CreditCardSubmissionToken expiration

We’re utilizing the credit card submission token methods to avoid sending credit card data through our servers.

It’s been working fine for the vast majority of users, though I’ve noticed a couple free trial submissions return the error message “Token expired.”

My questions are…

  1. Is this referring to the token that’s sent along with the form, or the general API access token?

  2. If it’s the token sent along with the form, what’s the expiration time on the token?

Hi @Jake_Newsom, is this question in regards to Infusionsoft Payments or the general Infusionsoft API?

I believe (it sounds like anyway) that it refers to the access token for api use. An access token has 24 hours to live and the refresh token must be used to get a new set of access/refresh tokens prior to that expiration time.

@Nicholas_Trecina I’m honestly not sure what exactly Infusionsoft Payments is. I’m guessing the API?

We’re utilizing this line of code to add a token to our free trial form which should in theory submit the credit card data directly to Infusionsoft.
$token = $infusionsoft->requestCcSubmissionToken($kcminfu_loaded_contact_id,$successUrl,$failureUrl);

@John_Borelli that was my first thought, but when I look at where and how I received the error that wouldn’t quite make sense to me. We had the “Token Expired” message returned twice today. However, in between those two we had multiple successful free trials. So I would assume the token can’t expire twice in the same day?

The other piece I noticed is that, this particular email would only send if the URL has a “message” variable in the query string, which is the variable used to return an error from the script at So I can tell that script is the one returning the token expired message. I would assume if it was our API access token, that we would be receiving the error while calling requestCcSubmissionToken() but again, that we would presumably only receive it once in a day?

Added some more debug messages to our code so I can hopefully get a better picture of what’s going wrong if it happens again

Actually it would. What you don’t see in the background of the call is that the access token would be sent along with the other parameters.

Gotcha, ok that makes sense. But what about the twice in one day, with successful calls in between?

I noticed that I was making the call to generate the token on both steps of the form, even though we don’t have a user ID until the 2nd step. So I changed that to only make the call once in case that was having anything to do with it.

Hi @Jake_Newsom, I wasn’t aware of this endpoint so I apologize for the confusion. It looks like a generated credit card submission token is only good for 30 minutes. If you try and submit a card after 30 minutes you will receive the token expired message.