> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Retrieve Token Metadata

> Returns non-sensitive metadata for a single token, including card type, masked card number, expiration, CVV status, 3DS data, and associations.

<Card title="Query & Retrieve Guide" icon="book" href="/manage-tokens/query-retrieve#retrieve-token-metadata">
  Search for tokens and retrieve their metadata
</Card>

Returns non-sensitive metadata for a single token, including the card type, masked card number, expiration date, CVV status, and 3D Secure data. Use this endpoint to inspect token details without exposing the full card number or entering PCI DSS scope.

## Error Responses

| Code  | HTTP Status | Condition                                                   |
| ----- | ----------- | ----------------------------------------------------------- |
| -1003 | 401         | User is not the owner and is not associated with this token |
| -125  | 400         | Token value is not valid                                    |
| -160  | 404         | Token not found                                             |
| -150  | 500         | Internal system error                                       |

<Note>This endpoint is rate limited.</Note>

## Parameters

### Headers

<ParamField header="Authorization" type="string" required>
  Your API key prefixed with `APIKEY`. Example: `APIKEY your-api-key`. See the [Authentication guide](/getting-started/authentication).
</ParamField>

### Path Parameters

<ParamField path="cardtoken" type="string" required>
  The token ID as returned by one of the tokenization methods. For example, `2821a46d80e14d1b96a7f18f1b81926d`.
</ParamField>

<RequestExample>
  ```javascript Node.js theme={null}
  const response = await fetch(
    'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d/meta',
    {
      headers: {
        'Authorization': 'APIKEY your-api-key'
      }
    }
  );

  const data = await response.json();
  console.log(data);
  ```

  ```python Python theme={null}
  import requests

  response = requests.get(
      'https://service.pcibooking.net/api/payments/paycard/2821a46d80e14d1b96a7f18f1b81926d/meta',
      headers={'Authorization': 'APIKEY your-api-key'}
  )

  print(response.json())
  ```
</RequestExample>

## Response

**200**

<ParamField body="CreatorReference" type="string">
  The reference value set when the card was tokenized.
</ParamField>

<ParamField body="CreateDate" type="string">
  The date and time the token was created (ISO 8601).
</ParamField>

<ParamField body="CardType" type="string">
  The card brand (e.g. `Visa`, `Mastercard`, `Amex`). See [supported card types](/reference/card-types).
</ParamField>

<ParamField body="LeadingDigits" type="string">
  The first 6 digits (BIN) of the card number.
</ParamField>

<ParamField body="LastDigits" type="string">
  The last 4 digits of the card number.
</ParamField>

<ParamField body="ExpirationYear" type="integer">
  The card expiration year.
</ParamField>

<ParamField body="ExpirationMonth" type="integer">
  The card expiration month.
</ParamField>

<ParamField body="OwnerID" type="string">
  The cardholder ID, if provided at tokenization time.
</ParamField>

<ParamField body="OwnerName" type="string">
  The name on the card, if provided at tokenization time.
</ParamField>

<ParamField body="UserID" type="string">
  The PCI Booking user ID that owns this token.
</ParamField>

<ParamField body="IssueNumber" type="string">
  The card issue number (used by some card schemes).
</ParamField>

<ParamField body="URI" type="string">
  The full token URI for use in API calls.
</ParamField>

<ParamField body="CvvExists" type="boolean">
  Whether CVV data is currently stored on this token.
</ParamField>

<ParamField body="EndRetentionDate" type="string">
  The date after which the CVV will be automatically deleted (ISO 8601). Reflects the [CVV retention policy](/capture-cards/cvv-retention-policy).
</ParamField>

<ParamField body="AssociatedMerchants" type="string[]">
  List of PCI Booking customer (booker) user IDs associated with this token.
</ParamField>

<ParamField body="AssociatedProperties" type="string[]">
  List of property user IDs associated with this token.
</ParamField>

<ParamField body="ThreeDSecureInfo" type="object">
  3D Secure authentication data, if stored on this token. See [3D Secure Authentication](/manage-tokens/3ds-auth-management) for field details.
</ParamField>

<ParamField body="NetworkTokenScheme" type="string">
  The card network scheme if this is a network token (e.g. `Visa`, `Mastercard`). `null` for regular cards.
</ParamField>

<ParamField body="NetworkTokenId" type="string">
  The network token identifier assigned by the card scheme. `null` for regular cards.
</ParamField>

<ParamField body="TokenLocation" type="string">
  The geographic storage location of the token data. `null` for default (in-table) storage.
</ParamField>

<ParamField body="VirtualInfo" type="object">
  Virtual card metadata, if this token was created from a virtual card. Contains `IsMultiUse`, `Currency`, `MaxAmount`, `CardRules`, and validity date fields. `null` for regular cards.
</ParamField>

<ResponseExample>
  ```json 200 theme={null}
  {
      "CreatorReference": "myRef",
      "VirtualInfo": null,
      "CreateDate": "2020-05-19T16:51:00",
      "CardType": "Visa",
      "LastDigits": "5005",
      "LeadingDigits": "491891",
      "ExpirationYear": 2020,
      "ExpirationMonth": 7,
      "OwnerID": "",
      "OwnerName": "Juan Dela Cruz",
      "UserID": "myUser",
      "IssueNumber": "2",
      "URI": "https://service.pcibooking.net/api/payments/paycard/eb454e0462d548ddbc6e6c2193b749a9",
      "EndRetentionDate": "2017-07-08T00:00:00",
      "CvvExists": true,
      "AssociatedMerchants": ["userID1", "userID2"],
      "AssociatedProperties": ["hotel1", "hotel2"],
      "ThreeDSecureInfo": {
          "Token": "42c775efa8b04b1d8bf14ef49a9e45e5",
          "ThreeDSSessionID": "uOrDbh0dEimUDmB3Vvn2f5CAM9B1bMQX",
          "Indication": "Authenticated",
          "AuthenticationValue": "AJkBAoEREQAAAAB4hABwcAAAAAA=",
          "Eci": "05",
          "XID": "861433f4-abff-4c40-b2fd-fea208856a33",
          "AcsTransactionId": "e7a46959-9630-413e-ab56-4e399b96244a",
          "Version": "2.1.0",
          "MerchantName": "PCI Booking * Hotelreservation"
      },
      "NetworkTokenScheme": null,
      "NetworkTokenId": null,
      "TokenLocation": null
  }
  ```

  ```json 401 theme={null}
  {
      "code": -1003,
      "message": "Not authorized to access this resource",
      "moreInfo": "Bad or missing authorization data, expected APIKEY",
      "errorList": null
  }
  ```

  ```json 404 theme={null}
  {
      "code": -160,
      "message": "Uri not found",
      "moreInfo": "Uri to Bank card not found",
      "errorList": null
  }
  ```
</ResponseExample>
