> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Create Data Block

> Create a new data block and receive its token ID.

<Card title="Data Block Tokenization Guide" icon="book" href="/additional-functions/data-blocks">
  Store and manage arbitrary data securely with GDPR-compliant storage locations
</Card>

Creates a new data block and returns its token ID. Data blocks let you store arbitrary sensitive data (such as identity documents, contracts, or personal information) in PCI Booking's secure vault with a choice of GDPR-compliant storage regions. After creating the block, use the [Upload Content](/api-reference/additional/upload-data-block-content) endpoint to attach the actual data.

## Error Responses

| HTTP Status | Error Code | Description                                                                                                                            |
| ----------- | ---------- | -------------------------------------------------------------------------------------------------------------------------------------- |
| 400         | -125       | Validation error. The request body is missing or contains invalid fields (e.g. bad `Reference` format or invalid `DataBlockLocation`). |
| 401         | -1003      | Not authenticated. The API key is missing or invalid.                                                                                  |
| 403         | -1003      | Not authorized. The API key does not have the `CanWriteData` permission.                                                               |
| 500         | -150       | Internal system error.                                                                                                                 |

## Parameter Constraints

| Parameter           | Constraint                                                                                                                                                               |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `Reference`         | Must match the pattern `[a-zA-Z0-9_\-@#=\"']{0,64}`. Letters, digits, underscore, hyphen, at-sign, hash, equals, double-quote, and single-quote only. Max 64 characters. |
| `DataBlockLocation` | One of: `US`, `IN`, `KR`, `SG`, `AU`, `JP`, `CA`, `DE`, `IE`, `GB`, `FR`, `BR`. If omitted, defaults to the user's country when supported, otherwise `IE` (Ireland).     |

## Parameters

### Headers

<ParamField header="Authorization" type="string" required>
  Your API key prefixed with `APIKEY`. Example: `APIKEY your-api-key`. See the [Authentication guide](/getting-started/authentication).
</ParamField>

### Request Body

<ParamField body="Reference" type="string">
  A reference value which can then be used to query for this card token.
</ParamField>

<ParamField body="DataBlockLocation" type="string" default="null">
  The location to store this data block. Available locations: **US**, **IN**, **KR**, **SG**, **AU**, **JP**, **CA**, **CN**, **DE**, **IE**, **GB**, **FR**, **BR**. For the default location (Ireland), enter `null`.
</ParamField>

<RequestExample>
  ```javascript Node.js theme={null}
  const response = await fetch('https://service.pcibooking.net/api/dataBlock', {
    method: 'POST',
    headers: {
      'Authorization': 'APIKEY your-api-key',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      Reference: 'booking_12345',
      DataBlockLocation: 'DE'
    })
  });

  const data = await response.json();
  console.log(data);
  ```

  ```python Python theme={null}
  import requests

  response = requests.post(
      'https://service.pcibooking.net/api/dataBlock',
      headers={
          'Authorization': 'APIKEY your-api-key',
          'Content-Type': 'application/json'
      },
      json={
          'Reference': 'booking_12345',
          'DataBlockLocation': 'DE'
      }
  )

  print(response.json())
  ```
</RequestExample>

## Response

<ResponseExample>
  ```json 201 theme={null}
  {
      "UserId": "Nadya",
      "OwnerId": "Frodo",
      "Id": "22222222",
      "Reference": "my reference",
      "ContentType": null,
      "DataSize": null,
      "CreationTime": "2019-01-16T11:21:25.3241104Z",
      "LastAccessedTime": null,
      "LastModifiedTime": null,
      "DataBlockLocation": "DE"
  }
  ```

  ```json 400 theme={null}
  {
      "code": -125,
      "message": "Bad input data",
      "moreInfo": "...",
      "errorList": null
  }
  ```

  ```json 401 theme={null}
  {
      "code": -1003,
      "message": "Not authorized to access this resource",
      "moreInfo": "Bad or missing authorization data, expected APIKEY",
      "errorList": null
  }
  ```
</ResponseExample>
