1. CARD
Español
  • Español
  • English
  • Kushki Docs Colombia
  • Online Payments
    • CARD
      • Request a card token
        POST
      • Make a charge or deferred charge
        POST
      • Void a transaction
        DELETE
      • Create payment (tokenless)
        POST
      • Authorize payments
        POST
      • Capture an authorized payment
        POST
      • Bin Info V2
        GET
      • Verify Account
        POST
      • Reauthorize payments
        POST
      • Preauthorization (tokenless)
        POST
      • Validate OTP
        POST
      • Request deferred options
        GET
      • Bin Info
        GET
      • Refund a transaction
        DELETE
    • ANALYTICS
      • Get transactions list v1
      • Get transactions list v2
    • CARD-OUTS
      • Request a cash out token
      • Init Transaction
      • Update a cash out transaction
      • Delete a cash out transaction
      • Transaction Status
    • TRANSFER IN
      • Get Bank List
      • Request a Transfer In token
      • Init Transaction
      • Get Status
    • TRANSFER OUT
      • Get Bank List
      • Get Bank List V2
      • Request a Transfer Out token
      • Init Transaction
      • Get Status
      • Void a transaction
      • Balance for Payouts
    • CASH-IN
      • Request a cash in token
      • Init Transaction
      • Update a cash in transaction
      • Delete a cash in transaction
      • Transaction Status
    • CASH-OUT
      • Request a cash out token
      • Init Transaction
      • Update a cash out transaction
      • Delete a cash out transaction
      • Transaction Status
    • COMMISSIONS
      • Get Commission Configuration
    • PAYMENT-BUTTON
      • Create a payment button
    • PAYMENT-CREDENTIALS
      • Advanced search
      • Delete credential
      • Regenerate a credential
      • Search credentials
      • Activate or deactivate
      • Update credential
      • Create a credential
    • SMARTLINKS-V2
      • Create a Smartlink
      • Get a Smartlink
      • Update a Smartlink
      • Delete a smartlink
    • TRANSFER-OUT
      • Balance for Payouts
      • Get Bank List
      • Get Bank List V2
      • Request a Transfer Out token
      • Init Transaction
      • Get Status
      • Void a transaction
    • TRANSFER-IN
      • Get Bank List
      • Request a Transfer In token
      • Init Transaction
      • Get Status
    • ONE-CLICK & SCHEDULED PAYMENTS
      • Request a recurring charge token
      • Update recurring charge card data
      • Update a recurring charge
      • Add a temporary charge or discount
      • Get recurring charge Info
      • Create a recurring charge
      • Make an One-click payment
      • Cancel a recurring charge
      • Authorize payments
      • Capture an authorized payment
      • Get subscription transactions
    • GATEWAY-STATUS
      • Get gateway status
      • Get platform status
  • Schemas
    • SubscriptionTransactionsResponse
    • Card
    • SubscriptionTransaction
    • currency
    • ErrorResponse
    • Amount
    • extraTaxes
    • Deferred
    • Metadata
    • ContactDetails
    • documentType
    • orderDetails
    • Shipping Address
    • Billing-Address
    • product
    • threeDomainSecure
    • webhooks
    • headers
    • webhooksChargeback
    • citMit
    • network
    • binInfo
    • messageFields
    • UnexpectedErrorResponse
    • transactionType
BienvenidaPerú 🇵🇪México 🇲🇽Ecuador 🇪🇨Colombia 🇨🇴
Chile 🇨🇱
BienvenidaPerú 🇵🇪México 🇲🇽Ecuador 🇪🇨Colombia 🇨🇴
Chile 🇨🇱
  1. CARD

Request a card token

POST
/card/v1/tokens

This functionality is available for the following models:#

Request a card token that can later be used to charge a customer using the charge
endpoint.
:::danger Important to consider:
If you are using this option to request the token, be sure to comply with all the PCI requirements to handle card data on your servers.
WARNING
DANGER

Token expiration#

Tokens will expire in 30 minutes and can be used only for a single transaction (even if the transaction was wrong). You will need to request a new token when it expires.
Note: The token delivered by Kushki only encrypts and sends information. If you want to store the card information for future purchases, go to the One-Click & Scheduled Payments section.

Recurring transactions*#

This functionality is available for the following models:#

Send the transactionMode parameter for request a recurring charge token that can later be used to create a recurring charge as follows:
initialRecurrence: Merchants must generate a token by sending complete card information (number, expiration date, cvv, etc) to register it. A token will be returned to continue the payment.
subsequentRecurrence: The merchant will be able to generate a token by sending the data of the previously sent card with an initialRecurrence, with this the merchant will be able to omit the entry of the CVV and make a charge later with the current flow.
NOTE: If you want to process a recurring charge with an external engine, you must skip sending the CVV.

Do you want to validate an account?*#

This functionality is available for the following models:#

WARNING

Service not available in Mexico#

Send the transactionMode parameter as accountValidation for request an account validation token that can be later used to verify an account using the card/v1/validation endpoint. Make sure you set the totalAmount to 0.

3D Secure (3DS) authentication*#

WARNING

Product in beta version in Ecuador 🔐👨‍💻#

We are working on our beta version. Stay tuned for its official release! You can also contact your account manager for more information.
To authenticate a card through 3D Secure, in addition to the information required to generate a token, the fields listed below must be submitted
PROPERTYPOSSIBLE VALUESDESCRIPTION
authValidationurl iframeDefine the desired integration type for 3DS authentication. Use url for redirection or iframe for embedding.
callbackUrlstringCallback where the 3D Secure authentication response will be sent.
If the transaction triggers a 3D Secure authentication rule on the merchant, in addition to the token, the fields listed below will be returned
PROPERTYPOSSIBLE VALUESDESCRIPTION
urlstringURL to be used for 3D Secure authentication.
secureService3dsecureIndicates the transaction authentication service.
secureIdstringSecurity ID for the transaction.
Example
{
    "token": "sBkQ7F110000tI1HVq116862fd5Ah3mG",
    "url": "https://uat-auth.kushkipagos.com?token=sBkQ7F110000tI1HVq116862fd5Ah3mG&merchantId=306cb10581bb4acb9a2bfc77e163c482&bin=NDM0OTAwMzA=&callbackUrl=https://www.kushkipagos.com/callback/&isSandbox=false",
    "secureService": "3dsecure",
    "secureId": "1f5584db-0c5b-c729-a19c-6eb0283ca448"
}
In the url field will be the url that will need to be displayed to the cardholder for 3D Secure authentication, if necessary. For more detailed information, visit the 3D Secure API authentication guide.
For more information about 3D Secure, see Accept payments with 3DS.
NOTE: To enable 3DS in test mode in your merchant, it is required to have an additional configuration performed by Kushki.

callbackUrl#

The callback function will let you know if the 3D Secure authentication was successful or if there were any problems during the process. This url will be called automatically after authenticating, through a 301 redirect by making a GET request to the url sent in the callbackUrl field, sending the parameters of the response in the url (path parameters).
Note: The boolean parameter sucess will indicate whether the transaction was successfully authenticated (true) or if there was a problem with 3D Secure authentication (false). If it is true, you can proceed to make the charge. If false, the cardholder will have up to 3 attempts to retry authentication before the transaction is declined.
PROPERTYTYPEDESCRIPTION
successbooleanIndicates whether 3D Secure authentication was successful or not.
tokenstringToken returned by Kushki to be used when making a charge in case 3D Secure authentication has been successful.
messagestringIn case there is a problem during authentication, the reason for the problem will be returned here.
Example of a successful authentication callback#
https://www.tutienda.com/?success=true&token=cfa0bfec88324bd7a5c6c1ad9135a846
Example of a callback with authentication problem#
https://www.tutienda.com/?success=false&message=Error%20en%20la%20validación%20de%203DS&token=cfa0bfec88324bd7a5c6c1ad9135a846
Got a suggestion on this documentation? Contact Us.

Request

Header Params

Body Params application/json

Examples

Responses

🟢201
application/json
TokenCreated
Body

🟠400
🟠402
🔴500
Request Request Example
Shell
JavaScript
Java
Swift
cURL
curl --location --request POST 'https://api-uat.kushkipagos.com/card/v1/tokens' \
--header 'Public-Merchant-Id;' \
--header 'Content-Type: application/json' \
--data-raw '{
    "card": {
        "name": "John Doe",
        "number": "5451951574925480",
        "expiryMonth": 8,
        "expiryYear": "28",
        "cvv": "121"
    },
    "totalAmount": 16.98,
    "currency": "COP"
}'
Response Response Example
201 - Successful request
{
    "token": "3c1518cf6f844e248880aad6187cf8d7"
}
Modified at 2026-04-16 23:06:10
Previous
Kushki Docs Colombia
Next
Make a charge or deferred charge
Built with