A customer token represents a customer's saved Klarna payment method and their consent to be charged later. This page explains how to create, use, manage, and store customer tokens.
A customer token is a unique identifier issued by Klarna that represents a customer's saved Klarna payment method and their consent to be charged later. Once you have a token, you can charge the customer without re-authorizing each transaction.
You create a customer token during a Klarna Payments checkout by setting the right intent and (for recurring use cases) including a subscription object on order_lines. Klarna mints the token at the end of the flow via purchaseToken and returns it as token_id. You then store that value against your customer record and pass it as the {customerToken} path parameter on every Customer Token API call — most importantly createOrder to charge the token later.
Tokens do not expire. They remain valid until you, the customer, or Klarna explicitly cancels them.
Subscription tokens must include a subscription object on each recurring order_lines entry at creation. On-demand and mixed-payment tokens are created without that object — for mixed payments, the subscription object is added on follow-up charges as needed.
Choose intent carefully — it cannot be changed after token creation. Subscription tokens (created with a subscription object on order_lines) are merchant-initiated and do not support step-up; on-demand tokens (created without a subscription object) are customer-initiated and may trigger step-up at Klarna's discretion. Using a token outside its intended pattern leads to authorization failures.
Customer tokens are created at the end of a Klarna Payments checkout:
1.
Step 1: Initiate a payment — call createCreditSession with the appropriate intent. For subscriptions, include the subscription object on each recurring order_line.
2.
Step 2: Checkout — load the SDK and let the customer authorize.
3.
Step 3: Create an order — required when the intent includes a purchase at signup (buy_and_tokenize, buy_and_default_tokenize).
4.
Create the customer token — POST to /payments/v1/authorizations/{authorizationToken}/customer-token to mint the token. Klarna returns the token_id — store this value, this is the customer token.
Inform the customer. You must tell the customer that you are creating a saved Klarna payment method and how you will charge it later. Include this in your terms and conditions, in the signup flow, and on the page where they confirm.
POST /customer-token/v1/tokens/{customerToken}/order
The behavior on charge depends on the use case the token was created for:
Subscription renewals are merchant-initiated. Klarna evaluates and either approves or fails the charge; step-up does not run. Failures are handled through your normal dunning process. See Charge a subscription.
On-demand charges are customer-initiated. Set step_up: SUPPORTED so Klarna can request additional customer interaction when needed. See Charge an on-demand payment via SDK or via HPP.
Follow-up charges after mixed checkout charge the tokenized Pay Now funding source. See Mixed payments.
stateDiagram-v2
[*] --> ACTIVE: purchaseToken
ACTIVE --> ACTIVE: Successful charges
ACTIVE --> CANCELLED: patchCustomerToken, customer or Klarna revokes
CANCELLED --> [*]: Cannot be reactivated
Status
Can charge?
What triggers it
ACTIVE
Yes
Successful purchaseToken.
CANCELLED
No
Explicit cancellation by you (via patchCustomerToken), by the customer, or by Klarna. Final state — cannot be reactivated.
In addition to the documented status values, Klarna may temporarily refuse charges on an otherwise-active token — for example, because the underlying funding source has become unusable, or because Klarna has placed the token under a risk hold. These cases surface as error codes on createOrder (most commonly TOKEN_SUSPENDED or PAYMENT_METHOD_REJECTED) rather than as a distinct token status. Always check status before a customer-initiated charge so you can surface a useful message instead of a 4xx; for merchant-initiated renewals, treat any failure as a dunning event.
The Customer Token API exposes three operations for reading, charging, and ending a token. Use readCustomerToken to inspect a token's current state and saved payment method, createOrder to charge it, and patchCustomerToken to cancel it.
End the customer's saved payment method when they cancel a subscription or close their account. The only supported status transition is to CANCELLED, which is final — see Customer token lifecycle.
readCustomerToken returns the current status of the token and the details of the saved payment method:
Field
Description
status
Current token state. ACTIVE tokens can be charged. See Customer token lifecycle for the full set of states.
payment_method_type
The payment method tokenized for the customer, for example INVOICE.
card
Present when the token is backed by a card. Contains brand, expiry_date, and masked_number — use these to surface the saved payment method to the customer.
direct_debit
Present when the token is backed by a direct debit. Contains masked_number.
The token identifier itself is not returned by readCustomerToken — it is the token_id you received when the token was minted by purchaseToken. Pass it as the {customerToken} path parameter on every Customer Token API call.