Skip to main content
Wallet tokens let you accept payments from device wallets without the decrypted card data ever touching your systems. You pass the encrypted payload from the wallet to Guardian, and Guardian verifies, decrypts, and stores the credential server-side. From there you can forward it to your PSP or acquirer.

Supported Wallets

Each wallet has its own tokenization endpoint and payload format. Once a payload is tokenized, every wallet token can be forwarded and deleted through the same operations described here. Google Pay tokens can additionally be promoted to a network token.
WalletGuide
Google PayGoogle Pay

Forwarding Wallet Tokens

To use a wallet token in a payment, send your outbound request to the PSP or acquirer through Forward wallet token. This works like PCI token forwarding: Guardian forwards your request to the third party named in the x-destination-url header and injects the sensitive card data on the fly. Define where to inject each value using placeholders. Injected values are strings by default; append | unwrap to emit a value as its native type, for example {{ expiry_month | unwrap }}. Which placeholders a token carries — and whether it can be forwarded more than once — depends on the credential type, which varies by wallet. See your wallet’s guide for the exact placeholders and forwarding rules:

Deleting Wallet Tokens

Deleting a wallet token scrubs its stored card data immediately; the token record is kept with deleted_at set. A deleted token can no longer be forwarded or promoted. Tokens already promoted keep their network token and PCI token alive — the lifecycles are independent, as with every token pair on Guardian.