Overview
Adyen stores tokens at the merchant account level (for Valpay), not at the sub-merchant level. Therefore, when a sub-merchant requests their tokens, a specific list of shopper references must be provided. Without this list, Adyen cannot isolate which tokens belong to the sub-merchant, and the export would include all tokens under Valpay’s account.
Responsibilities
Valpay Team: Owns and submits the token export request to Adyen.
Sub-Merchant (Partner): Provides a complete list of shopper references to be exported.
New Service Provider: Must supply PCI and encryption credentials for secure data transfer.
Process Steps
Step 1: Submit Token Export Request
Submit a request to [email protected] specifying that a token export is needed for sub-merchant.
Include:
Sub-merchant name
Reason for export (e.g., churn or migration)
Contact details for the new service provider
Valpay support with submit this information to Adyen in a ticket.
Step 2: Provide Shopper Reference List
Create a .csv file listing all shopper references that belong to the sub-merchant.
This is mandatory for Adyen to correctly isolate token data.
CSV format example:
MerchantAccount,ShopperReference
ValPay,Customer12345
ValPay,Customer67890
Important: Without this list, Adyen cannot filter out other sub-merchants’ data.
Step 3: Provide PCI Attestation of Compliance (AoC)
Obtain and submit a valid PCI Attestation of Compliance (AoC) for the new service provider receiving the token data.
Step 4: Provide a Public PGP Key
The new service provider must supply a publicly hosted PGP key for encryption.
Requirements:
The key must belong to a PCI-DSS certified processor allowed to manage card data.
The key should be publicly available on the provider’s official website.
It must be valid for at least one month beyond the expected transfer date.
It must include a sub-key with encryption capabilities.
Step 5: Confirm SFTP Setup
Adyen prefers to distribute files using SFTP (Secure File Transfer Protocol).
Confirm whether the new service provider can provide an SFTP server for file delivery.
If Adyen needs to provide the SFTP share, indicate what details are required.
Any SFTP credentials shared should be encrypted using Adyen’s public PGP key.
Step 6: Define the Scope of Migration
Clarify the export scope in your request:
Full merchant account export, or
Specific shopper references (recommended)
If specific, include your prepared .csv file.
You can also request the export file size:
Default: 500,000 lines per file
Optional: 250,000 or 1,000,000 lines per file
Step 7: Data Export and Delivery
Once all requirements are met, Adyen will:
Complete the export.
Encrypt the data using the provided PGP key.
Transfer the file to the designated SFTP server.
Valpay and the new service provider must verify that the file can be decrypted and ingested successfully.
Export File Structure
The export file will include the following headers (fields may vary slightly depending on merchant setup):
account,shopperReference,shopperEmail,recurringdetailreference,txvariantCode,cardNumber,expiryMonth,expiryYear,ownerName,countryCode,iban,bic,bankLocation,bankName,bankLocationId,bankAccountNumber,BillingAgreementId,PayerId,PayPalBuyerEmailId,billingStreet,billingHouseNumberOrName,billingCity,billingPostalCode,billingStateOrProvince,billingCountry,issuerCountryCode,cardAlias,cardBin,cardSummary,networkTxReference,merchantAccountShopperCreation,klarnaTokenId,klarnaVariant,klarnaCountry,billDeskVariant,billDeskMandateId,billDeskMandateMaxAmount,billDeskMandateFrequency,billDeskSubscriptionRefId,mandateTxVariant,mandateProviderId,mandateId,mandateStatus,mandateFrequency,mandateAmount,mandateAmountRule,mandateBillingAttemptsRule,mandateBillingDay,mandateCurrency,mandateStartsAt,mandateEndsAt,mandateAccountId,mandateRemarks
Note:
The recurringDetailReference field represents Adyen’s unique identifier for each stored card.