POST /test-tokens

Create a test card token with a long-lived CVC session (1-year TTL). Test CVC sessions are not deleted after use in proxy (unlike production CVC sessions). Use for development and testing. Auth: X-API-Key (or JWT) is always required. X-Pub-Key is required when using a production vault API key; test/sandbox API keys do not require it. For a production pub key, contact ammar@ozura.com.

Request

{
  "cardNumber": "4111111111111111",
  "expirationMonth": "12",
  "expirationYear": "2025",
  "cvc": "123",
  "firstName": "Test",
  "lastName": "User"
}

Field	Type	Required	Description
`cardNumber`	string	Yes	Test card number
`expirationMonth`	string	Yes	2-digit month (01–12)
`expirationYear`	string	Yes	2- or 4-digit year
`cvc`	string	Yes	Security code
`firstName`	string	No	Cardholder first name
`lastName`	string	No	Cardholder last name

Response

201 Created. Includes token, cvc_session_id, mask, bin, test_mode: true, and expires_in (e.g. "1 year (test session)"). The CVC session is long-lived and is not deleted after use in proxy. See POST /tokenize for production tokenization. CVC sessions from /tokenize have a 90-second TTL and are deleted after use.

​POST /test-tokens

​Request

​Response

POST /test-tokens

Request

Response