Skip to main content

Card Consent Tokens

Card consent tokens are provided by Stitch to facilitate recurring or Merchant-Initiated Transactions, representing cards that users may make payments on your platform with.

For any card, initially, card details will need to be provided by a user in order to create a consent token. Various methods exist at Stitch to be able to capture these:

  • The Stitch-Hosted UI is a simple way to securely capture a user's card details, without requiring your business to be PCI-DSS compliant.

  • The Secure Fields SDK integration allows you to build and customize your own UI, using secure elements provided by Stitch. This approach does not require PCI-DSS compliance, and provides encrypted card inputs to be able to tokenize.

  • The Secure API allows you to securely specify card details in the clear to Stitch, should your business be able to process card details as a PCI-DSS compliant entity.

Following a consent request being completed with any of these methods, a webhook is sent out to indicate consent being granted by the user. This means you are able to proceed with initiating payments with the consent token.

Additionally, when creating a card consent token, you have the option to initially charge a user, within the same step of creating a consent token. In this case, an additional transaction status will be provided with the consent status, to indicate the corresponding transaction has been successfully completed.

If cards are saved on your platform, but users wish to remove any saved cards, these should be unlinked and subsequently deactivated at Stitch (such that no payments may be made with the token). Stitch provides an additional API call to revoke and deactivate the functionality of a given card token.