**Last updated**: 28 February 2024 | [**Change log**](/products/verified-tokens/changelog/)

# Get started with our Verified Tokens API

Make yourself familiar with our [API Principles](/products/reference/api-principles) to ensure a resilient integration.

## Set your headers

Setting your headers is an important part of an API request. The headers represent the meta-data associated with your API request.


```
Authorization : {your_credentials}
Content-Type : application/vnd.worldpay.verified-tokens-v2.hal+json
Accept : application/vnd.worldpay.verified-tokens-v2.hal+json
```

| Header | Description |
|  --- | --- |
| `Authorization` | The `Authorization` header is used for authentication and identification of our merchants within Access Worldpay. You **must** use the `Authorization` header for any request you send to our Verified Tokens API. |
| `Content-Type` | The `Content-Type` header is required if the request you're sending includes a request body, and if the HTTP method is a `POST` or a `PUT`. |
| `Accept` | The `Accept` header is used to identify which version of our Verified Tokens API you are using. You **must** use the `Accept` header for any request you send to our Verified Tokens API. |


If you're using both the `Content-Type` and `Accept` headers, they must match.

Note
Replace `{your_credentials}` with your base64-encoded Basic Auth username and password. To get your Access Worldpay credentials, contact your Implementation Manager.

## Next steps

We have reviewed our API Principle approach and consider our resources stable and unlikely to change. This means you can skip querying the root resource for a quicker integration and [POST directly to the API resource](/products/verified-tokens/v2/create-verified-token).

If you do want to discover all available resources, you can expand the below section "Query the root resource" for further steps.

details
summary
Query the root resource
Our APIs guide you by providing you with links to the next available actions.

To discover and start using our APIs you can query the root resource first. This returns the available resources within Access Worldpay.

### Request

`GET` `https://try.access.worldpay-bsh.securedataplatform.com/`

Note
No request body is needed for this request.

### Response

You receive all our available API resources in the response.

{
  "_links": {
    "payments:authorize": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/authorizations"
    },
    "service:payments": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments"
    },
    "service:sessions": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/sessions"
    },
    "service:tokens": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/tokens"
    },
    "service:verifications/accounts": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/accounts"
    },
    "service:verifications/customers/3ds": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifications/customers/3ds"
    },
    "service:verifiedTokens": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifiedTokens"
    },
    "service:fraudsight": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/fraudsight"
    },
    "service:exemptions": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/exemptions"
    },
    "service:payouts": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/payouts"
    },
    "service:payments/alternative/direct": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/alternative/direct"
    },
    "service:payments/alternative/action/paypal": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/alternative/action/paypal"
    },
    "service:payments/alternative/action/ideal": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/payments/alternative/action/ideal"
    },
    "service:payouts/accounts": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/payouts/accounts"
    },
    "service:payouts/events": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/payouts/events"
    },
    "service:moneyTransfers": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/moneyTransfers"
    },
    "service:foreignExchange": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/foreignExchange"
    },
    "service:accounts/statements": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/accounts/statements"
    },
    "service:accounts/balance": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/accounts/balance"
    },
    "service:accounts/transfer": {
      "href": "https://try.access.worldpay-bsh.securedataplatform.com/accounts/transfer"
    },
    "curies": [
      {
        "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/payments/{rel}",
        "name": "payments",
        "templated": true
      }
    ]
  }
}

## Query the Verified Tokens root resource

Query the `service:verifiedTokens` resource which gives you links to your next available actions and resources for our Verified Tokens API.

### The request

`GET` `https://try.access.worldpay-bsh.securedataplatform.com/verifiedTokens`

Note
No request body is needed for this request.

### The response

You receive all our available API resources in the response.

{
    "_links": {
        "verifiedTokens:cardOnFile": {
            "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifiedTokens/cardOnFile"
        },
        "verifiedTokens:sessions": {
            "href": "https://try.access.worldpay-bsh.securedataplatform.com/verifiedTokens/sessions"
        },
        "resourceTree": {
            "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifiedTokens/resourceTree.json"
        },
        "curies": [{
            "href": "https://try.access.worldpay-bsh.securedataplatform.com/rels/verifiedTokens/{rel}.json",
            "name": "verifiedTokens",
            "templated": true
        }]
    }
}
#### Resources

| Resources | Description |
|  --- | --- |
| `verifiedTokens:cardOnFile` | [Create a Verified Token](/products/verified-tokens/v2/create-verified-token#create-a-verified-token-request) that you will use to take cardOnFile payments. cardOnFile payments are payments made by the cardholder using payment instrument details that have already been stored. |
| `verifiedTokens:sessions` | Used by the [Access Checkout SDK](/products/checkout) to create a session. |


## DNS whitelisting

Whitelist the following URLs:

* `https://try.access.worldpay-bsh.securedataplatform.com/`
* `https://access.worldpay-bsh.securedataplatform.com/`


Please ensure you use DNS whitelisting not explicit IP whitelisting.

### Link caching

Note
When you make a request within Access Worldpay, you should always cache the response returned.

**Next steps**

[Create a verified token](/products/verified-tokens/v2/create-verified-token)