The CyberSource Token Management Service (described here and here) allows you to create "instruments" which are tokenized cards that can be stored with a user's account and used for later purchases/transactions with your service.
I would like to use the Flex API (described here, here and here) to perform an initial tokenization of the card. Can I then use a Flex token to perform TMS calls?
Obviously both mechanisms are tokenization, but there are advantages to both:
So it would be useful to do the initial tokenization with Flex for PCI-DSS reasons, and then use that to create TMS tokens for long-term storage.
The Flex API can be used to create TMS tokens.
You can think of TMS (Token Management Service) as services to create, read, update, and delete tokens as well as the storage of those tokens. The purpose of Secure Acceptance Flex Microform and Flexible Token API is to reduce PCI scope when handling credit card account numbers by replacing them with tokens without touching your servers (direct from customer browser or app to CyberSource). The Secure Acceptance Flex Microform and Flexible Token API uses TMS underneath to create tokens, but cannot read, update, delete tokens or authorize the card.