Token

APIDescription
POST api/Token

Using Registered User credentials, request a Token to be used to access other areas of this API.

APIDescription
POST api/Search

Provides the ability to search for tokens based on Account PAN, Alternate Account,Identifier, Token Unique Reference, Token, Payment App Instance Id or Comment Id. Returns all of the tokens associated with an account according to the scope of the indicated search request criteria. The response includes key state and informational data for each token, including the Token Unique Reference which is needed for subsequent token lifecycle management activities. Note - The Search API request must include only one of the available search methods Account PAN, Token Unique Reference, Token, Payment App Instance Id, Comment Id, or Alternate Account Identifier.They cannot be used together in a single request.

Status

APIDescription
GET api/Status

Check SystemStatus of MDES, returns StatusResponse String

Delete

APIDescription
DELETE api/Delete

Used to delete a token so that it may not initiate any new transactions. All authorizations for a deleted token will be declined. A deleted token may not be returned to an active state.

UnSuspend

APIDescription
POST api/UnSuspend

Used to unsuspend or resume a suspended token and return it to the active state where it may initiate new transactions. Tokens may be suspended by multiple parties (suspenders) concurrently. The token status is updated from ACTIVE to SUSPENDED when the first suspender triggers a suspend action. Additional suspenders can add their suspend action to the list of suspenders. Suspenders can unsuspend only their own suspend action. All suspenders need to perform an unsuspend action to move a token from SUSPENDED to ACTIVE. The token status will only change when the last suspender has unsuspended the token. For CoF tokens, the only two supported suspenders are issuer and token requestor. For Apple Pay tokens, there are some differences in behavior versus the general principles.An issuer may add themselves as a suspender to a token already suspended by a cardholder, as above.However, a cardholder cannot suspend a token already suspended by the issuer.As a special case for Apple Pay, an issuer may unsuspend (override) a token already suspended by a cardholder.However, a cardholder cannot unsuspend a token already suspended by the issuer.

StatusHistory

APIDescription
POST api/StatusHistory

Used to retrieve the historical statuses and lifecycle events for a token, such as when it was initially activated, subsequently suspended or resumed, and finally deleted.

Suspend

APIDescription
POST api/Suspend

Used to suspend an active token so that it may not initiate any new transactions. All authorizations for a SUSPENDED token will be declined. Tokens may be suspended by multiple parties (suspenders) concurrently. The token status is updated from ACTIVE to SUSPENDED when the first suspender triggers a suspend action. Additional suspenders can add their suspend action to the list of suspenders. Suspenders can unsuspend only their own suspend action. All suspenders need to perform an unsuspend action to move a token from SUSPENDED to ACTIVE. The token status will only change when the last suspender has unsuspended the token. For CoF tokens, the only two supported suspenders are issuer and token requestor. For Apple Pay tokens, there are some differences in behavior versus the general principles.An issuer may add themselves as a suspender to a token already suspended by a cardholder, as above.However, a cardholder cannot suspend a token already suspended by the issuer.As a special case for Apple Pay, an issuer may unsuspend (override) a token already suspended by a cardholder.However, a cardholder cannot unsuspend a token already suspended by the issuer.

Activate

APIDescription
POST api/Activate

Used to activate a token for a digitization that has been approved and provisioned, but requires additional cardholder authentication prior to activation. If the provisioning was not completed successfully, activation cannot be accomplished using Customer Service API. It is expected that a cardholder will complete the authentication process using an issuer's call center or using an issuer-supplied mobile application, and only then should the issuer use this API to activate the token.

Comments

APIDescription
POST api/Comments

Used to retrieve the historical statuses and lifecycle events for a token, such as when it was initially activated, subsequently suspended or resumed, and finally deleted.

Update

APIDescription
POST api/Update

Used to update Account PAN Mapping Information or Issuer Product Configuration ID associated to a provisioned token. To update a specific token, the API should be requested using the Token Unique Reference. To update all tokens mapped to a specific Account PAN, the API should be requested using the Account PAN. In either case, updates will only be applied to tokens in ACTIVE or SUSPENDED state, not those in IN PROGRESS or DELETED state. When updating Account PAN Mapping Information, the Account PAN, Expiration Date and Sequence Number, may be updated individually or in any combination. Only information provided will be updated. The account mapping will only update an Account PAN for a new Account PAN when they are both in the same Account Range.

ActivationMethods

APIDescription
POST api/ActivationMethods

Used to retrieve the available Activation Methods for a token that is awaiting activation. Activation Methods are the means by which a cardholder may complete cardholder authentication with the issuer beyond the scope of MDES. It is possible that there are no Activation Methods for a token when an issuer did not provide any cardholder-specific information with the Tokenization Authorization Request (TAR) pre-digitization network message response.

Transactions

APIDescription
POST api/Transactions

Used to retrieve transactions performed by a token. It only returns transactions performed within the last 30 days, to help identify a particular token, or to identify a particular recent transaction. It is not intended to provide the full transaction history of a token or Account PAN. NOTE: The Transaction History API response is not supported for static Card on File (CoF) tokens.

ResendActivationCode

APIDescription
POST api/ResendActivationCode

Used to trigger the process of generating and sending a new Activation Code (for a specific token) to the cardholder via the requested Activation Method. When successful, a new Activation Code Expiration Date Time period will begin, and a new Activation Code will be sent to the issuer using the Activation Code Notification (ACN) pre-digitization network message. It can only be used to do this for Activation Methods that involve the external distribution of an Activation Code to the cardholder. For example, via email or SMS. It cannot be used to send a new activation code via the "Mobile Application" activation method, for instance. A new Activation Code can be sent even if the previous code has not expired. A new Activation Code can also be sent even after the previous code has expired; however, it can only be done up to 30 days after the token was created (the number of days is subject to change at the discretion of Mastercard). ///