Skip to main content
This reference documents every endpoint in the PCI Booking API. If you are new to PCI Booking, start with the guides:

Base URL

All API calls use a single base URL for both sandbox and production:
The only difference between sandbox and production is your API key. See Testing and Going Live for details.

Authentication

Most endpoints require an API key passed in the Authorization header:
For browser-side calls (card entry forms, payments library), generate a temporary session token first. See the Authentication guide for full details on API keys, session tokens, and access tokens.

Response Format

Responses are JSON. Successful calls return 200 with the result in the body. Errors return a standard error object:

Endpoint Sections