When a card is stored in the vault, the original card information is not retrievable by the client without the cardvault_raw scope (contact support). The CVV's ttl is set to the same ttl as the card unless the card is stored longer than 30 minutes. If the card is stored longer than 30 minutes, the CVV's ttl is set to 30 minutes. The CVV should be deleted immediately after transacting (see the /cardvault/cards/cvv DELETE endpoint). After the CVV's ttl, the CVV automatically gets deleted. After the card's ttl, the card is deleted. To make the card permanent, leave out the ttl property. The full card number can be used through the proxy endpoint. You can get the first six, the last four, full name, and expiration from /cardvault/cards (GET). If you need Luhn tokens with custom BIN ranges or deterministic tokens, please contact support@enigmavault.io.

Provides card data. The first six and the last four are included in the response. The ttl values represent the time remaining in seconds until that item is purged. the original card information is not retreivable by the client without the cardvault_raw scope (contact support). If you have the proper scope, use the cardvault/raw/cards endpoint.

Returns an empty 204 response on success.

Special endpoint to retreive raw card data. It can only be used with the cardvault_raw scope.

The ephemeralKey is a one time transaction use expiring key that allows an external client to use a temporary card token. The token guid, tokenGuid, is used wherever a token is normally used. The destinationClientId is a valid Enigma Vault clientId of the destination app. The time to live (ttl) is in seconds.

The card's time to live in seconds. Once expired the card is deleted from the vault. If -1, the card lives forever until manually deleted.

Adjusts the time (seconds) until deletion. Additional time cannot be added to the CVV's ttl.

Returns an empty 204 response on success.

This endpoint allows you to use a stored card without touching the card data. Build out the request meant for the upstream url and then use the following placeholders to have the endpoint populate them with card data: ${ccn}, ${cvv}, ${fullName}, ${lastName}, ${firstName}, ${cardType}, ${mm}, ${yy}, and ${yyyy}. Supports GET/PUT/POST/DELETE. When finished transacting, delete the CVV by using the /cardvault/cards/cvv DELETE endpoint.

The card store form allows your app to store and later use customer card data without touching it. After the cardTtl expires, the card is deleted. If the user decides to save the card, the card is stored permanently. If you're seeking to permanently store the card outside of a transaction (wallet style), set walletSave to true. When finished transacting, delete the CVV by using the /cardvault/cards/cvv DELETE endpoint. If you set walletSave to true, the buttonText and cardTtl are overriden. If walletSave is true the CVV isn't requested. If you intend to use the card in a transaction within 30 minutes, set walletSave to false. On callback, your app will receive via POST the card token within the parameter eVtoken. If the customer chooses to cancel or if the form timeouts, the evException parameter will contain the reason. For cancels, evException's value will be 'cancel'. For timeouts, evException's value will be 'timeout'. If embedFormForControl is set to true, pass 'submit' as a message over to the iframe to submit the form. On response, the parent will receive an object that consists of the status, the token, and CardModel object. There are multiple ways to integrate the card store form. You can use it within a popup, redirect, simple iframe, or iframe where the parent page has control to submit the form. You can find example code for the advanced iframe integration on GitHub.

Currently returns the expiration time and current time of the session.

When a card is added to the vault, the original card information is not retrievable by the client by default. It can be used through the proxy endpoint.

The CVV store form allows your app to temporarily store the CVV until you're finished transacting. When finished, delete the CVV by using the /cardvault/cards/cvv DELETE endpoint. The CVV ttl is set to the card's ttl. If the card has a ttl of -1, the CVV ttl will be set to 1800 seconds. If autoSave is true, the callback will not trigger so the client app will need to verify the cvv ttl for its existence. There are multiple ways to integrate the cvv form. You can use it within a popup, redirect, simple iframe, (previous 3 can use autosave) or iframe where the parent page has control to submit the form. You can find example code for the advanced iframe integration on GitHub.

Currently returns the expiration time and current time of the session.

Receives card data from Twilio's Pay Generic Pay Connector and returns a token. This endpoint uses HTTP Basic Auth (not JWT). Set the Authorization header to Basic base64(clientId:password). Generate your Twilio Pay password in the Enigma Vault developer portal under Twilio Pay settings, then configure Twilio's Generic Pay Connector with your clientId as the username, your password, and this endpoint URL.

Authentication: HTTP Basic Auth — Authorization: Basic base64(clientId:password). Contact support@enigmavault.io or use the developer portal to enable Twilio Pay and set a password.

Standard fields (sent automatically by Twilio):

• method — Must be "tokenize"
• transaction_id — Twilio's idempotency token
• cardnumber — Card number (required)
• cvv — Security code (stored with a 30-minute TTL, or matches card TTL if card TTL is less than 1800s)
• expiry_month — MM format
• expiry_year — YY or YYYY format
• postal_code — Zip/postal code

Custom parameters (pass via Parameter noun in TwiML):

• full_name — Cardholder name
• card_type — Card brand override (auto-detected from BIN if omitted: visa, mastercard, amex, discover)
• reference_id — Customer or internal reference identifier (max 128 characters)
• ttl — Card time-to-live in seconds (60–220,903,200). Omit for permanent storage
• preserve_format — Set to true for Luhn-passable tokens using the card's first six and last four

TwiML example:

<Pay paymentConnector="enigma_vault" tokenType="one-time"
     action="https://your-app.example.com/pay-status">
  <Parameter name="full_name" value="Edward Nigma" />
  <Parameter name="card_type" value="visa" />
  <Parameter name="reference_id" value="CUST-12345" />
  <Parameter name="ttl" value="3600" />
  <Parameter name="preserve_format" value="true" />
</Pay>

Features:

• Preserve-format tokens (Luhn-passable) via preserve_format parameter or BIN range config
• Deterministic dedup when CardVaultDeterministic is enabled — same card returns same token
• All responses use Twilio's expected format: token_id, error_code, error_message

Creates a customer record with your external GUID. Returns the new customerId and an intake URL where end customers can securely submit files, cards, signatures, and custom fields. If a customer with the same externalId already exists, returns 409 Conflict.

Returns intake status for the specified customer. By default returns lightweight counts (fileCount, cardCount, signatureCount, fieldCount) suitable for polling. Add ?detail=true to get item-level metadata: file names/sizes, card tokens/last four, signature timestamps, and field names. The {id} parameter accepts either the internal 32-character customerId or your external ID.

Removes a customer record. This does not delete files or card tokens that were collected during intake — those remain in their respective vaults. The {id} parameter accepts either the internal 32-character customerId or your external ID.

Returns the intake page URL for the specified customer. Share this URL with your end customer so they can securely submit files, card information, signatures, and custom fields. The {id} parameter accepts either the internal 32-character customerId or your external ID.

Returns the current webhook configuration including the URL and enabled status. The webhook secret is write-only and is never included in responses. Configure webhooks to receive real-time notifications when intake events occur (file uploads, card submissions, signature captures, custom field saves).

Updates webhook URL, secret, and/or enabled flag. Only fields included in the request are updated — omitted fields are left unchanged. The webhookUrl must be a valid HTTPS URL. The webhookSecret is used to compute HMAC-SHA256 signatures on webhook payloads (sent in the X-Webhook-Signature header) so you can verify authenticity. The secret is write-only and never returned in responses.

Supports up to 5,000 plaintext objects per request. Plaintext strings must be less than 1000 characters in length. The customIdentifier attribute ties your unencrypted data to the tokens. The customIdentifier is not stored within the vault.

The ephemeralKey is a one time use expiring key that allows an external client to obtain the token's secret. To generate one, use the datavault/secrets/ephemeralKey endpoint.

Exact matches will only be returned and is case sensitive. This endpoint will not return a deterministic token.

The ephemeralKey is a one time use expiring key that allows an external client to obtain the token's secret. The destinationClientId is a valid Enigma Vault clientId of the destination app. The time to live (ttl) is in seconds. This endpoint does not currently work with deterministic tokens.

The data store form allows your application to securely collect and store sensitive customer data—such as Social Security numbers, driver's license numbers, and other personal identifiers—without directly handling it. When the user completes the form, your application will receive the tokenized result through the windows API. On success or failure, messaging will be sent to the parent page indicating the status. You may integrate the form through a controlled iframe setup. Send the message 'submit' to the iframe to trigger submission. The response will be posted to the parent with a payload containing the status and token. Example integration patterns can be found on GitHub.

Currently returns the expiration time and current time of the session.

Tokenizes a secret using the designated UI.

The url is used to upload (PUT) a file into the vault. The url has an exipration of five minutes. The file size cannot exceed 5 gigabytes. A websocket url is provided so that the status of the file can be tracked in realtime.

This endpoint has been deprecated because the file status is now provided through a websocket API.

The url is used to download the file out of the vault. The url has an exipration of five minutes. When aSync is set to true for large files, a websocket API url is returned so that the file status can be monitored in real time. When the file is finished decrypting, the download url is provided through the websocket connection.