A tokenization key authorizes clients to tokenize payment methods.
Unlike a client token, a tokenization key is both static and reduced privilege. It may be used multiple times and can be shipped with your apps without the need to generate a new key for each session.
A single tokenization key may be reused indefinitely across many client apps.
You may have multiple active tokenization keys. For example, you may wish to use a unique key per platform. Each tokenization key can be given a label to track its intended purpose.
If you decide you no longer want a specific tokenization key to be used, it can be revoked. Doing so will deauthorize any clients using that key.
Tokenization keys authorize only a subset of Braintree's client API capabilities. When using a tokenization key, clients may only tokenize payment methods.
In contrast to a client token, you may not specify a customer ID, set a specific merchant account ID, or otherwise provide any configuration.
The following payment methods can be tokenized using a tokenization key: credit cards, PayPal, Venmo, Coinbase, Apple Pay, and Android Pay. You cannot use a tokenization key to create a 3D Secure transaction.
To obtain a tokenization key, follow these steps:
- Log into either the production Control Panel or the sandbox Control Panel, depending on which environment you are working in
- Navigate to Account > My user
- Under API Keys, Tokenization Keys, Encryption Keys, click View Authorizations
You should see your key under the Tokenization Key section. If no key appears, click Generate New Tokenization Key
Because of their reduced authorization, tokenization keys are publishable, meaning safe to include in your app. They are not sensitive information and can be exposed in an insecure client.
Initialize the SDK with your tokenization key before you want to display the payment UI. The SDK will fetch configuration information from Braintree.
BTAPIClient *apiClient = [[BTAPIClient alloc] initWithAuthorization:tokenizationKey];
The SDK should function as with a client token, with some limitations:
- Payment methods cannot be saved directly from the client to a customer in the Vault using a tokenization key. To save the payment method, you'll need to pass the resulting payment method nonce to your server. Otherwise, generate a client token with a customer ID.
- Drop-in will not be able to retrieve a customer's saved payment methods. Repeat purchases will show the add payment method UI.