Skip to main content


Tokenization helps you tokenize customer's credit card data that can be used for making payment(s) without requesting for input every time.

Hosted Model with customizable payment pages is supported. Similarly to other hosted model payments, PCI DSS is not required as BBMSL stores all the tokenized data.


Supported Payment Methods#

  • Payment Card: Visa, Mastercard
  • Digital Wallet: Apple Pay, Google Pay, Alipay, AlipayHK, WeChat Pay

Supported Currency#

Payment Method/CurrencyHKDUSD
Apple Payโœ“โœ“
Google Payโœ“โœ“

Customization Options#

  • Page Presentation#

    You can redirect the customer to our hosted checkout page, or embed the payment page into an iframe Html element.

  • Page Design#

    You can upload your company logo and configure the checkout page theme color in BBMSL Merchant Portal. There are also UI options to be enabled through PayAPI request parameters. Two diagrams are shown below indicating the available customization options on desktop and mobile layout,



  • Payment Card: The Tokenization supports 3-D Secure (3DS) security verification to protect your payment. The 3DS challenge page will be presented automatically if the issuing bank requires it.
  • Digital Wallet: The authentication process is conducted by the wallet's service provider through biometric authentication or username/password.

Payment Flow#

To integrate the tokenization flow, the merchant needs to tokenize the customer's card before conducting a payment. The customer will be charged with a small amount for card verification, which will be voided afterwards. A diagram is given below showing the workflow of each required steps,


  1. Use the PayAPI Add Token: /tokenization/add-token to generate a checkoutUrl for customers to input the card data. The mentioned small amount will be charged in this step. After that, the card data is tokenized in BBMSL Payment Gateway.
  2. A unique tokenId will be mapped to each credit card being tokenized. Merchant needs to query the tokenId using PayAPI Query Token: /tokenization/query-token with the corresponding userId used in the previous step for later payment.
  3. With the tokenId you can proceed payment directly with PayAPI Sale: /tokenization/sale without asking for card data. The tokenId can be reused until expired or deleted, merchant can start another payment by this step.
Error Handling

The merchant need to handle the failure result in different stages. In case of any network errors, you need to query the result of the order instead of assuming it succeeded.