Veliro is the independent control layer for stored payment credentials. Switch PSPPayment service provider (acquirer or gateway)s, route smarter, and lift authorization, without ever asking a customer to re‑enter a card.
Scroll horizontally on narrow viewports to read the full trace.
synchronous · one round trip · token returned in‑band
The credential layer is the one piece of payments infrastructure you should never rent from a processor. Own the token, own the cryptogram, own the audit trail, and a PSP becomes a routing decision you can change without telling a single customer to re‑add their card.
Read why we’re building a neutral credential layerMost merchants don’t actually own their stored credentials. They’re tied to a processor’s token framework. Try to switch PSPs, add a backup, route smarter, or recover from an outage, and you find out who really owns the relationship.
Three commercial costs of PSP‑tied credentials, the ones that surface the moment you try to switch processor, add a backup, or renegotiate your rate.
Switch processors and you re‑enroll millions of cards. Add a backup acquirer and your credential estate fragments. A credential should travel with you. In most stacks, it can’t.
Network tokens lift CNP approval rates in scheme benchmarks (Visa reports +4.6% on eligible traffic), but only with MDESMastercard Digital Enablement Service, VTSVisa Token Service, and AETSAmerican Express Token Service live and the right cryptogram on every transaction. Most teams ship one network and leave the rest on the table.Scheme benchmark, not a Veliro measurement.
One PSP holding your entire credential estate is one outage, one re‑pricing, or one acquisition away from an emergency migration. The risk never shows on a dashboard, until it does.
Veliro sits between your application and the card networks, never between you and your processor. Card data enters through the Secure Fields SDK, we hold the network relationships directly, and a unified credential comes back in one synchronous call. Your acquirer choice stays yours.
Drop our JavaScript SDK into your checkout to render PCI‑compliant hosted fields. Card data never touches your servers, keeping you SAQ‑A eligible from day one.
A single POST /v1/tokens enrolls the card with the right network, binding the credential to your merchant identifier, not your processor’s. A follow‑up POST …/cryptogram retrieves a single‑use cryptogram per authorization.
Authorize with any acquirer you choose. Lifecycle webhooks fire on card updates, expiries, and suspensions. Move PSPs without re‑enrolling a single stored card.
Tokens, cryptograms, and lifecycle are exposed as orthogonal REST resources. Compose them. Don’t subscribe to a flow.
Credentials provisioned to your merchant identifier on the network, not your gateway’s. Provision, retrieve, suspend, resume, and delete without a processor in the loop. The credential follows you across PSPs.
/v1/tokens/v1/merchants/{m_id}/tokens/{id}/v1/tokens/{id}/suspend/v1/tokens/{id}/resumePer‑transaction TAVVToken Authentication Verification Value (Visa cryptogram) (Visa) and UCAFUniversal Cardholder Authentication Field (Mastercard cryptogram) (Mastercard) cryptograms with the right ECIElectronic Commerce Indicator indicator and unpredictable number. Issuers see the credentials they expect, acquirers see a token they can route, and authorization climbs, with a clean attribution path back to the strategy that earned it.
/v1/merchants/{m_id}/tokens/{id}/cryptogramPURCHASE · RECURRING · INSTALLMENTper schemeSigned events for every credential state change: creation, suspension, network token activation, cryptogram invalidation, deletion. Failed deliveries retry and any past delivery is replayable, so a stalled consumer doesn’t become a lost event.
/v1/webhooks/v1/webhooks/{id}/deliveries/v1/webhooks/{id}/deliveries/{d}/replayHMAC‑SHA256Predictable resources, JSON bodies, structured errors, transparent rate limits, and idempotency keys on every mutation. The same contract from sandbox to production.
Idempotency-Key on every mutating call; retries are safe by construction. No webhook subscription needed for the happy path.pk_* publishable keys for Secure Fields, server‑side vk_* merchant keys for tokens, cryptograms, connections, and webhooks.Veliro-Signature HMAC and a rotatable secret./v1/webhooks/{id}/deliveries. Audit logs stream from /v1/organizations/{id}/audit-logs.POST /v1/tokens HTTP/1.1 Host: api.veliro.com Authorization: Bearer vk_live_4kGp8x… Content-Type: application/json Idempotency-Key: checkout_9f2a1e { "card_data": "eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMi…", // JWE, public key from JWKS "country": "GB", "source": "CARD_ON_FILE", "external_customer_id": "cus_8fa92b", "reference": "checkout_9f2a1e" }
HTTP/1.1 201 Created X-Request-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890 { "id": "d4e5f6a7-b8c9-0123-def0-123456789abc", "merchant_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", "scheme": "VISA", "token_state": "ACTIVE", "network_token_state": "PROVISIONING_PENDING", "card_bin": "489537", "card_last_digits": "9876", "card_expiry_date": "1228", // MMYY "source": "CARD_ON_FILE", "external_customer_id": "cus_8fa92b", "reference": "checkout_9f2a1e", "created_at": "2026-05-25T14:32:01.887Z" }
Veliro is the audited boundary. Your stack stops touching PANs when checkout runs through Secure Fields, while you keep visibility into credential lifecycle and routing. Formal attestations are in progress; current status and evidence links are in the trust center.
| Certification | Scope | Status | Evidence |
|---|---|---|---|
| SOC 2 Type II | Security, availability, confidentiality controls | In progress · observation window underway | SOC 2 status |
| PCI DSS v4.0 Level 1 | Service-provider vault, tokenization, cryptograms | Scope locked · QSA assessment in progress | PCI scope |
| ISO/IEC 27001:2022 | ISMS · key handling, vault tenancy, incident response | ISMS implemented · certification audit underway | Trust center |
| PSD2 · EU SCA | RTS-aligned issuer step-up and TRA exemption modes | RTS-aligned · self-attested | Security posture |
Request sandbox keys and provision your first credential under your TRIDToken Requestor ID: your merchant identifier on the card networks in minutes. Secure Fields keeps checkout on SAQ-APCI SAQ-A: card data never touches merchant servers; scheme benchmarks for auth and interchange live in the trust center.