Store Paycard (Card Migration)
Capture Cards
Store Paycard (Card Migration)
Store card details in PCI Booking when migrating from local storage. The card data is sent in XML format.
POST
Store Paycard (Card Migration)
Card Migration Guide
Migrate existing card data into PCI Booking tokens
Error Responses
Parameter Constraints
The request body must contain a
BankCardDetails XML document. See Card Data XML Structure for the full field reference.
Location response header. The response body contains the submitted card details with sensitive data masked.
Parameters
Headers
Your API key prefixed with
APIKEY. Example: APIKEY your-api-key. For server-to-server calls.Alternative: Browser-Side Authentication
Alternative: Browser-Side Authentication
This endpoint also accepts token-based authentication via query parameters:
If multiple methods are provided, precedence: Session Token > Access Token > API Key.
Must be
text/xml. This endpoint accepts card details in XML format only.Query String
A reference value that can be used to query for this card token.
User ID of the property to associate the token with. Found under “Property settings” in the user’s site.
User ID of the PCI Booking customer (booker ID) to associate the token with. The customer must share their PCI Booking user ID with you.
Whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.
Whether to check if the expiration date is valid.
True validates the expiration date and tokenization will fail if expired. False accepts the date as is, even if in the past.Whether to check if the card number passes the Luhn algorithm.
True validates using Luhn and tokenization will fail if the number does not pass. False accepts the number as is.Request Body
The BankCardDetails object. See the XML structure and example above.
Request Example
Store a Visa card and associate it with a reference and property:- curl
- Node.js
- Python
Location response header (e.g. Location: https://service.pcibooking.net/api/payments/paycard/tok_abc123).
Response
201 - Card stored. ALocation header is returned with the token URI. The response body contains the card details with sensitive data masked.
Remember to set the CVV Retention Policy on the token if you stored the CVV.

