Merchant Detokenization

As a merchant, in order to request the de-tokenization of a token you need:

• To know the token id
• To authenticate to the de-tokenization webservice as a merchant
• To be in the list of the authorized detokenizers that was given when the token was created.

Detokenization request

This method allows a merchant to detokenize a token which he was authorizated to de-tokenize. The response includes a one-time-use redirect URL, to which the user has to be redirected to in order to view the payment method details.

Notes:

• The generated URL can only be accessed once and it has a timed access limit of 60 seconds after it has been requested. (If it’s expired, you should request another one)
• As this URL will let you access sensitive card details, it is important to consider it as such, it should not be stored and it should only be communicated through a secure channel.

URL syntax:/api/{version}/merchant/token/{token.id}/detokenize Method:POST

Input parameters

Name	Type	Details	Mandatory	Description
type	string	TEXT|IMAGE	Y	The returned detokenization type. IMAGE refers to payment method details returned as an image. TEXT is payment method details shown as pure text. Please check which type you are allowed to use.
viewer	string	max length 100	Y	Details of the user that will be viewing the detokenized data.
company_reference	string	max length 100	Y	The merchant/hotel registration reference (in your system) for whom you are going to detokenize the token.

Example request

{
    "type": "IMAGE",
    "viewer": "John Doe",
    "company_reference": "4242"
}

Response parameters

Name	Type	Mandatory	Description
class	string	Y	The type of object which is being returned. In this case it will be detokenize.
redirect_url	string	Y	The url from where to access the detokenized card details.

Example response

{
   "class":"detokenize",
   "redirect_url":"http:\/\/www.syspay.com\/redirect\/detokenize\/a448bc2a-9d97-11e4-a460-1ed32635ba79"
}