Elements
The complete catalog of Tokeflow Bridge SDK elements — secure card fields, billing-address fields, and wallet buttons — plus their options, methods, state, and change events.
Elements are the building blocks of the Tokeflow Bridge SDK. Each element renders a single input — a card number, a CPF, a billing city — that your customer types into directly on your page.
Tokeflow's secure fields run inside isolated, cross-origin iframes; card data is encrypted in the browser and never touches your servers. You style the surrounding container, listen for state changes, and hand the element to tokenize() when you are ready. The sensitive value never enters your JavaScript — only non-sensitive metadata (card brand, BIN, last four) is surfaced to you.
This page is the reference for every element: the catalog, the options each one accepts, the methods you can call on an instance, and the shape of the state and change event you read back.
Elements live in the browser and are created from a public key (pk_…). Public keys are restricted to client-safe scopes and are safe to ship in browser code. Never put a secret key (sk_…) in the browser — see Authentication.
How elements fit together
An element is a thin handle in your page over a sandboxed iframe that owns the actual input. You create it, mount it into a container you control, and react to its state. When the form is complete, you pass the element references to tokenization — the SDK encrypts the collected data inside the iframe and returns a token reference (tok_…).
The customer's keystrokes stay inside the cross-origin iframe. Your code only ever sees the booleans and non-sensitive metadata described in Element state and the change event.
Available elements
Every element has a vanilla factory (called on the initialized tokeflow instance) and an equivalent React component. Card and wallet elements are special-purpose; the address and text elements are general-purpose inputs you can wire into a billing form.
| Element | Vanilla factory | React component | Purpose |
|---|---|---|---|
| Card (combined) | createCardElement() | <CardElement> | Number + expiry + CVC in a single iframe |
| Card Number | createCardNumberElement() | <CardNumberElement> | Card number only |
| Card Expiration | createCardExpirationElement() | <CardExpirationElement> | Expiry date only |
| Card CVC | createCardCvcElement() | <CardCvcElement> | CVC/CVV only |
| Cardholder Name | createCardholderNameElement() | <CardholderNameElement> | Name on card |
| Text | createTextElement() | <TextElement> | Generic text input |
| CPF | createCpfElement() | <CpfElement> | Brazilian CPF input (used for PIX) |
| Address Line 1 | createAddressLine1Element() | <AddressLine1Element> | Billing address line 1 |
| Address Line 2 | createAddressLine2Element() | <AddressLine2Element> | Billing address line 2 |
| City | createCityElement() | <CityElement> | Billing city |
| State | createStateElement() | <StateElement> | Billing state/region |
| Postal Code | createPostalCodeElement() | <PostalCodeElement> | Billing postal/ZIP code |
| Country | createCountryElement() | <CountryElement> | Billing country |
| Apple Pay button | createApplePayButton() | <ApplePayButton> | Apple Pay payment button |
| Google Pay button | createGooglePayButton() | <GooglePayButton> | Google Pay payment button |
Use the combined CardElement for the simplest integration — one iframe holds number, expiry, and CVC. Reach for the split elements (CardNumberElement, CardExpirationElement, CardCvcElement) only when you need each field in its own layout slot.
The wallet buttons (ApplePayButton, GooglePayButton) render a platform payment button rather than a text input. Their click flow is documented in SDK quickstart; this page covers the input elements.
Element options
Options are passed to the factory (or as props to the React component) when you create an element. All options are optional.
Base options
These options are available on every element.
| Option | Type | Description |
|---|---|---|
style | ElementStyle | Visual styling applied inside the iframe (colors, fonts, state-specific styles). See Styling. |
placeholder | string | object | Placeholder text. A plain string on most elements; a per-field object on the combined card element (see below). |
disabled | boolean | Render the input disabled (not editable, not focusable). Defaults to false. |
readOnly | boolean | Render the input read-only (focusable, not editable). Defaults to false. |
autoFocus | boolean | Focus the input automatically when it mounts. Defaults to false. |
targetId | string | DOM id of the container to mount into, as an alternative to passing a selector to mount(). |
locale | TokeflowLocale | Per-element locale override ('en' or 'pt-BR'). Falls back to the SDK-init locale. |
translations | object | Per-element overrides for labels, placeholders, and error strings. See Localization. |
theme | object | Low-level theme escape hatch for fine-grained control beyond style. See Styling. |
Card-specific options
The combined CardElement accepts these in addition to the base options.
| Option | Type | Description |
|---|---|---|
placeholder | object | Per-field placeholders: cardNumber, cardExpirationDate, cardSecurityCode. |
showCardIcon | boolean | Show the detected card-brand icon inside the field. Defaults to true. |
hidePostalCode | boolean | Hide the built-in postal-code field. Defaults to false. |
iconStyle | 'solid' | 'outline' | Visual style for the card-brand icon. |
const element = tokeflow.createCardElement({
style: { /* see Styling */ },
// Per-field placeholders on the combined card element
placeholder: {
cardNumber: '1234 5678 9012 3456',
cardExpirationDate: 'MM/YY',
cardSecurityCode: 'CVC',
},
disabled: false,
readOnly: false,
autoFocus: false,
locale: 'pt-BR', // per-element locale override
translations: { /* ... */ },
// Card-element specifics
showCardIcon: true,
hidePostalCode: true,
iconStyle: 'solid', // 'solid' | 'outline'
});For a single-line, non-card element, placeholder is just a string:
const cpf = tokeflow.createCpfElement({ placeholder: '000.000.000-00' });
const name = tokeflow.createTextElement({ placeholder: 'Full Name' });In React, every option is a prop:
<CardElement
showCardIcon
hidePostalCode
iconStyle="outline"
placeholder={{
cardNumber: '1234 5678 9012 3456',
cardExpirationDate: 'MM/YY',
cardSecurityCode: 'CVC',
}}
/>Element methods
Call these on an element instance. In React, get the instance from the ref's .element property (e.g. cardRef.current.element).
| Method | Signature | Description |
|---|---|---|
mount | mount(target) | Render the iframe into a CSS selector or HTMLElement. |
unmount | unmount() | Remove the iframe and detach the element from the DOM. |
focus | focus() | Programmatically focus the input. |
blur | blur() | Programmatically blur the input. |
clear | clear() | Clear the current value. |
setValue | setValue(value) | Set the value. Text-style elements only (e.g. Text, Address, City) — not the secure card fields. |
getState | getState(): ElementState | Read the current state synchronously. See Element state. |
update | update(options) | Update options after creation (e.g. toggle disabled). |
on | on(event, handler) | Subscribe to an event (ready, change, focus, blur, error). |
off | off(event, handler) | Unsubscribe a handler. |
// Mount / unmount
element.mount('#container'); // selector or HTMLElement
element.unmount();
// Focus management
element.focus();
element.blur();
// Value
element.clear();
element.setValue('some value'); // text-style elements only
// State
const state = element.getState(); // ElementState
// Update options after creation
element.update({ disabled: true });
// Events
element.on('change', handler);
element.off('change', handler);setValue() is for non-sensitive, text-style elements only. The secure card fields (number, expiry, CVC) never expose or accept their value through your JavaScript — that is what keeps card data out of your page.
Element state
getState() returns the current state of an element synchronously. There are no isValid() / isEmpty() helpers — read these booleans instead.
interface ElementState {
empty: boolean; // no value entered yet
focused: boolean; // input currently has focus
valid: boolean; // current value passes validation
invalid: boolean; // current value fails validation
complete: boolean; // input is fully filled and valid
error?: ElementError; // present when the value is invalid
}A typical gate before tokenizing:
const state = cardElement.getState();
if (state.complete && state.valid) {
// ready to tokenize
}Events
Subscribe with on(event, handler) and unsubscribe with off(event, handler). Elements emit:
| Event | Payload | When |
|---|---|---|
ready | — | The iframe has loaded and the element is interactive. |
change | ElementChangeEvent | The value or validity changed. |
focus | — | The input gained focus. |
blur | — | The input lost focus. |
error | ElementError | An element-level error occurred. |
cardElement.on('ready', () => {
console.log('Element is ready');
});
cardElement.on('change', (event) => {
console.log('Complete:', event.complete);
console.log('Empty:', event.empty);
console.log('Error:', event.error?.message);
// Brand / BIN / last4 are surfaced under `value` on the card-number field:
console.log('Brand:', event.value?.brand, 'BIN:', event.value?.bin, 'last4:', event.value?.last4);
});
cardElement.on('focus', () => console.log('Element focused'));
cardElement.on('blur', () => console.log('Element blurred'));
cardElement.on('error', (event) => console.error('Element error:', event));In React, the same events are props: onReady, onChange, onFocus, onBlur, onError.
<CardElement
ref={cardRef}
id="card"
onReady={() => console.log('Ready')}
onChange={(e) => console.log('Change:', e.complete, e.error?.message)}
onFocus={() => console.log('Focus')}
onBlur={() => console.log('Blur')}
onError={(e) => console.error('Error:', e)}
className="my-card-element"
/>The change event
The change event carries ElementChangeEvent. The optional value object contains only non-sensitive metadata — never the raw card number, expiry, or CVC.
interface ElementChangeEvent {
elementType: ElementType;
empty: boolean;
complete: boolean;
error?: ElementError; // singular — there is no `errors` array
value?: { // non-sensitive metadata only
type?: string; // detected input type
brand?: string; // e.g. 'visa', 'mastercard'
bin?: string; // bank identification number (leading digits)
last4?: string; // last four digits
};
}| Field | Type | Description |
|---|---|---|
elementType | ElementType | Which element emitted the event. |
empty | boolean | Whether the input is currently empty. |
complete | boolean | Whether the input is fully filled and valid. |
error | ElementError | Present when the current value is invalid. Singular — there is no errors array. |
value.type | string | Detected input type. |
value.brand | string | Detected card brand (card-number field). |
value.bin | string | Bank identification number — the leading digits (card-number field). |
value.last4 | string | Last four digits (card-number field). |
The value object exposes brand, BIN, and last four only — never the full PAN, expiry, or CVC. Use it for UI affordances (showing a brand icon, masking) but never treat it as the card data itself; the only way to use the card is to tokenize it.
Styling
Style an element through the style option (ElementStyle), which controls the appearance inside the iframe, plus the theme option as a low-level escape hatch. The container around the iframe is plain DOM you style with your own CSS.
const style = {
base: {
color: '#333',
fontSize: '16px',
fontFamily: '-apple-system, BlinkMacSystemFont, sans-serif',
fontWeight: '400',
lineHeight: '24px',
'::placeholder': { color: '#aaa', fontStyle: 'italic' },
':focus': { color: '#000' },
},
complete: { color: '#28a745' }, // input complete and valid
invalid: { color: '#dc3545' }, // input invalid
empty: { color: '#6c757d' }, // input empty
};
const cardElement = tokeflow.createCardElement({ style });Reflect element state onto your container by listening to the change event and toggling classes:
.card-element-container {
border: 1px solid #ddd;
border-radius: 8px;
padding: 12px;
transition: border-color 0.2s, box-shadow 0.2s;
}
.card-element-container:focus-within { border-color: #0066ff; }
.card-element-container.invalid { border-color: #dc3545; }
.card-element-container.complete { border-color: #28a745; }Localization
The SDK ships with built-in en and pt-BR translation packs for element labels, placeholders, and error messages. Set a default locale at SDK init, or override per element with locale and translations.
// Override strings for a single element
const cardNumber = tokeflow.createCardNumberElement({
locale: 'pt-BR',
translations: {
number: {
label: 'Número do cartão',
errors: { invalid: 'Verifique o número do cartão' },
},
},
});Precedence: per-element translations win over SDK-init translations, which win over the built-in pack. Any field you do not override falls through to the built-in strings.
Lifecycle example
A complete create → mount → gate → tokenize → unmount cycle with the combined card element:
// 1. Create
const cardElement = tokeflow.createCardElement({
placeholder: {
cardNumber: '1234 5678 9012 3456',
cardExpirationDate: 'MM/YY',
cardSecurityCode: 'CVC',
},
showCardIcon: true,
});
// 2. Mount
cardElement.mount('#card-element');
// 3. React to state
cardElement.on('change', (event) => {
const container = document.getElementById('card-element');
container.classList.toggle('invalid', !!event.error);
container.classList.toggle('complete', event.complete);
});
// 4. Gate before tokenizing
async function pay() {
const state = cardElement.getState();
if (!state.complete || !state.valid) return;
const token = await tokeflow.cards.tokenize({ card: cardElement });
// send token.tokenId to your server
// 5. Clean up
cardElement.unmount();
}Next steps
- SDK quickstart — initialize the SDK, mount elements, and tokenize end to end.
- Authentication — public vs secret keys and where each belongs.
- Transactions — charge the token on your server, then capture, void, or refund.