Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.gr4vy.com/llms.txt

Use this file to discover all available pages before exploring further.

Tokenization replaces a raw card number (PAN) with a secure token that can be stored and reused. This can help reduce your PCI scope, but your scope depends on how you collect and send card data. Gr4vy supports two types of tokenization:
  • Gr4vy vault token — the card is stored in the Gr4vy vault and referenced by a payment method ID. Use this for checkout, recurring payments, and vault forwarding.
  • PSP token — the card is additionally tokenized on a specific payment provider. Use this when a downstream service needs a provider-specific token rather than raw card data.

Store a card in the vault

To store a card you create a payment method. This can be done via the API directly, or through one of the Gr4vy SDKs.

Via the API

Direct API tokenization requires a PCI-compliant environment because the raw PAN and security code pass through your servers. If you want to keep PAN off your servers, use Secure Fields for web integrations or the mobile SDK for native apps.
Use the POST /payment-methods endpoint to store a card. The card is immediately vaulted and a payment method ID is returned for future use. 
using Gr4vy;
using Gr4vy.Models.Components;
using Gr4vy.Models.Requests;

var sdk = new Gr4vySDK(
    id: "example",
    server: SDKConfig.Server.Sandbox,
    bearerAuthSource: Auth.WithToken(privateKey),
    merchantAccountId: "default"
);

var res = await sdk.PaymentMethods.CreateAsync(
    requestBody: Body.CreateCardPaymentMethodCreate(
        new CardPaymentMethodCreate() {
            Number = "4111111111111111",
            ExpirationDate = "11/25",
            SecurityCode = "123",
            BuyerId = "fe26475d-ec3e-4884-9553-f7356683f7f9",
        }
    )
);

// handle response
The response includes the id of the new payment method, which you can use for transactions or vault forwarding.

API reference

POST /payment-methods

Via the mobile SDK

For mobile apps, use the native SDK tokenize method to securely collect and vault card details without the raw data passing through your servers.

Mobile SDK vaulting guide

Vaulting cards with the native SDKs

Via Secure Fields (web)

For web checkout, Gr4vy Embed and Secure Fields capture and vault the card in a PCI-compliant iframe, returning a payment method ID to your server.

Next steps

Once a card is stored, you can provision a PSP token for it, or forward it to a third-party endpoint using Vault Forwarding.