> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Third-Party Permissions

> Share card tokens between PCI Booking customers. Set read, write, and process permissions for multi-party workflows.

PCI Booking allows you to share stored tokens with other PCI Booking customers (merchants). You remain the owner and are responsible for any action taken on the card.

## Associating with Customers

Associating a token with another PCI Booking customer allows them to view card details or perform actions (relay to third parties, charge, etc.).

* A token can be associated with multiple customers.
* If a customer attempts an action on a token not associated with them, they receive an error.

| Action                        | API Endpoint                                                                          |
| ----------------------------- | ------------------------------------------------------------------------------------- |
| Associate token with customer | [Associate with Customer](/api-reference/manage-tokens/associate-with-customer)       |
| Remove association            | [Disassociate from Customer](/api-reference/manage-tokens/disassociate-from-customer) |
| List associated customers     | [List Customer Associations](/api-reference/manage-tokens/list-customer-associations) |

<Info>
  If the third party needs to use the CVV, you must set a [CVV Retention Policy](/capture-cards/cvv-retention-policy) that permits it before they attempt to access the card.
</Info>

## Next Steps

<CardGroup cols={2}>
  <Card title="CVV Retention Policy" icon="book" href="/capture-cards/cvv-retention-policy">
    Control how long CVV data is retained and who can use it
  </Card>
</CardGroup>
