Frequently Asked Questions

Tokeflow is a white-label payment orchestration platform. It works as a centralized, intelligent layer that receives a payment intent, applies the rules you configure, and directs the transaction to the most suitable provider — without your company having to build and maintain the complex engineering this kind of operation requires. Instead of integrating and operating each provider separately, you integrate once with Tokeflow and operate multiple providers through a unified interface.

Payment orchestration is the ability to connect to several providers (acquirers, gateways, wallets, and local methods) through a single integration, with an intelligence layer that decides where each transaction should go. Companies that sell online deal with different rules, technical requirements, and availability for every payment method. Keeping all of that running with high approval rates, low risk, and stability has become a strategic challenge. Orchestration solves it by increasing resilience, reducing dependency on a single provider, and offering routes that help maximize approvals.

For platforms, SaaS products, marketplaces, integrators, and companies that want to offer payments as a native capability of their own product — with their brand, their dashboard, and their operating model. It is especially relevant for those who need to operate more than one provider, serve multiple clients or business units, and want to keep technical autonomy without taking on the complexity of building an orchestrator from scratch.

A gateway or acquirer is a payment provider: it processes the transaction with the card networks and banks. Tokeflow does not replace those providers — it organizes them. We are the layer above the providers, responsible for routing, resilience (fallback), data standardization, and centralized operations. In practice, Tokeflow talks to several PSPs at the same time and decides which one to use in each situation, while you keep a single, consistent integration.

It means the technology operates underneath your brand. Your company can offer payments as an "in-house" capability, with a customized dashboard, domain, visual identity, and operating flow. The end customer interacts with your brand, not ours. The platform was structured from the ground up to be plugged into another company’s ecosystem — not to be a single-brand product.

Each transaction is directed to the most suitable provider based on configurable rules — by country, currency, payment method, card brand, amount, or business rules you define. This enables different strategies for different scenarios and gives you control over how and where each payment is processed, without touching code for every adjustment.

The platform provides a fallback mechanism: when a provider declines for a recoverable reason or becomes temporarily unavailable, the transaction can be automatically rerouted to an alternative provider. This increases the chances of approval and protects your operation against the instability of any single provider. The full sequence of attempts is recorded for auditing.

Yes. The platform offers complete recurring billing: plan and offer definition, billing cycles, trial periods, plan transitions, and dunning with automatic retry reprocessing. The model is designed to follow the entire lifecycle of a subscription, from start to cancellation.

Yes. Tokeflow offers automatic card updates and network token support. When the issuer reissues or renews a card, these capabilities help keep billing data current without any action from the end customer. The result is fewer failed recurring charges due to expired cards and better approval rates over time.

Yes. The platform includes a portal for the end customer, where they can manage aspects of their subscription autonomously — such as following their plan and updating data when applicable. The portal is also white-label, aligned with your brand identity.

Yes. Tokeflow is multi-tenant by design, organized on two levels: an administration layer (Organization), which controls governance, users, and the consolidated view, and the operational payment units (Merchants), where provider configuration and rules actually live. A single Organization can have several Merchants, each with its own provider arrangement and its own strategy.

Yes. There is an operational panel for configuration, monitoring, and operations: transaction views, connector and routing-rule management, event tracking, and access-key management, among other features. The panel can also be customized with your brand.

Through webhooks. The platform sends notifications about relevant transaction changes to the URL you configure, asynchronously and with reprocessing in case of delivery failure. Notifications are signed, allowing your application to validate the authenticity of every event it receives.

Tokeflow connects to multiple providers through an abstraction layer that standardizes communication with each one. The catalog of supported providers evolves continuously, and new connectors can be added according to your business needs. To find out whether a specific provider is already available, talk to our team.

The platform supports cards and alternative payment methods (APMs), with coverage that grows according to the connected providers and the regions served. The abstraction layer was designed to accommodate different methods without requiring reintegration on your side.

Yes. The platform is structured for international operations, with multi-currency support and per-country routing rules. This lets you serve different markets from a single integration.

Yes. Each Merchant configures its own connectors and credentials, and it is even possible to keep multiple accounts with the same provider. Credentials are stored encrypted, and you preserve the direct commercial relationship with each provider.

Yes, subject to the availability of the provider and the market in question. Installments are handled within the billing flow and reflected in the transaction records.

Yes. Apple Pay and Google Pay are live and supported through compatible providers, handled as tokenized card payments within the same unified integration — no separate wallet-specific integration is required on your side. Availability of specific features may vary by provider and region.

Integration happens through a REST API with a modern, predictable design, complemented by a lightweight JavaScript SDK for the frontend. The goal is for the integration to be simple, consistent, and stable: you integrate once and operate multiple providers without having to adapt your code to every configuration change.

The JavaScript SDK is distributed in a way that makes it easy to use across different frontend environments and is compatible with the main market frameworks, as well as plain JavaScript. It offers secure components for capturing payment data and visually customizable checkout elements, aligned with your brand.

Yes. The platform supports per-connector test mode, allowing you to validate integrations in a sandbox environment before operating in production.

Tokeflow’s architecture was designed precisely to reduce your PCI compliance scope. Sensitive card data does not travel through your infrastructure: it is captured and tokenized in a certified environment, and your application works only with tokens. In most integration scenarios, this significantly reduces your compliance obligations. We always recommend validating the specific framing of your case with your compliance team.

Yes. Card data tokenization is performed by a PCI DSS Level 1 certified tokenization provider, and sensitive data (such as card number and CVV) never transits through or is stored on Tokeflow’s infrastructure. Because your application handles only tokens, your compliance scope is reduced — typically to the simplest self-assessment questionnaires (SAQ-A or SAQ-A-EP).

Card data is stored in tokenized form in a certified vault dedicated to that purpose. Tokeflow operates with tokenized references, not the sensitive data itself. This means neither your infrastructure nor our backend handles raw card data.

We apply multiple layers of security: encryption in transit (TLS) on all external communications, encryption at rest for stored data, network isolation, and edge protection against threats, such as DDoS mitigation and application firewall rules. Sensitive data and personal information are handled with specific care across all records and logs.

Panel access has robust authentication with multi-factor (MFA) support, plus role-based access control (RBAC). Programmatic API access uses keys with configurable scope and optional IP restriction, letting you limit exactly what each integration can do. Administrative actions are audited.

Billing operations support idempotency keys. In practice, this guarantees that the same request sent again — due to network instability or a retry, for example — will not generate duplicate charges, always returning the result of the first execution.

The infrastructure is designed for high availability, with redundancy across multiple availability zones and automatic failover, targeting 99.9% availability. Orchestration itself contributes to resilience: if a provider fails, the transaction can follow an alternative route.

The platform maintains a standardized, consistent data model, with a detailed record of every transaction and all associated attempts. This makes it possible to reconstruct the complete timeline of a payment, simplifying audits, reconciliation, and the investigation of any specific case.

Yes. You keep visibility and control over your transaction data, with a standardized model designed for auditing, reconciliation, and portability. Tokeflow’s abstraction layer was designed to eliminate rigid provider dependencies and preserve your technical autonomy.

Pricing is defined according to each client’s profile and operating volume. Talk to our sales team to receive a proposal suited to your case.

The first step is a conversation with our team to understand your scenario — desired providers, target markets, and operating model. From there, we set up your environment and give you access to the dashboard and the integration documentation so your technical team can start integrating.