> ## Documentation Index > Fetch the complete documentation index at: https://developer.hellgate.io/llms.txt > Use this file to discover all available pages before exploring further. # Overview > Handle stored payment instruments and tokenization The Payment Methods API provides endpoints for managing tokenized payment instruments including cards, SEPA Direct Debit mandates, and ACH mandates. Commerce V1 securely stores payment credentials while maintaining PCI DSS compliance through tokenization. ## Payment Instruments Commerce V1 supports multiple payment instrument types, each with specific setup and management requirements: * **Cards**: Tokenized card data for credit and debit card payments * **SEPA Mandates**: Direct debit authorization for SEPA regions (Core and B2B) * **ACH Mandates**: Direct debit authorization for US bank accounts Each payment instrument is associated with a customer and can be used for both one-time and recurring payments. ## Payment Method Setup The payment method setup flow handles the process of securely collecting and storing payment credentials. Setup flows integrate with your [extension services](/products/commerce/v1/integration/extensions/overview) to provide custom checkout experiences. Key setup capabilities: * **Initiate setup**: Create a new payment method setup session for a customer * **Track progress**: Query setup status and details * **Handle callbacks**: Process setup completion callbacks from extension services * **Access stored methods**: Retrieve tokenized payment methods after successful setup The setup process follows this pattern: 1. Create a setup session via API 2. Customer completes payment method collection in your checkout experience 3. Extension service returns setup results via callback 4. Payment method becomes available for transactions ## Token Management Access and manage stored payment method tokens through the payment methods endpoints. Tokens provide secure references to payment credentials without exposing sensitive data. Operations include: * **List payment methods**: Query all stored payment methods for a customer or account * **Get details**: Retrieve specific payment method information * **Terminate tokens**: Remove payment methods when no longer needed * **Download documents**: Access mandate documents for SEPA and ACH mandates ## PCI Compliance Commerce V1's tokenization approach reduces your PCI DSS compliance scope. Sensitive card data is never stored in your systems - instead, you work with secure tokens that reference the underlying payment credentials. When integrating with the Payment Methods API, follow these guidelines: * Use session-based tokenization through extension services (SAQ-A/SAQ-A+) * Never log or store raw card data in your application * Implement proper access controls for payment method tokens * Monitor token usage and revoke unused tokens regularly For SEPA mandate signature requirements, see the [SEPA Mandate Service](/products/commerce/v1/integration/extensions/sepa-mandate-service) documentation.