Client Tokens
Warning: Client tokens are valid for 10 minutes. Once a token has expired, you must generate a new one.
Client tokens are short-lived credentials that pass sensitive information from your client to Highnote. Some use cases require client tokens, while others can use them for enhanced security.
Generating client tokens requires the use of an API key, therefore, the token generation mutation should be done from your server and sent to your client.
To use client tokens, you will need to do the following:
- Generate a client token scoped to your use case.
- Set your authorization header.
- Call the API with the client token in the authorization header
The following use cases are supported for client tokens:
| Use Case | Generate Token | Utilize Token | Requires Token |
|---|---|---|---|
| Card viewer SDK | Generate token | Utilize token | Yes |
| Secure inputs SDK for PINs | Generate token | Utilize token | Yes |
| Tokenize business account holder | Generate token | Utilize token | Yes |
| Tokenize person account holder | Generate token | Utilize token | Yes |
| Tokenize authorized user | Generate token | Utilize token | Yes |
| Create business account holder | Generate token | Utilize token | No |
| Create person account holder | Generate token | Utilize token | No |
| Create authorized user | Generate token | Utilize token | No |
| Create document upload session | Generate token | Utilize token | No |
| Set payment card PIN | Generate token | Utilize token | Yes |
| View account and routing number | Generate token | Yes | |
| View payment card details | Generate token | Yes | |
| View external bank account details | Generate token | Yes |
Every client token has a unique mutation associated with it. These mutations use the ID of the object you are tokenizing and requested permissions as inputs.
The following example mutation generates a payment card client token to set a PIN on a payment card. Refer to the supported use cases reference for the mutation for your use case:
Once you have generated a client token, you must set the authorization header in your GraphQL client with the token.
The following example shows the base64 encoded client token that we generated using the GeneratePaymentCardClientToken mutation, and the example authorization header for our use case:
- Example client token
- Example authorization header
After setting the authorization header, you can call the API.
The following example uses the SetPinForPaymentCard mutation to call the API and set the PIN for the payment card: