> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Retrieve Card Details

> Retrieve the full, unmasked card details for a token. This endpoint returns raw card data, putting your system in PCI DSS scope.

<Card title="Query & Retrieve Guide" icon="book" href="/manage-tokens/query-retrieve">
  Search for tokens and retrieve their metadata
</Card>

<Warning title="PCI compliance">
  Please note that the response to this method will be the **full and unmasked** card details. Processing this response will put the system, network and all connected components into PCI scope.
  Before using this method, we recommend that you review the need for using it and setting up the proper environment to run it in.
</Warning>

Retrieves the full, unmasked card number and all associated card details for a token. This endpoint is intended for PCI DSS-compliant environments that need raw card data, such as for manual payment processing or migration to another vault.

## Error Responses

| Code  | HTTP Status | Condition                                                  |
| ----- | ----------- | ---------------------------------------------------------- |
| -1003 | 401         | User is not the owner and is not associated with this card |
| -160  | 404         | Card not found for the given token                         |

## Parameter Constraints

| Parameter   | Type   | Required | Constraints                                                         |
| ----------- | ------ | -------- | ------------------------------------------------------------------- |
| cardToken   | string | Yes      | Must be a 32-character hexadecimal string                           |
| retrieveCVV | string | No       | Accepts `yes`, `no`, or `mask`. Defaults to `no` (CVV not returned) |
| Auth        | string | Yes      | ApiKey with `CanReplaceToken` or `CanRetrieveCard` permission       |

## Parameters

### Headers

<ParamField header="Authorization" type="string" required>
  Your API key prefixed with `APIKEY`. Example: `APIKEY your-api-key`. See the [Authentication guide](/getting-started/authentication).
</ParamField>

### Path Parameters

<ParamField path="cardToken" type="string" required>
  The token ID as returned by one of the tokenization methods. For example, `2821a46d80e14d1b96a7f18f1b81926d`.
</ParamField>

### Query String

<ParamField query="retrieveCVV" type="string" default="no">
  Specifies how the CVV should be handled in the response: **Yes**: the CVV will be retrieved. **No**: the CVV will not be retrieved. **Mask**: the CVV will return masked.
</ParamField>

<RequestExample>
  ```javascript Node.js theme={null}
  const response = await fetch(
    'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d?retrieveCVV=yes',
    {
      headers: {
        'Authorization': 'APIKEY your-api-key'
      }
    }
  );

  const data = await response.json();
  console.log(data);
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d',
      headers={'Authorization': 'APIKEY your-api-key'},
      params={'retrieveCVV': 'yes'}
  )

  print(response.json())
  ```
</RequestExample>

## Response

<ResponseExample>
  ```json 200 Without CVV theme={null}
  {
      "@xmlns": "http://www.pcibooking.net/reservation",
      "@schemaVersion": "1.0",
      "BankCard": {
          "Type": "Visa",
          "Number": "4918914107195005",
          "NameOnCard": "Juan Dela Cruz",
          "ExpirationDate": {
              "Month": "07",
              "Year": "2020"
          },
          "IssueNumber": "2"
      }
  }
  ```

  ```json 200 With CVV theme={null}
  {
      "@xmlns": "http://www.pcibooking.net/reservation",
      "@schemaVersion": "1.0",
      "BankCard": {
          "Type": "Visa",
          "Number": "4918914107195005",
          "NameOnCard": "Juan Dela Cruz",
          "ExpirationDate": {
              "Month": "07",
              "Year": "2020"
          },
          "IssueNumber": "2",
          "CVV": "123"
      }
  }
  ```

  ```json 401 theme={null}
  {
      "code": -1003,
      "message": "Not authorized to access this resource",
      "moreInfo": "Bad or missing authorization data, expected APIKEY or HTTP Basic",
      "errorList": null
  }
  ```

  ```json 404 theme={null}
  {
      "code": -160,
      "message": "Uri not found",
      "moreInfo": "Uri to Bank card not found",
      "errorList": null
  }
  ```
</ResponseExample>
