CVV Management
Set CVV Retention Policy
Define when and how the CVV on a token expires, and which destinations may consume it.
PUT
Define how long the CVV is retained and which destinations may use it.
CVV Retention Policy Guide
Control how long CVV data is retained and who can use it
Error Responses
Parameter Constraints
- CvvEndRetentionDate: If provided, must be between the current time and 4 years from now. If omitted,
CvvRetentionPolicyListmust be non-empty. - CvvRetentionPolicyList: Maximum 50 entries.
- Quota: Must be between 1 and 50 (inclusive).
- DestinationData validation depends on
DestinationType:
Parameters
Path Parameters
The token ID as returned by one of the tokenization methods.
Headers
Your API key prefixed with
APIKEY. Example: APIKEY your-api-key. See the Authentication guide.Set to
application/xml to submit the request body in XML format.Request Body
Date and time when the CVV expires. Format:
YYYY-MM-DD HH:MM:SS. Must not exceed 48 months from the token creation date.Destination whitelist (up to 50 entries). Each entry specifies a destination type, its data, and the number of times the CVV may be sent to it. Pass an empty array to use time-based retention only. See destination types.
One of:
HostName, Owner, OtherMerchant, SFTP, OtherUser.The target identifier for this destination type (e.g. hostname, user ID, IP address). Leave empty for
Owner.Maximum number of times the CVV may be sent to this destination.
If
true, the entire token (not just the CVV) is deleted when the retention period ends.Request Examples
- JSON (minimal)
- JSON (with destinations)
- XML

