Tokenization helps in storing sensitive Permanent Account Number information such as Credit Card numbers in a secure format to aid PCI DSS compliance.

Setting up PAN Storage

The PAN numbers are stored in a secure vault. The vault could be a relational database which has a JDBC compliant driver or an external vault provided by a third party.

Database Vault

When a database is chosen as the vault, the PAN number is stored in an encrypted format inside the vault. 

The following properties can be configured for the Database.


The name of the database server where the data needs to be stored. 


The JDBC driver class name to connect to the said database. This property gets automatically populated when a specific database is chosen.


The URL of the database server which stores the card holder data. Most of the URL is populated when the database is selected. Details like host name and port have to be specified in the place holders. 


The name of the user which enables the user to connect to the database.


The password for the user specified under the attribute Username. The password is stored in an encrypted form.

External Vault

To use an external vault, a custom class needs to be implemented for tokenization operations. The class should be an implementation of the interface shown below. For security reasons, the jar needs to be placed in the gateway server belonging to the CDE (Card holder Data Environment) directly.

Vault Interface

PCI DSS compliance Guidelines

  • The gateway server belonging to the environment in which the projects containing Tokenization Policies are deployed comes under the CDE.
  • The encryption key configuration is not available in the management dashboard to avoid the API Management Server from becoming part of CDE.  
  • The Token Generation and PAN retrieval policies must be part of different API Projects, which in turn should be part of different API Products with separate keys.


The following policies are part of Tokenization:

Adaptavist ThemeBuilder EngineAtlassian Confluence