# Tokenization Services
## GetClientSession
**Endpoint URL:**\
`https://secure.ftipgw.com/admin/ws/recurring.asmx?op=GetClientSessionID`
**Method:**\
SOAP (Action: `GetClientSessionID`)
**Description:**\
Generates a `ClientSessionID`, which is a temporary token used to associate a cardholder or payer with subsequent tokenization requests (e.g., `GetToken`, `GetCheckToken`). This session ID must be passed in with any tokenization call.
**Request Parameters:**
| Name | Type | Required | Description |
| --------- | ------ | -------- | ------------------------------------------------- |
| Username | string | Yes | API credential username |
| Password | string | Yes | API credential password |
| ClientIP | string | Yes | IP address of the end user initiating the session |
| UserAgent | string | No | Optional browser or client User-Agent string |
**Notes:**
* `ClientSessionID` is **required** in all tokenization calls and is valid for a short time only.
* `Username` and `Password` are SOAP-level credentials, not tied to merchant accounts.
* `ClientIP` should reflect the actual end user's IP — using a server IP may affect fraud tools.
* Including the `UserAgent` may assist with device fingerprinting or risk analysis, if enabled.
* Be sure to secure and store this session ID only temporarily.
#### SOAP 1.1
The following is a sample SOAP 1.1 request and response. The placeholders shown need to be replaced with actual values.
```
POST /admin/ws/recurring.asmx HTTP/1.1
Host: secure.ftipgw.com
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://www.tpisoft.com/Admin/ws/GetClientSessionID"
stringstringstring
```
```
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
stringstringstringstringstringstringOK or Unknown_Error or Access_Denied or Invalid_Login or Invalid_User_Status or Invalid_User or User_Not_Found or Username_Already_In_Use or Username_Has_Invalid_Characters or Not_Enough_Privilege or Invalid_PartnerID or Invalid_VendorID or Invalid_Argument or Invalid_Record or Transaction_Type_Not_Supported_By_Host or Internal_Error or Invalid_ProcessorID or Processor_Not_Found or InValidPasswordstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstring
```
#### HTTP POST
The following is a sample HTTP POST request and response. The placeholders shown need to be replaced with actual values.
```
POST /admin/ws/recurring.asmx/GetClientSessionID HTTP/1.1
Host: secure.ftipgw.com
Content-Type: application/x-www-form-urlencoded
Content-Length: length
Username=string&Password=string&Vendor=string
```
```
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
stringstringstringstringstringstringOK or Unknown_Error or Access_Denied or Invalid_Login or Invalid_User_Status or Invalid_User or User_Not_Found or Username_Already_In_Use or Username_Has_Invalid_Characters or Not_Enough_Privilege or Invalid_PartnerID or Invalid_VendorID or Invalid_Argument or Invalid_Record or Transaction_Type_Not_Supported_By_Host or Internal_Error or Invalid_ProcessorID or Processor_Not_Found or InValidPasswordstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstring
```
## GetToken
**Endpoint URL:**\
`https://secure.ftipgw.com/admin/ws/recurring.asmx?op=GetToken`
**Method:**\
SOAP (Action: `GetToken`)
**Description:**\
Retrieves a `CcInfoKey` for a user, which represents a tokenized version of the credit card. This key can be reused for future transactions without resubmitting raw card data.
**Request Parameters:**
| Name | Type | Required | Description |
| --------------- | ------ | -------- | ---------------------------------- |
| ClientSessionID | string | Yes | Identifies the user session |
| CcAccountNum | string | Yes | Raw credit card number to tokenize |
| CcExpDate | string | Yes | Expiration date in MMYY format |
| CcNameOnCard | string | No | Name on the card, as it appears |
**Notes:**
* This is a sensitive operation and must be called over HTTPS with appropriate security controls in place.
* The resulting `CcInfoKey` is used in place of card data for subsequent transactions.
* This call does **not** authorize a payment or validate the card beyond formatting.
* `ClientSessionID` must be retrieved via a prior call to `GetClientSession`.
* The `CcNameOnCard` field is optional and not validated or persisted.
#### SOAP 1.1
The following is a sample SOAP 1.1 request and response. The placeholders shown need to be replaced with actual values.
```
POST /admin/ws/recurring.asmx HTTP/1.1
Host: secure.ftipgw.com
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://www.tpisoft.com/Admin/ws/GetToken"
stringstringstringstringstringstringstringstring
```
```
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
stringstringstringstringstringstringOK or Unknown_Error or Access_Denied or Invalid_Login or Invalid_User_Status or Invalid_User or User_Not_Found or Username_Already_In_Use or Username_Has_Invalid_Characters or Not_Enough_Privilege or Invalid_PartnerID or Invalid_VendorID or Invalid_Argument or Invalid_Record or Transaction_Type_Not_Supported_By_Host or Internal_Error or Invalid_ProcessorID or Processor_Not_Found or InValidPasswordstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstring
```
#### HTTP POST
The following is a sample HTTP POST request and response. The placeholders shown need to be replaced with actual values.
```
POST /admin/ws/recurring.asmx/GetToken HTTP/1.1
Host: secure.ftipgw.com
Content-Type: application/x-www-form-urlencoded
Content-Length: length
ClientSessionID=string&CcAccountNum=string&CcExpDate=string&CcNameOnCard=string&CcStreet=string&CcZip=string&FirstName=string&LastName=string
```
```
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
stringstringstringstringstringstringOK or Unknown_Error or Access_Denied or Invalid_Login or Invalid_User_Status or Invalid_User or User_Not_Found or Username_Already_In_Use or Username_Has_Invalid_Characters or Not_Enough_Privilege or Invalid_PartnerID or Invalid_VendorID or Invalid_Argument or Invalid_Record or Transaction_Type_Not_Supported_By_Host or Internal_Error or Invalid_ProcessorID or Processor_Not_Found or InValidPasswordstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstring
```
## GetCheckToken
**Endpoint URL:**\
`https://secure.ftipgw.com/admin/ws/recurring.asmx?op=GetCheckToken`
**Method:**\
SOAP (Action: `GetCheckToken`)
**Description:**\
Retrieves a `CheckInfoKey` for a user, which represents a tokenized version of their bank account information. This key can be used to initiate ACH or eCheck transactions without resubmitting raw bank data.
**Request Parameters:**
| Name | Type | Required | Description |
| --------------- | ------ | -------- | ------------------------------------------------------ |
| ClientSessionID | string | Yes | Identifies the user session |
| BankRoutingNum | string | Yes | The bank routing number (9 digits) |
| BankAccountNum | string | Yes | The bank account number |
| BankAcctType | string | Yes | Type of account: `"C"` for Checking, `"S"` for Savings |
| BankName | string | No | Optional bank name |
**Notes:**
* The returned `CheckInfoKey` can be stored and reused for initiating future ACH transactions.
* This call does **not** validate the bank account or perform any micro-deposits.
* `ClientSessionID` must be created via `GetClientSession` beforehand.
* The `BankAcctType` is typically `"C"` or `"S"` — this field must be correctly set or the request will fail.
* Always use HTTPS, and do not log or persist raw account/routing numbers.
#### SOAP 1.1
The following is a sample SOAP 1.1 request and response. The placeholders shown need to be replaced with actual values.
```
POST /admin/ws/recurring.asmx HTTP/1.1
Host: secure.ftipgw.com
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://www.tpisoft.com/Admin/ws/GetCheckToken"
stringstringstringstringstringstringstringstringstringstring
```
```
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
stringstringstringstringstringstringOK or Unknown_Error or Access_Denied or Invalid_Login or Invalid_User_Status or Invalid_User or User_Not_Found or Username_Already_In_Use or Username_Has_Invalid_Characters or Not_Enough_Privilege or Invalid_PartnerID or Invalid_VendorID or Invalid_Argument or Invalid_Record or Transaction_Type_Not_Supported_By_Host or Internal_Error or Invalid_ProcessorID or Processor_Not_Found or InValidPasswordstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstring
```
#### HTTP POST
The following is a sample HTTP POST request and response. The placeholders shown need to be replaced with actual values.
```
POST /admin/ws/recurring.asmx/GetCheckToken HTTP/1.1
Host: secure.ftipgw.com
Content-Type: application/x-www-form-urlencoded
Content-Length: length
ClientSessionID=string&CkAccountNum=string&CkTransitNum=string&CkNameOnAccount=string&CheckType=string&AccountType=string&CkStreet=string&CkZip=string&FirstName=string&LastName=string
```
```
HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Content-Length: length
stringstringstringstringstringstringOK or Unknown_Error or Access_Denied or Invalid_Login or Invalid_User_Status or Invalid_User or User_Not_Found or Username_Already_In_Use or Username_Has_Invalid_Characters or Not_Enough_Privilege or Invalid_PartnerID or Invalid_VendorID or Invalid_Argument or Invalid_Record or Transaction_Type_Not_Supported_By_Host or Internal_Error or Invalid_ProcessorID or Processor_Not_Found or InValidPasswordstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstring
```
##
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://developers.frontstream.com/argofire/full-endpoint-reference-and-tools/tokenization-services.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.