Tokenization is the process Stripe uses to collect sensitive card or bank account details, or personally identifiable information (PII), directly from your customers in a secure manner. A token representing this information is returned to your server to use. Use our recommended payments integrations to perform this process on the client-side. This guarantees that no sensitive card data touches your server, and allows your integration to operate in a PCI-compliant way.
If you can’t use client-side tokenization, you can also create tokens using the API with either your publishable or secret API key. If your integration uses this method, you’re responsible for any PCI compliance that it might require, and you must keep your secret API key safe. Unlike with client-side tokenization, your customer’s information isn’t sent directly to Stripe, so we can’t determine how it’s handled or stored.
You can’t store or use tokens more than once. To store card or bank account information for later use, create Customer objects or External accounts. Radar, our integrated solution for automatic fraud protection, performs best with integrations that use client-side tokenization.
Attributes
- idstring
Unique identifier for the object.
- cardnullable object
Hash describing the card used to make the charge.
More attributes
- objectstring
- bank_
account nullable object - client_
ip nullable string - createdtimestamp
- descriptionnullable string
- livemodeboolean
- typestring
- usedboolean
{ "id": "tok_1N3T00LkdIwHu7ixt44h1F8k", "object": "token", "card": { "id": "card_1N3T00LkdIwHu7ixRdxpVI1Q", "object": "card", "address_city": null, "address_country": null, "address_line1": null, "address_line1_check": null, "address_line2": null, "address_state": null, "address_zip": null, "address_zip_check": null, "brand": "Visa", "country": "US", "cvc_check": "unchecked", "dynamic_last4": null, "exp_month": 5, "exp_year": 2026, "fingerprint": "mToisGZ01V71BCos", "funding": "credit", "last4": "4242", "metadata": {}, "name": null, "tokenization_method": null, "wallet": null }, "client_ip": "52.35.78.6", "created": 1683071568, "livemode": false, "type": "card", "used": false}Creates a single-use token that represents a bank account’s details. You can use this token with any v1 API method in place of a bank account dictionary. You can only use this token once. To do so, attach it to a connected account where controller.requirement_collection is application, which includes Custom accounts.
Parameters
- bank_
account objectThe bank account this token will represent.
More parameters
- customerstringConnect only
Returns
Returns the created bank account token if it’s successful. Otherwise, this call raises an error.
{ "id": "tok_1N3T00LkdIwHu7ixt44h1F8k", "object": "token", "bank_account": { "id": "ba_1NWScr2eZvKYlo2C8MgV5Cwn", "object": "bank_account", "account_holder_name": "Jenny Rosen", "account_holder_type": "individual", "account_type": null, "bank_name": "STRIPE TEST BANK", "country": "US", "currency": "usd", "fingerprint": "1JWtPxqbdX5Gamtz", "last4": "6789", "routing_number": "110000000", "status": "new" }, "client_ip": null, "created": 1689981645, "livemode": false, "redaction": null, "type": "bank_account", "used": false}Creates a single-use token that represents a credit card’s details. You can use this token in place of a credit card dictionary with any v1 API method. You can only use these tokens once by creating a new Charge object or by attaching them to a Customer object.
To use this functionality, you need to enable access to the raw card data APIs. In most cases, you can use our recommended payments integrations instead of using the API.
Parameters
- cardobject | string
The card this token will represent. If you also pass in a customer, the card must be the ID of a card belonging to the customer. Otherwise, if you do not pass in a customer, this is a dictionary containing a user’s credit card details, with the options described below.
Returns
Returns the created card token if it’s successful. Otherwise, this call raises an error.
{ "id": "tok_1N3T00LkdIwHu7ixt44h1F8k", "object": "token", "card": { "id": "card_1N3T00LkdIwHu7ixRdxpVI1Q", "object": "card", "address_city": null, "address_country": null, "address_line1": null, "address_line1_check": null, "address_line2": null, "address_state": null, "address_zip": null, "address_zip_check": null, "brand": "Visa", "country": "US", "cvc_check": "unchecked", "dynamic_last4": null, "exp_month": 5, "exp_year": 2026, "fingerprint": "mToisGZ01V71BCos", "funding": "credit", "last4": "4242", "metadata": {}, "name": null, "tokenization_method": null, "wallet": null }, "client_ip": "52.35.78.6", "created": 1683071568, "livemode": false, "type": "card", "used": false}Creates a single-use token that represents an updated CVC value that you can use for CVC re-collection. Use this token when you confirm a card payment or use a saved card on a PaymentIntent with confirmation_.
For most cases, use our JavaScript library instead of using the API. For a PaymentIntent with confirmation_, use our recommended payments integration without tokenizing the CVC value.
Parameters
- cvc_
update objectRequiredThe updated CVC value this token represents.
Returns
Returns the created CVC update token if it’s successful. Otherwise, this call raises an error.
{ "id": "cvctok_1NkWsu2eZvKYlo2CFDm6ab7X", "object": "token", "client_ip": null, "created": 1693334608, "livemode": false, "redaction": null, "type": "cvc_update", "used": false}