Firstoken API Docs
  • ⚙️API Reference
    • Firstoken API
      • Tokenization As A Service
        • Simple Tokenization
        • Simple Detokenization
        • Inspect Token
        • Delete Tokens
      • Transactions
        • Create a Transaction
        • Retrieve a Transaction
        • Inspect a Transaction
        • Delete a Transaction
        • Tokenize a Transaction
      • Proxy
        • Allowed Headers
        • Actions
        • Methods
          • POST - Proxy
          • GET - Proxy
          • PUT - Proxy
          • PATCH - Proxy
          • DELETE - Proxy
        • Get Payload Hash
        • Proxy JOSE
        • Proxy WSSEC
      • Inbound Routes
        • Create an Inbound - POST
      • Payments
        • Attributes of the Request
        • Common response
        • Endpoints
          • Authorizations
          • Reversals
          • Capture
            • Capture Refunds
            • Capture Void
          • Payments
            • Payment Refunds
            • Payment Void
          • Refunds void
          • Credit
            • Credit Void
          • Get Transaction Details
        • Decision Manager
          • How it works
          • Create decision
          • Update Decision
        • Risk Payer Authentication
          • How to use it
          • 3-D Secure Flows
            • Successful Frictionless Authentication
            • Unsuccessful Frictionless Authentication
            • Attempts Processing Frictionless Authentication
            • Unavailable Frictionless Authentication
            • Rejected Frictionless Authentication
            • Authentication not available on Lookup
            • Enrollment check error
            • Time-out
            • Bypassed Authentication
            • Successful Step-Up Authentication
            • Unsuccessful Step-Up Authentication
            • Unavailable Step-Up Authentication
            • Require Method URL
        • Point of Sale Payments
          • Authorization
          • Capture
          • Payment
          • Credit
  • 📖Guides
    • Firstoken Captures Hosted Iframe
      • How Firstoken Captures works
      • Generating a JSON Web Token
      • JSON form Schema
      • Iframe Communication
    • De-scoping Components
      • How Firstoken De-scoping Components works
      • Inbound Routes Module
        • Create an Inbound Route
        • Edit an Inbound Route
        • Delete an Inbound Route
      • Webhook Module
        • Create a Webhook
        • Edit a Webhook
        • Delete a Webhook
        • Webhook events
        • How to sign Webhooks data
      • Proxy Module
        • Create a Proxy
        • Edit a Proxy
        • Delete a Proxy
    • Firstoken Captures SDK JS
      • Getting Started
      • Functions
      • Type of Elements
      • Elements Options
      • CSS Object
      • Full Example of Usage
      • SDK versions
Powered by GitBook
On this page
  • Configuration Options
  • Token Verification:

Was this helpful?

  1. API Reference
  2. Firstoken API
  3. Inbound Routes

Create an Inbound - POST

To use this request, you have to create an Inbound Route first, to obtain the Inbound Route id. (To know how to create an Inbound in Firstoken Customer Portal go to our Descoping Components Guide

POST /:id
curl -X POST https://api.firstoken.co/routes/:id \
-H "Content-Type: application/json"

  • id: string A valid Inbound Route ID. (You previously have to create an Inbound in our module of Customer Portal)

Note: In case, you have to make some sandbox tests you must be called from the base URL https://api.firstoken-staging.co/routes

Example Inbound Request Body
{
    "card": {
        "number": "4242424242424242",
        "name": "John Smith",
        "exp": {
            "month": "01",
            "year": "2027"
        }
    }
}
Example Inbound Response Body
{
    "card": {
        "number": "dc33160d-79e0-4073-b374-6345298c9c84",
        "name": "John Smith",
        "exp": "dc33160d-79e0-4073-b374-6345298c9c84"
    }
}

If you need to specify that you're using a card with an 8-digit BIN, you can add the optional isEightDigitsBin property to the request body:

Example Inbound Request with 8-Bin cards
{
    "isEightDigitsBin": true,
    "card": {
        "number": "4242424242424242",
        "name": "John Smith",
        "exp": {
            "month": "01",
            "year": "2027"
        }
    }
}

The isEightDigitsBin property is optional. When included and set to true, it informs the API that the card being tokenized has an 8-digit BIN instead of the standard 6-digit BIN. This property should only be added to the request body when dealing with cards that have 8-digit BINs.

Configuration Options

Metadata Return: In the Inbound Route configuration on the portal, you can activate an option to return metadata in the API response. You can assign a name to this field where the API will return the card's metadata. The metadata can include the truncated PAN, BIN, last four digits, and token.

Permanent Token: In the portal configuration, you can set up the tokenization to use a permanent token. By selecting the "permanent token" option and activating the "persistent" setting, you ensure that the same card number always generates the same token.

Example Inbound Response with Metadata
{
    "isEightDigitsBin": true,
    "card": "926ba19f-ebeb-4c08-b072-6f44e1b23bbf",
    "CustomField": {
        "card": {
            "card_truncated": "424242******4242",
            "bin": "42424242",
            "last_four": "4242",
            "token": "926ba19f-ebeb-4c08-b072-6f44e1b23bbf"
        }
    }
}

Token Verification:

  • Permanent tokens: Check via Customer Portal (Tokens section) or TaaS API.

  • Temporal tokens: Use Transactions API with the transaction ID from the inbound request.

PreviousInbound RoutesNextPayments

Last updated 7 months ago

Was this helpful?

⚙️