Skip to main content
POST
/
cards
/
tokenized
curl https://api.onepay.la/v1/cards/tokenized \
  -X POST \
  -H "Authorization: Bearer sk_test_xxx" \
  -H "Content-Type: application/json" \
  -H "x-idempotency: tokenized-card-001" \
  -d '{
    "card_token": "3f484621-29da-4632-954a-150953707e78",
    "customer_id": "9dd4158b-0e45-42bc-b56f-a4c1f856814d",
    "authorization": true,
    "authentication": {
      "cavv": "AAABBEg0VhI0VniQEjRWAAAAAAA=",
      "eci": "05",
      "ds_trans_id": "f25084f0-5b16-4c0a-ae5d-b24808571000",
      "version": "2.2.0",
      "status": "Y"
    }
  }'
const response = await fetch('https://api.onepay.la/v1/cards/tokenized', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sk_test_xxx',
    'Content-Type': 'application/json',
    'x-idempotency': 'tokenized-card-001'
  },
  body: JSON.stringify({
    card_token: '3f484621-29da-4632-954a-150953707e78',
    customer_id: '9dd4158b-0e45-42bc-b56f-a4c1f856814d',
    authorization: true,
    authentication: {
      cavv: 'AAABBEg0VhI0VniQEjRWAAAAAAA=',
      eci: '05',
      ds_trans_id: 'f25084f0-5b16-4c0a-ae5d-b24808571000',
      version: '2.2.0',
      status: 'Y'
    }
  })
});

const card = await response.json();
import requests

response = requests.post(
    'https://api.onepay.la/v1/cards/tokenized',
    headers={
        'Authorization': 'Bearer sk_test_xxx',
        'Content-Type': 'application/json',
        'x-idempotency': 'tokenized-card-001'
    },
    json={
        'card_token': '3f484621-29da-4632-954a-150953707e78',
        'customer_id': '9dd4158b-0e45-42bc-b56f-a4c1f856814d',
        'authorization': True,
        'authentication': {
            'cavv': 'AAABBEg0VhI0VniQEjRWAAAAAAA=',
            'eci': '05',
            'ds_trans_id': 'f25084f0-5b16-4c0a-ae5d-b24808571000',
            'version': '2.2.0',
            'status': 'Y'
        }
    }
)

card = response.json()
<?php
$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api.onepay.la/v1/cards/tokenized",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_POST => true,
  CURLOPT_HTTPHEADER => [
    "Authorization: Bearer sk_test_xxx",
    "Content-Type: application/json",
    "x-idempotency: tokenized-card-001"
  ],
  CURLOPT_POSTFIELDS => json_encode([
    "card_token" => "3f484621-29da-4632-954a-150953707e78",
    "customer_id" => "9dd4158b-0e45-42bc-b56f-a4c1f856814d",
    "authorization" => true,
    "authentication" => [
      "cavv" => "AAABBEg0VhI0VniQEjRWAAAAAAA=",
      "eci" => "05",
      "ds_trans_id" => "f25084f0-5b16-4c0a-ae5d-b24808571000",
      "version" => "2.2.0",
      "status" => "Y"
    ]
  ])
]);

$response = curl_exec($curl);
$card = json_decode($response, true);
?>
{
   "id":"9e01eeae-2868-4564-9d04-84d1d1d027d2",
   "brand":"Mastercard",
   "last_four":"8099",
   "card_name":"Juan Pérez",
   "expiration_date":"2026-09-30T00:00:00.000000Z",
   "customer_id":"9df8018b-6a28-4696-b7b2-63615f34a2f5",
   "created_at":"2025-01-19T18:29:25.000000Z",
   "type":"credit_card",
   "country":"CO",
   "cvc_check":true,
   "verified":true,
   "title":"Mastercard • 8099",
   "method_type":"credit_card",
   "action":{
      "action":"NULL",
      "next":null
   }
}
{
   "message":"El campo customer id es obligatorio. (y 6 errores m\u00e1s)",
   "code":10001,
   "code_name":"validation_error",
   "errors":{
      "customer_id":[
         "El campo customer id es obligatorio."
      ],
      "card_number":[
         "El campo card number es obligatorio."
      ],
      "expiration_year":[
         "El campo expiration year es obligatorio."
      ],
      "expiration_month":[
         "El campo expiration month es obligatorio."
      ],
      "ccv":[
         "El campo ccv es obligatorio."
      ],
      "holder_name":[
         "El campo holder name es obligatorio."
      ],
      "authorization":[
         "El campo authorization es obligatorio."
      ]
   }
}
{
  "message": "No se puede generar la operación, genera un token de idempotencia y envíelo en los headers como x-idempotency",
  "code": 10003,
  "code_name": "idempotency_error"
}

Elementos de captura de datos sensibles

Captura datos sensibles de manera segura y personalizada.

Headers

x-idempotency
string
required
Token único para garantizar la idempotencia de la petición

Body

card_token
string
required
Token de la tarjeta tokenizada.
customer_id
string
required
ID del cliente que tokenizó la tarjeta. Crear cliente.
authorization
boolean
required
Indica si el usuario ha autorizado débitos automáticos para esta tarjeta.
authentication
object
Datos de autenticación 3D Secure. Envía este campo si realizaste la autenticación 3DS de forma externa.
{
   "id":"9e01eeae-2868-4564-9d04-84d1d1d027d2",
   "brand":"Mastercard",
   "last_four":"8099",
   "card_name":"Juan Pérez",
   "expiration_date":"2026-09-30T00:00:00.000000Z",
   "customer_id":"9df8018b-6a28-4696-b7b2-63615f34a2f5",
   "created_at":"2025-01-19T18:29:25.000000Z",
   "type":"credit_card",
   "country":"CO",
   "cvc_check":true,
   "verified":true,
   "title":"Mastercard • 8099",
   "method_type":"credit_card",
   "action":{
      "action":"NULL",
      "next":null
   }
}
{
   "message":"El campo customer id es obligatorio. (y 6 errores m\u00e1s)",
   "code":10001,
   "code_name":"validation_error",
   "errors":{
      "customer_id":[
         "El campo customer id es obligatorio."
      ],
      "card_number":[
         "El campo card number es obligatorio."
      ],
      "expiration_year":[
         "El campo expiration year es obligatorio."
      ],
      "expiration_month":[
         "El campo expiration month es obligatorio."
      ],
      "ccv":[
         "El campo ccv es obligatorio."
      ],
      "holder_name":[
         "El campo holder name es obligatorio."
      ],
      "authorization":[
         "El campo authorization es obligatorio."
      ]
   }
}
{
  "message": "No se puede generar la operación, genera un token de idempotencia y envíelo en los headers como x-idempotency",
  "code": 10003,
  "code_name": "idempotency_error"
}
curl https://api.onepay.la/v1/cards/tokenized \
  -X POST \
  -H "Authorization: Bearer sk_test_xxx" \
  -H "Content-Type: application/json" \
  -H "x-idempotency: tokenized-card-001" \
  -d '{
    "card_token": "3f484621-29da-4632-954a-150953707e78",
    "customer_id": "9dd4158b-0e45-42bc-b56f-a4c1f856814d",
    "authorization": true,
    "authentication": {
      "cavv": "AAABBEg0VhI0VniQEjRWAAAAAAA=",
      "eci": "05",
      "ds_trans_id": "f25084f0-5b16-4c0a-ae5d-b24808571000",
      "version": "2.2.0",
      "status": "Y"
    }
  }'
const response = await fetch('https://api.onepay.la/v1/cards/tokenized', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sk_test_xxx',
    'Content-Type': 'application/json',
    'x-idempotency': 'tokenized-card-001'
  },
  body: JSON.stringify({
    card_token: '3f484621-29da-4632-954a-150953707e78',
    customer_id: '9dd4158b-0e45-42bc-b56f-a4c1f856814d',
    authorization: true,
    authentication: {
      cavv: 'AAABBEg0VhI0VniQEjRWAAAAAAA=',
      eci: '05',
      ds_trans_id: 'f25084f0-5b16-4c0a-ae5d-b24808571000',
      version: '2.2.0',
      status: 'Y'
    }
  })
});

const card = await response.json();
import requests

response = requests.post(
    'https://api.onepay.la/v1/cards/tokenized',
    headers={
        'Authorization': 'Bearer sk_test_xxx',
        'Content-Type': 'application/json',
        'x-idempotency': 'tokenized-card-001'
    },
    json={
        'card_token': '3f484621-29da-4632-954a-150953707e78',
        'customer_id': '9dd4158b-0e45-42bc-b56f-a4c1f856814d',
        'authorization': True,
        'authentication': {
            'cavv': 'AAABBEg0VhI0VniQEjRWAAAAAAA=',
            'eci': '05',
            'ds_trans_id': 'f25084f0-5b16-4c0a-ae5d-b24808571000',
            'version': '2.2.0',
            'status': 'Y'
        }
    }
)

card = response.json()
<?php
$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api.onepay.la/v1/cards/tokenized",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_POST => true,
  CURLOPT_HTTPHEADER => [
    "Authorization: Bearer sk_test_xxx",
    "Content-Type: application/json",
    "x-idempotency: tokenized-card-001"
  ],
  CURLOPT_POSTFIELDS => json_encode([
    "card_token" => "3f484621-29da-4632-954a-150953707e78",
    "customer_id" => "9dd4158b-0e45-42bc-b56f-a4c1f856814d",
    "authorization" => true,
    "authentication" => [
      "cavv" => "AAABBEg0VhI0VniQEjRWAAAAAAA=",
      "eci" => "05",
      "ds_trans_id" => "f25084f0-5b16-4c0a-ae5d-b24808571000",
      "version" => "2.2.0",
      "status" => "Y"
    ]
  ])
]);

$response = curl_exec($curl);
$card = json_decode($response, true);
?>