Set up OAuth for Card Data Security

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read
  • After you configure your tokenizer service, follow these steps to set up OAuth connectivity with your ServiceNow instance. This connection is required to get file metadata and download URLs from files hosted in the tokenizer service vault.

    Token Authentication in Card Data Security

    Card Data Security uses JSON Web Tokens (JWT) for authentication. It uses the following token types for authentication:
    • Regular tokens—used for authentication in backend connections.
    • Context-aware tokens—required for user interactions in the UI, such as viewing documents in the data vault.

    Set up card network integration

    When you set up OAuth for card network integration, set up each following connection type.
    Table 1. Connection types
    Name Connection Alias Description Procedure
    Service Token CardDataSecurity.ServiceToken For Vault API interactions and backend requests, such as retrieving file download URLs or external document metadata. Perform all the following steps for this connection type.
    Client Token CardDataSecurity.ClientToken For obtaining context-aware bearer tokens that are used in detokenization requests. Used for viewing files and revealing PAN values. Perform all the following steps for this connection type.
    Data Token Signer CardDataSecurity.DataTokenSigner Required for context-aware authorization. Signs data tokens that are used to make detokenization requests to the data vault. Used for revealing PAN values. Refer to Set up a Token Signer for specific steps on this connection type.

    Set up Verifi integration

    Prepare the following values before you set up this integration. Obtain these values from your Verifi onboarding documentation or account manager, and from your tokenizer service connection setup procedure.
    • Signing algorithm: typically HMAC256 (confirm with Verifi).
    • JWT Signing Key: a unique key provided by Verifi.
    • JWT Expiry Interval: value in seconds, provided by Verifi.
    • Issuer ID: provided by Verifi.
    • API Version: provided by Verifi.
    • Tokenizer service connection URL: URL used to route requests to Verifi's APIs.
    • Tokenizer service API key: provided by the tokenizer service during connection setup.