# Authorize a transaction in a mobile app

{% hint style="info" %}
Before you start a sale transaction in mobile app using the [mobile transaction API](https://docs.xplorpay.com/api-references/payments/mobile/mobile-payment-transactions/mobile-transactions) endpoint, make sure you have the following:

:white\_check\_mark: [API key](https://docs.xplorpay.com/api-references/authentication#obtaining-your-access-key) issued by Xplor Pay.

:white\_check\_mark: Mobile JSON Web Token (`mobilejwt`) returned by the `successfulTransactionToken` method using the [JavaScript SDK](https://docs.xplorpay.com/guides/payment-processing-solutions/javascript) integration.
{% endhint %}

To create a multi-use or durable card token (`id`)when authorizing a transaction in mobile app:

1. Add the `create-token` field with a value of `true` to the request body when calling the [mobile transaction API](https://docs.xplorpay.com/api-references/payments/mobile/mobile-payment-transactions/mobile-transactions) endpoint to authorize a transaction in mobile app.

{% code overflow="wrap" lineNumbers="true" %}

```json
{
   "type": "AUTH",
   "amount": "0.00",
   "create-token": "true"
   "software-type": "My Cool Software"
   "software-type-version": "1.0",
     "billing":
    {
      "zip": "85284"
    }
}
```

{% endcode %}

2. Use the **POST** method to call the `rest/v2/mobile/transactions/auth` endpoint.

The API returns the following response:

{% code overflow="wrap" lineNumbers="true" %}

```json
{
    "code": "200",
    "status": "success",
    "exchange-id": "ID-clearent-mobile-jwt-1-e4795490-49d8-4302-b2c6-fc46ea001bc9",
    "links": [
        {
            "rel": "transaction",
            "href": "/rest/v2/transactions?id=118810621",
            "id": "118810621"
        },
        {
            "rel": "token",
            "href": "/rest/v2/tokens/1100000900023211111",
            "id": "1100000900023211111"
        }
    ],
    "payload": {
        "transaction": {
            "amount": "15.55",
            "id": "118810621",
            "created": "2025-05-08 18:56:50.930",
            "type": "SALE",
            "result": "APPROVED",
            "card": "XXXXXXXXXXXX1111",
            "authorization-code": "TAS475",
            "batch-string-id": "63",
            "display-message": "Transaction approved",
            "result-code": "000",
            "exp-date": "1229",
            "software-type": "Sally's Seashell Shore Software",
            "card-type": "VISA",
            "last-four": "1111",
            "merchant-id": "YOUR MID",
            "terminal-id": "10011111",
            "create-token": true
        },
        "payloadType": "transaction"
    }
}
```

{% endcode %}

The API response includes `links` array with the following fields:

<table><thead><tr><th width="113.66668701171875" valign="top">Name</th><th width="148.66668701171875" valign="top">Data type</th><th valign="top">Description</th></tr></thead><tbody><tr><td valign="top"><code>rel</code></td><td valign="top">String</td><td valign="top"><p>Indicates the type of resource the link refers to.</p><p>Common values are:</p><ul><li><code>transaction</code></li><li><code>token</code></li></ul></td></tr><tr><td valign="top"><code>href</code></td><td valign="top">String (URI)</td><td valign="top">The relative URI to access the card token.</td></tr><tr><td valign="top"><code>id</code></td><td valign="top">String</td><td valign="top">The unique multi-use or durable card token ID.</td></tr></tbody></table>

{% hint style="info" %}
See [Authorize a transaction endpoint](https://docs.xplorpay.com/api-references/payments/mobile/mobile-payment-transactions/mobile-transactions#post-rest-v2-mobile-transactions-auth) response for more information.
{% endhint %}