> ## Documentation Index
> Fetch the complete documentation index at: https://docs.henrylabs.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Card Tokenize

> Tokenize raw card details into a card token.

**PCI scope warning:** This endpoint accepts the raw PAN, CVV, and expiry directly on your server. Sending unencrypted cardholder data through your backend brings your systems into PCI DSS scope (typically SAQ D). If you want to stay out of scope, collect card details with Henry Labs's hosted secure elements / client-side tokenization instead, so raw card data never touches your servers.



## OpenAPI

````yaml https://app.stainless.com/api/spec/documented/henry-sdk/openapi.documented.yml post /card/tokenize
openapi: 3.1.0
info:
  title: Henry Labs API
  version: 1.5.0
  description: Playground for Henry Labs API endpoints
  contact:
    name: Henry Labs API Support
    email: support@henrylabs.ai
servers:
  - url: https://api.henrylabs.ai/v1
    description: Production server
security:
  - ApiKeyAuth: []
tags:
  - name: Product
    description: Product search, details, and data enrichment
  - name: Cart
    description: Universal user shopping cart management
  - name: Orders
    description: Order management post purchase
  - name: Merchants
    description: Merchant information and status
  - name: Card
    description: Card tokenization and management
paths:
  /card/tokenize:
    post:
      tags:
        - Card
      summary: Card Tokenize
      description: >-
        Tokenize raw card details into a card token.


        **PCI scope warning:** This endpoint accepts the raw PAN, CVV, and
        expiry directly on your server. Sending unencrypted cardholder data
        through your backend brings your systems into PCI DSS scope (typically
        SAQ D). If you want to stay out of scope, collect card details with
        Henry Labs's hosted secure elements / client-side tokenization instead,
        so raw card data never touches your servers.
      operationId: cardTokenize
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                cardNumber:
                  type: string
                  pattern: ^\d{13,19}$
                  description: Full card number (PAN) with no spaces or dashes
                  example: '4242424242424242'
                expiryMonth:
                  type: string
                  pattern: ^(0[1-9]|1[0-2])$
                  description: Two-digit expiry month, zero-padded
                  example: '12'
                expiryYear:
                  type: string
                  pattern: ^\d{2}$
                  description: Two-digit expiry year
                  example: '28'
                cvv:
                  type: string
                  pattern: ^\d{3,4}$
                  description: Card verification value (3 digits for Visa/MC, 4 for Amex)
                  example: '123'
              required:
                - cardNumber
                - expiryMonth
                - expiryYear
                - cvv
      responses:
        '200':
          description: Card tokenized successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/cardTokenizeResponse'
        '400':
          description: Bad request - Invalid card details
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                  status:
                    type: string
                  message:
                    type: string
                required:
                  - success
                  - status
                  - message
                additionalProperties: false
        '401':
          description: Unauthorized - Invalid API key
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                  status:
                    type: string
                  message:
                    type: string
                required:
                  - success
                  - status
                  - message
                additionalProperties: false
      security:
        - ApiKeyAuth: []
components:
  schemas:
    cardTokenizeResponse:
      type: object
      properties:
        success:
          type: boolean
        status:
          type: string
        message:
          type: string
        data:
          $ref: '#/components/schemas/cardTokenizeResponseData'
      required:
        - success
        - status
        - message
        - data
      additionalProperties: false
    cardTokenizeResponseData:
      type: object
      properties:
        cardToken:
          type: string
          description: Opaque token representing the stored card
          example: card_live_abc123xyz
        cardBin:
          type: string
          description: First 6 digits of the card number
          example: '424242'
        cardLast4:
          type: string
          description: Last 4 digits of the card number
          example: '4242'
        cardBrand:
          type: string
          description: Detected card brand
          example: visa
      required:
        - cardToken
        - cardBin
        - cardLast4
        - cardBrand
      additionalProperties: false
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      in: header
      name: x-api-key

````