Vault requests allow you to securely store, retrieve, or delete card details via PayGate's PayVault tokenisation service.
Tokenisation reduces PCI scope by replacing sensitive card data with a non-sensitive VaultId (a GUID token) that can be used for future transactions.
Only credit card data is supported for tokenisation at this time.
Available Vault Request Types
| Request Type | Description |
|---|---|
CardVaultRequest | Create a token for a new card |
LookUpVaultRequest | Retrieve the masked card details using a Vault ID |
DeleteVaultRequest | Permanently delete a token from the vault |
CardVaultRequest
Create a PayVault token for a credit card.
Request sample:
<SingleVaultRequest>
<CardVaultRequest>
<Account>
<PayGateId>10011072130</PayGateId>
<Password>test</Password>
</Account>
<CardNumber>5200000000000015</CardNumber>
<CardExpiryDate>112030</CardExpiryDate>
</CardVaultRequest>
</SingleVaultRequest>
Response sample:
<SingleVaultResponse>
<CardVaultResponse>
<Status>
<StatusName>Completed</StatusName>
<VaultId>6eb998d9-b4e8-46b8-9772-90ecb644ab54</VaultId>
</Status>
</CardVaultResponse>
</SingleVaultResponse>
| Field | Description |
|---|---|
StatusName | Indicates the outcome (Completed, Failed, etc.) |
VaultId | The PayVault token used for future token-based transactions |
LookUpVaultRequest
Retrieve the masked card number and expiry for an existing token.
Request sample:
<SingleVaultRequest>
<LookUpVaultRequest>
<Account>
<PayGateId>10011013800</PayGateId>
<Password>test</Password>
</Account>
<VaultId>c36a13e8-65a0-49fd-a12f-05fe78bf9eaa</VaultId>
</LookUpVaultRequest>
</SingleVaultRequest>
Response sample:
<SingleVaultResponse>
<LookUpVaultResponse>
<Status>
<StatusName>Completed</StatusName>
<CardNumber>520000xxxxxx0015</CardNumber>
<CardExpiryDate>112030</CardExpiryDate>
</Status>
</LookUpVaultResponse>
</SingleVaultResponse>
| Field | Description |
|---|---|
CardNumber | Masked card number (first 6 & last 4 digits) |
CardExpiryDate | Format: MMYYYY |
StatusName | Status of the request |
DeleteVaultRequest
Remove a token from PayVault when it’s no longer needed.
Request sample
<SingleVaultRequest>
<DeleteVaultRequest>
<Account>
<PayGateId>10011072130</PayGateId>
<Password>test</Password>
</Account>
<VaultId>5c633bfa-5359-482e-b144-2949aa332c74</VaultId>
</DeleteVaultRequest>
</SingleVaultRequest>
Response sample
<SingleVaultResponse>
<DeleteVaultResponse>
<Status>
<StatusName>Completed</StatusName>
</Status>
</DeleteVaultResponse>
</SingleVaultResponse>
| Field | Description |
|---|---|
StatusName | Indicates whether the deletion was successful |
Notes & Best Practices
-
Always store
VaultIdsecurely in your system — it replaces the card number. -
For 3D Secure or Host-to-Host flows, you can pass the
VaultIdinstead of card details. -
To avoid storing sensitive card data, you may use
Vault: truein yourCardPaymentRequest.
Vault & Reuse Lifecycle
flowchart TD
A[Customer enters card details on Merchant site] --> B[Merchant sends CardVaultRequest to PayGate]
B --> C[PayGate securely stores card & returns VaultId]
C --> D[Merchant stores VaultId & maps to customer profile]
D --> E[Merchant initiates future payments using VaultId]
E --> F[Merchant sends CardPaymentRequest or WebPaymentRequest with VaultId]
F --> G[PayGate retrieves card details & processes payment]
G --> H[Transaction response returned to merchant]
H --> I{Card no longer needed?}
I -- Yes --> J[Merchant sends DeleteVaultRequest]
J --> K[PayGate deletes VaultId mapping]
I -- No --> E
style C fill:#fdf6e3,stroke:#b58900,stroke-width:2px
style E fill:#dfe8f7,stroke:#268bd2,stroke-width:2px
style J fill:#ffe6e6,stroke:#dc322f,stroke-width:2px