PCI Booking provides a simple, Restful, API to perform all actions regarding a credit card.

PCI Booking is made up of several application areas. This developers site contains a guide and a reference manual for each application area.

  • The guides allow software architects and designers to have a broad view on the system operation and easily pick up those components which can fit the best different application scenarios.
  • The reference manuals allow developers to have a clear understanding of which methods are available, what input parameters are required for each method and the expected results of each.
Suggest Edits

Authenticate

The method lets you check whether the PCI Booking service is up and if your API key is authenticated.

We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/accounts/authenticate/
curl --request POST \
  --url https://service.pcibooking.net/api/accounts/authenticate/ \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'POST',
  url: 'https://service.pcibooking.net/api/accounts/authenticate/',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/accounts/authenticate/")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/accounts/authenticate/");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/accounts/authenticate/"

headers = {'authorization': 'Authorization'}

response = requests.request("POST", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

""
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 
Suggest Edits

Start a Temporary Session

This method starts a new session for capturing a customer's payment card.

We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/payments/paycard/tempsession
curl --request POST \
  --url https://service.pcibooking.net/api/payments/paycard/tempsession \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'POST',
  url:
   'https://service.pcibooking.net/api/payments/paycard/tempsession',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/tempsession")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard/tempsession");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/tempsession"

headers = {'authorization': 'Authorization'}

response = requests.request("POST", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

"1a75885fabe443588488de7d7e7f9980"
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 
Suggest Edits

Access Token Generation Code Samples

We recommend that you first review the guide for this method.

 

Below you will find code samples in different languages to show you how to create the Access Token.
These code samples are ready to run and you are welcome to use them in your code. Alternatively, you can use these samples as a reference to develop your own code.

using System;

namespace CreateAccessToken
{
    class Program
    {
        private static string[] helpLines = 
        { 
            "Usage: CreateAccessToken.exe <Certificate file path> <API Key> <Absolute time>",
            "Certificate file path: .cer as downloaded from https://service.pcibooking.net/api",
            "API Key: As generated in your PCI Booking account",
            "Absolute time: local time in format HH:MM:ss (up to 1 hour from now), e.g: 18:20:34"
        };

        static void Main(string[] args)
        {
            if (args.Length != 3)
                Usage("Invalid number of arguments; expected 3");

            // read certificate
            System.Security.Cryptography.X509Certificates.X509Certificate2 cert = null;
            try
            {
                cert= new System.Security.Cryptography.X509Certificates.X509Certificate2(args[0]);
            }
            catch (Exception ex)
            {
                Usage("Cannot load certificate file: " + args[0] + " Error: " + ex.Message);
            }

            // read time and convert to absolute date time in UTC
            DateTime expectedExpirationLocalTime;
            if (!DateTime.TryParse(args[2], out expectedExpirationLocalTime))
            {
                Usage("Invalid expected time: " + args[2]);
            }
            TimeSpan expiresIn = expectedExpirationLocalTime.Subtract(DateTime.Now);
            if (expiresIn > TimeSpan.FromHours(1) || expiresIn<TimeSpan.Zero)
            {
                Usage(string.Format("Invalid expected time [{0}]. Should be up to one hour ahead ", args[2]));
            }
            DateTime expectedExpirationUTC = expectedExpirationLocalTime.ToUniversalTime();

            // Generate a guid
            string guid = Guid.NewGuid().ToString().Replace("-","");

            // Construct data block
            string dataBlock = string.Format("{0}#{1}#{2}", args[1], guid, expectedExpirationUTC.ToString("o"));


            // encode the string to clear bytes
            byte[] clearBytes = System.Text.Encoding.UTF8.GetBytes(dataBlock);

            // obtain crypto provider with public key
            System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoServiceProvider = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PublicKey.Key;

            // perform the encryption
            byte[] encryptedBytes = rsaCryptoServiceProvider.Encrypt(clearBytes, false);

            // convert byte array to hex string
            string accessToken = string.Concat(Array.ConvertAll(encryptedBytes, b => b.ToString("X2"))); 

            Console.WriteLine(accessToken);
        }

        private static void Usage(string message = "")
        {
            if (!string.IsNullOrEmpty(message))
                Console.WriteLine(message);

            foreach (var line in helpLines)
            {
                Console.WriteLine(line);
            }
            Environment.Exit(0);
        }
    }
}

import java.io.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.text.SimpleDateFormat;
import java.text.DateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
import java.util.UUID;
import javax.crypto.Cipher;

public class CreateAccessToken {

    private static final String[] helpLines
            = {
                "Usage: CreateAccessToken.exe <Certificate file path> <API Key> <Absolute time>",
                "Certificate file path: .cer as downloaded from https://service.pcibooking.net/api",
                "API Key: As generated in your PCI Booking account",
                "Absolute time: local time in format HH:MM:ss (up to 1 hour from now), e.g: 18:20:34"
            };

    public static void main(String[] args) {
       
    	if (args.length != 3) {
            Usage("Invalid number of arguments; expected 3");
        }
        // read certificate
        Certificate cert = null;
        try {
            InputStream fis = new FileInputStream(args[0]);
            BufferedInputStream bis = new BufferedInputStream(fis);
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            cert = cf.generateCertificate(bis);
        } catch (Exception ex) {
            Usage("Cannot load certificate file: " + args[0] + " Error: " + ex);
        }
        // read time and convert to absolute date time in UTC
        Date expectedExpirationLocalTime = null;
        Date date = new Date();
        SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd");
        String cDate=formatter.format(date);
        formatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
        try {
            expectedExpirationLocalTime = formatter.parse(cDate+" "+args[2]);
        } catch (Exception ex) {
            Usage("Invalid expected time: " + args[2] + " Error: " + ex);
        }
        Calendar cal = Calendar.getInstance();
        long expiresIn = expectedExpirationLocalTime.getTime() - cal.getTime().getTime();
        if (expiresIn > 3600000 || expiresIn < 0) {
            Usage("Invalid expected time [" + args[2] + "]. Should be up to one hour ahead ");
        }
        formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
        Date expectedExpirationUTC = null;
        try {
            expectedExpirationUTC = formatter.parse(formatter.format(expectedExpirationLocalTime));
        } catch (Exception ex) {
            Usage("Cannot convert time to UniversalTime: Error: " + ex);
        }

		// format to ISO 8601
		DateFormat df = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
		df.setTimeZone(TimeZone.getTimeZone("UTC"));
		String asISO8601 = df.format(expectedExpirationUTC);


        // Generate a guid
        String guid = UUID.randomUUID().toString().replace("-", "");
        // Construct data block
        String dataBlock = String.format("%1$s#%2$s#%3$s", args[1], guid, asISO8601);
        // encode the string to clear bytes
        byte[] clearBytes = null;
        try {
            clearBytes = dataBlock.getBytes("UTF-8");
        } catch (Exception ex) {
            Usage("Cannot encode to UTF8: Error: " + ex);
        }
        byte[] encryptedBytes = null;
        // perform the encryption
        try {
            // get an RSA cipher object and print the provider
            final Cipher cipher = Cipher.getInstance("RSA");
            // encrypt the plain text using the public key
            cipher.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
            encryptedBytes = cipher.doFinal(clearBytes);
        } catch (Exception ex) {
            Usage("Cannot encrypt: Error: " + ex);
        }
        // convert byte array to hex string
        String accessToken = byteArrayToHex(encryptedBytes);

		// display the access token
		System.out.println(accessToken);
    }

    private static void Usage(String message) {
        if (!message.isEmpty()) {
            System.out.println(message);
        }

        for (String line : helpLines) {
            System.out.println(line);
        }
        System.exit(0);
    }

    private static String byteArrayToHex(byte[] a) {
        StringBuilder sb = new StringBuilder(a.length * 2);
        for (byte b : a) {
            sb.append(String.format("%02X", b & 0xff));
        }
        return sb.toString();
    }
}
<?php

require('vendor/autoload.php');

class CreateAccessToken
{

    private $certificate;
    private $apiKey;
    private $expirationTime;

    public function __construct($certificate, $apiKey, DateTime $expirationTime)
    {
        $this->certificate = $certificate;
        $this->apiKey = $apiKey;
        $this->expirationTime = $expirationTime;
    }

    public function createToken()
    {
        $cert = openssl_get_publickey($this->certificate);

        $this->expirationTime->setTimeZone(new DateTimeZone('UTC'));

        $expirationAsISO8601 = $this->expirationTime->format(DateTime::ISO8601);
        $guid = $this->generateUUID();
        $dataBlock = sprintf('%s#%s#%s', $this->apiKey, $guid, $expirationAsISO8601);

        openssl_public_encrypt($dataBlock, $encryptedData, $cert);

        $encryptedDataHex = strtoupper(bin2hex($encryptedData));

        return $encryptedDataHex;
    }

    private function generateUUID()
    {
        return str_replace('-', '', Ramsey\Uuid\Uuid::uuid4());
    }

}
import binascii
import uuid
import pytz

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.x509 import load_pem_x509_certificate


def create_access_token(cert_file, api_key, expiration_time):
    cert = load_pem_x509_certificate(cert_file.read(), default_backend())

    public_key = cert.public_key()

    try:
        expiration_time = pytz.utc.localize(expiration_time)
    except ValueError:
        pass

    expiration_string = expiration_time.isoformat()

    data_block = '{}#{}#{}'.format(api_key, uuid.uuid4(), expiration_string)

    ciphertext = public_key.encrypt(data_block, padding.PKCS1v15())

    return binascii.hexlify(ciphertext)


def main():
    import datetime
    import sys

    if len(sys.argv) != 4:
        print("Usage: {} cert_file api_key, expiration_timestamp".format(
            sys.argv[0]))
        exit(1)

    with open(sys.argv[1], "rb") as cert_file:
        expiration_time = datetime.datetime.fromtimestamp(int(sys.argv[3]))

        print(create_access_token(cert_file, sys.argv[2], expiration_time))


if __name__ == '__main__':
    main()
Suggest Edits

Get Supported Credit Cards

This method will allow you to retrieve the list of supported credit cards in PCI Booking. You can use this list as a basis to perform name mapping for credit cards.

 
gethttps://service.pcibooking.net/api/payments/paycard/supportedCards
curl --request GET \
  --url https://service.pcibooking.net/api/payments/paycard/supportedCards
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/payments/paycard/supportedCards' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/supportedCards")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/supportedCards");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/supportedCards"

response = requests.request("GET", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

{List of credit cards}
 
Suggest Edits

CSS Stylesheet Management

 

You can manage all aspects of the stored CSS stylesheets in PCI Booking using the following API methods.
Before you can use these methods, please make sure that the user you are using to perform API actions has the System Configurator permission. If you are unsure, please check with your account administrator or contact our support team.

Suggest Edits

Add or update CSS

This method allows you to create a new CSS record or update an existing one(by overriding the current content).

 
puthttps://service.pcibooking.net/api/resources/stylesheet/ResourceName
curl --request PUT \
  --url https://service.pcibooking.net/api/resources/stylesheet/ResourceName
var request = require("request");

var options = { method: 'PUT',
  url:
   'https://service.pcibooking.net/api/resources/stylesheet/ResourceName' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/resources/stylesheet/ResourceName")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Put.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("PUT", "https://service.pcibooking.net/api/resources/stylesheet/ResourceName");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/resources/stylesheet/ResourceName"

response = requests.request("PUT", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

Status 201 will be returned if this CSS resource name did not exist before. 
Status 200 will be returned if this CSS resource name existed before - in which case the stylesheet submitted in this request will override the existing data.
{
    "Message": "The request is invalid.",
    "ModelState": {
        "model": [
            "Required property 'IsDefault' not found in JSON. Path '', line 6, position 1."
        ],
        "model.ContentLTR": [
            "The ContentLTR field is required."
        ]
    }
}
{
    "Message": "The request is invalid.",
    "ModelState": {
        "ContentError": [
            "At least one of the fields, ContentLTR or ContentRTL, must have valid CSS content"
        ]
    }
}
{
    "Message": "Invalid CSS: Line number: 1<br />Error: invalid selector after \n"
}

Path Params

ResourceName
string
required

The "resource name" that you would like to assign this CSS record

Body Params

Description
string

This value will serve as the description of this CSS resource in the our user's site.

ContentLTR
string

The stylesheet configuration for LTR content.

ContentRTL
string

The stylesheet configuration for RTL content.
Normally, this is left blank unless you are using RTL pages.

IsDefault
boolean

Sets this CSS resource as the default CSS for your account.

Headers

Authorization
string

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

Same method is used for creating a new CSS resource and updating an existing CSS resource

Please be aware that the same method is used for both creating a new CSS and updating an existing one.
If you update an existing CSS, the content of it will be replaced with the uploaded content and this action cannot be undone.

Suggest Edits

List all CSS records

This method allows you to retrieve a list of all CSS records in your account.

 
gethttps://service.pcibooking.net/api/resources/stylesheet
curl --request GET \
  --url https://service.pcibooking.net/api/resources/stylesheet
var request = require("request");

var options = { method: 'GET',
  url: 'https://service.pcibooking.net/api/resources/stylesheet' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/resources/stylesheet")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/resources/stylesheet");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/resources/stylesheet"

response = requests.request("GET", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

[
  {
	"ResourceName": "DefatultCSS",
   	"Description": "The default CSS",
     	"ContentLTR": 
"body {
		background-color: powderblue;
}
h1 {
		color: blue;
}",
	"ContentRTL": " ",
"IsDefault ": true,
"ContentType ": "test/css"
  },
  {
	"ResourceName": "ArabicCSS",
   	"Description": "CSS for arabice",
     	"ContentLTR": 
"",
	"ContentRTL": "body {
		background-color: orange;
}
h1 {
		color: blue;
} ",
"IsDefault ": false,
"ContentType ": "test/css",
  	},
]

Headers

Authorization
string

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

The response to this method will be an array of CSS resource items in your account in PCI Booking. Each of the CSS resource items in the array will have the same structure as defined in the method for adding a new CSS.

Suggest Edits

Retrieve CSS record

This method allows you to retrieve the content of a particular CSS stored in PCI Booking.

 
gethttps://service.pcibooking.net/api/resources/stylesheet/ResourceName
curl --request GET \
  --url https://service.pcibooking.net/api/resources/stylesheet/ResourceName
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/resources/stylesheet/ResourceName' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/resources/stylesheet/ResourceName")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/resources/stylesheet/ResourceName");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/resources/stylesheet/ResourceName"

response = requests.request("GET", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

  {
	"ResourceName": "DefatultCSS",
   	"Description": "The default CSS",
     	"ContentLTR": 
"body {
		background-color: powderblue;
}
h1 {
		color: blue;
}",
	"ContentRTL": " ",
"IsDefault ": true,
"ContentType ": "test/css"
  }

Path Params

ResourceName
string
required

The "resource name" that was assigned to this CSS record.
You can either log in to our user's site to view the list of CSS records or retrieve the full list of CSS records in your account.

Headers

Authorization
string

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

The response to this method will be a single CSS resource item from your account in PCI Booking based on the resource name that was provided. The CSS resource item will have the same structure as defined in the method for adding a new CSS.

Suggest Edits

Delete CSS record

This method allows you to delete the CSS record from PCI Booking.

 
deletehttps://service.pcibooking.net/api/resources/stylesheet/ResourceName
curl --request DELETE \
  --url https://service.pcibooking.net/api/resources/stylesheet/ResourceName
var request = require("request");

var options = { method: 'DELETE',
  url:
   'https://service.pcibooking.net/api/resources/stylesheet/ResourceName' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/resources/stylesheet/ResourceName")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Delete.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("DELETE", "https://service.pcibooking.net/api/resources/stylesheet/ResourceName");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/resources/stylesheet/ResourceName"

response = requests.request("DELETE", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

Try the API to see results

Path Params

ResourceName
string
required

The "resource name" that was assigned to this CSS record.
You can either log in to our user's site to view the list of CSS records or retrieve the full list of CSS records in your account.

Headers

Authorization
string

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

The response to this method will be a single CSS resource item from your account in PCI Booking based on the resource name that was provided. The CSS resource item will have the same structure as defined in the method for adding a new CSS.

Suggest Edits

Associate Paycard with a Property

Associate a token with a specific property, from the list of properties managed in your PCI Booking account, in order to allow the property to view the card via the managed card display form.
A token can be associated with multiple properties.
We recommend that you first review the guide for this method.

 
puthttps://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID
curl --request PUT \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'PUT',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Put.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("PUT", "https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID"

headers = {'authorization': 'Authorization'}

response = requests.request("PUT", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

""
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Could not find a valid user",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.

merchantID
string
required

The MerchantID is the user ID of the property you wish to associate the token with.
The user ID for the property can be found under "Property settings" in our user's site.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 
Suggest Edits

Associate Paycard with a PCI Booking Customer

Associate a token with a specific PCI Booking customer in order to allow the other customer to perform actions on this token.
A token can be associated with multiple customers.
We recommend that you first review the guide for this method.

 
puthttps://service.pcibooking.net/api/payments/paycard/cardToken/user/userID
curl --request PUT \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'PUT',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Put.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("PUT", "https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID"

headers = {'authorization': 'Authorization'}

response = requests.request("PUT", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

""
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Could not find a valid user",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.

userID
string
required

The userID is the user ID of a PCI Booking customer ("Booker") that the token should be associated with.
You will need to collect this userID from the booker that you wish to associate the card with.The MerchantID is the user ID of the PCI Booking customer ("Booker") that the token should be associated with.
You will need to collect this userID from the booker that you wish to associate the card with.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 
Suggest Edits

Clear CVV

This method deletes CVV information from card data stored in PCI Booking's memory.
We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv
curl --request POST \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv
var request = require("request");

var options = { method: 'POST',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv"

response = requests.request("POST", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

""
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY or Temp Session or HTTP Basic or One-Time Accesss Token",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.
For example: 2821a46d80e14d1b96a7f18f1b81926d.

Query Params

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.
For example, c0ba908c7dc94df7b1a6f2cf9c197538

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample. For example, 5E49BC0EB51CC2CB6EA580CC644067058DAC186E3040203E96D45F1E8D43ED1196E9090D08 EC27108005EB7B02F3CC1DBCFD804373536DBB10D5AB6C3843BF40E6780959736D9F9B7E9B 39739B5047ABE539AB14386616EE9A77007EC8EBFCEA903DA26814C421B26D137E0BACA36F DCA4A41AEA84A394CD28FF1B3B632D549391F510EA5AD73F50F46DA0E68945A677DEF35DCF 5A42E2702D7294CF76A68097C5970194A6B6B8E83D020483B94FD373515D9592B3BB305B75 6795A1D68BA54FB82AA093B15B2722BA6AA797E5C10534C7715AB66254EE6A2FE307167753 16849D9CDE2D08A465EF9A2A1F863E1D0A57F85D8F796EF8A4CE1162FC9D83D701FC

Headers

Authorization
string

Optional authentication method, you can use APIKEY authentication (in the format of APIKEY {value}) if not providing other authentication methods.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Providing both Access Token and Session Token in the same request

If both Session Token and Access Token are listed in the request's query string parameters, the Session Token will take precedence.

Suggest Edits

Delete Paycard (Deprecated)

This method deletes the card data stored in PCI Booking.
We recommend that you first review the guide for this method.

Deprecated method - this method has been deprecated and there is a newer method for deleting paycards.

 
posthttps://service.pcibooking.net/api/payments/paycard/cardToken?op=Delete
curl --request POST \
  --url 'https://service.pcibooking.net/api/payments/paycard/cardToken?op=Delete' \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'POST',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken',
  qs: { op: 'Delete' },
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken?op=Delete")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard/cardToken?op=Delete");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken"

headers = {'authorization': 'Authorization'}

response = requests.request("POST", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

""
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.
For example, 2821a46d80e14d1b96a7f18f1b81926d.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

Deleting a card is permanent and cannot be undone.

This method has been deprecated.

Please use the newer method for deleting paycards

Suggest Edits

Delete Paycard

This method deletes the card data stored in PCI Booking.
We recommend that you first review the guide for this method.

 
deletehttps://service.pcibooking.net/api/payments/paycard/cardToken
curl --request DELETE \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'DELETE',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Delete.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken"

headers = {'authorization': 'Authorization'}

response = requests.request("DELETE", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

""
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.
For example, 2821a46d80e14d1b96a7f18f1b81926d.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

Deleting a card is permanent and cannot be undone.

Suggest Edits

Disassociate Paycard from a Property

Disassociate a paycard from the merchant ID, specified in the URI. After dissociation, the merchant will not longer be authorized to view the card data.
We recommend that you first review the guide for this method.

 
deletehttps://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID
curl --request DELETE \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'DELETE',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Delete.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID"

headers = {'authorization': 'Authorization'}

response = requests.request("DELETE", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

""
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Could not find a valid merchant SoBookIt for SoBookIt",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.
For example, 2821a46d80e14d1b96a7f18f1b81926d.

merchantID
string
required

The MerchantID is the user ID of the property that you wish to disassociate the token with.
The user ID for the property can be found under "Property settings" in our user's site.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 
Suggest Edits

Disassociate Paycard with a PCI Booking Customer

Disassociate Paycard with a specific userID of another PCI Booking customer (Booker). Once processed, the other customer will no longer have access to perform actions on the token.
We recommend that you first review the guide for this method.

 
deletehttps://service.pcibooking.net/api/payments/paycard/cardToken/user/userID
curl --request DELETE \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'DELETE',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Delete.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID"

headers = {'authorization': 'Authorization'}

response = requests.request("DELETE", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

""
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Could not find a valid user",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.

userID
string
required

The userID is the user ID of the PCI Booking customer ("Booker") that the token should be disassociated with.
You will need to collect this userID from the booker that you wish to associate the card with.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 
Suggest Edits

Duplicate Paycard

This method enables duplication of a card to a new card, optionally adding a CVV, and specifying the e-commerce site association and creator reference.
We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/payments/paycard/duplicate
curl --request POST \
  --url 'https://service.pcibooking.net/api/payments/paycard/duplicate?cardUri=cardUri'
var request = require("request");

var options = { method: 'POST',
  url:
   'https://service.pcibooking.net/api/payments/paycard/duplicate',
  qs: { cardUri: 'cardUri' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/duplicate?cardUri=cardUri")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard/duplicate?cardUri=cardUri");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/duplicate"

querystring = {"cardUri":"cardUri"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

<?xml version='1.0' encoding='utf-8'?>
<BankCard>
    <Type>Visa</Type>
    <Number>491891******5005</Number>
    <NameOnCard>Juan Dela Cruz</NameOnCard>
    <ExpirationDate>
        <Month>07</Month>
        <Year>2020</Year>
    </ExpirationDate>
    <IssueNumber>2</IssueNumber>
</BankCard>
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY or Temp Session or One-Time Accesss Token",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Merchant or Owner are not associated with bank card [{{Token}] userID: SoBookIt",
    "errorList": null
}

Query Params

cardUri
string
required

The card URI is the resource identifier for the card location within PCI Booking.
For example https://service.pcibooking.net/api/payments/paycard/865ed8bec1f84366b97112a69cdbf915

Please note, the card URI should be URL encoded.

cvv
string

Security code, as returned from the iFrame, or other sources. If the CVV is not entered the new token will not contain any CVV.

ref
string

A reference value which then can be used to query for this card token.

merchant
string

The Property's Username (user ID), found within PCI Booking (under "Property settings"), which has been given permission to view the card. Please note: The owner (Booker) has permission to view the card.

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

Headers

Authorization
string

Optional authentication method, you can use APIKEY authentication (in the format of APIKEY {value}) if not providing other authentication methods.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

Once the Duplicate Paycard method has bee completed successfully, a new card token will be created and the token URI will be returned in the response header Location.

The result of this process would be that there are two card tokens in PCI Booking for the same card.
It is your responsibility to delete one of them in order to avoid getting charged for storage for both tokens.

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (API Key, Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

Suggest Edits

Get A List Of Associated Merchants (Properties)

Retrieve a list of all properties associated with this token.
We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/payments/paycard/cardToken/merchants
curl --request GET \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/merchants \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/merchants',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/merchants")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/cardToken/merchants");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/merchants"

headers = {'authorization': 'Authorization'}

response = requests.request("GET", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

[
    "AutoTPCIBiflxSAlt1"
]
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Could not find a valid user",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

The successful response to this message will include an array of IDs that are associated with this token.

Suggest Edits

Get A List Of Associated Users (PCI Booking Customers)

Retrieve a list of all users (PCI Booking customers) associated with this token.
We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/payments/paycard/cardToken/users
curl --request GET \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/users \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/users',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/users")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/cardToken/users");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/users"

headers = {'authorization': 'Authorization'}

response = requests.request("GET", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

[
    "tpPMiFSB"
]
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Could not find a valid user",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

The successful response to this message will include an array of IDs that are associated with this token.

Suggest Edits

Query Paycard

This method returns all cards stored by the user, related to a creator reference.
We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/payments/paycard/meta
curl --request GET \
  --url 'https://service.pcibooking.net/api/payments/paycard/meta?ref=ref' \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'GET',
  url: 'https://service.pcibooking.net/api/payments/paycard/meta',
  qs: { ref: 'ref' },
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/meta?ref=ref")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/meta?ref=ref");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/meta"

querystring = {"ref":"ref"}

headers = {'authorization': 'Authorization'}

response = requests.request("GET", url, headers=headers, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

[
      {
       "CardType": "Visa",
       "LastDigits": "5005",
       "LeadingDigits": "491891",
       "ExpirationYear": 2020,
       "ExpirationMonth": 7,
       "OwnerID": "",
       "UserID": "myUser",
       "IssueNumber": "2",
       "OwnerName": "Juan Dela Cruz",
       "ThreeDSecureInfo":{  
         "ThreeDSecIndication":"Authenticated",
         "AuthenticationValue":"MTIzNDU2Nzg5MDA5ODc2NTQzMjE",
         "Eci":"02"
       },
       "URI": "https://service.pcibooking.net/api/payments/paycard/eb454e0462d548ddbc6e6c2193b749a9",
       "EndRetentionDate": "2017-07-08T00:00:00",
       "CvvExists": True,
       "AssociatedMerchants": ["userID1","userID2"],
       "AssociatedProperties": ["hotel1","hotel2"]        
    },
      {
       "CardType": "Visa",
       "LastDigits": "5005",
       "LeadingDigits": "491891",
       "ExpirationYear": 2020,
       "ExpirationMonth": 7,
       "OwnerID": "",
       "UserID": "myUser",
       "IssueNumber": "2",
       "OwnerName": "Juan Dela Cruz",
       "URI": "https://service.pcibooking.net/api/payments/paycard/eb454e0462d548ddbc6e6c2193b749a9",
       "EndRetentionDate": "2017-07-08T00:00:00",
       "CvvExists": True,
       "AssociatedMerchants": ["userID1","userID2"],
       "AssociatedProperties": ["hotel1","hotel2"]        
    }
]
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Query Params

ref
string
required

The reference value which was provided during the tokenization process to locate this token.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

The response will include an array of cards which match the reference value provided. If no cards match the reference value provided, the array will be empty.

You can find full details of the metadata parameters returned in this method in our guide on How to Retrieve metadata for a token.

Suggest Edits

Retrieve Paycard

This method lets you retrieve the full and unmasked card details of a paycard according to a card token.
We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/payments/paycard/cardToken
curl --request GET \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/cardToken");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken"

headers = {'authorization': 'Authorization'}

response = requests.request("GET", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
    "@xmlns": "http://www.pcibooking.net/reservation",
    "@schemaVersion": "1.0",
    "BankCard": {
        "Type": "Visa",
        "Number": "4918914107195005",
        "NameOnCard": "Juan Dela Cruz",
        "ExpirationDate": {
            "Month": "07",
            "Year": "2020"
        },
        "IssueNumber": "2"
    }
}
{
    "@xmlns": "http://www.pcibooking.net/reservation",
    "@schemaVersion": "1.0",
    "BankCard": {
        "Type": "Visa",
        "Number": "4918914107195005",
        "NameOnCard": "Juan Dela Cruz",
        "ExpirationDate": {
            "Month": "07",
            "Year": "2020"
        },
        "IssueNumber": "2",
        "CVV": "123"
    }
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY or HTTP Basic",
    "errorList": null
}
{
    "code": -160,
    "message": "Uri not found",
    "moreInfo": "Uri to Bank card not found",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.
For example, 2821a46d80e14d1b96a7f18f1b81926d.

Query Params

retrieveCVV
string

Specifies how the CVV should be handled in the response: Yes: the CVV will be retrieved. No: the CVV will not be retrieved. Mask: the CVV will return masked.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

PCI compliance

Please note that the response to this method will be the full and unmasked card details. Processing this response will put the system, network and all connected components into PCI scope.
Before using this method, we recommend that you review the need for using it and setting up the proper environment to run it in.

Suggest Edits

Retrieve a Paycard Metadata

This method returns all cards stored by the user, related to a creator reference.
We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/payments/paycard/cardtoken/meta
curl --request GET \
  --url https://service.pcibooking.net/api/payments/paycard/cardtoken/meta \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardtoken/meta',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardtoken/meta")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/cardtoken/meta");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardtoken/meta"

headers = {'authorization': 'Authorization'}

response = requests.request("GET", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

[
      {
       "VirtualInfo": null,
       "CreatorReference": "myRef",
       "CardType": "Visa",
       "LastDigits": "5005",
       "LeadingDigits": "491891",
       "ExpirationYear": 2020,
       "ExpirationMonth": 7,
       "OwnerID": "",
       "ThreeDSecureInfo":{  
         "ThreeDSecIndication":"Authenticated",
         "AuthenticationValue":"MTIzNDU2Nzg5MDA5ODc2NTQzMjE",
         "Eci":"02"
       },
       "UserID": "myUser",
       "IssueNumber": "2",
       "OwnerName": "Juan Dela Cruz",
       "URI": "https://service.pcibooking.net/api/payments/paycard/eb454e0462d548ddbc6e6c2193b749a9",
       "EndRetentionDate": "2017-07-08T00:00:00",
       "CvvExists": True,
       “AssociatedMerchants”: [“userID1”,”userID2”],
       “AssociatedProperties”: [“hotel1”,”hotel2”]        
    }
]
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}
{
    "code": -160,
    "message": "Uri not found",
    "moreInfo": "Uri to Bank card not found",
    "errorList": null
}

Path Params

cardtoken
string
required

The token ID as returned by one of the tokenization methods.
For example, 2821a46d80e14d1b96a7f18f1b81926d.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

The response will include all of the metadata parameters available for this token.

You can find full details of the metadata parameters returned in this method in our guide on How to Retrieve metadata for a token.

Suggest Edits

Store Paycard

This method lets users store paycard details. The paycard is sent in XML format.
We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/payments/paycard
curl --request POST \
  --url https://service.pcibooking.net/api/payments/paycard \
  --header 'content-type: text/xml'
var request = require("request");

var options = { method: 'POST',
  url: 'https://service.pcibooking.net/api/payments/paycard',
  headers: { 'content-type': 'text/xml' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["content-type"] = 'text/xml'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard");
xhr.setRequestHeader("content-type", "text/xml");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard"

headers = {'content-type': 'text/xml'}

response = requests.request("POST", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
    "Type": "Visa",
    "Number": "491891******5005",
    "NameOnCard": "Juan Dela Cruz",
    "ExpirationDate": {
        "Month": "07",
        "Year": "2020"
    },
    "IssueNumber": "2"
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY or Temp Session or One-Time Accesss Token",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Merchant or Owner are not associated with bank card [{{Token}] userID: SoBookIt",
    "errorList": null
}

Query Params

ref
string

A reference value which then can be used to query for this card token.

merchant
string

The user ID of the property you wish to associate the token with.
The user ID for the property can be found under "Property settings" in our user's site.

allowedUserId
string

The user ID of the PCI Booking customer (booker ID) you wish to associate the token with.
You will need to ask the PCI Booking customer to share with you their user ID to the PCI Booking system.

saveCVV
boolean

Will be used to determine whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

ValidateExpiration
boolean

An indication of whether to check if the listed expiration date is valid or not. True means to validate the expiration date and tokenization will fail if expiration date has passed. False means to accept the expiration date as is, even if it is in the past.

Body Params

BankCardDetails
object

The BankCardDetails object. You will find below the structure and example of the body request for the store method.

 

Headers

Authorization
string

Optional authentication method, you can use APIKEY authentication (in the format of APIKEY {value}) if not providing other authentication methods.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

Content-Type
string
required

PCI Booking accepts card details in the store method in text/xml format ony.

 

XML content only

Please note, the Store method accepts card details in XML format only. The above utility should not be used as it submits the content in JSON format.

<BankCardDetails xmlns="http://www.pcibooking.net/reservation" schemaVersion="1.0">
	<BankCard>
        <Type>Visa</Type>
        <Number>4918914107195005</Number>
        <NameOnCard>Juan Dela Cruz</NameOnCard>
        <ExpirationDate>
            <Month>07</Month>
            <Year>2020</Year>
        </ExpirationDate>
        <IssueNumber>2</IssueNumber>
        <CVV>123</CVV>
    </BankCard>
</BankCardDetails>

Once the Store Paycard method has bee completed successfully, a card token will be created and the token URI will be returned in the response header Location.
The card details submitted will also be returned in the response and the data will be masked.

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (API Key, Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

Suggest Edits

Update Card Expiration Date

This method lets users update a stored paycard by submitting a token and a new expiration date.
When applying the method, the card's expiration date is the only parameter that will be updated.
We recommend that you first review the guide for this method.

 
puthttps://service.pcibooking.net/api/payments/paycard/cardToken/UpdateExpiration
curl --request PUT \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/UpdateExpiration \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'PUT',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/UpdateExpiration',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/UpdateExpiration")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Put.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("PUT", "https://service.pcibooking.net/api/payments/paycard/cardToken/UpdateExpiration");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/UpdateExpiration"

headers = {'authorization': 'Authorization'}

response = requests.request("PUT", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

""
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Expiration year/month error",
    "errorList": null
}
{
    "Message": "The request is invalid."
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.
For example 2821a46d80e14d1b96a7f18f1b81926d

Body Params

Year
int32
required

New expiration year. Format YYYY

Month
int32
required

New expiration month. Format MM

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 
Suggest Edits

CVV Retention Policy

We recommend that you first review the guide for this method.

 

The following methods allow you to manage the CVV Retention Policy:

Method
Explanation

Allows you to set the CVV retention for a token.

Allows you to retrieve the CVV Retention Policy for a token and see your progress within the restrictions.

Allows you to delete the CVV Retention Policy for a token.
By deleting the existing CVV Retention Policy, the card token will use the default CVV Retention Policy.

Suggest Edits

Set CVV Retention Policy

This method allows you to set the CVV retention for a token.
This method supports submitting the request with a body in both JSON (default) and XML formats.

We recommend that you first review the guide for this method.

 
puthttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction
curl --request PUT \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'PUT',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Put.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("PUT", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction"

headers = {'authorization': 'Authorization'}

response = requests.request("PUT", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

{""}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}
{
    "code": -179,
    "message": "Bad input parameter",
    "moreInfo": "Bad input data",
    "errorList": [
        "Unrecognized DestinationType in json request"
    ]
}
{
    "code": -179,
    "message": "Bad input parameter",
    "moreInfo": "Bad input data",
    "errorList": [
        "Invalid Host name"
    ]
}
{
    "code": -179,
    "message": "Bad input parameter",
    "moreInfo": "Bad input data",
    "errorList": [
        "CvvEndRetentionDate is invalid"
    ]
}
{
    "code": -1010,
    "message": "Resource is locked for updates",
    "moreInfo": "This card does not have a Cvv",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.

Body Params

CvvEndRetentionDate
string
required

The CVV retention period end date and time. The format is YYYY-MM-DD HH:MM:SS.
Validation: end date is not more than 48 months from token creation date and time.

CvvRetentionPolicyList
array of objects

An array of destination whitelists. You can set up to 50 different destinations. For each destination, you can set the type of destination it is and the number of times the card, including the CVV, can be sent to this destination.
Read more on possible values for destination type and destination Data

DestinationType
DestinationData
Quota
DeleteCardUponCVVCleanup
boolean

Indicates whether the full card details should be deleted when the CVV retention period is over.
If field is not present in the request, default is False.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

Content-Type
string

The body of this request is, by default, in JSON format. You can provide the Content-Type header and specify the value as application/xml in order to submit the request body in a XML format.

 

Below is an example of the XML body used for setting the CVV retention policy. This example shows how to use each one of the destinationTypes.

<?xml version="1.0"?>
<CardCvvRetentionPolicy>
    <CvvEndRetentionDate>2018-01-19T11:58:00</CvvEndRetentionDate>
    <DeleteCardUponCvvCleanup>true</DeleteCardUponCvvCleanup>
    <CvvRetentionPolicyList>
        <CvvRetentionPolicyDestination>
            <DestinationType>HostName</DestinationType>
            <DestinationData>httpbin.org</DestinationData>
            <Quota>10</Quota>
            <Usage>0</Usage>
        </CvvRetentionPolicyDestination>
        <CvvRetentionPolicyDestination>
            <DestinationType>Owner</DestinationType>
            <DestinationData />
            <Quota>23</Quota>
        </CvvRetentionPolicyDestination>
        <CvvRetentionPolicyDestination>
            <DestinationType>OtherMerchant</DestinationType>
            <DestinationData>RoeeExcel9</DestinationData>
            <Quota>30</Quota>
        </CvvRetentionPolicyDestination>
        <CvvRetentionPolicyDestination>
            <DestinationType>SFTP</DestinationType>
            <DestinationData>127.0.0.1</DestinationData>
            <Quota>43</Quota>
        </CvvRetentionPolicyDestination>
        <CvvRetentionPolicyDestination>
            <DestinationType>OtherUser</DestinationType>
            <DestinationData>RoeeBlat</DestinationData>
            <Quota>50</Quota>
        </CvvRetentionPolicyDestination>
    </CvvRetentionPolicyList>
</CardCvvRetentionPolicy>
Suggest Edits

Get CVV Retention Policy

This method allows you to retrieve the CVV Retention Policy for a token and see your progress within the restrictions.
This method supports providing the response in both JSON (default) and XML formats.

We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction
curl --request GET \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction"

headers = {'authorization': 'Authorization'}

response = requests.request("GET", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
    "CvvEndRetentionDate": "2021-12-12T12:32:45",
    "DeleteCardUponCvvCleanup": "true",
    "CvvRetentionPolicyList": [
        {
            "CvvDestinationUsage": 0,
            "DestinationType": "HostName",
            "DestinationData": "httpbin.org",
            "Quota": 10
        },
      {...}
    ]
}
{
    "CvvEndRetentionDate": "2018-01-12T20:02:26",
    "CvvRetentionPolicyList": []
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

Accept
string

The response of this method is, by default, in JSON format. You can provide the Accept header and specify the value as application/xml in order to receive the response in a XML format.

 

The response body will be the same structure of the request body to Set CVV Retention Policy. There will be an additional field called CvvDestinationUsage to indicate, per destination, how many times the CVV has been relayed to that destination already.

Below is a full example of the XML body that is returned when retrieving the CVV restriction policy. This example demonstrates all of the destinationTypes.

<?xml version="1.0"?>
<CvvRetentionPolicy>
    <CvvEndRetentionDate>2018-01-19T11:58:00</CvvEndRetentionDate>
    <CvvRetentionPolicyList>
        <CvvRetentionPolicyDestinationUsage>
            <DestinationType>HostName</DestinationType>
            <DestinationData>httpbin.org</DestinationData>
            <Quota>10</Quota>
            <Usage>0</Usage>
        </CvvRetentionPolicyDestinationUsage>
        <CvvRetentionPolicyDestinationUsage>
            <DestinationType>Owner</DestinationType>
            <DestinationData />
            <Quota>23</Quota>
            <Usage>0</Usage>
        </CvvRetentionPolicyDestinationUsage>
        <CvvRetentionPolicyDestinationUsage>
            <DestinationType>OtherMerchant</DestinationType>
            <DestinationData>RoeeExcel9</DestinationData>
            <Quota>30</Quota>
            <Usage>0</Usage>
        </CvvRetentionPolicyDestinationUsage>
        <CvvRetentionPolicyDestinationUsage>
            <DestinationType>SFTP</DestinationType>
            <DestinationData>127.0.0.1</DestinationData>
            <Quota>43</Quota>
            <Usage>0</Usage>
        </CvvRetentionPolicyDestinationUsage>
        <CvvRetentionPolicyDestinationUsage>
            <DestinationType>OtherUser</DestinationType>
            <DestinationData>RoeeBlat</DestinationData>
            <Quota>50</Quota>
            <Usage>0</Usage>
        </CvvRetentionPolicyDestinationUsage>
    </CvvRetentionPolicyList>
</CvvRetentionPolicy>
Suggest Edits

Get CVV Retention Policy for a specific destination type and data

This method allows you to retrieve the CVV Retention Policy regarding a specific destination type and data for a token and see your progress within the restrictions.

We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData
curl --request GET \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData"

headers = {'authorization': 'Authorization'}

response = requests.request("GET", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
    "CvvDestinationUsage": 0,
    "DeleteCardUponCvvCleanup": "true",
    "DestinationType": "HostName",
    "DestinationData": "httpbin.org",
    "Quota": 10
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.

DestinationType
string
required

The destination type that you are looking for.
Read more on possible values for destination type and destination Data

DestinationData
string
required

The applicable data for this destination type.
Read more on possible values for destination type and destination Data

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

The response body will be the same structure of the destination object in the request body to Set CVV Retention Policy. There will be an additional field called CvvDestinationUsage to indicate, per destination, how many times the CVV has been relayed to that destination already.

Suggest Edits

Delete CVV Retention Policy

This method allows you to delete the current CVV Retention Policy for a token.
By deleting the existing CVV Retention Policy, the card token will use the system-wide default CVV Retention Policy.

We recommend that you first review the guide for this method.

 
deletehttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction
curl --request DELETE \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'DELETE',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Delete.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction"

headers = {'authorization': 'Authorization'}

response = requests.request("DELETE", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

{

}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

CVV policy after deletion

When using this method, the entire CVV retention policy will be deleted. The card token will then be assigned the default system-wide retention policy.

Suggest Edits

Delete CVV Retention Policy for a specific Destination Type

This method allows you to delete the CVV Retention Policy of a specific destination type for a token.
By deleting the existing CVV Retention Policy of this destination, the remaining policy will be unaffected and will still be applied.

We recommend that you first review the guide for this method.

 
deletehttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType
curl --request DELETE \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'DELETE',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Delete.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType"

headers = {'authorization': 'Authorization'}

response = requests.request("DELETE", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

{

}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.

DestinationType
string
required

The destination type that you are looking for.
Read more on possible values for destination type and destination Data

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

CVV policy after deletion

When using this method, only those destinations of the type provided will be deleted.
If the CVV retention policy includes other destinations, those will remain applicable. If there are no other destinations in the retention policy, PCI Booking will follow the rules pertaining to destinations in the default system-wide retention policy.

Suggest Edits

Delete CVV Retention Policy for a specific Destination Type / Destination Data combination

This method allows you to delete the CVV Retention Policy of a specific combination of destination type and destination data for a token.
By deleting the existing CVV Retention Policy of this destination, the remaining policy will be unaffected and will still be applied.

We recommend that you first review the guide for this method.

 
deletehttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData
curl --request DELETE \
  --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'DELETE',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Delete.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData"

headers = {'authorization': 'Authorization'}

response = requests.request("DELETE", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

{

}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "User is not the owner of this bank card",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Path Params

cardToken
string
required

The token ID as returned by one of the tokenization methods.

DestinationType
string
required

The destination type that you are looking for.
Read more on possible values for destination type and destination Data

DestinationData
string
required

The applicable data for this destination type.
Read more on possible values for destination type and destination Data

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

CVV policy after deletion

When using this method, only the destination that matches the type and data provided will be deleted.
If the CVV retention policy includes other destinations, those will remain applicable. If there are no other destinations in the retention policy, PCI Booking will follow the rules pertaining to destinations in the default system-wide retention policy.

Suggest Edits

Request a Card Entry Form

This method lets you create a PCI Booking Card Entry form for capturing credit card data within an e-commerce site. Apply the method from the user's browser, typically in an iFrame "src" tag.
We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/payments/capturecard
curl --request GET \
  --url 'https://service.pcibooking.net/api/payments/capturecard?brand=brand&language=language'
var request = require("request");

var options = { method: 'GET',
  url: 'https://service.pcibooking.net/api/payments/capturecard',
  qs:
   { brand: 'brand',
     language: 'language' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/capturecard?brand=brand&language=language")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/capturecard?brand=brand&language=language");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/capturecard"

querystring = {"brand":"brand","language":"language"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

HTML content of form

Query Params

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

brand
string
required

The brand parameter should be used to provide your identification to the PCI Booking system. This would be your username to PCI Booking.

language
string
required

The form's language in ISO 639-1 (2-letter) format - see here. If an unsupported language is received, English will be displayed. Adding languages is simple - simply contact our support team.

css
string

The CSS resource name. Please follow our guide on managing stylesheets. If no CSS is provided, PCI Booking will implement the default CSS.

cvv
boolean

Will be used to determine whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.

removeBaseCss
boolean

Indication whether to use the PCI Booking base CSS or not. Note: using the base CSS will not collide with the e-commerce site's CSS. true," to remove the PCI Booking base CSS. false," to use the PCI Booking base CSS.

minExpiration
string

Minimum expiration month/year parameter. Format: mmyyyy. The expiration validation will be checked vs. the minimum expiration date. The expiration date must be a valid date, in the specified format. Use case: Used when the card expiration should be later than a check-in date.

autoDetectCardType
boolean

Indication whether to use card detection according to card number or not. true: use card detection. false: do not use card detection. There will be a drop down menu, indicating the card type.

defaultCardType
string

Indicates which of the card types will be set as default in the card drop down menu.

success
string

The URL where a successful response will be redirected to. Read more on how to set up success / failure redirection pages.
While it is not required to specify a success URL value, we strongly recommend it so that you can receive the card token details for your records.

failure
string

The URL where a failed response will be redirected to. Read more on how to set up success / failure redirection pages.

showOwnerId
string

Will be displayed in the form (required in some countries). true: include the field. false: exclude the field.

cardTypes
string

An optional parameter, which will limit the list of card types. If it is omitted, or if no valid card types are found, all types of cards will be displayed.

submitWithPostMessage
boolean

Indicates whether to include the PCI Booking submit button or not. Removing the PCI Booking submit button will limit the e-commerce site to use its own site button to collect reservation information and card information. true: will not include the submit button. false: will include the submit button. Read more on how to set up the postMessage mechanism.

autoFocus
boolean

Indicates whether the iframe should be in focus when the parent page loads. If true, then if autoDetectCardType=true then the focus will be on the card number field. Otherwise, if autoDetectCardType=false or autoDetectCardType is not provided then the focus will be on the card type selection.

postMessageHost
string

An optional value to provide the domain name of the host site where the iframe is displayed in.

creatorReference
string

A reference value which then can be used to query for this card token.

ThreeDS
boolean

Indicates whether to perform 3D secure authentication following card entry. Default value is False, i.e. not to run 3D secure authentication.

UnavailThreeDSAuth
string

Instruction on what to do in case of a technical problem with the 3D process.
Accept - Ignores 3D secure processing and proceeds with tokenizing the credit card.
Reject - do not continue, and do not tokenize the card. In this case, the card owner will be directed to the failure page URL provided.

 

The response of calling this method is the HTML content of the Card Capture Form itself (Click here for an example of the content). You can use the request URL either as the page URL that a customer is directed to or as the source URL of an iframe element on your page.

Remote Customer Locations

If you are working with end customers in different locations, you may want to use our Card Entry Form with CDN.

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

All URLs should be https.

Please note to urlEncode all components!

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

Suggest Edits

HTML code of Card Capture Form

 

The result of requesting the Card Entry Form or the Card Entry Form with CDN will be a similar HTML format:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <title>Card</title>
        <meta name="viewport" content="width=device-width, maximum-scale=1.0, minimum-scale=1.0, initial-scale=1.0" />
        <link rel="stylesheet" href="/Css/font-awesome-4.4.0/css/font-awesome.min.css">
        <link href="/Css/capture-ltr.css?v=1.00" rel="stylesheet" type="text/css" />
        <!--[if lt IE 9]>
        <link rel="stylesheet" type="text/css" media="all" href="/Css/style-ie8.css"/>
        <![endif]-->


    </head>
    <body>
        <div id="cardContainer" class="card-container" style="visibility: hidden; opacity: 1;">
            <form id="frmCardPayment" action="">
                <input type="hidden" id="cardType" name="cardType" />
                <fieldset>
                    <label class="form-label">
                    Card number:
                </label>
                    <div class="relative cc">
                        <div class="card-type-container"></div>
                        <input type="text" id="cardNumber" name="cardNumber" class="form-input required card-type" placeholder="****-****-****-****" maxlength="24" />
                    </div>
                </fieldset>
                <fieldset>
                    <label class="form-label">
                    Expiration:
                </label>
                    <select id="cardExpirationMonth" name="cardExpirationMonth" class="form-input month required">
                        <option value="">Month</option>
                    </select>
                    <select id="cardExpirationYear" name="cardExpirationYear" class="form-input year required">
                        <option value=""> Year</option>
                    </select>
                </fieldset>
                <fieldset id="cvvContainer">
                    <label class="form-label">
                    CVV
                    
                        <i class="fa fa-question-circle tooltip cardframe-cvv-tooltip" popuptip='The card security code is a unique three or four-digit number printed on your debit/credit card. The security code helps validate that the customer placing the online order actually has the credit card in his/hers possession, and that the credit/debit card account is legitimate.'></i>
                    </label>
                    <input type="text" id="cardCvv" name="cardCvv" class="form-input required" maxlength="4" placeholder='Card security code' />
                </fieldset>
                <fieldset>
                    <label class="form-label">
                    Name On Card:
                    
                        <i class="fa fa-question-circle tooltip cardframe-nameoncard-tooltip" popuptip='The name on card as it appears in your credit card'></i>
                    </label>
                    <input type="text" id="cardNameOnCard" name="cardNameOnCard" class="form-input required" placeholder='Name on card' />
                </fieldset>
                <fieldset id="card-issue-number-container" style="display: none;">
                    <label class="form-label">
                    Issue Number:
                </label>
                    <input type="text" id="cardIssueNumber" name="cardIssueNumber" class="form-input required" />
                </fieldset>
                <fieldset id="card-ownerid-container" style="display: none;">
                    <label class="form-label">
                    Owner ID:
                </label>
                    <input type="text" id="cardOwnerid" name="cardOwnerid" class="form-input required" />
                </fieldset>
                <div id="buttonContainer" class="button">
                    <input type="submit" value="Submit" id="card-enter" class="required" />
                </div>
            </form>
        </div>
        <div id="throbber" class="overlay" style="visibility: hidden; opacity: 1;"></div>
        <div class="throbberBox" style="visibility: hidden; opacity: 1;">
            <div class="loader"></div>
            <h2>Processing</h2>
        </div>
        <script src="/bundles/card-capture?v=ISf7ifjtBlZajClVQE6aUCmnsAlKa3yAtk18pgG2mt41"></script>
        <script>
        var messages = {};
        messages.require = 'This field is required.';
        messages.invalidCC = 'Please enter a valid credit card number.';
        messages.invalidCVV = 'Please enter a valid cvv number.';
        messages.invalidMinExp = 'The credit card must be valid beyond the booking period.';
        messages.nameOnCardMaxLength = 'The maximum name length is 32 characters';
        messages.invalidnameOnCard = 'Enter only letters, numerals and the following signs (\'), (-), (.) , (!), (£), ($), (%), (^), (*), ( )';
        messages.wrongCardTypeVSCardNumber = 'Your card number doesn\'t match the selected card.';
        messages.wrongCardTypeVSCardNumberUnionPay = 'Your card number doesn\'t match the selected card.';
        messages.cardTypeNotSupported = 'Your card is not supported. Please use {cardtypes}.';

        window.monthsVariables = ['January','February','March','April','May','June','July','August','September','October','November','December'];
        var successUrl = cardCapture.getParameterByName('success');
        var failureUrl = cardCapture.getParameterByName('failure');

        var showOwnerId = (cardCapture.getParameterByName('showOwnerId') !== null && cardCapture.getParameterByName('showOwnerId').toLowerCase() === "true");
        var submitWithPostMessage = (cardCapture.getParameterByName('submitWithPostMessage') !== null && cardCapture.getParameterByName('submitWithPostMessage').toLowerCase() === "true");
        cardCapture.init(messages, successUrl, failureUrl, true, showOwnerId, submitWithPostMessage, '2017-12-01', 'https://service.pcibooking.net', ["visa","mastercard","amex","jcb","solo","switch","maestro","electron","delta","dankort","cartebleue","cartasi","dinersclub","discover","unionpay","mc_canada","mc_alaska","bc","eurocard","lazer","elo","hipercard","enroute"]);
    </script>
    </body>
</html>
Suggest Edits

Request a Card Security Code Entry Form

This method lets you create a PCI Booking Card Security Code Entry form for capturing credit card CVV data within an e-commerce site. Apply the method from the user's browser, typically in an iFrame "src" tag.
We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/payments/cvvcapturecard
curl --request GET \
  --url 'https://service.pcibooking.net/api/payments/cvvcapturecard?brand=brand&cardUri=cardUri&language=language'
var request = require("request");

var options = { method: 'GET',
  url: 'https://service.pcibooking.net/api/payments/cvvcapturecard',
  qs:
   { brand: 'brand',
     cardUri: 'cardUri',
     language: 'language' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/cvvcapturecard?brand=brand&cardUri=cardUri&language=language")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/cvvcapturecard?brand=brand&cardUri=cardUri&language=language");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/cvvcapturecard"

querystring = {"brand":"brand","cardUri":"cardUri","language":"language"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

HTML content of form

Query Params

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

brand
string
required

The brand parameter should be used to provide your identification to the PCI Booking system. This would be your username to PCI Booking.

cardUri
string
required

The card URI is the resource identifier for the card location within PCI Booking.

language
string
required

The form's language in ISO 639-1 (2-letter) format - see here. If an unsupported language is received, English will be displayed. Adding languages is simple - simply contact our support team.

css
string

The CSS resource name. Please follow our guide on managing stylesheets. If no CSS is provided, PCI Booking will implement the default CSS.

removeBaseCss
boolean

Indication whether to use the PCI Booking base CSS or not. Note: using the base CSS will not collide with the e-commerce site's CSS. true," to remove the PCI Booking base CSS. false," to use the PCI Booking base CSS.

success
string

The URL where a successful response will be redirected to. Read more on how to set up success / failure redirection pages.

failure
string

The URL where a failed response will be redirected to. Read more on how to set up success / failure redirection pages.

submitWithPostMessage
boolean

Indicates whether to include the PCI Booking submit button or not. Removing the PCI Booking submit button will limit the e-commerce site to use its own site button to collect reservation information and card information. true: will not include the submit button. false: will include the submit button. Read more on how to set up the postMessage mechanism.

autoFocus
boolean

Indicates whether the iframe should be in focus when the parent page loads. If true, the focus will be on the card security code field.

postMessageHost
string

An optional value to provide the domain name of the host site where the iframe is displayed in.

creatorReference
string

A reference value which then can be used to query for this card token.

 

The response of calling this method is the HTML content of the Card Security Code Capture Form itself (Click here for an example of the content). You can use the request URL either as the page URL that a customer is directed to or as the source URL of an iframe element on your page.

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

All URLs should be https.

Please note to urlEncode all components!

Duplicate Card Token

As a result of this form submission, the card details of the original token will be duplicated to a new token and the CVV data captured in this form will be added to the new token.
It is your responsibility to clear the original token that was stored in PCI Booking. If this token is not cleared, it will be charged the monthly storage fee.

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

Suggest Edits

HTML code of Card Security Code Capture Form

 

The result of requesting the Card Security Code Entry Form will be a similar HTML format:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <title>Card</title>
        <meta name="viewport" content="width=device-width, maximum-scale=1.0, minimum-scale=1.0, initial-scale=1.0" />
        <link rel="stylesheet" href="/Css/font-awesome-4.4.0/css/font-awesome.min.css">
        <link href="/Css/capture-ltr.css?v=1.00" rel="stylesheet" type="text/css" />
    </head>
    <body>
        <div class="card-container">
            <form id="frmCardPayment" action="">
                <fieldset>
                    <label class="form-label">
                    CVV
                    
                        <i class="fa fa-question-circle tooltip cvvframe-cvv-tooltip" popuptip='The card security code is a unique three or four-digit number printed on your debit/credit card.'></i>
                    </label>
                    <input type="text" id="cardCvv" name="cardCvv" class="form-input required" maxlength="3" placeholder="Card security code"/>
                </fieldset>
                <div class="button">
                    <input type="submit" value="Submit" id="card-enter" class="required" />
                </div>
            </form>
        </div>
        <div id="throbber" class="overlay" style="visibility: hidden; opacity: 1;"></div>
        <div class="throbberBox" style="visibility: hidden; opacity: 1;">
            <div class="loader"></div>
            <h2>Processing</h2>
        </div>
        <script src="/bundles/card-cvv-capture?v=vU0dCMABiBwR5fpunENGXHR7TMap4htoFLZIZptscug1"></script>
        <script>
        var messages = {};
        messages.require = 'This field is required.';
        messages.invalidCVV = 'Please enter a valid cvv number.';
        cardCvvCapture.init('https%3a%2f%2fservice.pcibooking.net%2fapi%2fpayments%2fpaycard%2fe0006bee98ed4da9abd36864f1635c71', messages, 'https://cs_demo.pcibooking.net:443/tester/Success.aspx?sessionToken={sessionToken}&cardToken={cardToken}&cardType={cardType}&cardNumber={cardNumber}&cvv={cvv}&expiration={expiration}&cardHolderName={cardHolderName}', 'https://cs_demo.pcibooking.net:443/tester/Failure.aspx', false, 'Visa', 'https://service.pcibooking.net');
    </script>
    </body>
</html>
Suggest Edits

Request a Card Display Form

This method lets you create a PCI Booking Card Display form for displaying stored credit card data within an e-commerce site. Apply the method from the user's browser, typically in an iFrame "src" tag.
We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/payments/paycard/cardtoken/display
curl --request GET \
  --url 'https://service.pcibooking.net/api/payments/paycard/cardtoken/display?language=language'
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/payments/paycard/cardtoken/display',
  qs: { language: 'language' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/cardtoken/display?language=language")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/cardtoken/display?language=language");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/cardtoken/display"

querystring = {"language":"language"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

HTML content of form

Path Params

cardtoken
string
required

The token ID as returned by one of the tokenization methods.

Query Params

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

accessToken2
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample. This second access token will be used for the "Clear CVV" method.

language
string
required

The form's language in ISO 639-1 (2-letter) format - see here. If an unsupported language is received, English will be displayed. Adding languages is simple - simply contact our support team.

css
string

The CSS resource name. Please follow our guide on managing stylesheets. If no CSS is provided, PCI Booking will implement the default CSS.

postMessageHost
string

An optional value to provide the domain name of the host site where the iframe is displayed in. Read more on how to set up the postMessage mechanism

 

The response of calling this method is the HTML content of the Card Capture Form itself (Click here for an example of the content). You can use the request URL either as the page URL that a customer is directed to or as the source URL of an iframe element on your page.

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

Using Access Tokens

If you choose to use an access token for authentication, you would need to provide a second access token in the accessToken2 parameter in situations that the card includes a CVV.
The second access token will be used for the "Clear CVV" method, since PCI Booking will automatically delete the CVV after first display.

Suggest Edits

HTML code of Card Display Form

 

The result of requesting the Card Display Form will be a similar HTML format:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, maximum-scale=1.0, minimum-scale=1.0, initial-scale=1.0" />
    <title>Card Display</title>
    <link rel="stylesheet" href="/Css/font-awesome-4.4.0/css/font-awesome.min.css">
    <link href="/Css/iframe-card-display-ltr.css?v=1.00" rel="stylesheet" type="text/css" />
  </head>
  <body>
    <div class="widjet-container">
      <h1>Payment card details</h1>
      <div class="row">
        <label class="desc">Card type:</label>
        <div class="value">Visa</div>
      </div>
      <div class="row">
        <label class="desc">card:</label>
        <div>4580458045804580</div>
      </div>
      <div class="row">
        <label class="desc">Name On Card:</label>
        <div>MR Y. ALON</div>
      </div>
      <div class="row">
        <label class="desc">Expiration:</label>
        <div>04/2019</div>
      </div>
      <div class="boxed w-100">
        <h2>Virtual card</h2>
        <div class="row">
          <label class="desc">Usage restriction:</label>
          <div>Single</div>
        </div>
        <div class="row">
          <label class="desc">Max amount:</label>
          <div>500.00 AUD</div>
        </div>
        <div class="row">
          <label class="desc">Card valid from:</label>
          <div>08/31/2014</div>
        </div>
        <div class="row">
          <label class="desc">Card valid to:</label>
          <div>11/1/2017</div>
        </div>
        <div class="row">
          <div class="w-100 warning">
            <ul>
              <li>Pay attention to card rules</li>
              <li>You can use this card only in one transaction. Check if card was used before processing</li>
            </ul>
          </div>
        </div>
      </div>
      <div class="row footer">
        <img src="/Images/poweredbyleft200pxwidth.png" class="right" />
      </div>
    </div>
    <script>
      var c_token = 'e4c741a395aa4c08a1722599225d5d83';
      var cvvExists = false;
    </script>
    <script src="/bundles/card-display?v=JYXxsAYdSxemV5LVGUSZG-ek-7SSyxZY4CWvI2vwWRg1"></script>
  </body>
</html>
Suggest Edits

Token Replacement

This action will retrieve "Paycard" from the secured Database, in exchange for a "card token". The card data is relayed to a recipient (third party) API, according to the merchant definition.

We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/payments/paycard/relay
curl --request POST \
  --url 'https://service.pcibooking.net/api/payments/paycard/relay?cardToken=cardToken&targetURI=targetURI&httpMethod=httpMethod'
var request = require("request");

var options = { method: 'POST',
  url: 'https://service.pcibooking.net/api/payments/paycard/relay',
  qs:
   { cardToken: 'cardToken',
     targetURI: 'targetURI',
     httpMethod: 'httpMethod' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/relay?cardToken=cardToken&targetURI=targetURI&httpMethod=httpMethod")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard/relay?cardToken=cardToken&targetURI=targetURI&httpMethod=httpMethod");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/relay"

querystring = {"cardToken":"cardToken","targetURI":"targetURI","httpMethod":"httpMethod"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
	Response from third party
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected Temp Session or One-Time Accesss Token",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Couldn't fetch a valid pciShield profile:: wsc",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Invalid target Uri::",
    "errorList": null
}

Query Params

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

cardToken
string
required

The card URI is the resource identifier for the card location within PCI Booking.

profileName
string

The profileName is the unique ID for the profile that was set up for the request that you are sending. You can set up as many profiles as you require. Read more about setting up target profiles. If you wish to perform the token replacement using placeholders, please do not include this parameter.

targetURI
string
required

The URI of the third party that you would like to relay the request to in order to retrieve the card details.
For example http://permaculturenews.org/.

httpMethod
string
required

The HTTP method that PCI Booking should use when calling the target URI. Possible values are POST and GET.

postResponseAction
string

Indication of the post-response action. if not added, there will be no post response action. ClearCVV will clear the CVV from the card. DeleteToken: will delete the card from the database.

timeout
int32

The number of seconds that PCI Booking should wait for a response from the third party.

Body Params

As required by the third party
object
 

Headers

As required by the third party
object
 
Content-Encoding
string

PCI Booking supports request compression in the formats of gzip and deflate. When sending a request that should be compressed with one of these formats, please add the Content-Encoding header with the value of gzip or deflate. If no compression is necessary, please omit this header from your request.

 

Once the request will reach PCI Booking, PCI Booking will retrieve the card from the secure database based on the token provided and replace the card details into the request. Then the request will be relayed to the third party URI based on the information provided. The response from the third party will be relayed back to the customer as is.

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

All URLs should be https.

Please note to urlEncode all components!

Checking on CVV retention policy status

We recommend adding business logic based on the current status of the CVV retention policy following a token replacement request.

Suggest Edits

Token Replacement to sFTP

This action will retrieve "Paycard" from the secured Database, in exchange for a "card token". The card data is relayed to a recipient (third party) API, according to the merchant definition.

We recommend that you first review the guide for this method.

 
puthttps://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName
curl --request PUT \
  --url 'https://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName?sessionToken=sessionToken&filter=filter' \
  --header 'authorization: Authorization' \
  --header 'x-pcibooking-carduri: X-PciBooking-carduri'
var request = require("request");

var options = { method: 'PUT',
  url:
   'https://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName',
  qs:
   { sessionToken: 'sessionToken',
     filter: 'filter' },
  headers:
   { authorization: 'Authorization',
     'x-pcibooking-carduri': 'X-PciBooking-carduri' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName?sessionToken=sessionToken&filter=filter")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Put.new(url)
request["x-pcibooking-carduri"] = 'X-PciBooking-carduri'
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("PUT", "https://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName?sessionToken=sessionToken&filter=filter");
xhr.setRequestHeader("x-pcibooking-carduri", "X-PciBooking-carduri");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName"

querystring = {"sessionToken":"sessionToken","filter":"filter"}

headers = {
    'x-pcibooking-carduri': "X-PciBooking-carduri",
    'authorization': "Authorization"
    }

response = requests.request("PUT", url, headers=headers, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

Path Params

serverAddress
string
required

The sFTP server address. This could be the IP address or domain name of the server. If required, you can add the port number with a colon.
For example:
fsgatewaytest.aexp.com:22
10.200.1.10

folderPath
string
required

The folder path where the file should be uploaded to. This can either an individual folder or a whole path.

fileName
string
required

The file name that should be set for the content being uploaded. The file name should include both name and extension as required. For example: PCIBTST.xml

Query Params

sessionToken
string
required

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

filter
string
required

An indicator to PCI Booking which format of file is being sent in this request.
Read more on our Supported Formats.

timeout
string

The timeout, in seconds, of how long PCI Booking should wait for the sFTP server to respond.

Headers

X-PciBooking-carduri
string
required

Comma-separated values of the tokens to insert into the file. The tokens should be listed in the order of their appearance in the file. Each token which should be listed multiple times in the file must include the number of occurrences between square brackets.

Authorization
string
required

The authorization parameter that should be used in order to authenticate to the sFTP server.

Content-Encoding
string

PCI Booking supports request compression in the formats of gzip and deflate. When sending a request that should be compressed with one of these formats, please add the Content-Encoding header with the value of gzip or deflate. If no compression is necessary, please omit this header from your request.

 
Suggest Edits

Tokenization in Response

E-commerce sites send a "Reservation with card data" request to a third party.
Once the e-commerce site initializes the request, the third party will send a response, with the card data.
The e-commerce site will receive the card URI that was saved in the database.

We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/payments/paycard/capture
curl --request POST \
  --url 'https://service.pcibooking.net/api/payments/paycard/capture?profileName=profileName&targetURI=targetURI&httpMethod=httpMethod'
var request = require("request");

var options = { method: 'POST',
  url:
   'https://service.pcibooking.net/api/payments/paycard/capture',
  qs:
   { profileName: 'profileName',
     targetURI: 'targetURI',
     httpMethod: 'httpMethod' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/capture?profileName=profileName&targetURI=targetURI&httpMethod=httpMethod")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard/capture?profileName=profileName&targetURI=targetURI&httpMethod=httpMethod");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/capture"

querystring = {"profileName":"profileName","targetURI":"targetURI","httpMethod":"httpMethod"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
	Status 200 will be returned for a card that already exists in your account in PCI Booking.
  The body of the response will be the response from third party with card details masked
}
{
	Status 201 will be returned for a card that does not exist in your account in PCI Booking.
  The body of the response will be the response from third party with card details masked
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Couldn't fetch a valid pciShield profile:: wsc",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Invalid target Uri::",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected Temp Session or One-Time Accesss Token",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected Temp Session or One-Time Accesss Token",
    "errorList": null
}

Query Params

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

profileName
string
required

The profileName is the unique ID for the profile that was set up for the response you will receive for this request. You can set up as many profiles as you require. Read more about setting up target profiles.

targetURI
string
required

The URI of the third party that you would like to relay the request to in order to retrieve the card details.
For example http://permaculturenews.org/.

httpMethod
string
required

The HTTP method that PCI Booking should use when calling the target URI. Possible values are POST and GET.

saveCVV
boolean

Will be used to determine whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.

ref
string

A reference value which then can be used to query for this card token.

MerchantId
string

The user ID of the property you wish to associate the token with.
The user ID for the property can be found under "Property settings" in our user's site.

allowedUserId
string

The user ID of the PCI Booking customer (booker ID) you wish to associate the token with. You will need to ask the PCI Booking customer to share with you their user ID to the PCI Booking system.

timeout
int32

The number of seconds that PCI Booking should wait for a response from the third party.

eliminateCardDuplication
boolean

Indicates whether the PCI Booking system should look up this card details in cards previously stored and return the token of the existing card (if found) or always return a new token.
Possible values are True: look up new card in existing cards and False: always create new tokens.
If this parameter is not specified in the request, the default behavior of the system would be to create a new token for each tokenized card - regardless if it is already stored in PCI Booking.

Body Params

As required by the third party
object
 

Headers

As required by the third party
object
 
 

Once the response from the third party is received in PCI Booking. the card details will be extracted from the message body (the card details will be located by using the content filter specified in the target profile). The card will be tokenized, the card details in the message will be masked and the token URI will be added to the response header (the name of the header will be taken from the settings of the target profile).

If the eliminateCardDuplication parameter is set to True, the system will look up the card in the customer's stored cards and check if it already exists:

  • If it exists, then the card details will be masked and the token added to the response will be the token of the previously stored card.
  • If it does not exist, the card will generate a new token which will then be added to the response.

If the eliminateCardDuplication parameter is set to False or not added in the request, PCI Booking will generate a new token for any card processed.

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

All URLs should be https.

Please note to urlEncode all components!

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

Suggest Edits

Get Tokenization Profiles

The request will produce a list of supported tokenization profiles and the description for each profile.
We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/booker
curl --request GET \
  --url https://service.pcibooking.net/api/booker
var request = require("request");

var options = { method: 'GET',
  url: 'https://service.pcibooking.net/api/booker' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/booker")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/booker");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/booker"

response = requests.request("GET", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

[
    {
        "Name": "Agoda",
        "Description": "Request to https://supply.agoda.com/api",
        "PathSegmentNames": []
    },
    {
        "Name": "SiteMinder",
        "Description": "Request to https://ws.siteminder.com/pmsxchangev2/services/{SiteMinderCustID}",
        "PathSegmentNames": [
            "SiteMinderCustID"
        ]
    },
  {...}
]
 

This method will return an array of profiles preset in the PCI Booking system. Each item in the array will contain the following parameters:

  • Name: The name of the profile - you will reference this later in the Tokenize on Response Using Preset Profiles method.
  • Description: a description of the profile and how to use it. If the target URL includes dynamic values in the URL path, the URL will be included here.
  • PathSegmentNames: A list of dynamic field names that need to be populated when submitting a request to this provider. If there is no need to provide dynamic values in the URL path, the value of this field will be an empty array.
Suggest Edits

Tokenize on Response Using Preset Profiles

E-commerce sites send a "Reservation with card data" request to a predefined and set third party (the integration will be done by PCI Booking).
Once the e-commerce site initializes the request, the third party will send a response, with the card data.
The e-commerce site will receive the card URI that was saved in the database.
We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/booker/ProfileName/reservation
curl --request POST \
  --url https://service.pcibooking.net/api/booker/ProfileName/reservation
var request = require("request");

var options = { method: 'POST',
  url:
   'https://service.pcibooking.net/api/booker/ProfileName/reservation' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/booker/ProfileName/reservation")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/booker/ProfileName/reservation");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/booker/ProfileName/reservation"

response = requests.request("POST", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
	Response from third party with card details masked
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected Temp Session or One-Time Accesss Token",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Couldn't fetch a valid pciShield profile:: wsc",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Invalid target Uri::",
    "errorList": null
}

Path Params

ProfileName
string
required

The name of the profile as returned from the Get Tokenization Profiles method

Query Params

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

ref
string

A reference value which then can be used to query for this card token.

MerchantId
string

The Property's Username (user ID), found within PCI Booking (under "Property settings"), which has been given permission to view the card. Please note: The owner (Booker) has permission to view the card.

saveCVV
boolean

Will be used to determine whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.

pathSegments
string

In some instances, the target URL of the provider will include dynamic values added to the URL. For example: https://ws.mydomain.com/{customerName}. If this is the case, the object returned in the Get Tokenization Profiles method will include a list of items in the PathSegmentNames parameter. Additionally, the description parameter returned in the Get Tokenization Profiles method will include the full URL path of the target for your reference. When submitting the request to perform the tokenization, you will need to provide the value of these dynamic values in this field by listing [nameOfField]=[ValueOfField].

If multiple dynamic values are required, separate them with '&'.

The value of field should be URL encoded.

fwd
string

In some instances, the target URL of the provider will include query string parameters that should be appended to the end of the URL. For example: https://ws.mydomain.com?param1=value1&param2=value2. If the provider requires query string parameters, you will provide the list of query string (including the names and values of each key) in this parameter.

Each key-value pair of the query string should be url-encoded first, then the entire query string should be url-encoded and set as the value of this parameter.

eliminateCardDuplication
boolean

Indicates whether the PCI Booking system should look up this card details in cards previously stored and return the token of the existing card (if found) or always return a new token.
Possible values are True: look up new card in existing cards and False: always create new tokens.
If this parameter is not specified in the request, the default behavior of the system would be to create a new token for each tokenized card - regardless if it is already stored in PCI Booking.

Body Params

As required by the third party
object
 

Headers

As required by the third party
object
 
 

Once the response from the third party is received in PCI Booking. the card details will be extracted from the message body and tokenized, the card details in the message will be masked and the token URI will be added to the response header (the header field will be X-pciBooking-cardUri).

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

Suggest Edits

Request to Send Card Capture Form to Recipient

The request will trigger a message to be sent to the recipient (via email or text message) with a link to the card capture form.
We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/cardrequest/create
curl --request POST \
  --url https://service.pcibooking.net/api/cardrequest/create \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'POST',
  url: 'https://service.pcibooking.net/api/cardrequest/create',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/cardrequest/create")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/cardrequest/create");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/cardrequest/create"

headers = {'authorization': 'Authorization'}

response = requests.request("POST", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  
}
{
    "code": -179,
    "message": "Bad input parameter",
    "moreInfo": "Bad input data",
    "errorList": [
        "Bad json format"
    ]
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Body Params

SenderID
string
required

The user ID of the booker

Language
string

The form's language in ISO 639-1 (2-letter) format - see here. If an unsupported language is received, English will be displayed. Adding languages is simple to do through our user's control panel.

Css
string

The CSS resource name. Please follow our guide on managing stylesheets. If no CSS is provided, PCI Booking will implement the default CSS.

CallBackURL
string

A URL where the status of the request will be pushed to by PCI Booking.
Please note, this URL should be provided as urlEncoded.

CardTypes
string

An optional parameter, which will limit the list of card types. If it is omitted, or if no valid card types are found, all types of cards will be displayed.

ShowOwnerID
boolean

Will be displayed in the form (required in some countries). true: include the field. false: exclude the field.

DefaultCardType
string

Indicates which of the card types will be set as default in the card drop down menu.

AutoDetectCardType
boolean

Indication whether to use card detection according to card number or not. true: use card detection. false: do not use card detection. There will be a drop down menu, indicating the card type.

MinExpiration
string

Minimum expiration month/year parameter. Format: mmyyyy. The expiration validation will be checked vs. the minimum expiration date. The expiration date must be a valid date, in the specified format. Use case: Used when the card expiration should be later than a check-in date.

CVV
boolean

Indicate whether to add the CVV field or not. true: include the CVV, and save it in the database. false: exclude the field.

RequestTTL
int32
required

The number of hours that the request will be valid for. Minimum 1 hour, maximum 24 hours.

DestinationType
string
required

Indicates how to send the link to the card capture form - by Email or by text message. Optional values are email and sms.

Destination
string
required

The destination of the message. Email address or a phone number. If providing a phone number, the number should be formatted as an international dial number: Country code + area code + phone number.

SenderReference
string

A reference value which then can be used to query for this card token.

Description
string

Free text field to provide a description of this request. The Description parameter can contain up to 50 characters.

RecipientName
string
required

Free text field to provide the recipient's name. The RecipientName parameter can contain up to 70 characters.

Amount
double

An optional parameter to indicate the amount of the transaction. The Amount parameter is required if the Currency parameter is provided.

Currency
string

An optional parameter to indicate the currency of the amount of the transaction. Currency should be provided in ISO 4217 (3-letter) format - see here. The Currency parameter is required if the Amount parameter is provided. If the Currency parameter has an incorrect value, error code 401 BAD DATA will be returned.

CustomHeaderText
string

Free text to be displayed in the header of the message to the recipient. The CustomHeaderText parameter can contain up to 1000 characters.

CustomFooterText
string

Free text to be displayed in the footer of the message to the recipient. The CustomFooterText parameter can contain up to 1000 characters.

CustomerSupportPhone
string

Free text to be displayed as the phone number displayed in the email message to the recipient and in the landing page. The CustomerSupportPhone parameter can contain up to 20 characters.

CustomerSupportEmail
string

Free text to be displayed in the email address