# Tokenization
## Tokenization
`POST` `https://security-test.pagsmile.com/card/tokenize/`
This endpoint allows you to get token to create CreditCard orders.
#### Headers
| Name | Type | Description |
| ----------------------------------------------- | ------ | ------------------------------------------ |
| Content-Type\* | string | application/json; chartset=UTF-8 |
| Authorization\* | string | Basic Base($app\_*id:$security\_*key) |
#### Request Body
| Name | Type | Description |
| --------------------------------------------------------- | ------ | ------------------------------------------------------------ |
| app\_id\* | string | created app's id at dashboard
- Max. 32 chars -
|
| timestamp\* | string | yyyy-MM-dd HH:mm:ss
- Max. 19 chars -
|
| method\* | string | CreditCard or DiscoverCard |
| card.card\_no\* | string | card number |
| card.issuer | string | visa, mastercard... |
| card.holder.name\* | string | holder name |
| card.holder.identification.type | string | holder id type |
| card.holder.identification.number | string | holder id number |
| card.cvv\* | string | security code |
| card.valid\_thru\_year\* | string | expiration year (4 digits) |
| card.valid\_thru\_month\* | string | expiration month (2 digits) |
{% tabs %}
{% tab title="200: OK submit successfully" %}
```json
{
"code": "10000",
"msg": "Success",
"token": "psct_1bd2****73c91",
"valid_thru_year": "2***",
"valid_thru_month": "09",
"card_number_length": 16,
"first_six_digits": "5***2",
"last_four_digits": "***4",
"security_code_length": 3,
"holder": {
"identification": {} //The identification will be returned when it was sent in the request
},
"created": 1710313784,
"card_number": "51**94",
"security_code": "****"
}
```
{% endtab %}
{% tab title="400: Bad Request invalid signature" %}
```json
{
"code":"40002",
"msg":"Business Failed",
"sub_code":"invalid-signature",
"sub_msg":"invalid signature"
}
```
{% endtab %}
{% endtabs %}
{% hint style="success" %}
The URL for production is: [https://security.pagsmile.com/card/tokenize/](https://security.pagsmile.com/card/token/)
{% endhint %}
### Example
```
curl --location --request POST 'https://security-test.pagsmile.com/card/tokenize' \
--header 'Authorization: Basic MTYyNTgyOTIxNDUzMTY2Mzg6UGFnc21pbGVfc2tfZDUwMWQ1ZGNkNTI5OGQ5N2MwNmUzYjI4YjA2OWZjZmY3NDU5ZjY2NzNiMjFjMTFlYTY3NDM5MDgzOTZkOTYxNQ==' \
--header 'Content-Type: application/json' \
--data-raw '{
* "app_id": "162************38",
* "timestamp": "2022-01-01 03:54:01",
* "method": "CreditCard", //CreditCard or DiscoverCard
* "card": {
* "card_no": "",
"issuer": "visa",
"holder": {
"name": "Test User Name",
"identification": {
"type": "CPF",
"number": "50284414727"
}
},
* "cvv": "",
* "valid_thru_year": "",
* "valid_thru_month": ""
}
}'
```
{% hint style="info" %}
Note: **162\*\*\*\*\*\*\*\*\*\*\*\*38** is pagsmile's test app id for sandbox, and **MTYyNTgyOTIxNDUzMTY2Mzg6UGFnc21pbGVfc2tfZDUwMWQ1ZGNkNTI5OGQ5N2MwNmUzYjI4YjA2OWZjZmY3NDU5ZjY2NzNiMjFjMTFlYTY3NDM5MDgzOTZkOTYxNQ==** is authorization token associated with the test app id.
{% endhint %}
{% hint style="danger" %}
Please use your own **app\_id** and generate your own **authorization token** when testing.
{% endhint %}