Tokenization is the process QorCommerce uses to collect sensitive card or bank account details directly from your customers in a secure manner. A token representing this information is returned to your server to use. You should use our recommended payments integrations to perform this process client-side. This ensures that no sensitive card data touches your server, and allows your integration to operate in a PCI-compliant way.
If you cannot use client-side tokenization, you can also create tokens using the API with either your publishable or secret APP and Client key. Keep in mind that if your integration uses this method, you are responsible for any PCI compliance that may be required, and you must keep your secret APP key and Client key safe. Unlike with client-side tokenization, your customer's information is not sent directly to QorCommerce, so we cannot determine how it is handled or stored.