> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Get CVV Retention Policy

> Retrieve the full CVV retention policy for a token, including per-destination usage counts.

Returns the retention policy for this token, including how many times the CVV has been sent to each destination.

<Card title="CVV Retention Policy Guide" icon="book" href="/capture-cards/cvv-retention-policy">
  Control how long CVV data is retained and who can use it
</Card>

## Error Responses

| Code    | HTTP Status | Condition                                                              |
| ------- | ----------- | ---------------------------------------------------------------------- |
| `-1003` | `401`       | API key is missing or invalid.                                         |
| `-1003` | `401`       | Authenticated user does not have `ForceCVVRetentionPolicy` permission. |
| `-1003` | `401`       | Token does not belong to the authenticated user.                       |
| `-125`  | `400`       | The token does not have a CVV stored.                                  |
| `-160`  | `404`       | No CVV retention policy has been set on this token.                    |
| `-150`  | `500`       | An internal system error occurred while retrieving the policy.         |

## Parameters

### Path Parameters

<ParamField path="cardToken" type="string" required>
  The token ID as returned by one of the tokenization methods.
</ParamField>

### Headers

<ParamField header="Authorization" type="string" required>
  Your API key prefixed with `APIKEY`. Example: `APIKEY your-api-key`. See the [Authentication guide](/getting-started/authentication).
</ParamField>

<ParamField header="Accept" type="string" default="application/json">
  Set to `application/xml` to receive the response in XML format.
</ParamField>

<RequestExample>
  ```javascript Node.js theme={null}
  const response = await fetch(
    'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d/cvv/Restriction',
    {
      headers: {
        'Authorization': 'APIKEY your-api-key'
      }
    }
  );

  const data = await response.json();
  console.log(data);
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d/cvv/Restriction',
      headers={'Authorization': 'APIKEY your-api-key'}
  )

  print(response.json())
  ```
</RequestExample>

## Response

The response mirrors the structure of the [Set CVV Retention Policy](/api-reference/manage-tokens/set-cvv-retention-policy) request body, with an additional `CvvDestinationUsage` field per destination showing how many times the CVV has already been sent there.

<ResponseExample>
  ```json 200 Custom policy theme={null}
  {
      "CvvEndRetentionDate": "2025-12-12T12:32:45",
      "DeleteCardUponCvvCleanup": "true",
      "CvvRetentionPolicyList": [
          {
              "CvvDestinationUsage": 3,
              "DestinationType": "HostName",
              "DestinationData": "gateway.example.com",
              "Quota": 10
          }
      ]
  }
  ```

  ```json 200 System default theme={null}
  {
      "CvvEndRetentionDate": "2025-01-12T20:02:26",
      "CvvRetentionPolicyList": []
  }
  ```

  ```json 401 theme={null}
  {
      "code": -1003,
      "message": "Not authorized to access this resource",
      "moreInfo": "Bad or missing authorization data, expected APIKEY",
      "errorList": null
  }
  ```
</ResponseExample>
