Skip to main content
PUT
Define how long the CVV is retained and which destinations may use it.

CVV Retention Policy Guide

Control how long CVV data is retained and who can use it

Error Responses

Parameter Constraints

  • CvvEndRetentionDate: If provided, must be between the current time and 4 years from now. If omitted, CvvRetentionPolicyList must be non-empty.
  • CvvRetentionPolicyList: Maximum 50 entries.
  • Quota: Must be between 1 and 50 (inclusive).
  • DestinationData validation depends on DestinationType:

Parameters

Path Parameters

cardToken
string
required
The token ID as returned by one of the tokenization methods.

Headers

Authorization
string
required
Your API key prefixed with APIKEY. Example: APIKEY your-api-key. See the Authentication guide.
Content-Type
string
default:"application/json"
Set to application/xml to submit the request body in XML format.

Request Body

CvvEndRetentionDate
string
required
Date and time when the CVV expires. Format: YYYY-MM-DD HH:MM:SS. Must not exceed 48 months from the token creation date.
CvvRetentionPolicyList
array
required
Destination whitelist (up to 50 entries). Each entry specifies a destination type, its data, and the number of times the CVV may be sent to it. Pass an empty array to use time-based retention only. See destination types.
CvvRetentionPolicyList[].DestinationType
string
required
One of: HostName, Owner, OtherMerchant, SFTP, OtherUser.
CvvRetentionPolicyList[].DestinationData
string
The target identifier for this destination type (e.g. hostname, user ID, IP address). Leave empty for Owner.
CvvRetentionPolicyList[].Quota
integer
required
Maximum number of times the CVV may be sent to this destination.
DeleteCardUponCVVCleanup
boolean
default:"false"
If true, the entire token (not just the CVV) is deleted when the retention period ends.

Request Examples

Response

200 - Policy set successfully.