Skip to main content
A content filter is an XML configuration within a target profile that tells PCI Booking exactly where card data fields are located in a message. Content filters are used for both tokenization (extracting card data) and token replacement (injecting card data).

Supported Message Formats

Content filters support four message formats. Set the type attribute on the <transform> element to match your message format. PCI Booking detects whether body content is XML, JSON, or form-encoded based on the content type header.

Content Filter Structure

A content filter is an XML document with this general structure:
The <content> element’s selector attribute points to the parent element containing card fields. Each child element then uses a relative selector to locate its specific field within that parent.

Format Examples

For XML messages, use XPath expressions. Use local-name() to match elements regardless of XML namespace prefix.Tokenization filter (extracting card data):
Token replacement filter (injecting card data):

Card Data Fields

Each <content> element can map the following card fields:

Format Attributes

The format attribute controls how date fields are read and written:
  • expYear: YYYY (default, four digits) or YY (two digits)
  • expMonth: MM (two digits with leading zero) or M (default, no leading zero)

Substring Extraction

When a third party combines multiple values into a single field, use substring extraction to isolate the part you need.
  • substring - extracts a portion of the value when reading from the message (tokenization). Format: "startPosition" or "startPosition,length" (zero-based).
  • dataSubstring - extracts a portion of the replacement data when writing to the message (token replacement). Same format as substring.
Example: expiration date sent as 0125 (MMYY) in a single field:

Card Type Mapping

When a third party uses different card type codes than PCI Booking, add a <list> child element to the <type> field to map between them.
The key is the third party’s code. The value is PCI Booking’s card type name (see Supported Card Types for the full list).

3D Secure Fields

Content filters can also map 3DS authentication data alongside card fields. Add these as siblings to the card field elements inside <content>: Example with 3DS fields:

Multiple Cards in One Message

If a message contains multiple cards (e.g., a batch of reservations), add a reservationSelector attribute to the <content> element. This XPath expression identifies each repeating card block, and PCI Booking processes each one independently.
PCI Booking iterates over every element matching reservationSelector and applies the card field selectors within each.

Next Steps

Target Profiles

Create and manage profiles that use content filters

Supported Card Types

Full list of card type values for card type mapping

Tokenization on Response

Tokenize card data from third-party responses

Token Replacement in Request

Replace tokens with real card data in outbound requests