- Tokenization on Response - extract card data from third-party responses
- Tokenization on Request - extract card data from inbound third-party requests
- Token Replacement in Request - inject card data into outbound requests
- Token Replacement in Response - inject card data into responses
Profile Settings
At least one content filter (tokenization or retrieve cards) is required. A profile used only for tokenization needs only the tokenization filter. A profile used only for token replacement needs only the retrieve cards filter. Many profiles have both.
Two Types of Content Filters
Each profile can contain two separate content filters, each serving a different direction of data flow:- Tokenization filter - tells PCI Booking how to read card data from the message (for tokenization operations). PCI Booking locates the card fields, extracts the values, stores them securely, and replaces them with tokens.
- Retrieve cards filter - tells PCI Booking how to write card data into the message (for token replacement operations). PCI Booking locates the token placeholders and injects the real card data.
Creating a Profile
- Log in to the PCI Booking portal.
- Navigate to PCI Shield Settings > PCI Shield Profile Settings.
- Click the plus icon to create a new profile.
- Enter a Name (alphanumeric, cannot be changed later).
- Configure the settings from the table above.
- Add at least one content filter (tokenization, retrieve cards, or both).
- Save the profile.
Universal Profiles (Pre-Built)
Many PCI Booking customers connect to the same third parties (booking platforms, OTAs, channel managers, GDS providers). For these common integrations, PCI Booking maintains universal profiles that are already built and ready to use. Reference the universal profile name in your request instead of creating a custom one. Check with support@pcibooking.net to see if a universal profile already exists for your third party.Need help creating a custom profile? Send a sample of the message you exchange with the third party to support@pcibooking.net. Our team will build the profile for you.
Next Steps
Content Filters
Define where card fields appear in a message using selectors
Client Certificates
Upload certificates for mutual TLS
Tokenization on Response
Tokenize card data from third-party responses
Token Replacement in Request
Replace tokens with real card data in outbound requests

