Using the Branded Card Display Iframe

In this scenario, the Booker has a website that his hotels can go to, but wishes to handle all security aspects of viewing card details (login, access control, record keeping, etc) by PCI Booking.

There are three integration points required:

  • Handling property activation
  • Handling ‘Reset password’ requests
  • Handling display of card data

📘

Please note, when submitting URLs, they must be URL encoded.

Activation

The activation email will contain a link to the Booker portal. The link contains a query string parameter ‘action=’. The value of this parameter will look something like this: %2fproperty%2fSoBookIt%2fActivation%3ftoken%3de069ee5c-f152-4778-848e-59ecc0b22f8f. This parameter provides the booker with the URL path to display to the hotel an iframe with the property activation form in an iframe on the booker's portal.

The iframe will then use the following URL in the src tag:
https://users.pcibooking.net/Property/[**BOOKER_ID**]/Activation?token=[**TOKEN FROM QUERY STRING**]
Where:

  • [BOOKER_ID]: The one assigned to the booker during account opening.
  • [TOKEN FROM QUERY STRING]: The activation token obtained from the link in the email.

Example:

  • The activation link in the email is https://portal.customer.com?action=%2fproperty%2fSoBookIt%2fActivation%3ftoken%3de069ee5c-f152-4778-848e-59ecc0b22f8f
  • The booker ID in this example is SoBookIt

The resulting iFrame src tag should be:

Reset Password

The Reset Password email will contain a link to the Booker portal.The link contains a query string parameter ‘action=’. The value of this parameter will look something like this: %2fproperty%2fSoBookIt%2fResetPassword%3fid%3d9baccc0d353549b1a44b14edfd3fd51b. This parameter provides the booker with the URL path to display to the hotel an iframe with the reset password form in an iframe on the booker's portal.

The iframe will then use the following URL in the src tag:
https://users.pcibooking.net/Property/[**BOOKER_ID**]/ResetPassword?token=[**TOKEN FROM QUERY STRING**]
Where:

  • [BOOKER_ID]: The one assigned to the booker during account opening.
  • [TOKEN FROM QUERY STRING]: The activation token obtained from the link in the email.

Example:

  • The activation link in the email is https://portal.customer.com?action=%2fproperty%2fSoBookIt%2fResetPassword%3fid%3d9baccc0d353549b1a44b14edfd3fd51b
  • The booker ID in this example is SoBookIt

The resulting iFrame src tag should be:

Display Card

The display of card data is available after a card-token has been obtained by the Booker’s portal and has been granted access to a specific property using the PCI SHIELD service (Read more on capturing and sending card details to your hotels). This allows the booker to display the card data to the property in an iframe within the usual portal they are accustomed to.

The iframe will then use the following URL in the src tag:
https://users.pcibooking.net/Property/[**BOOKER_ID**]/PaymentInfo?card_URI=[**CARD_URI**]
Where:

  • [BOOKER_ID]: The one assigned to the booker during account opening.
  • [CARD_URI]: The card URI is the identifier for the card location within PCI Booking. It is composed of card token and Path. The card URI is provided to the booker as part of the response of any tokenization process. The Card_URI should be URL encoded when provided in this iframe path.

Once the iframe loads, the user (property) will be prompted for their credentials and once authenticated, the card display form will be displayed.

Example:

  • The card URI (as returned in one of PCI Booking's tokenization methods) is https://service.pcibooking.net/api/payments/paycard/b7042e0cefb3493881b31a23a720eb50
  • The booker ID in this example is SoBookIt

The resulting iFrame src tag should be: