Client SDKs require a form of authorization to interact with the Braintree gateway. The type of authorization you provide to your client determines what the client can do.
We offer two forms of client authorization:
- A tokenization key is a lightweight reusable value that authorizes payment method tokenization.
- A client token is a short-lived value that authorizes payment method tokenization, payment method retrieval, and client-side vaulting.
|Client Token||Tokenization Key|
|Creation||Generated using server-side library||Generated in Control Panel|
|Deactivation||At Braintree's discretion prior to JWT expiration||Via the Control Panel|
|Delivery to your client||Must be sent from your server||Can be shipped with your app|
|Payment method vaulting||Yes (with customer ID)||Requires sending a payment method nonce to your server|
|List payment methods||Yes (with customer ID)||No|
|Supply configuration information||Yes||No|
|Reusable||Yes (for up to 24 hours)||Yes|
|Payment method tokenization||Yes||Yes|
|Apple Pay and Google Pay||Yes||Yes|
Tokenization keys do not require any interaction with your server until after payment information is tokenized. If you want to collect payment information to hand off to your server, tokenization keys are ideal.
Tokenization keys are also useful for situations where you want to tokenize payment information as simply as possible. If you do not require 3D Secure, tokenization keys should do everything you need.
Client tokens allow use of the full range of Drop-in functionality. If you want customers to save their payment methods directly from your client or want to present returning customers with a list of their saved payment methods, use client tokens.
Compared to tokenization keys, client tokens also reduce the latency of tokenization – particularly for clients outside the US – because they rely on public key cryptography rather than retrieval for authentication.
If your client apps allow both guests and registered users to make purchases, you may wish to use both tokenization keys and client tokens. If this applies, instantiate a new Braintree instance with your authentication method of choice.