Set up OAuth for Card Data Security

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:4分

    • After you configure your tokenizer service, follow these steps to set up OAuth connectivity with your ServiceNow instance. This connection is required to get file metadata and download URLs from files hosted in the tokenizer service vault.

    Token Authentication in Card Data Security

    Card Data Security uses JSON Web Tokens (JWT) for authentication. It uses the following token types for authentication:
    • Regular tokens—used for authentication in backend connections.
    • Context-aware tokens—required for user interactions in the UI, such as viewing documents in the data vault.

    Overview of tasks to set up OAuth for Card Data Security

    When you set up OAuth for Card Data Security, repeat these steps for each connection type in the table below.
    表 : 1. Connection types
    Name Connection Alias Description
    Service Token CardDataSecurity.ServiceToken For Vault API interactions and backend requests, such as retrieving file download URLs or external document metadata.
    Client Token CardDataSecurity.ClientToken For obtaining context-aware bearer tokens that are used in detokenization requests. Used for viewing files and revealing PAN values.
    Data Token Signer CardDataSecurity.DataTokenSigner Required for context-aware authorization. Signs data tokens that are used to make detokenization requests to the data vault. Used for revealing PAN values.
    注:
    The steps below differ when setting up a data token signer. See Set up a Token Signer for specific steps on configuration.
    1. Create a JKS file

      Generate a Java KeyStore (JKS) file for OAuth authentication setup.

    2. Create an X.509 Certificate

      Create an X.509 certificate record by uploading a JKS file and configuring the certificate settings.

    3. Set up a JWT key

      Configure a JSON Web Token (JWT) key by linking X.509 certificates with tokenizer service credentials.

    4. Set up a JWT Provider

      Configure a JWT Provider by setting up signing configurations and claim values.

    5. Set up an OAuth Provider

      Configure an OAuth provider to establish the necessary connection credentials and JWT configuration.

    6. Set up the Connection & Credential records

      Configure the Vault API connection to establish the endpoint URL and vault ID required for data tokenization operations.

    7. Set up an OAuth Credential

      Create an OAuth 2.0 credential to enable secure authentication for Card Data Security integrations.

    8. Set up the OAuth Vault API REST message

      Configure the Data Security Vault API REST message with the correct endpoint URL and OAuth authentication profile.