Skip to main content
POST
Store Paycard (Card Migration)

Card Migration Guide

Migrate existing card data into PCI Booking tokens
Use this endpoint to migrate card data you currently store on your own systems into PCI Booking tokens. Send the full card details in XML format, and PCI Booking returns a token URI you can use for all future operations. This is typically a one-time bulk migration step when onboarding with PCI Booking.
This endpoint accepts card details in XML format only. Set Content-Type: text/xml.

Error Responses

Parameter Constraints

The request body must contain a BankCardDetails XML document. See Card Data XML Structure for the full field reference.
On success, a card token is created and the token URI is returned in the Location response header. The response body contains the submitted card details with sensitive data masked.

Parameters

Headers

Authorization
string
required
Your API key prefixed with APIKEY. Example: APIKEY your-api-key. For server-to-server calls.
This endpoint also accepts token-based authentication via query parameters:If multiple methods are provided, precedence: Session Token > Access Token > API Key.
Content-Type
string
default:"text/xml"
required
Must be text/xml. This endpoint accepts card details in XML format only.

Query String

ref
string
A reference value that can be used to query for this card token.
merchant
string
User ID of the property to associate the token with. Found under “Property settings” in the user’s site.
allowedUserId
string
User ID of the PCI Booking customer (booker ID) to associate the token with. The customer must share their PCI Booking user ID with you.
saveCVV
boolean
default:"false"
Whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.
ValidateExpiration
boolean
default:"false"
Whether to check if the expiration date is valid. True validates the expiration date and tokenization will fail if expired. False accepts the date as is, even if in the past.
validateLuhn
boolean
default:"true"
Whether to check if the card number passes the Luhn algorithm. True validates using Luhn and tokenization will fail if the number does not pass. False accepts the number as is.

Request Body

BankCardDetails
object
The BankCardDetails object. See the XML structure and example above.

Request Example

Store a Visa card and associate it with a reference and property:
On success, the token URI is returned in the Location response header (e.g. Location: https://service.pcibooking.net/api/payments/paycard/tok_abc123).

Response

201 - Card stored. A Location header is returned with the token URI. The response body contains the card details with sensitive data masked.
Remember to set the CVV Retention Policy on the token if you stored the CVV.