Cards
MuPag never handles PAN or CVV inside your system. Tokenization happens in the approved PSP flow and your backend sends only a safe token or reference.
Boundary rule
pk_*belongs to the approved tokenization context.sk_*is still required to create a charge, subscription or card update.- Never log a full card number in support, analytics or runtime traces.
When this matters
- Charges with
payment_method: "credit_card" - Public checkout session payment steps
POST /v1/subscriptions/{id}/update-cardwhen rotating the saved token
Did this page unblock the next step?
Feedback stays inside the docs flow and should never include customer or card data.