Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.pushcash.com/llms.txt

Use this file to discover all available pages before exploring further.

Goal

Securely exchange raw cardholder and authentication data for a short-lived token that can be used to authorize a payment.
Calling the tokens API directly with raw card data requires your environment complies with PCI DSS requirements. Ensure your integration meets the applicable PCI requirements before handling PAN, CVV, or expiration data.

Steps

Step 1: Tokenize the card

What you need to do

Submit the user’s PAN, CVV, and expiration date to the tokens API to receive a short-lived token.

Before tokenizing, ensure you have registered the user by following the create a user guide.

How to do it

  1. POST the user’s user_id, pan, cvv, exp_month, and exp_year to the tokenize-card endpoint on the tokens domain (https://tokens.pushcash.com in production, https://sandbox-tokens.pushcash.com in sandbox).
  2. Persist or forward the returned token to the system that will submit the authorization. Tokens are short-lived and intended for a single authorization.
The tokens API is hosted on a separate, PCI-isolated domain from the rest of the Push API. Authentication uses the same bearer token as the main API.

Step 2: Authorize the payment

What you need to do

Submit the token to the authorization endpoint to process the payment.

How to do it

  1. Call the authorize-payment endpoint with the payment details, the user_id, and the token returned from Step 1.
  2. Display the result (approved or declined) to the user.
curl --request POST \
  --url https://sandbox-tokens.pushcash.com/tokenize \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "user_id": "user_lVpbPL0K1XIiHx0DxipRbD",
  "pan": "5555555555554444",
  "cvv": "123",
  "exp_month": "12",
  "exp_year": "28"
}
'

{
  "token": "token_mbDRHFi3dxIZEtykHsgUGC"
}

Integration checklist

  • Tokenize using the test card 5555 5555 5555 4444 against the sandbox tokens domain
  • Verify the returned token authorizes successfully via authorize-payment
  • Confirm requests originate from a PCI-compliant environment before enabling in production