Payment Account Tokenization

Start a Project Start a Project API Overview API Overview API Reference API Reference
Navigate to...
keyboard_arrow_down

Financial Institution API

This API is used by Financial Institutions to get information on tokens linked to accounts, perform life cycle management operations on tokens and update token restrictions.

API Overview

This API is used by Financial Institutions to get information on tokens linked to accounts, perform life cycle management operations on tokens and update token restrictions.

Note that when the Financial Institution state is disabled or closed, all API requests are rejected with statusCode 13011: Financial Institution is not in valid state.

Available Endpoints

Endpoint Usage
/gettokens Used to get all the tokens linked to an account.
/tokenlifecyclemanagement Used to perform state change operation on a Token.
/replacerealaccount Used to replace the underlying account of a token.

API Reference

<Link to APIConnect reference page>

Financial Institution Message Flows

Overview of message flows for Financial Institution API operations.

Message Flows

The diagrams below provide an overview of the FI API message flows for Get Tokens, Lifecycle Management and Replace underlying real routing and account.

Note that when the Financial Institution state is disabled or closed, all API requests are rejected with statusCode 13011: Financial Institution is not in valid state.

Token lifecycle management from FI

Financial Institutions can manage the lifecycle of tokens associated with their accounts through the FI API.

Replace underlying real routing and account from FI using real routing/account

Financial Institutions can replace the underlying account information for tokens using real account details.

Replace underlying real routing and account from FI using token routing/account

Financial Institutions can replace the underlying account information for tokens using token-based routing information.

Get tokens from FI

Financial Institutions can retrieve all tokens associated with their accounts.

Token Lifecycle Management from FI

How Financial Institutions manage token lifecycles through the FI API.

Token lifecycle management from FI

Financial Institutions have comprehensive control over the lifecycle of tokens associated with their accounts. This includes the ability to activate, suspend, deactivate, and delete tokens as needed for risk management and operational requirements.

Lifecycle Operations

  • Token activation: Making tokens available for use
  • Token suspension: Temporarily disabling tokens
  • Token deactivation: Permanently disabling tokens
  • Token deletion: Removing tokens from the system

Access Methods

FIs can manage token lifecycles through:

  • Financial Institution API
  • Customer Service Portal
  • Batch lifecycle management

Notification Impact

When FIs initiate lifecycle changes, notifications are sent to the relevant Token Requestors to ensure all parties are informed of the state changes.

Replace Real Routing Account with Real Account

Process for replacing underlying account information using real account details.

Replace underlying real routing and account from FI using real routing/account

Financial Institutions can replace the underlying real account information for existing tokens using real routing and account numbers. This operation allows FIs to update the account backing a token without affecting the token itself.

Use Cases

  • Account number changes due to bank mergers
  • Routing number updates
  • Account consolidation
  • System migrations

Process Flow

  1. FI identifies token requiring account update
  2. FI provides new real routing and account numbers
  3. PAT validates the new account information
  4. Token is updated with new underlying account
  5. Confirmation is provided to the FI

Replace Real Routing Account with Token Account

Process for replacing underlying account information using token-based routing.

Replace underlying real routing and account from FI using token routing/account

Financial Institutions can replace the underlying account information for tokens using token-based routing and account information. This allows for more flexible account management within the tokenized environment.

Benefits

  • Maintains tokenization throughout the process
  • Reduces exposure of real account information
  • Enables complex account relationship management
  • Supports advanced routing scenarios

Validation

PAT validates that:

  • The source token exists and is valid
  • The FI has authority over the token
  • The new token routing information is valid
  • The operation maintains data integrity

Get Tokens from Financial Institution

How Financial Institutions can retrieve tokens associated with their accounts.

Get Tokens from FI

Financial Institutions can use the Get Tokens API to retrieve all tokens that are linked to their real account numbers. This operation provides visibility into all tokenized versions of their accounts.

Use Cases

  • Account monitoring and oversight
  • Token lifecycle management
  • Compliance and audit requirements
  • Risk management and fraud detection

API Endpoint

The /gettokens endpoint is used to retrieve all tokens linked to a specific account.

Financial Institution API Response Codes

Response codes and status messages for Financial Institution API endpoints.

Response Codes

This section includes detailed information about the API Response fields statusCode and statusMessage.

Example HTTP 200 Response with encTokens

{
"messageId": "6fdf4f09-7fbb-48ae-be1e-ac412a2949a7",
"statusCode": "00000",
"statusMessage": "Success.", 
"encTokens": "..."
}

Response Message: HTTP Code, statusCode and statusMessage

HTTP Code statusCode statusMessage Applicable Message
200 00000 Success. -
400 13001 Invalid request. The data field is not in the correct data type format or length or pre-defined values or the required data field is missing. -
400 13003 Token not found. -
400 13004 Real account not found. -
400 13005 Token is not in valid state. -
400 13007 New account belongs to a range different than the existing account. -
400 13008 No account range found for new account. -
400 13009 Feature not supported. -
400 13010 Token Requestor is not in valid state. -
400 13011 Financial Institution is not in valid state. -
401 13022 Unauthorized request -
500 13100 Unknown internal server error. Try again later. -
500 13199 Unknown error. -

API Reference

<Link to APIConnect reference page>

Example FI HTTP 200 Response with encTokens

Example HTTP 200 response from Financial Institution API with encrypted tokens.

Example HTTP 200 Response with encTokens

{
"messageId": "6fdf4f09-7fbb-48ae-be1e-ac412a2949a7",
"statusCode": "00000",
"statusMessage": "Success.", 
"encTokens": "..."
}

Response Fields

  • messageId: Unique identifier for the message
  • statusCode: Response status code indicating success or failure
  • statusMessage: Human-readable status message
  • encTokens: Encrypted token data returned by the API

Financial Institution Response Message Codes

Detailed response message codes for Financial Institution API operations.

FI Response Message Codes

This section provides detailed information about response message codes specific to Financial Institution API operations.

Standard Response Format

All FI API responses follow a standard format with HTTP status codes, PAT-specific status codes, and descriptive messages.

Error Handling

Financial Institution API responses include comprehensive error information to help diagnose and resolve issues:

  • HTTP status codes for transport-level issues
  • PAT status codes for business logic issues
  • Descriptive status messages for human interpretation
  • Additional context where applicable