Skip to main content

Retrieving and Deleting tokens

Retrieving Tokens

To ensure security and accuracy, payment methods available for a user should not be stored locally on the merchant's server. Instead, they should be retrieved from the PayU system for each payment. This retrieval includes both the stored (tokenized) payment methods and generic payment methods. Utilizing the retrieve service offers several advantages:

  • The provided payment methods are always up-to-date and relevant for the user at the given moment.
  • Payment methods stored for the user are synchronized with their active PayU Account, ensuring accuracy and consistency throughout the payment process.

To retrieve payment methods and tokens, you must first obtain an OAuth access token with the type of trusted_merchant. To create a token, you should use the customer's data (email address, ext_customer_id) for whom you want to retrieve payment methods. For detailed information on how to authorize requests, please refer to the Authorizing the Request section of our documentation or Authorize section of our API Reference.

Retrieving Tokens Request

GET Request Body

When making GET requests, please remember not to include any data in the request body, as specified in the RFC 9110 standard. Requests that do not adhere to this requirement will be rejected by PayU with an HTTP 403 status.

To retrieve payment methods and tokens, you should include the obtained OAuth access token in the request header, and then use the GET method to send the request to the api/v2_1/paymethods endpoint.

Example of the Payment Methods Retrieve Request
curl -X GET https://secure.payu.com/api/v2_1/paymethods \
   -H "Authorization: Bearer 87ad751f-7ea5-4023-a16f-04b6647a07f5"
   -H "Cache-Control: no-cache"

Retrieving Tokens Response

After receiving the response, you will be provided with arrays containing available tokens:

  • cardTokens - this section will be returned empty if the user does not have any active or expired card tokens.
  • pexTokens - this section is deprecated, so you should expect it to always be empty.
  • payByLinks - payByLinks are payment methods which always require redirection of the user. Therefore this section includes online bank transfers (pay-by-links), traditional bank transfer, installments and non-tokenized cards.
Example of the Response for Retrieve Payment Methods Request
{
    "cardTokens": [
        {
            "cardExpirationYear": "2017",
            "cardExpirationMonth": "12",
            "cardNumberMasked": "411111******1111",
            "cardBrand": "VISA",
            "value": "TOKC_XATB7DF8ACXYTVQIPLWTVPFRKQE",
            "brandImageUrl": "http://static.payu.com/images/mobile/visa.png",
            "preferred": true,
            "status": "ACTIVE"
        },
        {
            "cardExpirationYear": "2014",
            "cardExpirationMonth": "12",
            "cardNumberMasked": "424242******4242",
            "cardBrand": "VISA",
            "value": "TOKC_XATB7DF8ACXYTVQIPLWTVPFRKQE",
            "brandImageUrl": "http://static.payu.com/images/mobile/visa.png",
            "preferred": false,
            "status": "EXPIRED"
        }
    ],
    "pexTokens": [],
    "payByLinks": [
        {
            "value": "c",
            "name": "Płatność online kartą płatniczą",
            "brandImageUrl": "http://static.payu.com/images/mobile/logos/pbl_c.png",
            "status": "ENABLED",
            "minAmount": 50,
            "maxAmount": 100000
        },
        {
            "value": "o",
            "name": "Pekao24Przelew",
            "brandImageUrl": "http://static.payu.com/images/mobile/logos/pbl_o.png",
            "status": "DISABLED",
            "minAmount": 50,
            "maxAmount": 100000
        },
        {
            "value": "ab",
            "name": "Płacę z Alior Bankiem",
            "brandImageUrl": "http://static.payu.com/images/mobile/logos/pbl_ab.png",
            "status": "TEMPORARY_DISABLED",
            "minAmount": 50,
            "maxAmount": 100000
        }
    ]
}

For detailed information on the parameters, kindly refer to the Retrieve Payment Methods section of our API Reference.

Deleting Tokens

If the buyer terminates the user account in your shop or chooses to remove the stored card from the user account, you must delete the token. To delete the token, simply send a DELETE request to https://secure.payu.com/api/v2_1/tokens/{tokenValue}, where tokenValue is the token you wish to delete. The header should include a OAuth token obtained with a grant_type=trusted_merchant. To create a OAuth token, you should use the customer's data (email address, ext_customer_id) for whom you want to delete payment methods.

Deleting Token Request

curl -X DELETE https://secure.payu.com/api/v2_1/tokens/TOKC_XATB7DF8ACXYTVQIPLWTVPFRKQE \
   -H "Authorization: Bearer cccbbc40-8113-443b-b4ea-c4b266272b22"
   -H "Cache-Control: no-cache"

On this page