Payment Token Create
API: Ws_PaymentToken_Create
This web service creates a payment token for use with the Thredd mobile wallet tokenisation service, where you have direct integration to VDEP or MDES. After each successful tokenisation (digital wallet) setup, you need to provide Thredd with details of the token that has been set up with Visa or Mastercard. When Thredd receives your request successfully, a record is created in the system and Thredd returns the PaymentTokenID of the new record in the response. Until Thredd has created the PaymentTokenID, cardholders will not be able make payments using their device.
You should only use this web service where you have a direct integration to the Visa Digital Enabled Program (VDEP) or Mastercard Digital Enablement Service (MDES). For details, contact your Implementation Manager.
Record Description
|
Tag |
Type |
Minimum Length |
Maximum Length |
Description |
Request |
Response |
|---|---|---|---|---|---|---|
|
<WSID> |
N |
1 |
19 |
Web service ID. Must be unique for every web service request sent. For details, see the FAQs. Tip: You could use a number based on the current date and time, as long as it is unique (e.g., 20201217145006). |
Mandatory |
Mandatory |
|
<IssCode> |
AN |
1 |
4 |
Thredd Issuer (Program Manager) Code. Assigned by Thredd. |
Mandatory |
Mandatory |
|
<PAN> |
AN |
0 |
19 |
Card Number. Unique card identifier. Mandatory in request if |
Conditional |
Omit |
|
<PublicToken> |
AN |
1 |
9 |
The card’s public token, Mandatory in request if |
Conditional |
Mandatory |
|
<PaymentToken> |
AN |
1 |
32 |
The payment token. |
Mandatory |
Omit |
|
<PaymentTokenID> |
AN |
1 |
20 |
Unique Thredd token reference returned in the response. |
Omit |
Mandatory |
|
<PaymentTokenExpDate> |
Date |
10 |
10 |
Expiry date of the payment token. |
Mandatory |
Omit |
|
<PaymentTokenType> |
AN |
1 |
2 |
The payment token type. Defines the technology the token is being held on. See Payment Token Types. |
Mandatory |
Omit |
|
<DigitisationRef> |
AN |
1 |
64 |
Reference which all tokenisation messages use, to link them together. Unique per |
Optional |
Omit |
|
<EligibilityStatus> |
AN |
1 |
1 |
Eligibility status. Default is U (Unknown). |
Optional |
Omit |
|
<EligibilityDate> |
Date |
10 |
10 |
Eligibility date. Expected formats are |
Optional |
Omit |
|
<AuthStatus> |
AN |
1 |
1 |
Status of the authorisation to create this payment token: U = unknown 0 = approve tokenisation request A = approve tokenisation request (with additional authentication) 1 = decline tokenisation request Note: this is not the same as a transaction authorisation. |
Optional |
Omit |
|
<AuthDate> |
Date |
10 |
10 |
Date when the tokenisation request was last responded to. Expected formats are |
Optional |
Omit |
|
TokenisedStatus> |
AN |
1 |
1 |
Whether this payment token has been digitised/personalised: U=unknown 0=not-tokenised 1=tokenised |
Mandatory |
Omit |
|
<TokenisedDate> |
Date |
10 |
10 |
Date when tokenised. Expected formats are |
Optional |
Omit |
|
<GPSStatus> |
N |
2 |
2 |
The status of the token for transacting, as set by Thredd. |
Mandatory |
Omit |
|
<TxnStatus> |
AN |
1 |
1 |
The status of token for transacting. After tokenisation, this is not changed by Thredd, but is received from token creator who maintains this. |
Mandatory |
Omit |
|
<DeviceType> |
A |
1 |
10 |
The device type. See Device Types. |
Mandatory |
Omit |
|
<ActivationCode> |
AN |
1 |
40 |
Activation code sent directly to the cardholder to activate this payment token. |
Optional |
Omit |
|
<ActivationCodeExpDate> |
Date |
10 |
10 |
Date when the activation code expires. Expected formats are |
Optional |
Omit |
|
<ActivationMethod> |
AN |
1 |
1 |
The activation method used: 0 = None 1 = SMS to mobile phone 2= Email 3 = Cardholder to call automated call centre 4= Cardholder to call human call centre 5 = Website 6 = Mobile application 7 = Voice phone call |
Optional |
Omit |
|
<FirstName> |
AN |
1 |
20 |
Cardholder's first name. Also used as the card purchaser's first name if no delivery address is supplied. Mandatory if |
Optional |
Omit |
|
<LastName> |
AN |
1 |
20 |
Cardholder's last name. If no delivery address is supplied, this is the card purchaser’s last name. |
Optional |
Omit |
|
<WalletID> |
AN |
1 |
10 |
Name of the wallet provider this payment token uses (e.g., APPLE, ANDROID, SAMSUNG). Using a value that is not supported returns an action code of 439. |
Conditional |
Omit |
|
<WalletIDMastercard> |
AN |
3 |
3 |
Mastercard's 3-character code for the Wallet Provider, as per Banknet DE48.26.1. |
Conditional |
Omit |
|
<WalletAccountScore> |
N |
1 |
1 |
Risk score for the account, received from the wallet provider during digitisation: 1 = highest risk 2 = higher risk 3 = neutral 4 = lower risk 5 = least risk |
Optional |
Omit |
|
<WalletAccountHash> |
AN |
1 |
64 |
Wallet provider hash of account details (optional)or PBKDF2 hash of the cardholder’s account ID with the wallet provider. |
Optional |
Omit |
|
<WalletDeviceScore> |
N |
1 |
1 |
Risk score for the device linked to the token, as received from the wallet provider during digitisation: 1 = highest risk 2 = higher risk 3 = neutral 4 = lower risk 5 = least risk |
Optional |
Omit |
|
<WalletReasons> |
AN |
1 |
24 |
Wallet Service Provider Tokenisation Recommendation Reason Codes. |
Optional |
Omit |
|
<DeviceName> |
A |
1 |
20 |
Name assigned to the device linked to the token. |
Optional |
Omit |
|
<DeviceLongitude> |
D |
1 |
20 |
Device longitude in degrees at time of digitisation request: -180 to +180; +ve = East, -ve = West (of Greenwich). Example: 176.2 = East 176.2 degrees, -98.5 = West 98.5 degrees. |
Optional |
Omit |
|
<DeviceLatitude> |
D |
1 |
20 |
Device latitude in degrees at time of digitisation request: -90 (south pole) to +90 (north pole). +ve=North, -ve=South (from equator). Example: +63.2 = North 63.2 degrees, -82.6 = South 82.6 degrees. |
Optional |
Omit |
|
<DeviceTelNum> |
A |
1 |
15 |
Telephone number of the device linked to the token(if applicable). |
Optional |
Omit |
|
<DeviceID> |
A |
1 |
48 |
Unique ID of the secure element in the device linked to the token. |
Optional |
Omit |
|
<DeviceIP> |
A |
1 |
15 |
IP address (full or last part only) of the device at time of binding / digitisation. |
Optional |
Omit |
|
<DeviceLang> |
A |
1 |
2 |
Device language code as ISO 639-1 (2 letter lowercase) code. |
Optional |
Omit |
|
<AuthDecision> |
AN |
1 |
1 |
Status of the authorisation to create this payment token: U=unknown 0=Approve tokenisation request A=Approve tokenisation request (with additional authentication) |
Optional |
Omit |
|
<Creator> |
AN |
1 |
8 |
The creator of the payment token. If omitted, the token is set to Visa/Mastercard based on the Card Product of the <PAN> or <PublicToken>. Else, the provided value is used. |
Optional |
Omit |
|
<CreatorTokenRef> |
AN |
1 |
48 |
The token creator's unique reference for this payment token. (Mastercard Token Unique Reference (TUR) and Visa Token reference ID.) |
Mandatory |
Omit |
|
<CreatorPanRef> |
AN |
1 |
48 |
The token creator's unique reference for the linked card. |
Mandatory |
Omit |
|
<AcceptedTermsVersion> |
AN |
1 |
32 |
Version of the terms and conditions which were accepted by the cardholder (as received from the network). |
Optional |
Omit |
|
<AcceptedTermsDateGMT> |
Date |
10 |
10 |
Date when terms and conditions were accepted by the cardholder (as received from the network). Expected formats are |
Optional |
Omit |
|
<ActivationStatus> |
AN |
1 |
1 |
The payment token's activation status: Status is 'R' when Reason code = 00 |
Optional |
Omit |
|
<TokenRequestorID> |
N |
1 |
16 |
The Token Requestor ID. |
Mandatory |
Omit |
|
<ActionCode> |
AN |
3 |
3 |
The action code for the response. See Action Codes. |
Omit |
Mandatory |
|
<ActionDescription> |
AN |
0 |
200 |
Description of the action code in the response, if applicable. |
Omit |
Optional |
Request
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:hyp="http://www.globalprocessing.ae/HyperionWeb">
<soapenv:Header>
<hyp:AuthSoapHeader>
<hyp:strUserName>******</hyp:strUserName>
<hyp:strPassword>******</hyp:strPassword>
</hyp:AuthSoapHeader>
</soapenv:Header>
<soapenv:Body>
<hyp:Ws_PaymentToken_Create>
<hyp:WSID>2184520920728827904</hyp:WSID>
<hyp:IssCode>PMT</hyp:IssCode>
<hyp:PAN/>
<hyp:PublicToken>102983890</hyp:PublicToken>
<hyp:PaymentToken>2452365478954124</hyp:PaymentToken>
<hyp:PaymentTokenExpDate>2025-05-17</hyp:PaymentTokenExpDate>
<hyp:PaymentTokenType>C</hyp:PaymentTokenType>
<hyp:DigitizationRef>XY-35435</hyp:DigitizationRef>
<hyp:EligibilityStatus/>
<hyp:EligibilityDate/>
<hyp:AuthStatus/>
<hyp:AuthDate/>
<hyp:TokenisedStatus>U</hyp:TokenisedStatus>
<hyp:TokenisedDate/>
<hyp:GPSStatus>00</hyp:GPSStatus>
<hyp:TxnStatus>A</hyp:TxnStatus>
<hyp:DeviceType>A</hyp:DeviceType>
<hyp:ActivationCode>01A</hyp:ActivationCode>
<hyp:ActivationCodeExpDate/>
<hyp:ActivationMethod/>
<hyp:FirstName/>
<hyp:LastName/>
<hyp:WalletID>MRCHTOKEN</hyp:WalletID>
<hyp:WalletIDMasterCard/>
<hyp:WalletAccountScore/>
<hyp:WalletAccountHash/>
<hyp:WalletDeviceScore/>
<hyp:WalletReasons/>
<hyp:DeviceName/>
<hyp:DeviceLongitude/>
<hyp:DeviceLatitude/>
<hyp:DeviceTelNum/>
<hyp:DeviceID/>
<hyp:DeviceIP/>
<hyp:DeviceLang/>
<hyp:AuthDecision/>
<hyp:Creator>CARD</hyp:Creator>
<hyp:CreatorTokenRef>123</hyp:CreatorTokenRef>
<hyp:CreatorPanRef>1233</hyp:CreatorPanRef>
<hyp:AcceptedTermsVersion/>
<hyp:AcceptedTermsDateGMT/>
<hyp:ActivationStatus/>
<hyp:TokenRequestorID>987</hyp:TokenRequestorID>
</hyp:Ws_PaymentToken_Create>
</soapenv:Body>
</soapenv:Envelope>Response
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<Ws_PaymentToken_CreateResponse xmlns="http://www.globalprocessing.ae/HyperionWeb">
<Ws_PaymentToken_CreateResult>
<WSID>2184520920728827904</WSID>
<IssCode>PMT</IssCode>
<PublicToken>102983890</PublicToken>
<PaymentTokenID>58073</PaymentTokenID>
<ActionCode>000</ActionCode>
<ActionDescription/>
</Ws_PaymentToken_CreateResult>
</Ws_PaymentToken_CreateResponse>
</soap:Body>
</soap:Envelope>