Tokenisation Overview
Tokenisation replaces sensitive card data with a reusable token, allowing you to charge returning customers without storing raw card numbers.
What is tokenisation?
When a customer pays, Connected Payments can capture their card details and returns a token — a unique, non-sensitive reference to that card by using a series of flags during the transaction. You store the token, not the card number. Future payments are made by submitting the token instead of re-entering card details.
How tokens work
| Step | What happens |
|---|---|
| 1. Card captured | Customer enters card details via Web Integration or API |
| 2. Token issued | Connected Payments returns a token linked to that card |
| 3. Token stored | You store the token against the customer in your system |
| 4. Token used | Submit the token in future payment requests instead of card details |
| 5. Token managed | Update or delete tokens via the Tokenisation API as needed |
Integration options
- Web Integration
- Tokenisation API
Web Integration Tokenisation (recommended)
The customer enters their card into a Connected Payments-hosted iFrame. The token is returned to you after payment or card save. CommBank handles all card data.
- eCommerce checkout
- Subscription sign-up
- Account-on-file setup
- Standard payment flows
Benefits:
- Lower implementation effort
- Minimal ongoing maintenance
- High customisation options
Tokenisation API
Your server calls the API directly to create and manage tokens. Gives you full control but requires a deeper understanding of transaction flows and ongoing maintenance as card scheme standards evolve.
- Complex backend workflows
- Batch operations
- Headless integrations
- Cases where an iFrame isn't viable
Considerations:
- Higher implementation effort
- Ongoing maintenance required
- You must apply scheme updates
- Complete customisation control
Choosing the right approach
| Web Integration | Tokenisation API | |
|---|---|---|
| Implementation effort | Lower | Higher |
| Ongoing maintenance | Minimal | Ongoing — you apply updates |
| Customisation | High | Complete |
| Best for | Standard checkout flows | Complex or headless integrations |
Hybrid approach
Many merchants combine both methods for maximum flexibility:
- Card Capture
- Token Management
This hybrid approach gives you the security benefits of Web Integration for card capture while maintaining full programmatic control over token lifecycle management.
Next steps
| Guide | Description |
|---|---|
| Integration Guide | Step-by-step implementation instructions for both Web and API methods |
| Tokenisation Specifics | Token formats, silos, aliases, and advanced configuration |
| API Reference | Complete API endpoint documentation |