Store card

When you start using PCI Booking, you probably already have a process in which you capture credit cards. This also means that you probably have a database of stored credit cards that will need to be migrated to PCI Booking.

Our Store method allows customers to submit the cards stored in their system into PCI Booking and receive, in the response, the card token for this card.

Tokenization Flow

  1. Authenticate PCI Booking using your API Key, an "access token" or a "session token". Read more about our authentication methods.
  2. Retrieve the card details from your database and prepare the request body in our card data XML structure
  3. Send the request to PCI Booking.
  4. The response will include the card token in a header value called Location and the masked card details in the response body.
  5. Store the information from the response - none of the information returned falls under PCI scope so you are able to keep it all.
  6. Delete the card that was stored in your database.
  7. Optionally, set the CVV Retention Policy for this token.


Migrating multiple cards

The Store method is designed for submitting one card. In most cases, you would have many cards to migrate over to PCI Booking. In that case, you would have to loop the above process multiple times for each of the stored cards.