Skip to main content

Hellgate Tokens

In order to enable easy compliance with the rules of PCI/DSS, we provide Hellgate® Tokens in exchange to sensitive cardholder data.

These tokens are safe to store on your systems and will represent the cards in your interactions with our APIs. Please use our SDKs to generate the tokens.


In contrast to many dumb tokens, the Hellgate® Tokens are not just a non-sensitive replacement but offer a rich feature set themselves.

Card Metadata

For some use cases, it is important to learn more about the underlying card or the bank that issued that card. Hellgate® Tokens are annotated with meta-data about the card type (consumer or commercial) and other useful information. Please refer to our API Reference for more information.

Network Tokens

Many card schemes (for instance VISA and Mastercard) allow exchanging cardholder data to tokens which are provisioned by the scheme itself. These tokens provide additional security attributes, aim for better conversion, and are the foundation for the implementation of many device-based payment scenarios.

If your account has enabled the provisioning of network tokens, they are automatically provisioned and maintained every time a new Hellgate® Token is issued. Please refer to our explanation of payments with network tokens for further information.


Reach out to your Hellgate® support representative to learn more about network tokens and how to make use of them.

Account Updates

Especially for the use in business models with recurring payments, expired, or replace card information often generates unnecessary friction. Hellgate® supports an automatic account update process with major card schemes, to replace the underlying card data automatically or upon request.


Reach out to your Hellgate® support representative to learn more about account updates and how to make use of them.

Ephemeral Tokens

Ephemeral tokens are temporary tokens designed for merchants who need to temporarily retain card data for short-lived operations, such as guest checkout. When creating a Hellgate token with an expiration time, a network token will not be provisioned.

To create an ephemeral token, specify the expiration_time when requesting a token session. For more information about ephemeral tokens, please refer to our API documentation.