Skip to main content
POST

Universal Tokenization Guide

Tokenize cards from any source using preset profiles
PCI Booking forwards your request to the third party defined in the profile, tokenizes any card data found in the response, and returns the sanitized response with the following custom headers:

Error Responses

Parameter Constraints

  • ProfileName: Must match an existing profile name (see Get Tokenization Profiles).
  • pathSegments: Required if the profile’s target URL has dynamic path segments. Provide key-value pairs in query string format.
  • eliminateCardDuplication: When true, a 200 status indicates the card already existed; 201 means a new token was created.

Parameters

Authentication

This is a browser-facing endpoint. Use one of the authentication methods below instead of the API key shown above.
accessToken
string
Recommended. A long-lived token for browser-side calls. How to generate.
sessionToken
string
Alternative. Valid for 5 minutes. How to generate.
If both are provided, the session token takes precedence.

Path Parameters

ProfileName
string
required
The name of the profile as returned from the Get Tokenization Profiles method.

Query String

pathSegments
string
Dynamic path segments to append to the profile’s target URL. Some third-party endpoints include dynamic values in the URL path (e.g. https://ws.mydomain.com/{customerName}). The Get Tokenization Profiles response lists the required path segments for each profile.
fwd
string
Query string parameters to append to the profile’s target URL. Some third-party endpoints require additional parameters (e.g. ?param1=value1&param2=value2). Provide the full query string as needed.
saveCVV
boolean
default:"false"
Whether to save the CVV in the database. true: save the CVV. false: discard the CVV.
ref
string
A reference value which can be used to query for this card token.
MerchantId
string
The user ID of the property to associate the token with. Found under “Property settings” in the user’s site.
eliminateCardDuplication
boolean
default:"false"
Controls whether PCI Booking checks if the card already exists as a token in your account.
  • true: PCI Booking looks up the card in your stored tokens. If a match is found, the existing token URI is returned instead of creating a new one. The response status will be 200 instead of 201.
  • false (default): A new token is always created, even if the same card was previously stored.

Request Body

The request body and headers are passed through to the third party as-is. Include any body content and headers that the third party requires.

Response

200 - The card already exists in your account (when eliminateCardDuplication is true). The response body contains the third-party response with card details masked. The existing token URI is returned in the X-pciBooking-cardUri header. 201 - A new card was tokenized. The response body contains the third-party response with card details masked. The new token URI is returned in the X-pciBooking-cardUri header.
Remember to set the CVV Retention Policy on the token.