> ## Documentation Index
> Fetch the complete documentation index at: https://docs.goatpay.com.br/llms.txt
> Use this file to discover all available pages before exploring further.

# Tokenizar cartão

> Gera creditCardToken sem cobrar — reutilize em billings/create.

<RequestExample>
  ```bash cURL theme={null}
  curl -X POST 'https://api.goatpay.com.br/v1/billings/tokenize-card' \
    -H 'X-API-Key: gp_live_SUA_CHAVE' \
    -H 'Content-Type: application/json' \
    -d '{ "customer": { "name": "João da Silva", "taxId": "12345678909", "email": "joao@exemplo.com" }, "creditCard": { "holderName": "João da Silva", "number": "5162306219378829", "expiryMonth": "12", "expiryYear": "2028", "ccv": "123" }, "creditCardHolderInfo": { "name": "João da Silva", "email": "joao@exemplo.com", "cpfCnpj": "12345678909", "postalCode": "01310100", "addressNumber": "100", "phone": "11999999999" }, "remoteIp": "203.0.113.10" }'
  ```
</RequestExample>

<ResponseExample>
  ```json Success theme={null}
  {
    "success": true,
    "message": "Cartão tokenizado com sucesso",
    "data": {
      "creditCardToken": "a75a1d98-c52d-4a6b-a413-71e00b193c99",
      "creditCardBrand": "MASTERCARD",
      "creditCardNumberLast4": "8829"
    },
    "requestId": "req_abc"
  }
  ```
</ResponseExample>

### Corpo da requisição

<ParamField body="customer" type="object" required>
  Cliente (name, taxId, email, phone).
</ParamField>

<ParamField body="creditCard" type="object" required>
  holderName, number, expiryMonth, expiryYear, ccv.
</ParamField>

<ParamField body="creditCardHolderInfo" type="object" required>
  name, email, cpfCnpj, postalCode, addressNumber, phone.
</ParamField>

<ParamField body="remoteIp" type="string">
  IP do comprador.
</ParamField>


## OpenAPI

````yaml POST /billings/tokenize-card
openapi: 3.1.0
info:
  title: GoatPay API
  description: >
    API pública merchant da GoatPay. Autenticação via header `X-API-Key:
    gp_live_...`.

    Respostas de sucesso usam o envelope `{ success, message, data, requestId
    }`.

    Campos internos (`accountId`, `metadata`, histórico de entregas de webhook,
    etc.) não são expostos.

    `providerTransactionId` aparece como `referenceId`; `providerInfractionId`
    como `infractionId`.

    Rate limit global: 100 requisições por minuto por API key (HTTP 429). Sem
    chave, limite por IP.
  version: 1.0.0
servers:
  - url: https://api.goatpay.com.br/v1
    description: Produção
security:
  - apiKeyAuth: []
tags:
  - name: pix
    description: >-
      Cobranças PIX (receber), reembolsos de depósito recebido e transferências
      PIX (enviar). Alias legado em payouts/* para envios.
  - name: transfer-internal
    description: Transferências entre contas GoatPay
  - name: transfer-scheduled
    description: Transferências programadas (agendar, repetir ou por saldo)
  - name: crypto
    description: Depósitos e transferências em criptomoeda
  - name: billings
    description: >-
      Cobranças avulsas (pagamento único) — boleto, cartão ou PIX na Conta
      Padrão (PF ou PJ)
  - name: subscriptions
    description: >-
      Assinaturas recorrentes com ciclo fixo — boleto, cartão ou PIX na Conta
      Padrão (PF ou PJ)
  - name: account
    description: Saldo e extrato
  - name: subaccount
    description: Subcontas merchant (carteiras lógicas sob a conta principal)
  - name: meds
    description: Disputas MED
  - name: webhooks
    description: Endpoints de webhook de saída
  - name: payouts
    description: Alias de transfer-pix para saques PIX
  - name: customers
    description: Clientes da loja (CRM)
  - name: products
    description: Produtos e entregas digitais
  - name: coupons
    description: Cupons de desconto para links
  - name: payment-links
    description: Links de pagamento e checkout hospedado
paths:
  /billings/tokenize-card:
    post:
      tags:
        - billings
      summary: Tokenizar cartão
      description: >-
        Gera creditCardToken sem cobrar. Reutilize em cobranças e assinaturas
        com cardToken.
      operationId: tokenizeBillingCard
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/TokenizeBillingCard'
      responses:
        '200':
          $ref: '#/components/responses/SuccessEnvelope'
        '403':
          $ref: '#/components/responses/Forbidden'
components:
  schemas:
    TokenizeBillingCard:
      type: object
      required:
        - customer
        - creditCard
        - creditCardHolderInfo
      properties:
        customer:
          $ref: '#/components/schemas/PublicCustomer'
        creditCard:
          $ref: '#/components/schemas/CreditCard'
        creditCardHolderInfo:
          $ref: '#/components/schemas/CreditCardHolderInfo'
        remoteIp:
          type: string
    PublicCustomer:
      type: object
      required:
        - name
        - taxId
      properties:
        id:
          type: string
          description: ID no seu sistema (default taxId)
        name:
          type: string
        taxId:
          type: string
          description: CPF/CNPJ somente dígitos
        email:
          type: string
          format: email
        phone:
          type: string
    CreditCard:
      type: object
      required:
        - holderName
        - number
        - expiryMonth
        - expiryYear
        - ccv
      properties:
        holderName:
          type: string
        number:
          type: string
        expiryMonth:
          type: string
        expiryYear:
          type: string
        ccv:
          type: string
    CreditCardHolderInfo:
      type: object
      required:
        - name
        - email
        - cpfCnpj
        - postalCode
        - addressNumber
        - phone
      properties:
        name:
          type: string
        email:
          type: string
          format: email
        cpfCnpj:
          type: string
        postalCode:
          type: string
        addressNumber:
          type: string
        addressComplement:
          type: string
        phone:
          type: string
        mobilePhone:
          type: string
    SuccessEnvelope:
      type: object
      required:
        - success
        - message
        - data
      properties:
        success:
          type: boolean
          example: true
        message:
          type: string
          example: Operação concluída com sucesso
        data:
          type: object
          additionalProperties: true
        requestId:
          type: string
    ErrorEnvelope:
      type: object
      required:
        - success
        - message
        - error
      properties:
        success:
          type: boolean
          example: false
        message:
          type: string
          example: Subconta inativa
        error:
          type: object
          properties:
            code:
              type: string
              example: Bad Request
            statusCode:
              type: integer
              example: 400
        requestId:
          type: string
          example: req_abc123
  responses:
    SuccessEnvelope:
      description: Operação concluída.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/SuccessEnvelope'
          examples:
            default:
              summary: Sucesso
              value:
                success: true
                message: Operação concluída com sucesso
                data: {}
                requestId: req_abc123
    Forbidden:
      description: Chave sem permissão para este endpoint.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: X-API-Key
      description: Chave `gp_live_...` criada em Integrações → Chaves de API no dashboard.

````