Accept.js allows you to translate credit card numbers into coded payment tokens. Then you can charge those payment tokens just as they were credit cards.
Source: https://developer.authorize.net/api/reference/features/acceptjs.html
The documented API is for the visitor to load (insecure and no SRI/CORS) javascript and send payment details directly to Authorize.net.
Instead I'd like to have the visitor send payment details to my server (I am already PCI compliant). Then I'd like to exchange the card details using the accept.js API (not documented) for a token. Then I'd like to store that token on our server.
Is this (ab)use of the accept.js API allowed? Is it documented or do I have to reverse engineer accept.js javascript code? Do the generated payment tokens expire or can I use them in this way for future payments?
Accept.js tokens can be used only once and expire after 15 minutes. Instead, you can create token that does not expire using Customer Profiles.
Also, if your site is already PCI compliant and you don't need an SAQ A-EP compliant solution like Accept.js, you can create the customer profile using the Authorize.Net API. The API also supports creating a customer profile using an Accept.js token as well.