To create a token, you must supply the ID of the customer it will belong to and a payment source token. The source can be a card, an APM or a gateway request. For the source to be valid, you must not have used it for any previous payment or to create any other customer tokens. Once you have used the source token, it becomes invalid but its payment details can be reused by passing the customer token as a source instead.

Any tokens you create for a customer are added to the tokens list in the Customer object.