Skip to main content
POST

Update Card Data Guide

Modify expiration dates and creator references on tokens
Once the Duplicate Token method has been completed successfully, a new card token will be created and the token URI will be returned in the response header Location. The result of this process would be that there are two card tokens in PCI Booking for the same card. It is your responsibility to delete one of them to avoid getting charged for storage on both tokens.

Error Responses

Parameter Constraints

This endpoint is rate limited.

Parameters

Headers

Authorization
string
required
Your API key prefixed with APIKEY. Example: APIKEY your-api-key. For server-to-server calls.
This endpoint also accepts token-based authentication via query parameters:If multiple methods are provided, precedence: Session Token > Access Token > API Key.

Query String

cardUri
string
required
The card URI (resource identifier for the card location within PCI Booking). For example, https://service.pcibooking.net/api/payments/paycard/865ed8bec1f84366b97112a69cdbf915. The card URI should be URL encoded.
cvv
string
Security code, as returned from the iFrame or other sources. If not provided, the new token will not contain any CVV.
ref
string
A reference value that can be used to query for this card token.
merchant
string
The Property’s Username (user ID) found within PCI Booking (under “Property settings”) which has been given permission to view the card. The owner (Booker) always has permission to view the card.

Response

200 - Card duplicated. A Location header is returned with the new token URI.
Remember to set the CVV Retention Policy on the new token if it includes a CVV.