For any question, we are one click away

Contact us

seToken generation

What is seToken

seToken (Self Encrypted Token) is a cryptogram used for safe card data transfer. It can be used in the following requests when the card data is collected on merchant's side:

Below it is described how to create a seToken and send it in a payment request.

Format of seToken before encryption

An unencrypted seToken is a string that includes from 5 to 9 parameters separated by "/".

Parameters involved in the formation of seToken

The table below lists the parameters that can be used in the seToken string. The parameters must be arranged in a strict sequence according to the order in this table.

Required Name Type Description

timestamp String The date of the request according to ISO 8601:2004 in the format YYYY-MM-DDThh:mm:ss±hh:mm.

uuid String [1..32] The identifier in the UUID standard formed in accordance with the document

PAN Integer [1..19] Number of the card to be debited. A request must have PAN or bindingId.
Conditional (see description)

CVV Integer Verification code of a card. This parameter is mandatory if permission Can process payments without confirmation of CVC is not enabled.

EXPDATE Integer Card expiration in the following format: YYYYMM, where YYYY - a year, MM - a month.

mdOrder String [1..36] Order id to be paid with a cryptogram.

bindingId String [1..255] Identifier of an already existing stored credential. This is the card ID tokenized by the Gateway. Can be used only if the merchant has the permission to work with stored credentials. The request must have PAN or bindingId.

cardholder String Cardholder's name in Latin characters. This parameter is passed only after an order is paid.

registeredFrom String SDK that was used for order registration. Allowed values are: MSDK_CORE, MSDK_FORMS, MSDK_PAYMENT, WSDK_CORE, WSDK_PAYMENT

* Mandatory for particular methods. The list of mandatory parameters for seToken used in a particular method is specified in the corresponding method's description in API Reference.

Example of a generated string:



Algorithm for a payment request creation

  1. Make a key request

    To do this, open the link

    As a result, we get the key in the following format:

    "keys": [
            "keyValue": "-----BEGIN PUBLIC KEY-----{PUBLIC KEY BODY}-----END PUBLIC KEY-----",
            "protocolVersion": "RSA",
            "keyExpiration": 1893456000000
            "keyValue": "-----BEGIN PUBLIC KEY-----{PUBLIC KEY BODY}-----END PUBLIC KEY-----",
            "protocolVersion": "RSA",
            "keyExpiration": 1924992000000


    • keyValue - string representation of the RSA 2048 public key
    • keyExpiration - planned key expiration date, date in seconds according to the UNIX time standard
    • protocolVersion - version of the encryption algorithm
  2. Register an order

  3. Generate a string that needs to be encrypted

    In our example above orderId=b94eac90-e487-796a-8ed2-cf5a00096352 is specified as UUID. We get the string:


  4. Encrypt the received string

    The received string must be encrypted using the RSA encryption algorithm "RSA/None/PKCS1Padding" with a key length of 2048.

    Example of encryption result: Cfqv4t2XHBb9k8ixM7jxxCvziETS4koa3bV3F0QUvGVY47nKyMBqjGzV/rvmCAw6KzwoBDzeLsqwBLEzvQhaF627ZS0OJnhttBi4fL3/h/sBSwFtxr3s+oVUeoE3e4SNVUq9vciinOyNCIKqfpeQya+pOUYt3MgrtSeu66Ar12XEj4k6lecZN7Ffquj9RqhZsYhP63np5VCxJR90cNQG+TMWIFU6rqxLAe4gzCJtcXNrPT8aDOI201Zwd+e4K1YnrI7dZGlibO7MVMPB9m7NJaJTHko/MiJNWumAjS4yDDovLraIKMwOFTvAhqXsHslthpcUO0GZXEIaDRgERD7+jw==

    Before passing in a REST request, the encrypted string should be URL-encoded:

  5. Make a payment request with seToken.

    See example of the payment request with seToken here.

eCommerce API V1
Search results