> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Delete CVV Retention Policy by Destination Type

> Remove all destinations of a specific type from the CVV retention policy.

Removes all destinations matching the given type from this token's retention policy. Other destination types remain unaffected. If no destinations remain, the token follows the [system-wide default](/capture-cards/cvv-retention-policy#setting-the-account-wide-default).

<Card title="CVV Retention Policy Guide" icon="book" href="/capture-cards/cvv-retention-policy">
  Control how long CVV data is retained and who can use it
</Card>

## Error Responses

| Code    | HTTP Status | Condition                                                                                                        |
| ------- | ----------- | ---------------------------------------------------------------------------------------------------------------- |
| `-1003` | `401`       | API key is missing or invalid.                                                                                   |
| `-1003` | `401`       | Authenticated user does not have `ForceCVVRetentionPolicy` permission.                                           |
| `-1003` | `401`       | Token does not belong to the authenticated user.                                                                 |
| `-125`  | `400`       | The token does not have a CVV stored.                                                                            |
| `-1010` | `423`       | The retention policy is locked. Either the 60-minute update window has passed, or the CVV has already been used. |
| `-150`  | `500`       | An internal system error occurred.                                                                               |

## Parameters

### Headers

<ParamField header="Authorization" type="string" required>
  Your API key prefixed with `APIKEY`. Example: `APIKEY your-api-key`. See the [Authentication guide](/getting-started/authentication).
</ParamField>

### Path Parameters

<ParamField path="cardToken" type="string" required>
  The token ID as returned by one of the tokenization methods.
</ParamField>

<ParamField path="DestinationType" type="string" required>
  One of: `HostName`, `Owner`, `OtherMerchant`, `SFTP`, `OtherUser`. See [destination types](/capture-cards/cvv-retention-policy#destination-types).
</ParamField>

<RequestExample>
  ```javascript Node.js theme={null}
  const response = await fetch(
    'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d/cvv/Restriction/HostName',
    {
      method: 'DELETE',
      headers: {
        'Authorization': 'APIKEY your-api-key'
      }
    }
  );

  console.log(response.status);
  ```

  ```python Python theme={null}
  import requests

  response = requests.delete(
      'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d/cvv/Restriction/HostName',
      headers={'Authorization': 'APIKEY your-api-key'}
  )

  print(response.status_code)
  ```
</RequestExample>

## Response

**200** - Destinations removed. Empty JSON object.

<ResponseExample>
  ```text 200 theme={null}
  CVV retention policy type deleted successfully. No content returned.
  ```

  ```json 401 theme={null}
  {
      "code": -1003,
      "message": "Not authorized to access this resource",
      "moreInfo": "Bad or missing authorization data, expected APIKEY",
      "errorList": null
  }
  ```
</ResponseExample>
