Generate Token

The generate token policy is used to store a provided PAN inside a Vault and to provide an equivalent token for further processing. The PAN is stored in encrypted format as per the tokenization policies defined.

The following properties describe the various configuration options available to use this policy.

Input PAN identifier

Configure the Message Part Identifier which contains the value of PAN (like a Credit Card Number). The PAN can be retrieved from Query Parameters, Headers or Context Variables.

Icon

To use PAN from Form Parameters or Payload, use Assign Variables policy to parse the request and use the parsed variables to configure the PAN identifier.

Generated Token Holder

Message Part Identifier can be configured to decide the place holder for the generated Token. The generated token can be used to do further processing or directly sent as a response using the Build Message Policy. A new token will be generated only if the PAN is not already stored in the system. Otherwise, the existing token is returned.

Tokenization Policies

Tokenization policies define the extent to which the original PAN number is retained in generating the token.

Preserve Prefix Length

The length of the original PAN prefix that needs to be retained in the generated token.

Preserve Suffix Length

The length of the original PAN prefix that needs to be retained in the generated token.

Example

Icon

For example, a PAN with value 1234567890 and prefix length as 4 and preserve suffix length as 2 will result in token generated as 1234XXXX90

Vault Configuration

The vault can be configured as explained in the Setting Up PAN Storage section.