# Create a payment token Creates a payment token which can be exchanged into a payment instrument. FramePay is the recommended way to create a payment token because it minimizes PCI DSS compliance. Once a payment token is created, it can only be used once. A payment token expires upon first use or within 30 minutes of the token creation, whichever comes first. Endpoint: POST /tokens Version: latest Security: PublishableApiKey, SecretApiKey, JWT ## Response 401 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. ## Response 403 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. ## Response 422 fields (application/json): - `status` (integer) HTTP status code. - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced. - `invalidFields` (array) Invalid field details. - `invalidFields.field` (string) Name of the field. Dot notation is used for nested object field names. - `invalidFields.message` (string) Message field. ## Response 429 fields (application/json): - `type` (string) Problem type in the form of a [URI](https://tools.ietf.org/html/rfc3986) reference. It should provide human-readable documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". Example: "about:blank" - `title` (string) Short, human-readable summary of the problem type. Other than for the purposes of localization, this should not change from occurrence to occurrence of the problem. Example: "Rate Limit Exceeded" - `status` (integer) HTTP status code. - `detail` (string) Human-readable explanation that is specific to this occurrence of the problem. Example: "A request cannot be executed because the user has sent too many requests within a certain period of time" - `instance` (string) URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.