Payments with Network Tokens
This feature is not available for all accounts by default. Reach out to your Hellgate® support representative to learn more about network tokens and how to make use of them.
What are Network Tokens?
Network tokens serve as symbolic replacements for payment credentials. They replace PAN (Primary Account Numbers) and other sensitive card data with a unique string (non-sensitive data) in all parts of the payment flows. They are used to authenticating transactions and are unique to the card, the merchant and the transaction.
Network Tokens are generated by card schemes like Visa or Mastercard in real-time as customers use their cards. In this way, security is enhanced by preventing the exposure of cardholder information to third parties.
Hellgate® provides merchants with a cohesive strategy for network tokenization, simplifying the process of token creation, utilization, and management.
With network tokenization, merchants have several advantages:
- Reduced fraud rates
- Increased authorization rates
- Lower interchange fees
- Tokens can be used for multiple PSPs
Hellgate® tokens and Network tokens
Hellgate® tokens can be enriched with networks tokens from the card schemes. Once a card payment method undergoes tokenization, and if the network tokens feature is enabled for your account, Hellgate® will request a network token from the card scheme and associate it with the token. If this operation is successful, the network token status is updated to active
.
To use the network tokens for payment authorization, a cryptogram must first be requested. This is created and used during the payment request as proof of token validation for card transactions requiring authorization. They help to authenticate the transaction and ensure its integrity.
The sequence diagram below demonstrates how the process works to use network tokens and request a cryptogram.
Credentials on File Payment
Exemplary Use
Step 1: Request a cryptogram
Hellgate® allows you to create these cryptograms using a previously imported token.
curl
--request POST
--url https://api.hellgate.io/tokens/{id}/payment-data
--header 'content-type: application/json'
--data '
{
"amount": 10000,
"currency_code": "EUR",
"merchant_id": "afb55b3a-9997-4ddf-8026-a178fd8573cc",
"reference": "1234567890"
}
Step 2: Decrypt the authentication data
Hellgate® processes the request and returns the encrypted authentication data. This encrypted authentication data contains the network token and the cryptogram. For more information, please refer to our API documentation.
The network token is used to authenticate the transaction, and the cryptogram is used to validate the network token.
To decrypt the payload, follow these steps:
- Use the
encryption_key
that was generated when the merchant was created - Use the
encrypted_authentication_data
string, which you receive as part of requesting a cryptogram response
Below is an example of how to perform decryption in Elixir. However, this can also be accomplished using your preferred programming language.
merchant_key = "e4xeJFoL+8kQWrSwCyJLnC56WkGz8aGIE8uEoQJGYDs"
encrypted_authentication_data= "eyJhbGciOiJBMjU2R0NNS1ciLCJlbmMiOiJBMjU2R0NNIiwiaXYiOiJpR2ZsaXRMajJxLXpaMkdHIiwidGFnIjoia1c2bWRTQkJJcHBLMWwzQW93ZFBFUSJ9.ICv_3s0ux8D1Db2YTzfQ-AvW_zXBSeWiE9vnzeYwW0I.ybwd1PzSn05XvQPP.DUJIBkgWN4xp1UsQNqbeSVBckZwG4fNL6ykn35JcITGqe0VR9ibzfph7yHn4cufxPVTogTq72Y1fPNGhCMdWrutWYRsGiSL5mdXEwzQ_s22eaikP0fzD_RI7dK5D7qxNrYa8YUy1eCLJjpSE0zgnV-o000lSjnjEo5PE9FpnGRdb4FYLLA7L9GY.HX41GbBtkPO7z6Age09H-Q"
JOSE.JWE.block_decrypt(:sha256 |> :crypto.hash(merchant_key) |> JOSE.JWK.from_oct(), encrypted_authentication_data) |> elem(0) |> Jason.decode!
The decrypted payload will be in JSON format and will appear as follows:
{
"cryptogram" => "AwAAAAkA+1rBeAMAnkbHgpAAAAA=",
"eci" => "07",
"network_token" => %{
"expiry_month" => 3,
"expiry_year" => 2030,
"token" => "4895370017908176"
}
}
Step 3: Send Payment Authorization (network token and cryptogram) to the PSP
- Adyen v69
curl 'https://api.hellgate.io/forward' \
-X 'POST' \
-H 'Content-Type: application/json' \
-H 'X-API-KEY: <HELLGATE-API-KEY>' \
-H 'X-HELLGATE-TOKEN: d7d272f7-f0e8-44c6-9459-c60e1ef279d5' \
-H 'X-DESTINATION-URL: https://checkout-test.adyen.com/v69/payments' \
-H 'X-API-KEY-ADYEN-NAME: X-API-KEY' \
-H 'X-API-KEY-ADYEN-VALUE <ADYEN-API-KEY>' \
--data '
{
"merchantAccount": "<adyen_merchant_account>",
"reference": "Payment-0001",
"amount": {
"currency": "EUR",
"value": 1234
},
"paymentMethod": {
"type": "networkToken",
"brand": "visa",
"expiryMonth": "3",
"expiryYear": "2030",
"number": "4895370017908176"
},
"mpiData":{
"directoryResponse":"Y",
"authenticationResponse":"Y",
"tokenAuthenticationVerificationValue":"AwAAAAkA+1rBeAMAnkbHgpAAAAA=",
"eci":"07"
},
"recurringProcessingModel":"CardOnFile",
"shopperInteraction": "Ecommerce"
}
Supported Card Schemes
- VISA
- Mastercard
- AMEX: American Express (available soon!)