<!-- canonical: https://docs.costplus.io/api-reference/orders/createToken -->

> Exchange a card PAN and setup token for a vault token. This endpoint is used as part of the custom card entry form flow — after creating an order with `setup_token: true`, use this endpoint to securely vault the card details.

**Note:** This endpoint is authenticated via the `setup_token`, not your API key. No `Authorization` header is required.

# Tokenize card details

Exchange a card PAN and setup token for a vault token. This endpoint is used as part of the custom card entry form flow — after creating an order with `setup_token: true`, use this endpoint to securely vault the card details.

**Note:** This endpoint is authenticated via the `setup_token`, not your API key. No `Authorization` header is required.

## Endpoint

```
POST /tokens/
```

## Authentication

Public endpoint — no Basic Auth required.

## Request body

Content-Type: `application/json` (required)

Fields:

- `pan` — string (required). The full card number (PAN)
- `expiry_date` — string (required). Card expiry date in MMYY format
- `setup_token` — string (required). The setup token received from the order creation response

## Responses

### 200 — Card successfully tokenized

### 400 — Invalid request (bad PAN, expired setup token, etc.)

## cURL

```bash
curl -X POST https://api.costplus.online/v1/tokens/ \
  -H 'Content-Type: application/json' \
  -d '{ "pan": "4111111111111111", "expiry_date": "1228", "setup_token": "SETUP_TOKEN_FROM_ORDER" }'
```