Card By Link
Send Card Capture Link
Send a Card By Link request via email or SMS with a link to a secure card capture form.
POST
Card By Link Guide
Send secure card capture links via email or SMS
Error Responses
Parameter Constraints
Parameters
Headers
Your API key prefixed with
APIKEY. Example: APIKEY your-api-key. See the Authentication guide.Request Configuration
The user ID of the booker.
The form’s language in ISO 639-1 (2-letter) format. See supported languages. If an unsupported language is received, English will be displayed.
The CSS resource name. Follow the guide on managing stylesheets. If not provided, PCI Booking will use the default CSS.
A URL where the status of the request will be pushed to by PCI Booking.
The number of hours the request will be valid for. Minimum 1 hour, maximum 24 hours.
Card Form Settings
Limits the list of card types. If omitted or no valid card types are found, all types will be displayed. Separate card types by comma. Read more on supported card types.
Whether to display the Owner ID field in the form (required in some countries).
true: include the field. false: exclude the field.Which card type will be set as default in the card drop down menu. Read more on supported card types.
Whether to use card detection according to card number.
true: use card detection. false: show a drop down menu for card type selection.Minimum expiration month/year. Format: mmyyyy. The expiration validation will be checked against this date. Must be a valid date in the specified format. Use case: when the card expiration should be later than a check-in date.
Whether to add the CVV field.
true: include the CVV and save it in the database. false: exclude the field.Additional input validation on the
Name On Card field. Possible values: NO_DIGITS - the field cannot contain digits.Whether PCI Booking should look up this card in previously stored cards and return the existing token (if found) or always return a new token.
True: look up in existing cards. False: always create new tokens. If not specified, the default behavior is taken from the account settings.Delivery
How to send the link to the card capture form. Values:
email or sms.The destination of the message - email address or phone number. For phone numbers, format as international dial number:
Country code + area code + phone number.The recipient’s name. Max 70 characters.
Free text description of this request. Max 50 characters.
A reference value that can be used to query for this card token later.
Branding
CustomerSupportLink, CustomerSupportLinkText, CustomerSupportEmail, and CustomerSupportPhone can also be set in your account settings. Values provided in the request override the account defaults.URLs in the request body (e.g.
ClientLogoURL, Success, Failure) should not be URL-encoded, since they are sent in JSON, not as query parameters.The name of the company sending the message. Required when sending via SMS.
URL to the logo displayed in the Card By Link email and landing page. Submit with a null value to hide the logo. If not supplied, the logo from the Booker information in the portal is used. Images must be publicly accessible, HTTPS URL.
The title of the logo. If not provided, the booker name (as set in the portal) is used. Submit with a null value for no title. Max 100 characters.
URL to the favicon displayed in the Card By Link landing page. If not supplied, the browser default is used. Images must be publicly accessible, HTTPS URL in ico or png format, size 16x16 or 32x32.
The page title to be displayed. Max 40 characters.
Text displayed in the header of the message to the recipient. Max 1000 characters. If
RecipientName, Amount and Currency placeholders are not listed here or in the portal customizations, but are provided in other request parameters, they will not be displayed.Text displayed in the footer of the message to the recipient. Max 1000 characters. If
CustomerSupportEmail and CustomerSupportPhone placeholders are not listed here or in the portal customizations, but are provided in other request parameters, they will not be displayed.Phone number displayed in the email message and landing page. Max 20 characters.
Email address displayed in the email message and landing page. Max 50 characters.
URL for customer support displayed in the email message and landing page. Max 255 characters. Required if
CustomerSupportLinkText is provided.Display name for the customer support URL in the email message and landing page. Max 100 characters. Required if
CustomerSupportLink is provided.Redirect URLs
URL where a successful response will be redirected to. Read more on setting up success / failure redirection pages.
URL where a failed response will be redirected to. Read more on setting up success / failure redirection pages.
3D Secure
Whether to perform 3D Secure authentication following card entry. If enabled with access token authorization, provide two access tokens.
What to do if there is a technical problem with the 3DS process. Accept - ignore 3DS and proceed with tokenizing the card. Reject - do not continue or tokenize; the card owner will be directed to the failure page URL.
The merchant to use for 3D Secure authentication. Must match a merchant name registered in your 3DS merchant setup.
The transaction amount, also displayed in the 3DS challenge screen. Required if
Currency is provided.The transaction currency in ISO 4217 (3-letter) format, also displayed in the 3DS challenge screen. Required if
Amount is provided.Cardholder’s email address for 3D Secure authentication. Must be in a valid email format, e.g. joe@bloggs.com.
Cardholder’s telephone number for 3D Secure authentication. May only contain digits [0-9], e.g.: 00353112223344.
Response
201 - Empty body. ALocation header is returned with the URI for this card request. Use this URI to retrieve the request status or delete the request.
Remember to set the CVV Retention Policy on the token once the card is captured.

