Tokenization
A token replaces sensitive payment data with a reusable string, enabling recurring and future charges without asking the customer to re-authenticate. You store the token on your backend and pass it to Moyasar for any subsequent charge.
Supported cards
Mada, Visa, Mastercard, and UnionPay.
Ways to get a token
| Approach | How | When to use it |
|---|---|---|
| Save card during a payment (recommended) | source.save_card: true on any payment | Charge now and save the card in one step |
| Create token — default | POST /v1/tokens | Save card without charging; 1 SAR authorization voided automatically |
| Create token — save only | POST /v1/tokens with save_only: true | Collect card on the frontend; backend initiates 3DS payment for the actual amount |
Token statuses
| Status | Meaning |
|---|---|
initiated | Token created — cardholder has not yet completed verification |
active | Verification complete — token is ready for recurring payments |
inactive | Verification failed, or the payment method has expired |
expired | Token has been invalidated due to payment method expiry |
Charging with an active token
Once a token is active, see Charge with a Token for how to use it in a payment, display the saved card to your customer, and delete it when the customer removes the card.