> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pushcash.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Tokenize a card

<div className="Goal">
  ## Goal

  Securely exchange raw cardholder and authentication data for a short-lived token that can be used to authorize a payment.
</div>

<Warning>
  Calling the tokens API directly with raw card data requires your environment complies with [PCI DSS](https://www.pcisecuritystandards.org/) requirements. Ensure your integration meets the applicable PCI requirements before handling PAN, CVV, or expiration data.
</Warning>

## Steps

***

## Step 1: Tokenize the card

<div className="What">
  <p className="bold-header">What you need to do</p>

  Submit the user's PAN, CVV, and expiration date to the tokens API to receive a short-lived token.<br /><br />

  Before tokenizing, ensure you have registered the user by following the [create a user](./create-a-user) guide.
</div>

#### How to do it

1. POST the user's `user_id`, `pan`, `cvv`, `exp_month`, and `exp_year` to the [tokenize-card](./apireference/tokenization/tokenize-card) endpoint on the tokens domain (`https://tokens.pushcash.com` in production, `https://sandbox-tokens.pushcash.com` in sandbox).
2. Persist or forward the returned `token` to the system that will submit the authorization. Tokens are short-lived and intended for a single authorization.

<Note>
  The tokens API is hosted on a separate, PCI-isolated domain from the rest of the Push API. Authentication uses the same bearer token as the main API.
</Note>

## Step 2: Authorize the payment

<div className="What">
  <p className="bold-header">What you need to do</p>

  Submit the token to the authorization endpoint to process the payment.
</div>

#### How to do it

1. Call the [authorize-payment](./apireference/authorization/authorize-payment) endpoint with the payment details, the `user_id`, and the `token` returned from Step 1.
2. Display the result (approved or declined) to the user.

<RequestExample>
  ```bash Tokenize Card theme={null}
  curl --request POST \
    --url https://sandbox-tokens.pushcash.com/tokenize \
    --header 'Authorization: Bearer <token>' \
    --header 'Content-Type: application/json' \
    --data '
  {
    "user_id": "user_lVpbPL0K1XIiHx0DxipRbD",
    "pan": "5555555555554444",
    "cvv": "123",
    "exp_month": "12",
    "exp_year": "28"
  }
  '
  ```

  ```bash Authorize Payment With Token theme={null}
  curl --request POST \
    --url https://sandbox.pushcash.com/authorize \
    --header 'Authorization: Bearer <token>' \
    --header 'Content-Type: application/json' \
    --data '
  {
    "user_id": "user_lVpbPL0K1XIiHx0DxipRbD",
    "token": "token_mbDRHFi3dxIZEtykHsgUGC",
    "amount": 2500,
    "currency": "USD",
    "direction": "cash_in"
  }
  '
  ```
</RequestExample>

<ResponseExample>
  ```json Tokenize Card - 200 OK theme={null}
  {
    "token": "token_mbDRHFi3dxIZEtykHsgUGC"
  }
  ```

  ```json Authorize Payment - 200 OK theme={null}
  {
    "id": "intent_sandbox_mbDRHFi3dxIZEtykHsgUGC",
    "amount": 2500,
    "direction": "cash_in",
    "currency": "USD",
    "credential": {
      "display_name": "Visa 4444",
      "last4": "4444"
    }
  }
  ```
</ResponseExample>

## Integration checklist

* Tokenize using the test card `5555 5555 5555 4444` against the sandbox tokens domain
* Verify the returned token authorizes successfully via [authorize-payment](./apireference/authorization/authorize-payment)
* Confirm requests originate from a PCI-compliant environment before enabling in production