> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Capture Cards Overview

> All ways to tokenize cards with PCI Booking: hosted form, email/SMS link, JavaScript library, file upload, API migration, and response interception

Tokenization is how card data enters PCI Booking. The method you use depends on where the card data comes from.

## Collecting Cards from the Cardholder

Use these methods when the cardholder enters their own card details. All three support 3D Secure natively in the UI with no additional development on your side.

| Method                                                       | How It Works                                                                                                                                                                                                                                                      |
| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **[Card Entry Form](/capture-cards/hosted-card-entry-form)** | PCI Booking hosts a secure form that you embed via iframe or redirect. The cardholder enters their card and PCI Booking tokenizes it on submission. The simplest integration for web-based card capture.                                                          |
| **[Card By Link](/capture-cards/card-by-link)**              | Send a secure link to the cardholder via email or SMS. The cardholder clicks the link, enters their card on a hosted page, and PCI Booking tokenizes it. Ideal for call centers, remote collection, and any scenario where the cardholder is not on your website. |
| **[Payments Library](/capture-cards/payments-library)**      | Client-side JavaScript library (`@pcibooking/ewallet`) that renders a card form in your checkout page. Also supports alternative payment methods (Apple Pay, Google Pay, PayPal). The richest feature set for web and mobile checkout flows.                      |

## Receiving Cards from a Third Party via HTTP

Use these methods when card data flows through HTTP requests or responses between your system and a third party.

| Method                                                                          | How It Works                                                                                                                                                                                                                                                                                                                                                                       |
| ------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **[Tokenization on Response](/capture-cards/tokenization-on-response)**         | Route your outbound HTTP requests through PCI Booking as a proxy. When the third party responds with card data, PCI Booking parses the response using a profile you define (or a [universal profile](/capture-cards/universal-tokenization) for common third parties), tokenizes all card details, and forwards a sanitized response to you. Card data never reaches your systems. |
| **[Tokenization on Request (Gateway)](/capture-cards/tokenization-on-request)** | The reverse direction. When a third party sends card data to your API, PCI Booking sits as a gateway in front of your endpoint, tokenizes the card details in the inbound request, and forwards a sanitized version to you.                                                                                                                                                        |

## Receiving Cards from a Third Party via File

| Method                                                                     | How It Works                                                                                                                                                                                                                                                                    |
| -------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **[File Transfer (SFTP/FTPS)](/capture-cards/file-transfer-tokenization)** | PCI Booking acts as a secure file transfer proxy. You call the API with the third party's SFTP or FTPS server details, and PCI Booking downloads the file, tokenizes all card numbers it finds, and returns the tokenized content to you. Card data never touches your systems. |

## Direct API (Card Migration)

| Method                                                    | How It Works                                                                                                                                                                                                                                                                                                                  |
| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **[Store Card API](/capture-cards/store-card-migration)** | POST card data directly to the PCI Booking API. Use this for migrating cards from another vault, provider, or internal storage. If your systems handle raw card data during the migration, you may be in PCI DSS scope for that period. Make sure to clear all card records from your systems once the migration is complete. |

## What Happens When a Card Is Tokenized

Regardless of the method, the outcome is the same:

1. Card data is captured through one of the methods above.
2. PCI Booking encrypts and stores the card in our PCI DSS Level 1 vault.
3. A token is returned to your system.
4. You use the token for all subsequent operations: manage, query, or detokenize.

## Next Steps

<CardGroup cols={2}>
  <Card title="Manage Tokens" icon="sliders" href="/manage-tokens/overview">
    Query, update, and manage your stored tokens
  </Card>

  <Card title="Use Tokens" icon="arrow-right-arrow-left" href="/use-tokens/overview">
    Send card data to PSPs, partners, or display it
  </Card>
</CardGroup>
