A tokenization key authorizes clients to tokenize payment information.
Unlike a client token, a tokenization key is both static and reduced privilege. It can be shipped with your apps without the need to generate a new key for each session.
The following payment methods can be tokenized using a tokenization key: credit cards, PayPal, Venmo, Apple Pay, and Google Pay.
A single tokenization key may be reused indefinitely across many client apps.
You may have multiple active tokenization keys. For example, you may wish to use a unique key per platform. Each tokenization key can be given a label to track its intended purpose.
If you decide you no longer want a specific tokenization key to be used, it can be revoked. Doing so will deauthorize any clients using that key.
Tokenization keys authorize only a subset of Braintree's client API capabilities. The SDK should function as with a client token, with some limitations:
- When using a tokenization key, clients may only tokenize payment information.
- You may not specify a customer ID, set a specific merchant account ID, or otherwise provide any configuration.
- Payment methods can't be saved directly from the client to a customer in the Vault using a tokenization key. To save the payment method, you'll need to pass the resulting payment method nonce to your server. Otherwise, generate a client token with a customer ID.
- Drop-in will not be able to retrieve a customer's saved payment methods. Repeat purchases will show the add payment method UI.
- You can't use a tokenization key to create a 3D Secure transaction.
To obtain a tokenization key, follow these steps:
- Log into either the production Control Panel or the sandbox Control Panel, depending on which environment you are working in
- Click on the gear icon in the top right corner
- Click API from the drop-down menu
- Scroll to the Tokenization Keys section
If no key appears, click the Generate New Tokenization Key button.
Because of their reduced authorization, tokenization keys are publishable, meaning safe to include in your app. They are not sensitive information and can be exposed in an insecure client.
Initialize the SDK with your tokenization key before you want to display the payment UI. The SDK will fetch configuration information from Braintree.
BTAPIClient *apiClient = [[BTAPIClient alloc] initWithAuthorization:tokenizationKey];