Getting a token

Learn how to securely tokenize customer payment information with Recurly.js—reducing your PCI scope and enabling a smooth API-based subscription process.

This guide explains how to intercept your payment form submission, send billing information to Recurly for secure tokenization, and then use the returned token to complete the purchase process via our API.

Prerequisites & limitations

  • You must include Recurly.js on your page.
  • Your payment form must have the necessary data-recurly fields, including a hidden field for the token.
  • Ensure your integration follows best practices for handling sensitive payment data.
  • This guide assumes you have a working Recurly.js setup.

How it works

When a customer submits your billing form, Recurly.js intercepts the submission and sends the payment information to Recurly. The payment data is encrypted and stored securely on our servers, and an authorization key (or token) is returned. You then include this token in your API request to complete the subscription process. Since your server never handles sensitive payment details directly, your PCI scope is significantly reduced.


Intercepting the form and retrieving a token

Below is an example in JavaScript showing how to listen for a form submission, request a token, and then submit the form to your server:

const elements = recurly.Elements();

// (Construct and attach your Elements as needed)

document.querySelector('#my-form').addEventListener('submit', function (event) {
  const form = this;
  event.preventDefault();
  recurly.token(elements, form, function (err, token) {
    if (err) {
      // Handle error using err.code and err.fields
    } else {
      // Recurly.js populates the hidden 'token' field automatically
      // Now you can submit the form to your server
      form.submit();
    }
  });
});

Token overview

Recurly.js works with tokens that represent secure, temporary storage of your customer's sensitive billing information. When a customer submits the form, Recurly.js creates a token from the billing data and automatically populates a hidden token field. This token is then used for any API operations requiring payment information.


Reference: recurly.token

You must call recurly.token with your Elements instance and a reference to your <form>. For example:

recurly.token(elements, document.querySelector('form'), tokenHandler);

Where tokenHandler is defined as:

function tokenHandler(err, token) {
  if (err) {
    // handle error using err.code and err.fields
  } else {
    // handle success using token.id
  }
}

This function sends the billing information to Recurly, which returns a token id.

Token callback arguments

ParamTypeDescription
errRecurlyError or nullReturns a RecurlyError if there was an error, otherwise null.
tokenObjectAn object containing the token details.
token.typeStringThe type of token, e.g., 'credit_card'.
token.idStringThe unique token identifier.
token.card.brandStringCard brand, such as master, visa, american_express, etc.
token.card.first_sixStringThe first 6 digits of the card (BIN).
token.card.last_fourStringThe last 4 digits of the card.
token.card.exp_monthIntegerCard expiration month.
token.card.exp_yearIntegerCard expiration year.
token.card.issuing_countryStringThe issuing country (or ZZ if unknown).
token.card.funding_sourceStringThe funding source: e.g., credit, debit, prepaid, etc.

Returns

The recurly.token function does not return a value directly. Instead, it uses the provided callback to return either an error or a token object.