I'm currently looking into Cybersource's REST API for the tokenization of cards.
However, I'm having some trouble wrapping my head around the following and could use some advice from those who have already worked with Cybersource and are more familiar with the terminology.
Under Token Management, there's an Instrument Identifier and Payment Instrument. Instrument Identifier seems to return the same unique ID for the same card and is part of the overall Payment Instrument token.
If I POST (create) a Payment Instrument token, inside the response, I see that as well, where an Instrument Identifier is returned and giving me back the same id as long as the card is the same. However, the Payment Instrument always returns a new token.
Question: I'm trying to think of Payment Instrument as a payment method, tokenizing a card, and not per payment, but since it returns a different token each time even if I put in the same credit card, am I understanding this wrong? Should I treat the Payment Instrument as something else completely different? If I were to store a token on our side, which one would I be?
As for payments API, we can pass in a token, does this work for both types mentioned above?
Any help, guidance or thoughts are appreciated
Your observation is correct. The instrument identifier is only the identifier for the "card" number. So it will return the same id in the response if you send the same card number everytime.
In contrast, the payment instrument token, is the one that attached the card number (instrument identifier) with meta data of the card holder like billing address, shipping address and exp date etc.
To make payments from your system, you need to have all the details of the card and hence you must use the id returned from the Payment Instrument token creation API. Yes, it returns different Id for each API call you make, even if it is same instrument identifier.