Client SDKs require a form of authorization to interact with the Braintree gateway. The type of authorization you provide to your client determines what the client can do.

Types of authorization

We offer two forms of client authorization:

  • A tokenization key is a lightweight reusable value that authorizes payment method tokenization.
  • A client token is a single use value that authorizes payment method tokenization, payment method retrieval, and client-side vaulting.


Client Token Tokenization Key
Creation Generated using server-side library Generated in Control Panel
Delivery to your client Must be sent from your server Can be shipped with your app
Payment method vaulting Yes (with customer ID) Requires sending a payment method nonce to your server
List payment methods Yes (with customer ID) No
Supply configuration information Yes No
Reusable No Yes
Payment method tokenization Yes Yes
Credit cards Yes Yes
PayPal Yes Yes
Apple Pay and Android Pay Yes Yes
Venmo Yes Yes
3D Secure Yes No

When to use tokenization keys

Tokenization keys do not require any interaction with your server until after payment information is tokenized. If you want to collect payment information to hand off to your server, tokenization keys are ideal.

Tokenization keys are also useful for situations where you want to tokenize payment information as simply as possible. If you do not manage customers in the Vault, tokenization keys should do everything you need.

When to use client tokens

Client tokens allow use of the full range of Drop-in functionality. If you want customers to save their payment methods directly from your client or want to present returning customers with a list of their saved payment methods, use client tokens.

Using both

If your client apps allow both guests and registered users to make purchases, you may wish to use both tokenization keys and client tokens. If this applies, instantiate a new Braintree instance with your authentication method of choice.

See also