> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Initiate Card Display with OTP

> Send a secure card viewing link with OTP verification to a cardholder.

<Card title="Card Display with OTP Guide" icon="book" href="/use-tokens/card-display-otp">
  How the OTP verification flow works end-to-end
</Card>

Sends an email containing a secure link to the specified viewer. When the viewer clicks the link and verifies their phone number via OTP, PCI Booking displays the card details on a hosted page.

## Error Responses

| Code  | HTTP Status | Condition                                                                 |
| ----- | ----------- | ------------------------------------------------------------------------- |
| -179  | 400         | Validation error: missing required fields, invalid email or phone format. |
| -1003 | 401         | Missing or invalid API key in the `Authorization` header.                 |
| -1003 | 401         | No valid identity found for the authenticated user.                       |
| -160  | 404         | Session incorrect or expired (when validating or retrieving OTP session). |

## Parameter Constraints

| Parameter         | Constraint                                                      |
| ----------------- | --------------------------------------------------------------- |
| `ViewerPhone`     | Required. Digits only, 8 to 20 characters. Regex: `^\d{8,20}$`. |
| `ViewerEmail`     | Required. Must be a valid email address.                        |
| `ViewerName`      | Max 100 characters.                                             |
| `TtlMinutes`      | Integer, range 1 to 30 (minutes). Default: 10.                  |
| `Language`        | 2-letter ISO 639-1 language code. Default: `en`.                |
| OTP code          | 6-digit numeric code. Regex: `^\d{6}$`.                         |
| Session ID (CVRT) | 32-character alphanumeric string. Regex: `^[a-zA-Z0-9]{32}$`.   |

## Parameters

### Headers

<ParamField header="Authorization" type="string" required>
  Your API key prefixed with `APIKEY`. Example: `APIKEY your-api-key`. See the [Authentication guide](/getting-started/authentication).
</ParamField>

### Request Body

<ParamField body="Card_token" type="string" required>
  The PCI Booking card token to display.
</ParamField>

<ParamField body="ViewerEmail" type="string" required>
  Email address to send the secure viewing link to.
</ParamField>

<ParamField body="ViewerPhone" type="string" required>
  Phone number for SMS verification. Format: country code + number, no `+` prefix (e.g. `1555123456` for US, `353858622255` for Ireland).
</ParamField>

<ParamField body="ViewerName" type="string" required>
  Full name of the viewer. Shown in the email and verification screens.
</ParamField>

<ParamField body="TtlMinutes" type="number">
  How long the email link stays valid, in minutes.
</ParamField>

<ParamField body="Language" type="string">
  Two-letter language code (ISO 639-1) for the email and verification screens.
</ParamField>

<RequestExample>
  ```javascript Node.js theme={null}
  const response = await fetch('https://service.pcibooking.net/api/card-view-request/initView', {
    method: 'POST',
    headers: {
      'Authorization': 'APIKEY your-api-key',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      Card_token: 'tok_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4',
      ViewerEmail: 'customer@example.com',
      ViewerPhone: '353858622255',
      ViewerName: 'Jane Smith',
      TtlMinutes: 15,
      Language: 'en'
    })
  });

  const data = await response.json();
  console.log(data);
  ```

  ```python Python theme={null}
  import requests

  response = requests.post(
      'https://service.pcibooking.net/api/card-view-request/initView',
      headers={
          'Authorization': 'APIKEY your-api-key',
          'Content-Type': 'application/json'
      },
      json={
          'Card_token': 'tok_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4',
          'ViewerEmail': 'customer@example.com',
          'ViewerPhone': '353858622255',
          'ViewerName': 'Jane Smith',
          'TtlMinutes': 15,
          'Language': 'en'
      }
  )

  print(response.json())
  ```
</RequestExample>

## Response

<ResponseExample>
  ```json 200 theme={null}
  {
    "success": true,
    "message": "Card view request created successfully",
    "data": {
      "requestId": "s4iMrBQioE0JBCJIMN9kjnsLNDeGZUmG",
      "viewUrl": "https://static.pcibooking.net/card-view/s4iMrBQioE0JBCJIMN9kjnsLNDeGZUmG?language=en",
      "email": "customer@example.com",
      "expiresAt": "2026-01-12T14:30:00Z",
      "createdAt": "2026-01-12T14:00:00Z"
    }
  }
  ```

  ```json 400 Invalid Card Token theme={null}
  {
    "success": false,
    "error": {
      "code": "INVALID_CARD_TOKEN",
      "message": "The provided card token does not exist or is invalid"
    }
  }
  ```

  ```json 400 Invalid Email theme={null}
  {
    "success": false,
    "error": {
      "code": "INVALID_EMAIL",
      "message": "The provided email address is invalid"
    }
  }
  ```
</ResponseExample>
