> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/classic-tokenization/use-cases/post-enrolment/visa-cloud-token-framework/device-binding.md).
# Device binding
Device binding associates an end user device with a token stored on that device.
The token requestor initiates the flow with Visa Token Service (VTS). VTS then calls the issuer.
Tokenization Service translates the VTS request into [`requestDeviceBinding`](/classic-tokenization/api-reference/issuer-gateway-api/outbound-to-issuer.md).
Handle device binding like a Tokenization (digitization) request. The issuer computes a trust level and returns a GREEN, YELLOW, or RED decision.
You can request device binding only for an existing token.
For a YELLOW decision, Visa requires the issuer to support at least one of these ID\&V methods:
* OTP via SMS or email
* Call customer care
* Verify in the issuer application
* 3DS
If you use issuer-application verification, the issuer and token requestor must agree on a protocol. This protocol lets the two applications exchange an authentication token.
Visa defines and validates the authentication token format. The token is a JSON Web Token (JWT).
The issuer and Visa exchange certificates. The issuer uses its certificate to sign the JWT. The token requestor sends the JWT to VTS. VTS verifies the signature.
When device binding completes, VTS sends a notification with the result. Tokenization Service translates it into [`notifyVirtualCardChange`](/classic-tokenization/api-reference/issuer-gateway-api/outbound-to-issuer.md).
The sequence diagram shows the end-to-end flow.
Device binding initiated by the token requestor:
Device binding initiated by the token requestor
{% hint style="info" %}
You can manage the ID\&V method list dynamically by omitting `idvMethodList` in the `requestDeviceBinding` response.
With this approach, every time VTS requests the ID\&V method list, Tokenization Service calls [`getIDnVMethodList`](/classic-tokenization/api-reference/issuer-gateway-api/outbound-to-issuer.md).
If you include `idvMethodList` in the `requestDeviceBinding` response, Tokenization Service caches it for the current session. It then returns it to VTS as needed, without calling `getIDnVMethodList`.
{% endhint %}
Either the issuer or the token requestor can remove the binding between the token and the device.
This is depicted in the two flows below.
Unbind initiated by the issuer:
Unbind initiated by the issuer
Unbind initiated by the token requestor:
Unbind initiated by the token requestor
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.payments.thalescloud.io/classic-tokenization/use-cases/post-enrolment/visa-cloud-token-framework/device-binding.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.