Skip to main content

Payments with Hellgate Tokens

Hellgate Tokens are a great way to securely and compliantly store sensitive cardholder data. As they are by default made for exchange and multi-acquirer use, they are a splendid way to unlock your payment method data from your current payment service provider or to prevent such a lock-in upfront.

Conceptional View

Consider the following setup, where a merchant (you) maintains a solution for the shopper (your customers) to tokenize cardholder data (CHD) using our Hellgate® SDKs. The SDKs exchange the sensitive data into Hellgate® tokens, which are passed back to your backend.

Hellgate Token Use-Case

With that you as the merchant are free to use the create tokens with any payment service provider of your choice. The token will be exchanged by Hellgate® on the go with the original cardholder data.

Compliance Service

The following description will focus on the approach to use existing tokens in payment processes. You can get these tokens in place using our SDKs. Please refer to the corresponding documentation for more details.

Exemplary Use

Our compliance service, as part of the Hellgate® is responsible for exchanging token information with original cardholder data in a secure way. Please see our API documentation for technical details on how to use this service.

Instead of calling the API of your payment service provider directly, you send the request to Hellgate® and instruct how the sensitive information of the cardholder will be used.


Cardholder data can only be forwarded to allowed destinations. To add allowed destinations, please contact your Hellgate® representative. Any attempts to forward data to non-allowed destinations will result in a rejection.

curl '' \
-X 'POST' \
-H 'Content-Type: application/json' \
-H 'X-HELLGATE-TOKEN: d7d272f7-f0e8-44c6-9459-c60e1ef279d5' \
--data '
"amount": {
"currency": "EUR",
"value": 1234
"reference": "Payment-0001",
"paymentMethod": {
"type": "scheme",
"number": "{{ account_number }}",
"expiryMonth": "{{ expiration_month }}",
"expiryYear": "{{ expiration_year }}",
"cvc": "{{ security_code }}"
"merchantAccount": "<adyen_merchant_account>",
"recurringProcessingModel": "CardOnFile",
"shopperInteraction": "Ecommerce",
"storePaymentMethod": "true"

The security_code is only available for 15 minutes after the cardholder data has been stored.