Skip to main content
POST

Hosted Card Entry Form Guide

API session approach for embedded card capture
The successful response of this method will include the following:
  • RequestID for this Card Entry Form session. You will need to use this request ID in future requests relating to this Card Entry Form session.
  • Location header for the URL of the card form. You will need to set this URL as the value of the SRC attribute of your iframe in your webpage.
All URLs should be HTTPS.

Error Responses

Parameter Constraints

Parameters

Headers

Authorization
string
required
Your API key prefixed with APIKEY. Example: APIKEY your-api-key. See the Authentication guide.

Request Body

CallBackURL
string
URL where PCI Booking will push the status of the request.
TTL
integer
default:"120"
required
Number of seconds the request will be valid for. Minimum 30, maximum 600.
creatorReference
string
A reference value that can be used to query for this card token.
Properties
object
The set of properties defining the card entry form. See the 201 response example below for the full list of available properties.
  • The 3DS challenge window has a 5 minute timeout. If the cardholder does not respond in time, authentication is rejected.
  • Do not use merchantName unless you have configured your 3DS merchant information. To use PCI Booking’s merchant, set ThreeDs to True and leave merchantName blank (Visa and Mastercard only).
  • Visa requirement (Aug 2024): You must provide at least the cardholder’s email address or phone number for 3DS authentication.

Response

201 - Session created. A Location header is returned with the card form URL. Set this URL as the src of your iframe.
Remember to set the CVV Retention Policy on the token once the card is captured.