Client SDKs require a form of authorization to interact with the Braintree gateway. The type of authorization you provide to your client determines what the client can do.

Types of authorization

We offer two forms of client authorization:

  • A tokenization key is a lightweight reusable value that authorizes payment method tokenization.
  • A client token is a short-lived value that authorizes payment method tokenization, payment method retrieval, and client-side vaulting.


Client Token Tokenization Key
Creation Generated using server-side library Generated in Control Panel
Deactivation At Braintree's discretion prior to JWT expiration Via the Control Panel
Delivery to your client Must be sent from your server Can be shipped with your app
Payment method vaulting Yes (with customer ID) Requires sending a payment method nonce to your server
List payment methods Yes (with customer ID) No
Supply configuration information Yes No
Reusable Yes (for up to 24 hours) Yes
Payment method tokenization Yes Yes
Credit cards Yes Yes
PayPal Yes Yes
Apple Pay and Google Pay Yes Yes
Venmo Yes Yes
3D Secure Yes No

When to use tokenization keys

Tokenization keys do not require any interaction with your server until after payment information is tokenized. If you want to collect payment information to hand off to your server, tokenization keys are ideal.

Tokenization keys are also useful for situations where you want to tokenize payment information as simply as possible. If you do not require 3D Secure, tokenization keys should do everything you need.

When to use client tokens

Client tokens allow use of the full range of Drop-in functionality. If you want customers to save their payment methods directly from your client or want to present returning customers with a list of their saved payment methods, use client tokens.

Compared to tokenization keys, client tokens also reduce the latency of tokenization – particularly for clients outside the US – because they rely on public key cryptography rather than retrieval for authentication.

Using both

If your client apps allow both guests and registered users to make purchases, you may wish to use both tokenization keys and client tokens. If this applies, instantiate a new Braintree instance with your authentication method of choice.

See also