Card Display with OTP Authentication - Flow Guide
Verification Process
The card display verification follows these steps:
- Submit a request to
/api/card-view-request/initViewwith the card token, cardholder email, phone number, display name, TTL in minutes, and language. - PCI Booking generates a unique request ID and sends an email with a secure link to the specified email address.
- The cardholder clicks the link and is presented with a phone number entry screen.
- The cardholder enters their phone number in international format (country code + number, no '+' prefix).
- PCI Booking validates the phone number and sends a 6-digit SMS code.
- The cardholder enters the 6-digit code into the verification screen.
- Upon successful verification, the cardholder can view card details.
The email link is valid for the duration specified in the TTL parameter. SMS codes expire after 10 minutes.
Request Parameters
| Parameter | Type | Required | Format/Notes |
|---|---|---|---|
| Card_token | string | Yes | Token from original card tokenization |
| ViewerEmail | string | Yes | Valid email address format |
| ViewerPhone | string | Yes | International format: country code + digits, no '+' prefix |
| ViewerName | string | Yes | Display name for the cardholder |
| TtlMinutes | integer | Yes | 1-1440 (1 minute to 24 hours) |
| Language | string | Yes | Currently supports "en" (English) |
Error Scenarios
Invalid Phone Number Format
If the phone number format is incorrect, the request returns HTTP 400 with INVALID_PHONE_NUMBER error. Ensure the format is: country code directly followed by digits with no '+' prefix, spaces, or dashes. Example: "15551234567" for US, "353858622255" for Ireland.
Invalid Email Format
The request returns HTTP 400 with INVALID_EMAIL error if the email address format is invalid.
Card Token Not Found
If the card token does not exist or has been deleted, the request returns HTTP 400 with INVALID_CARD_TOKEN error.
Link Expiration
If the cardholder does not click the email link before the TTL expires, the link becomes invalid. A new card display request must be submitted.
OTP Code Expiration
SMS codes expire after 10 minutes. The verification screen displays a countdown timer. If the code expires, the cardholder must request a new code through the "Resend Code" option.
OTP Resend Rate Limiting
The system limits OTP resend requests to prevent abuse. If the cardholder exceeds the resend limit, they must wait several minutes before requesting another code. The email link itself remains valid regardless of resend attempts.
SMS Delivery Issues
International phone numbers may experience delayed SMS delivery (1-2 minutes). Prepaid plans in some regions may not support SMS delivery. If SMS delivery fails, create a new card display request with an updated phone number.
SMS Delivery Considerations
SMS delivery times vary by region and carrier. United States deliveries are typically immediate. International deliveries may take 1-2 minutes. Set customer expectations accordingly in your application.
Updated 18 days ago