This is a Next.js application that demonstrates tokenized credit card processing using Basis Theory and Crossmint APIs. The app shows how to securely tokenize credit card information and process agentic payments without handling sensitive card data directly.
- Node.js (version 18 or higher)
- npm or yarn package manager
-
Clone the repository
git clone https://github.com/Crossmint/crossmint-checkout-tokenized-cc-demo cd crossmint-checkout-tokenized-cc-demo -
Install dependencies
npm install
-
Start the development server
npm run dev
-
Set up HTTPS for local development (Required) Due to security reasons, the card verification process cannot happen in an HTTP environment. Use ngrok to create an HTTPS tunnel:
ngrok http 3000 (or the port shown in your terminal) -
Open your browser Navigate to the HTTPS URL provided by ngrok (e.g.,
https://abc123.ngrok.io) instead of the local HTTP URL
In cases of unreliability with the Visa/Mastercard Agentic commerce APIs (e.g. payment intent creation) use the non-agentic flow by setting the value of TOKEN_TYPE in src/consts.ts to "basic"
This will create a credit card token that can be passed to the checkout (orders) endpoint identically to an agentic token.
Please use this Mastercard test card: 5120350110725465 (any CVC and expiration date)
This application demonstrates a complete tokenized credit card payment flow:
- Card Tokenization: Securely tokenizes credit card information using Basis Theory
- Payment Method Creation: Creates a payment method from the tokenized card
- Purchase Intent: Initiates a purchase intent through Crossmint
- Verification: Verifies the purchase intent and returns a payment intent ID
- After the card is registered on the home page, the app redirects to
/orderwith apaymentIntent. - On
/order, the user enters:- URL of product to purchase
- Optional note
- On submit, the app:
- Calls
POST /api/2022-06-09/orderswithlineItems.productLocator = url:<url>:<note>and collectsresponse.order.orderId. - Calls
POST /api/unstable/orders/{orderId}/paymentwith body{ token: "vic:<paymentIntent>" }.
- Calls
- The result of the payment call is displayed on the page.
Note this implementation is in staging. When the production version is available OTP flows and passkey generation/verification steps will be part of the user's card registration and payment flow.
When you successfully complete the payment flow, you should see the following console output (in your browser's developer tools):
{
"token": {
"id": "6b03dfb8-0d84-414d-b97f-687b418291d6",
"type": "card",
"card": {
"bin": "51203501",
"last4": "5465",
"expirationMonth": "12",
"expirationYear": "2030",
"brand": "mastercard"
},
"data": {
"number": "XXXXXXXXXXXX5465",
"expirationMonth": "12",
"expirationYear": "2030"
},
"privacy": {
"classification": "pci",
"impactLevel": "high",
"restrictionPolicy": "mask"
}
}
}{
"paymentMethod": {
"id": "eea862d4-0bb6-4620-93c2-9a45832f5d9c",
"type": "card",
"card": {
"brand": "mastercard",
"type": "credit"
},
"credentialTypes": ["virtual-card"],
"createdAt": "2025-08-13T20:07:12.443Z"
}
}{
"purchaseIntent": {
"purchaseIntentId": "13d2fe18-2175-4d36-bba9-76afcd29e934"
}
}{
"paymentIntent": {
"id": "13d2fe18-2175-4d36-bba9-76afcd29e934",
"intentId": "13d2fe18-2175-4d36-bba9-76afcd29e934",
"purchaseIntentStatus": "active",
"status": "SUCCESS",
"updatedAt": "2025-08-13T20:07:14.039Z",
"verification": {
"method": "mastercard",
"verifiedAt": "2025-08-13T20:07:14.002Z",
"correlationId": "..."
}
}
}CheckoutPage: Main component that fetches API credentialsCheckoutWithBT: Wraps the payment form with Basis Theory providersPaymentForm: Handles card input and payment submission
- Setup: Fetches JWT and API key
- Tokenization: Uses Basis Theory to tokenize card data
- Payment Method: Creates payment method from token
- Purchase Intent: Initiates purchase through Crossmint
- Verification: Verifies and returns final payment intent
This project is licensed under the MIT License.