PCI Booking provides a simple, Restful, API to perform all actions regarding a credit card.

PCI Booking is made up of several application areas. This developers site contains a guide and a reference manual for each application area.

  • The guides allow software architects and designers to have a broad view on the system operation and easily pick up those components which can fit the best different application scenarios.
  • The reference manuals allow developers to have a clear understanding of which methods are available, what input parameters are required for each method and the expected results of each.

Capture Card Security Code

If, while talking to the customer (whether on the phone, in a chat or an email), you need to collect the card security code for a card already stored in PCI Booking, you should use the Card Over The Phone Service.

How it works

Upon request, PCI Booking will send either an email or a text message (SMS) to the client. This message will contain a link to the card security code capture form.
Once the client has finished entering the card' security code, the original card will be duplicated to a new card stored in PCI Booking and a new token will be generated which will be sent to the customer who requested the form be sent.


Read more on managing your Card Over The Phone requests.


Upon completion of this operation, there will be two copies of the card details in PCI Booking. It is your responsibility to decide what to do with the original token that was stored in PCI Booking.
If this token is not deleted (read more on deleting tokens , it will be charged the monthly storage fee.

Tokenization Flow

Initial setup:

  1. Implement the Callback method to receive status updates on the card request.
  2. (optionally) Prepare in advance the CSS that should be used for this card capture.

Regular operations:

  1. Initiate a call with a client and reach the stage in the conversation of requesting the card security code
  2. Submit the Request to Send Card Security Code Capture Form to Recipient method
    • In this request, you will provide details on how to send the message (email or text message) and the destination information. You will also provide details on the original token that the security code should be added to.
  3. PCI Booking sends the message to the client.
  4. Client clicks on the link to open the card capture form and fills out the card security code.
  5. The existing token is duplicated and the security code is added to the new card. The new token is sent to the customer via the callback.

Updated about a year ago

Capture Card Security Code

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.