Securing Browser-Based Tokenization

October 25, 2019

Two new API calls provide increased browser-based tokenization security.

The AuricVault® tokenization service includes browser-based tokenization and detokenization.
Browser based tokenization allows you to store and retrieve sensitive data directly from the browser; the data never touches your servers.

The new get_encrypt_session and get_decrypt_session API calls provide additional security by:

  • Controlling when the user can tokenize and when they can detokenize.
  • Declaring which tokens can be detokenized in the browser.

These new API calls provide increased browser-based tokenization security and ensure that what the user is doing in the browser is what you intend them to do.


This API call is identical to the existing get_session API call, with the added feature of ensuring the only action a user can take with this session ID is to encrypt data.


This API call ensures the only action a user can take with the returned session ID is to lookup (decrypt) a token. It also defines the specific token that the user can retrieve. 

This API call takes a list of one to five token IDs that the user can look up and display in their browser.
The user receives an error if they attempt to look up a token that is not on the list.


Check out the latest Session Management Methods documentation.

Have Questions?

Contact Us

1,000 character limit.

By submitting your name, email address, phone number, and message, you are permitting us to contact you by these means in response to your inquiry or feedback. You also acknowledge that you have read our Privacy Statement and that you consent to our processing data in accordance with it.