HomeGuideMethod ReferenceAssess YourselfRequest Sandbox Account
Ask For AssistanceLogin

Third party permissions on stored cards

Suggest Edits

PCI Booking allows customers to share (associate) stored tokens with other third parties. The supported third parties are:

When associating a token with a third party, you, as the original creator of the token, remain the owner of the token and you are responsible for any action taken on a stored card.

Associating a token with a property

Associating a token with a property allows that property to log in to the PCI Booking portal and view the card details of this token.
You can associate a single token with as many properties as needed based on your workflow.

If a property will attempt to view the card details of a token not associated with them, they will receive an error.

📘

CVV retention rules

Please note that if the property needs to view the CVV for this token, you will have to set, in advance, the necessary CVV Retention Policy to allow this.

Via the PCI Booking API, you can associate a token with a property and you can disassociate a token from a property.
You can also retrieve a list of associated properties for a token.

Associating a token with a merchant

Associating a token with a merchant (a PCI Booking customer) allows that merchant to view the card details or perform actions on the card such as relaying it to a third party, charging it, etc.
You can associate a single token with as many merchants as needed based on your workflow.

If a PCI Booking customer attempts to perform an action on a token not associated with them, they will receive an error.

📘

CVV retention rules

Please note that if the merchant needs to perform an action which requires using the CVV, you will have to set, in advance, the necessary CVV Retention Policy to allow this.

Via the PCI Booking API, you can associate a token with a PCI Booking customer and you can disassociate a token with a PCI Booking customer.
You can also retrieve a list of associated users (PCI Booking customers) for a token.

Updated over 4 years ago