Tokenise Cards when Razorpay is Token Requestor

Know how to save customer card details as tokens using Razorpay's TokenHQ solution.


Tokenisation is the process by which the original card number / Primary Account Number (PAN) is replaced with a surrogate value called a token.

For example, you can securely save a customer's card details during the first transaction in the form of a token. For the next transaction, the customer does not need to re-enter the card details. They can just provide the OTP and use their saved card to complete the transaction.

The advantages of using tokens are:

  • Faster checkout experience for the customers.
  • Reduction in payment failures due to incorrect card details.

According to the recent RBI guidelines on Card Tokenisation, Payment Aggregators (PA)/ Payment Gateway (PG) and businesses cannot save their customers' card numbers and other card data on their servers.

Given below are some of the key takeaways from the guidelines:

  • Card networks and card issuers are the only parties that can now save plain text cards. Businesses, Payment Gateways and Payment Aggregators are no longer allowed to store actual customer card details.
  • To continue offering customers a 'saved card experience', businesses should adopt a tokenisation solution.
  • The token will not be visible to the cardholder. It will be managed between the Token Requestor and Network.
  • Customer consent and additional factor of authentication (AFA) is required for saving a card / creating a token. This can be clubbed with the same 2FA used during the first transaction.

In absence of tokenisation, your customers will not be able to avail a 'saved card experience' at checkout. Razorpay introduces an end-to-end RBI-compliant solution that allows you to save customer credentials as tokens with card networks and card-issuing banks. Customers can then use these tokens to make repeat purchases on your website, without re-entering card details.

With this solution, you can:

  • Process payments through any PA/PG while tokenising cards through Razorpay.
  • Use Razorpay Optimizer to route payments through the PA/PG of your choice.

Feature Request

This is an on-demand feature. Please raise a request with our

to get this feature activated on your Curlec account.

Onboarding as Token Requestor

In this integration, you can choose to be a Token Requestor(TR) or work with Razorpay as the Token Requestor.

Data Localisation Guidelines

This integration complies with data localisation guidelines.

Given below is the first payment tokenisation flow:

Tokenisation flow
  1. The customer consents to save a card on your website/app checkout.
  2. The saved card consent is stored by Razorpay Token Requestor after successful authentication of the transaction.
  3. We initiate the tokenisation request at checkout.
  4. The Card Network or issuing bank returns a unique Token corresponding to the tokenisation request, to the customer through Razorpay.

Given below is the subsequent payment tokenisation flow:

Subsequent payment Tokenisation flow
  1. The customer initiates payment using the token.
  2. We automatically fetch the token cryptogram from the Card Network or the issuing bank.
  3. The payment is initiated and processed using token cryptogram.
  4. The payment is either processed or cancelled.

Was this page helpful?