# How to add a Debit Card

## What is the Payments API?

***Note: You may also process debit card data and obtain a token using the [Debit Card Tokenization Element](/elements/tokenization)***

The Payments API is a PCI compliant endpoint and allows for secure debit card token creation. These tokens are used within DailyPay's APIs. When a tokenized debit card is added to a user’s account they can begin to take instant transfers.

**How does this work?** A user's debit card data is sent via POST request to the Payments API. The debit card data is encrypted and tokenized before being returned. This tokenized card data is used for instant transfers via the Extend API.

### What is PCI compliance?

It’s how we keep card data secure. DailyPay has a responsibility and legal requirement to protect debit card data therefore the Payments API endpoint complies with the Payment Card Industry Data Security Standards [PCI DSS](https://www.pcisecuritystandards.org/).

> 📘 **Info**
DailyPay only handles card data during encryption and tokenization
**The Payments server is DailyPay’s only PCI compliant API.**


## Create a Debit Card Token

Steps to create a tokenized debit card for use within DailyPay's APIs.

### 1. POST debit card data to the Payments API

After you have securely collected the debit card data for a user, create a POST to the PCI-compliant [Cards API](/products/rest/reference/card-tokenization) with the following required parameters in this example.

details
summary
Show parameters
### 2. Receive and handle the tokenized card data

The [Cards API](/products/rest/reference/card-tokenization) returns an opaque string representing the card details.
This token is encrypted and complies with PCI DSS. You will need the token for step 3, after which it can be discarded.
The token is a long string with a structure similar to a JWT:


```json
{"token":"s7dydhd7ih......jhfijuf245"}
```

### 3. POST the token to the Extend API

Authorization Required
[Proper authorization](/guides/auth/authorization-code-flow) is required to create a debit card account.

Send the encrypted token in a POST request to the [accounts endpoint](/products/rest/reference/accounts/createaccount) as the value for the `token` field in the `details` object. This will create a transfer account and allow a user to start taking transfers.