PCI Booking provides a simple, Restful, API to perform all actions regarding a credit card.

PCI Booking is made up of several application areas. This developers site contains a guide and a reference manual for each application area.

  • The guides allow software architects and designers to have a broad view on the system operation and easily pick up those components which can fit the best different application scenarios.
  • The reference manuals allow developers to have a clear understanding of which methods are available, what input parameters are required for each method and the expected results of each.

Tokenization in Response

PCI Booking users (e-commerce sites) who pull card data from a third party as a response to an HTTP-based request should use this service.

Typical use cases

  • A business sending a request to a virtual card provider to start a payment process and receives a response containing card data.
  • A hotel chain's central reservation system (CRS), which queries an online travel agent (OTA) for new bookings and receives the reservation data, along with card data.

📘

Universal Tokenization

Please also review our Universal Tokenization service which works the in similar fashion to the Tokenize on Response method, only with predefined connection to many common third parties (such as Booking.com, Expedia and others)

Tokenization Flow

📘

Single or multiple card details in the response

While this process refers to one card and one token, PCI Booking can tokenize all cards listed in the response - as many as are listed - so long that the content filter identifies their respective locations.

The request will go through the PCI Booking server and will be relayed to the third party.

  1. Prepare a tokenization target profile.
  2. Authenticate PCI Booking via an "access token" or a "session token". Read more about our authentication methods.
  3. Prepare the request body that should be sent to the third party.
  4. Follow the Tokenization in Response method documentation to create the request to the third party to be sent via PCI Booking.
  5. The request is sent as is to the third party. They process it and send a response - the response includes card details.
  6. PCI Booking receives the response from the third party and takes the following actions:
    • The card data is extracted from the message and is securely stored on the PCI Booking server and a card token is issued.
    • PCI Booking masks the sensitive parts of the original card data, as per the PCI standard.
    • The card token is added to the response. (in a header as defined in the target profile).
      • If applicable, a tokenization error or warning message is added to the header list (read more on Tokenization Errors and Warnings
      • The customer can choose if they would like to allow duplicate cards to be stored in PCI Booking as separate, individual tokens or to use the same token for the same card (A duplicate card is defined two cards that have the same card number and expiration date).
    • The response is relayed back to the original sender.
  7. Process the response received from PCI Booking.
  8. Optionally, set the CVV Retention Policy for this token.

Flow charts

Below are two flow charts describing the process of retrieving credit card details from a third party without using PCI Booking and when using PCI Booking.

Updated 9 months ago

Tokenization in Response


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.