The REST API uses a Bearer Token which is created for you by the Authentication server. Using an 8-digit API username and 36-character API key. Bearer Tokens are used, valid for only 60 minutes.
A valid bearer token must be sent with all API Requests.
Each card token is encrypted using RSA encryption with 2048-bit key size.
These tokens must either be used for a transaction or saved to a payer within 20 minutes, otherwise the token expires. Once a card is saved against a payer, transaction can be generated by the partner software without access to the card data. This again limits the handling of card data by the partner software.