# Authorize a transaction in a payment terminal

{% hint style="info" %}
Before you start a sale transaction in mobile app using the[ transaction API](https://docs.xplorpay.com/api-references/payments/cards/transactions) endpoint, make sure you have the following:

:white\_check\_mark: [API key](https://docs.xplorpay.com/api-references/authentication#obtaining-your-access-key) issued by Xplor Pay.

:white\_check\_mark: Mobile JSON Web Token (`mobilejwt`) returned by the `successfulTransactionToken` method using the [JavaScript SDK](https://docs.xplorpay.com/guides/payment-processing-solutions/javascript) integration.
{% endhint %}

To create a multi-use or durable card token (`token-id`) when authorizing a transaction in a payment terminal:

1. Add the `create-token` field with a value of `true` to the request body when calling the [semi-integrated transaction API](https://docs.xplorpay.com/api-references/payments/cards/transaction-emv) endpoint to authorize a transaction in payment terminal.

{% code overflow="wrap" lineNumbers="true" %}

```json
{
    "type": "auth",
    "amount": "0.00",
    "create-token": "true"
}
```

{% endcode %}

2. Use the **POST** method to call the `rest/v2/terminal/transactions/auth` endpoint.

The API returns the following response:

{% code overflow="wrap" lineNumbers="true" %}

```json
{
    "code": "200",
    "status": "success",
    "exchange-id": "ID-clearent-transaction-emv-1-944b0307-7f55-4652-86c4-64def4ab9d9a",
    "links": [
        {
            "rel": "token",
            "href": "/rest/v2/tokens/1100005972788980011",
            "id": "1100005972788980011"
        }
    ],
    "payload": {
        "tokenResponse": {
            "token-id": "1100005972788980011",
            "times-used": "0",
            "status": "Active",
            "created": "2025-05-08T19:26:17.263Z",
            "updated": "2025-05-08T19:26:17.277Z",
            "exp-date": "1231",
            "last-four-digits": "0011",
            "card-type": "VISA",
            "software-vendor-name": "Token",
            "merchant-id": "YOUR MID",
            "token-status": "Open",
            "customer-first-name": "Test Card 01      ",
            "customer-last-name": "UAT USA"
        },
        "payloadType": "token"
    }
}
```

{% endcode %}

The API response includes `payload` object with the following field:

<table><thead><tr><th width="113.66668701171875" valign="top">Name</th><th width="148.66668701171875" valign="top">Data type</th><th valign="top">Description</th></tr></thead><tbody><tr><td valign="top"><code>token-id</code></td><td valign="top">String</td><td valign="top">The unique identifier for the created multi-use or durable card token.</td></tr></tbody></table>

{% hint style="info" %}
See [Authorize a transaction endpoint](https://docs.xplorpay.com/api-references/payments/cards/transactions/transactions#post-rest-v2-transactions-auth) response for more information.
{% endhint %}