). Please note that the additional property may contain extra card brands not listed in this table.
BrandDescription
american-expressAmerican Express
diners-clubDiners Club
discoverDiscover
ebtEBT
eloElo
hipercardHipercard
jcbJCB
mastercardMastercard
mirMIR
private-labelPrivate Label
proprietaryProprietary
unionpayUnionPay
visaVisa

Card Funding Types

Funding TypeDescription
creditCredit Card
debitDebit Card
prepaidPrepaid Card

Issuer

AttributeTypeDescription
countrystringIssuing country ISO3166 alpha country code
namestringIssuing bank name

Bank Details

AttributeTypeDescription
routing_numberstringThe routing number of the bank account
account_number_last4stringLast four digits of the bank account number
Last updated on