Token ID is a unique value that is associated with the customer’s credit card information during a transaction. The GET Token method sends the credit card information via Midtrans.min.js to Midtrans server and returns the Token ID to you.

To utilize Midtrans JavaScript library, add the code given below in your payment page inside the <head> tag.

<script id= "midtrans-script" src="https://api.midtrans.com/v2/assets/js/midtrans-new-3ds.min.js" data-environment="<production|sandbox>" data-client-key="<INSERT CLIENT KEY HERE>" type="text/javascript"></script>

📘
Note
The GET Token method and its features are applicable only for card transactions. Read more here for API references on various card features to be used in conjuction with this guide.

Midtrans JavaScript Library

Midtrans JavaScript library consists of two functions as given below.

Get Card Token: Securely sends the customer’s payment card details to Midtrans server, without the merchant handling the credit card details.
Redirect: Redirects the customer to 3DS authentication page.

❗️
Secure token only support 3DS 1.0, need to implement 3DS 2.0 refer Card Feature: 3D Secure (3DS)
3D Secure 2.0 is an authentication protocol that aims to reduce fraud and enhance security in online card payments.

Attribute	Description
data-environment	The environment which the request is pointing to. Possible values are `production` and `sandbox`.
data-client-key	Your Client key. For more details, refer Retrieving API Access Keys.

❗️
8 Digit Bin
With the oncoming mandates from Visa and other principals, Midtrans will start supporting 8-digit BIN's for card transaction processing flows.
The 8-digit bin changes on CoreAPI and will impact the length of token_id and format of saved_token_id.

Changes list:

Getting Card Token

GET Card Token Request

The card object attributes are given below. Depending on the token type, some parameters are conditional.

// Create the card object with the required fields
var card = {
  card_number: "4811111111111114",
  card_cvv: "123",
  card_exp_month: "12",
  card_exp_year: "2025",
  bank_one_time_token: "12345678"
}

var options = {
  onSuccess: function(response) {
      // Implement success handling here
  },
  onFailure: function(response) {
      // Implement error handling here
  }
}

MidtransNew3ds.getCardToken(card, options);

JSON Attribute	Description	Normal	Two Clicks	Remarks
card_number	The 16 digits Credit Card number.	Required	Conditional	Space( ) is allowed. For example, `4111 1111 1111 1111` or `4111111111111111` both are valid.
card_cvv	The CVV number printed on the card.	Required	Required	For example, `123`.
card_exp_month	The card expiry month in MM format.	Required	Conditional	For example, `12`.
card_exp_year	The card expiry year in YYYY format.	Required	Conditional	For example, `2022`.
token_id	The token ID of credit card saved previously. Its value is same as the `saved_token_id` retrieved from initial Charge response.	Conditional	Required	For example, `48111111sHfSakAvHvFQFEjTivUV1114`.
bank_one_time_token	The one-time token is shown on the customer's phone mobile banking	Conditional	-	For example, `12345678`

📘
Note
bank_one_time_token is only required for KKI (Kartu Kredit Indonesia) transactions, where merchants must send CPAN as card number and OTT as bank_one_time_token to get the Midtrans one-time token.

GET Card Token Response

Callback response object attributes are listed below.

JSON Attribute	Description	Remarks
status_code	Status code of transaction charge result.	"200" for success, "400" when validation error.
status_message	Status message describing the result of the API request.	"OK, success request new token".
validation_messages	The message describing the error.	“card_exp_year must be greater than this year”, "card_exp_month must be greater than this year's month”.
token_id	The token id of the card.	"48111111-1114-d3d690db-3e18-4edd-9fee-4d061e4eb6f3" Note: `token_id` is required during Card Payment Charge Transaction.
hash	Produced from one-way hashing of the given card number. This value is irreversible and will always be consistent for each card number.	"6d9df2ff-ae9c-3cee-a5ff-a063dc476077"

Available options are given below.

Name	Description
onSuccess	This function is called only when get token responds with status code `200`.
onFailure	This function is called for all the other status codes except `200`.

200200