# Create token Create and provision a new network token with a card scheme. There are three ways to create the token, which depend on the level of your PCI/DSS compliance: {% table %} - Source {% width="20%" %} - Compliance - Description --- - - Min. SAQ-A+ - This is the most common way to create a token. It will leverage the SDKs of Guardian to securely capture the cardholder data and send it encrypted to the API. --- - - Min. SAQ-D+ - In case you have the required compliance to handle cardholder data yourself, you can also just import the full data in exchange for a token. --- - - Min. SAQ-A+ - Use an existing PCI token as source. The network token will be provisioned independently from the PCI token, such that the life-cycles of the tokens are not coupled. {% /table %} {% admonition type="info" name="Important information" %} Currently only Visa, Mastercard, American Express, and Discover are supported as card schemes. The network token will be provisioned with the card scheme. {% /admonition %} Endpoint: POST /api/network/tokens Version: EAP Security: APIKey, AdminToken ## Header parameters: - `x-idempotency-key` (string) Optional idempotency key to prevent duplicate processing Example: "order_12345_retry_001" ## Request fields (application/json): - `source` (object, required) - `metadata` (object) Metadata consisting of entries, each of which each includes a key and an associated value: * Maximum 20 key-value pairs. * Maximum 20 characters per key. * Maximum 80 characters per value. Example: {"my_key_one":"my_value_one","my_key_two":"my_value_two"} ## Response 401 fields (application/json): - `code` (integer) The corresponding HTTP status code for the error - `classifier` (string) Technical code that helps to identify the error - `message` (string) Human readable representation of the error ## Response 403 fields (application/json): - `code` (integer) The corresponding HTTP status code for the error - `classifier` (string) Technical code that helps to identify the error - `message` (string) Human readable representation of the error ## Response 409 fields (application/json): - `code` (integer) The corresponding HTTP status code for the error - `classifier` (string) Technical code that helps to identify the error - `message` (string) Human readable representation of the error ## Response 422 fields (application/json): - `code` (integer) The corresponding HTTP status code for the error - `classifier` (string) Technical code that helps to identify the error - `message` (string) Human readable representation of the error - `validation_errors` (array) - `validation_errors.path` (string) Json-path in the request which points to the validation error - `validation_errors.message` (string) Human readable validation message