Card Tokenization
Card Management
>
API Reference
>
v1
>
Card Tokenization
>
Card Tokenization
openapi: 3.0.3
info:
title: Card Tokenization - Card Tokenization
description: V1 APIs for Card Tokenization
version: v1
contact:
name: Digital Core @ Jack Henry and Associates, inc.
url: https://www.jackhenry.com/
email: DC-Operations@jackhenry.com
servers:
- url: https://{API_ENDPOINT}
variables:
API_ENDPOINT:
default: digital.garden-fi.com
security:
- bearerAuth: []
tags:
- name: Card Tokenization
description: V1 APIs for Card Tokenization
paths:
/api/card-mgmt/v1/{InstitutionUniversalId}/tokenization/card-tokens:
post:
tags:
- Card Tokenization
description: Create Card Token from Encrypted Card Data
operationId: createTokenizationCardToken
parameters:
- name: InstitutionUniversalId
in: path
description: A unique identifier to establish the identity of an Institution/Environment/Brand combination
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
required:
- encryptedPrimaryAccountNumber
type: object
properties:
encryptedPrimaryAccountNumber:
type: string
description: Encrypted 'TokenizationCardData'. See TokenizationCardData schema.
responses:
'200':
description: Ok
content:
application/json:
schema:
type: object
required:
- cardToken
properties:
cardToken:
type: string
description: Tokenized PAN of the supplied card in the request to be tokenized.
'400':
description: |
Bad Request: The server could not understand the request due to an invalid request.
content:
application/problem+json:
schema:
type: object
required:
- type
- title
- details
properties:
type:
description: A string path which uniquely classifies the domain of the error.
type: string
nullable: false
example: jackhenry/operation-failed
title:
description: A end-user readable string title of the error type.
nullable: false
type: string
details:
description: An array of end-user readable strings which provide additional details for the error message.
type: array
nullable: false
items:
type: string
data:
type: object
description: |
Additional data that could be useful to a developer or for handing the error programmatically. The schema for the data in this object is intentionally left undefined.
nullable: true
'401':
description: Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response.
'403':
description: The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401, the clients identity is known to the server.
'404':
description: The server can not find the requested resource. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client.
'500':
description: An unexpected internal server error occurred while processing the request.
content:
application/problem+json:
schema:
type: object
required:
- type
- title
- details
properties:
type:
description: A string path which uniquely classifies the domain of the error.
type: string
nullable: false
example: jackhenry/operation-failed
title:
description: A end-user readable string title of the error type.
nullable: false
type: string
details:
description: An array of end-user readable strings which provide additional details for the error message.
type: array
nullable: false
items:
type: string
data:
type: object
description: |
Additional data that could be useful to a developer or for handing the error programmatically. The schema for the data in this object is intentionally left undefined.
nullable: true
examples:
internalServerError:
summary: Internal server error
value:
type: general/internal-server-error
title: Internal server error
details:
- Unexpected internal server error
/api/card-mgmt/v1/{InstitutionUniversalId}/tokenization/card-pans:
post:
tags:
- Card Tokenization
description: Retrieve Encrypted PAN from Tokenized Card Data
operationId: createTokenizationCardPan
parameters:
- name: InstitutionUniversalId
in: path
description: A unique identifier to establish the identity of an Institution/Environment/Brand combination
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
required:
- publicKey
- cardToken
type: object
properties:
publicKey:
type: string
description: ECDH public key in base64 format.
cardToken:
type: string
description: Tokenized PAN of the supplied card.
responses:
'200':
description: Ok
content:
application/json:
schema:
type: object
required:
- encryptedPrimaryAccountNumber
properties:
encryptedPrimaryAccountNumber:
type: string
description: Encrypted 'TokenizationCardData'. See TokenizationCardData schema.
'400':
description: |
Bad Request: The server could not understand the request due to an invalid request.
content:
application/problem+json:
schema:
type: object
required:
- type
- title
- details
properties:
type:
description: A string path which uniquely classifies the domain of the error.
type: string
nullable: false
example: jackhenry/operation-failed
title:
description: A end-user readable string title of the error type.
nullable: false
type: string
details:
description: An array of end-user readable strings which provide additional details for the error message.
type: array
nullable: false
items:
type: string
data:
type: object
description: |
Additional data that could be useful to a developer or for handing the error programmatically. The schema for the data in this object is intentionally left undefined.
nullable: true
'401':
description: Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response.
'403':
description: The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401, the clients identity is known to the server.
'404':
description: The server can not find the requested resource. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 to hide the existence of a resource from an unauthorized client.
'500':
description: An unexpected internal server error occurred while processing the request.
content:
application/problem+json:
schema:
type: object
required:
- type
- title
- details
properties:
type:
description: A string path which uniquely classifies the domain of the error.
type: string
nullable: false
example: jackhenry/operation-failed
title:
description: A end-user readable string title of the error type.
nullable: false
type: string
details:
description: An array of end-user readable strings which provide additional details for the error message.
type: array
nullable: false
items:
type: string
data:
type: object
description: |
Additional data that could be useful to a developer or for handing the error programmatically. The schema for the data in this object is intentionally left undefined.
nullable: true
examples:
internalServerError:
summary: Internal server error
value:
type: general/internal-server-error
title: Internal server error
details:
- Unexpected internal server error
Did this page help you?
Why was this page helpful?
Why wasn't this page helpful?
Thank you for your feedback!
Last updated Fri Jan 23 2026