> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/merchant-tokenization/network-tokenization/implement-network-tokenization/process-a-transaction.md).
# Process a transaction
Use a payment network token to get a cryptogram and built an authorization request for a payment.
To authorize a payment, the merchant or PSP requests token details and a cryptogram.
Token details include the token PAN and expiry date.
## Flow
Transaction authorization flow
| Step | Description |
| ---- | ------------------------------------------------------------------------------------ |
| 1 | The end user initiates the transaction. |
| 2 | The merchant or PSP calls Thales backend with the `tokenId` and transaction details. |
| 3 | Thales backend requests token details and a cryptogram from the payment network TSP. |
| 4 | Thales backend returns the encrypted token details and cryptogram. |
| 5 | The merchant or PSP builds the authorization request and sends it to the Acquirer. |
## API
* API reference: [Create transaction](/merchant-tokenization/backend-integration/apis/server-api/transaction-management.md#post-v2-transactions)
## Best practices
* Treat cryptograms as short-lived. Don't store them.
* Ensure your Acquirer flow supports payment network token transactions.
## Cryptogram formats
Payment networks use different cryptogram formats.
| Payment network | Cryptogram name | Definition |
| ---------------- | ------------------------- | -------------------------------------------------------------------------------------------------------------------- |
| Mastercard | DSRP Cryptogram UCAF type | Base64-encoded cryptogram. Up to 32 characters. It should be included within the dynamic payment data (DE104 SE001). |
| Visa | TAVV | Base64-encoded cryptogram. |
| American Express | DCSC | Four-digit dynamic card security code that identifies a unique AMEX Card in a transaction context. |
| Discover | DCID | Base64-encoded cryptogram. |
## Recurring and split transactions
For recurring or split transactions, send a cryptogram in the first request.
Later authorization requests usually omit the cryptogram, some countries may require a cryptogram more often.
The token PAN and expiry date can change over time. After a token update, use the latest token PAN and expiry date.
You have two options:
* Option 1: Request token details and a cryptogram for the first transaction. Store the token and the expiry date. Use Thales notifications to keep them up to date.
* Option 2: Request token details for every transaction.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.payments.thalescloud.io/merchant-tokenization/network-tokenization/implement-network-tokenization/process-a-transaction.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.