Skip to main content

Tokenization & Recurring Payments

How Adyen tokenization stores a shopper's payment details so you can charge them again for subscriptions, card-on-file, and recurring billing.

Tokenization lets Adyen securely store a shopper's payment details and return a token you can reuse, so you can charge returning shoppers without handling raw card data. It is the foundation for recurring payments, subscriptions, and card-on-file billing.

What tokenization is

When a shopper consents to save their payment details, Adyen stores those details in the Adyen Vault and gives you a token in place of the sensitive data, such as the card number (PAN). You then make future payments with the token instead of the card details.

  • Because Adyen handles the sensitive data, tokenization reduces your PCI DSS scope. Using the Sessions flow to tokenize qualifies you for the simplest form of PCI validation (SAQ A). See PCI Considerations.

  • Tokenization is supported for many card and local payment methods, including major card brands and ACH Direct Debit.

What you can use tokens for

A stored token enables several recurring scenarios:

  • One-click payments: a returning shopper pays faster with their saved details (CardOnFile).

  • Subscriptions: you bill the shopper at regular intervals (Subscription).

  • Unscheduled card-on-file: you charge at irregular intervals, for example an automatic top-up, a no-show fee, or a post-checkout amount (UnscheduledCardOnFile).

Creating a token

You tokenize a shopper's details by adding tokenization fields to a payment request. With the Sessions flow you create the session, and with the advanced flow you call /payments directly. A typical create-a-token request includes:

  • storePaymentMethod: set to true to store the details from this payment.

  • shopperReference: your unique identifier for the shopper. Adyen uses it to associate the token with that shopper, so reuse the same value later.

  • recurringProcessingModel: how you intend to use the token, for example Subscription or UnscheduledCardOnFile.

Always ask for the shopper's consent and inform them of the schedule and amount before storing their details, to reduce chargebacks. After the transaction is authorized, Adyen sends a recurring.token.created webhook containing the storedPaymentMethodId. Store that token together with the shopperReference.

POST /v71/payments
{
  "merchantAccount": "YOUR_MERCHANT_ACCOUNT",
  "amount": { "currency": "USD", "value": 1000 },
  "reference": "ORDER-12345",
  "paymentMethod": { /* card details collected by Drop-in */ },
  "shopperReference": "SHOPPER-001",
  "storePaymentMethod": true,
  "recurringProcessingModel": "Subscription",
  "store": "YOUR_STORE_ID"
}

Paying with a stored token

To charge a saved token, make a /payments request that references the stored details:

  • paymentMethod.storedPaymentMethodId: the token from the recurring.token.created webhook.

  • shopperReference: the same value you used to create the token.

  • shopperInteraction: ContAuth for payments you initiate.

  • recurringProcessingModel: Subscription or UnscheduledCardOnFile.

POST /v71/payments
{
  "merchantAccount": "YOUR_MERCHANT_ACCOUNT",
  "amount": { "currency": "USD", "value": 1000 },
  "reference": "SUB-2026-06",
  "paymentMethod": { "storedPaymentMethodId": "TOKEN_ID" },
  "shopperReference": "SHOPPER-001",
  "shopperInteraction": "ContAuth",
  "recurringProcessingModel": "Subscription",
  "store": "YOUR_STORE_ID"
}

A successful payment returns resultCode: Authorised, and you also receive an AUTHORISATION webhook. Treat the webhook as the authoritative outcome, as described in Standard Payment Flow.

Contact Valpay Support to confirm that tokenization and the required API roles are enabled for your account.

Related Articles
What is Tokenization
Testing Online Payments
Standard Payment Flow
Hosted Checkout
API Integration
Did this answer your question?