What Are Virtual Cards?
Virtual cards are temporary card numbers issued programmatically for a specific transaction or purpose. They have a set spending limit, an authorization window, and can be restricted to a single use. Once the transaction is complete or the card expires, it cannot be used again.Why Use Them?
Virtual cards are common in the travel industry for paying hotels, airlines, and other suppliers without exposing the company’s actual payment credentials.
How It Works with PCI Booking
PCI Booking integrates with virtual card providers (VCPs) and handles the full flow:- You call Issue Virtual Card with the provider credentials, amount, currency, and authorization date range.
- PCI Booking requests a virtual card from the provider.
- The provider issues the card.
- PCI Booking automatically tokenizes the issued card and returns a PCI Booking token URI in the
Locationheader.
Supported Providers
Use the List Virtual Card Providers endpoint to see all currently supported providers and their required credentials. This endpoint is public and requires no authentication. Each provider has its own credential structure. Use Retrieve VCP Credential Structure to get the exact fields needed for a specific provider before storing credentials.Setting Up Credentials
You have two options for providing VCP credentials: Option 1: Pass credentials per request. IncludeProviderName and Credentials in each Issue Virtual Card request body.
Option 2: Store credentials in PCI Booking. Use Store Credentials to save your VCP credentials once, then pass the credentialsId query parameter on each issuance request. This is more secure and avoids sending credentials repeatedly.
Issuance Parameters
When issuing a virtual card, you control:Using the Issued Card
Once issued, the virtual card is a standard PCI Booking token. You can:- Relay it to a hotel or supplier via Token Replacement in Request
- Display it to an agent via Card Display
- Query its metadata via Retrieve Token Metadata
- Delete it via Delete Token when no longer needed
Typical Workflow
A travel platform issuing a virtual card to pay a hotel:- Issue a virtual card with the booking amount and check-in/check-out dates as the authorization window.
- Relay the token to the hotel’s payment system using token replacement.
- The hotel charges the virtual card.
- Reconcile using the
UniqueReferenceyou set (e.g., your booking ID). - Delete the token after the transaction is settled.
Related
- Issue Virtual Card - API reference
- List Virtual Card Providers - See supported providers
- Get Virtual Card Provider - Provider details
- Retrieve VCP Credential Structure - Required credential fields
- Store Credentials - Save VCP credentials
- Token Replacement in Request - Relay card data to suppliers

