Skip to content


Tokenization is a process to convert the card number and expiry date into a token, which is represented by a unique string (eg. 5a04127fbe64ae7e487f8c55). This token represents the buyer’s card details, so that you do not have to handle the real credit card information. This reduces your PCI-DSS scope and enhances security.

Tokenization happens on the frontend, such as the browser or mobile app. When tokenizing, the public API key is used. Xendit offers single-use or multiple-use tokens, based on your business needs.

Single Use Token Multiple Use Token
  • Valid for only one transaction
  • The token will be deleted after the transaction has completed
  • Expires in 30 days (if transaction was not completed)
  • Valid for multiple transactions
  • Once the card details have been tokenized, re-tokenization is not required for future charges
  • Expires when the card expires

This chart shows a typical tokenization flow.

alt text


  1. How long is the multiple use token stored for?

    Until the card expires.