> ## Documentation Index > Fetch the complete documentation index at: https://developer.hellgate.io/llms.txt > Use this file to discover all available pages before exploring further. # Refresh CVC2 > Create a session to update the Security Code from a Commerce Token using our SDK. ## OpenAPI ````yaml /products/commerce/v2/openapi.yaml post /tokens/{id}/refresh-session openapi: 3.1.0 info: title: Commerce API version: '2.0' description: > The Commerce V2 API provides a comprehensive payment orchestration platform designed to streamline and optimize payment processing for modern businesses. Built with flexibility and security at its core, our API enables you to process payments, manage authentications, and handle cardholder data across multiple payment processors without vendor lock-in. contact: name: Starfish GmbH & Co. KG email: hello@starfish.team url: https://hellgate.io/cpa/commerce license: name: Commerce API Terms url: https://hellgate.io/terms-and-conditions servers: - url: https://sandbox.hellgate.io description: Commerce SaaS Sandbox - url: https://api.hellgate.io description: Commerce SaaS Production security: [] tags: - name: payments_ci description: >- Handle payment processing where the customer is actively present and authorizing the transaction. - name: payments_mi description: >- Process transactions without direct customer interaction at the time of payment. - name: payments_modifications description: >- Modify existing payment transactions after initial authorization (capture, void, refund). - name: payments_data description: >- Access comprehensive payment transaction data for reporting, reconciliation, and analysis. - name: refunds_data description: Access detailed refund transaction data for tracking and reconciliation. - name: authentications_ci description: >- Process EMVCo 3-D Secure authentication requests as standalone transactions (one-off, recurring, installment). - name: authentications_mi description: >- Process requestor-initiated EMVCo 3-D Secure authentication requests (3RI) as standalone transactions. - name: authentications_data description: Access the results of prior authentications for reference. - name: credentials_management description: >- Manage stored payment credentials for repeat customers across all operating models. - name: tokens_create description: >- Create and import Commerce tokens to securely store cardholder data while maintaining PCI DSS compliance. - name: tokens_management description: Manage stored Commerce tokens including CVC2 security code management. - name: compliance_service description: >- Safely handle sensitive cardholder data while maintaining PCI DSS compliance via a secure proxy service. - name: network_tokens description: >- Manage network tokens with major card schemes with automatic lifecycle management. - name: merchants description: >- Configure and manage merchant accounts based on your chosen operating model. - name: reconciliation description: Reconcile imported token data. - name: processor_backup description: >- Migrate payment tokens from third-party processors (currently supports stripe.com). paths: /tokens/{id}/refresh-session: post: tags: - tokens_management summary: Refresh CVC2 description: > Create a session to update the Security Code from a Commerce Token using our SDK. operationId: refresh_secutiry_token_session parameters: - in: path name: id description: The ID of the Commerce token schema: type: string format: uuid required: true responses: '200': description: Success response content: application/json: schema: $ref: '#/components/schemas/TokenSession' '401': $ref: '#/components/responses/401_UnauthorizedError' '403': $ref: '#/components/responses/403_ForbiddenError' '404': $ref: '#/components/responses/404_NotFoundError' security: - APIKeyAuth: [] components: schemas: TokenSession: type: object properties: session_id: description: | The ID of the session which needs to be used to initialize the SDK. type: string format: uuid required: - session_id ErrorGeneric: type: object properties: code: $ref: '#/components/schemas/ErrorStatusCode' classifier: $ref: '#/components/schemas/ErrorClassifier' message: $ref: '#/components/schemas/ErrorMessage' ErrorStatusCode: type: integer description: The corresponding HTTP status code for the error ErrorClassifier: type: string description: Technical code that helps to identify the error ErrorMessage: type: string description: Human readable representation of the error responses: 401_UnauthorizedError: description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 401 message: No valid means of authentication was provided classifier: UNAUTHORIZED 403_ForbiddenError: description: Forbidden content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 403 message: Not allowed to access this resource or feature classifier: FORBIDDEN 404_NotFoundError: description: Not found content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 404 message: The requested resource was not found. classifier: NOT_FOUND securitySchemes: APIKeyAuth: type: apiKey name: X-API-Key in: header ````