Skip to main content

Account token vs. Single use token vs. Security token

Account token

A permanent payment token that replaces card/bank account details. It uniquely identifies a payment account for a customer and can be used to take take API and batch payments. By using an account token you remove the need to store card/bank account details within your environment. It is valid until you disable it. It can be created by a Single use token.

Single use token

A nonce that is created by the Trusted Frame from your web application.

You will collect card/bank account details from a customer then create a Single use token and send it to your server instead of the payment account details. It is valid for 10 minutes. You can use a Single use token to create an Account token (registration of payment details) or take an API payment.

Security token

A secure session token to initialise QuickWeb, QuickConnect and QuickVault Web/Connect. A security token is the result of a secure token request. It is valid for 1 hour.


The information contained in this publication is provided for learning purposes only and is subject to change. Revisions may be issued from time to time that encompass changes or additions to this module.

This is a guide only and it is not comprehensive. It does not impinge on or overrule any formal arrangement you may enter into with the Bank. The Bank and its officers shall not have any liability for any losses of any kind incurred in connection with any action, inaction or decision taken in reliance on the information herein or for any inaccuracies, errors or omissions. In this publication references to the "Bank" are to Westpac Banking Corporation ABN 33 007 457 141 and to any of its operating Divisions, including BankSA and St.George.