Skip to main content

Card By Link Guide

Send secure card capture links via email or SMS
When you create a Card By Link request with a CallBackURL, PCI Booking sends a POST request to that URL each time the request status changes. Your endpoint must accept the following payload.

Callback Payload

RequestID
string
The unique identifier for the Card By Link request.
LastNotifiedStatus
string
The current status of the request. Possible values:
LastNotifiedTime
string
Timestamp of the status change (ISO 8601 format).

What to Do on CardStored

Once you receive a callback with LastNotifiedStatus: CardStored, call Retrieve Request to get the full request details including the CardUri (token URL).
For CVV-only requests, PCI Booking creates a new token that is a full copy of the original card details plus the captured CVV. The original token is not modified and does not contain the CVV. You should delete the original token if it is no longer needed, otherwise it will continue to incur monthly storage fees.
Remember to set the CVV Retention Policy on the token once CardStored is received.

Expected Response

Your callback endpoint must return 200 OK to acknowledge receipt.