> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Delete CVV Retention Policy by Destination

> Remove a single destination from the CVV retention policy.

Removes a single destination (matching both type and data) from this token's retention policy. Other destinations remain unaffected. If no destinations remain, the token follows the [system-wide default](/capture-cards/cvv-retention-policy#setting-the-account-wide-default).

<Card title="CVV Retention Policy Guide" icon="book" href="/capture-cards/cvv-retention-policy">
  Control how long CVV data is retained and who can use it
</Card>

## Error Responses

| Code    | HTTP Status | Condition                                                                                                        |
| ------- | ----------- | ---------------------------------------------------------------------------------------------------------------- |
| `-1003` | `401`       | API key is missing or invalid.                                                                                   |
| `-1003` | `401`       | Authenticated user does not have `ForceCVVRetentionPolicy` permission.                                           |
| `-1003` | `401`       | Token does not belong to the authenticated user.                                                                 |
| `-125`  | `400`       | The token does not have a CVV stored.                                                                            |
| `-1010` | `423`       | The retention policy is locked. Either the 60-minute update window has passed, or the CVV has already been used. |
| `-150`  | `500`       | An internal system error occurred.                                                                               |

## Parameters

### Headers

<ParamField header="Authorization" type="string" required>
  Your API key prefixed with `APIKEY`. Example: `APIKEY your-api-key`. See the [Authentication guide](/getting-started/authentication).
</ParamField>

### Path Parameters

<ParamField path="cardToken" type="string" required>
  The token ID as returned by one of the tokenization methods.
</ParamField>

<ParamField path="DestinationType" type="string" required>
  One of: `HostName`, `Owner`, `OtherMerchant`, `SFTP`, `OtherUser`. See [destination types](/capture-cards/cvv-retention-policy#destination-types).
</ParamField>

<ParamField path="DestinationData" type="string" required>
  The target identifier for this destination (e.g. hostname, user ID, IP address).
</ParamField>

<RequestExample>
  ```javascript Node.js theme={null}
  const response = await fetch(
    'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d/cvv/Restriction/HostName/gateway.example.com',
    {
      method: 'DELETE',
      headers: {
        'Authorization': 'APIKEY your-api-key'
      }
    }
  );

  console.log(response.status);
  ```

  ```python Python theme={null}
  import requests

  response = requests.delete(
      'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d/cvv/Restriction/HostName/gateway.example.com',
      headers={'Authorization': 'APIKEY your-api-key'}
  )

  print(response.status_code)
  ```
</RequestExample>

## Response

**200** - Destination removed. Empty JSON object.

<ResponseExample>
  ```text 200 theme={null}
  CVV retention policy type data deleted successfully. No content returned.
  ```

  ```json 401 theme={null}
  {
      "code": -1003,
      "message": "Not authorized to access this resource",
      "moreInfo": "Bad or missing authorization data, expected APIKEY",
      "errorList": null
  }
  ```
</ResponseExample>
