PCI Booking provides a simple, Restful, API to perform all actions regarding a credit card.

PCI Booking is made up of several application areas. This developers site contains a guide and a reference manual for each application area.

  • The guides allow software architects and designers to have a broad view on the system operation and easily pick up those components which can fit the best different application scenarios.
  • The reference manuals allow developers to have a clear understanding of which methods are available, what input parameters are required for each method and the expected results of each.
Suggest Edits

Authentication

 

PCI Booking offers several means of authenticating your requests - some methods support one form of authentication and some methods support multiple forms of authentication.
Before picking your authentication method, we recommend that you review our Authentication Guide to see all of the available options and the advantages that each option provides.

Suggest Edits

Authenticate

The method lets you check whether the PCI Booking service is up and if your API key is authenticated.

We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/accounts/authenticate/
curl --request POST \
  --url https://service.pcibooking.net/api/accounts/authenticate/ \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'POST',
  url: 'https://service.pcibooking.net/api/accounts/authenticate/',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/accounts/authenticate/")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/accounts/authenticate/");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/accounts/authenticate/"

headers = {'authorization': 'Authorization'}

response = requests.request("POST", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

""
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 
Suggest Edits

Start a Temporary Session

This method starts a new session for capturing a customer's payment card.

We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/payments/paycard/tempsession
curl --request POST \
  --url https://service.pcibooking.net/api/payments/paycard/tempsession \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'POST',
  url:
   'https://service.pcibooking.net/api/payments/paycard/tempsession',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/tempsession")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard/tempsession");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/tempsession"

headers = {'authorization': 'Authorization'}

response = requests.request("POST", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

"1a75885fabe443588488de7d7e7f9980"
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Headers

Authorization
string
required

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 
Suggest Edits

Access Token Generation Code Samples

We recommend that you first review the guide for this method.

 

Below you will find code samples in different languages to show you how to create the Access Token.
These code samples are ready to run and you are welcome to use them in your code. Alternatively, you can use these samples as a reference to develop your own code.

using System;

namespace CreateAccessToken
{
    class Program
    {
        private static string[] helpLines = 
        { 
            "Usage: CreateAccessToken.exe <Certificate file path> <API Key> <Absolute time>",
            "Certificate file path: .cer as downloaded from https://service.pcibooking.net/api",
            "API Key: As generated in your PCI Booking account",
            "Absolute time: local time in format HH:MM:ss (up to 1 hour from now), e.g: 18:20:34"
        };

        static void Main(string[] args)
        {
            if (args.Length != 3)
                Usage("Invalid number of arguments; expected 3");

            // read certificate
            System.Security.Cryptography.X509Certificates.X509Certificate2 cert = null;
            try
            {
                cert= new System.Security.Cryptography.X509Certificates.X509Certificate2(args[0]);
            }
            catch (Exception ex)
            {
                Usage("Cannot load certificate file: " + args[0] + " Error: " + ex.Message);
            }

            // read time and convert to absolute date time in UTC
            DateTime expectedExpirationLocalTime;
            if (!DateTime.TryParse(args[2], out expectedExpirationLocalTime))
            {
                Usage("Invalid expected time: " + args[2]);
            }
            TimeSpan expiresIn = expectedExpirationLocalTime.Subtract(DateTime.Now);
            if (expiresIn > TimeSpan.FromHours(1) || expiresIn<TimeSpan.Zero)
            {
                Usage(string.Format("Invalid expected time [{0}]. Should be up to one hour ahead ", args[2]));
            }
            DateTime expectedExpirationUTC = expectedExpirationLocalTime.ToUniversalTime();

            // Generate a guid
            string guid = Guid.NewGuid().ToString().Replace("-","");

            // Construct data block
            string dataBlock = string.Format("{0}#{1}#{2}", args[1], guid, expectedExpirationUTC.ToString("o"));


            // encode the string to clear bytes
            byte[] clearBytes = System.Text.Encoding.UTF8.GetBytes(dataBlock);

            // obtain crypto provider with public key
            System.Security.Cryptography.RSACryptoServiceProvider rsaCryptoServiceProvider = (System.Security.Cryptography.RSACryptoServiceProvider)cert.PublicKey.Key;

            // perform the encryption
            byte[] encryptedBytes = rsaCryptoServiceProvider.Encrypt(clearBytes, false);

            // convert byte array to hex string
            string accessToken = string.Concat(Array.ConvertAll(encryptedBytes, b => b.ToString("X2"))); 

            Console.WriteLine(accessToken);
        }

        private static void Usage(string message = "")
        {
            if (!string.IsNullOrEmpty(message))
                Console.WriteLine(message);

            foreach (var line in helpLines)
            {
                Console.WriteLine(line);
            }
            Environment.Exit(0);
        }
    }
}

import java.io.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.text.SimpleDateFormat;
import java.text.DateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
import java.util.UUID;
import javax.crypto.Cipher;

public class CreateAccessToken {

    private static final String[] helpLines
            = {
                "Usage: CreateAccessToken.exe <Certificate file path> <API Key> <Absolute time>",
                "Certificate file path: .cer as downloaded from https://service.pcibooking.net/api",
                "API Key: As generated in your PCI Booking account",
                "Absolute time: local time in format HH:MM:ss (up to 1 hour from now), e.g: 18:20:34"
            };

    public static void main(String[] args) {
       
    	if (args.length != 3) {
            Usage("Invalid number of arguments; expected 3");
        }
        // read certificate
        Certificate cert = null;
        try {
            InputStream fis = new FileInputStream(args[0]);
            BufferedInputStream bis = new BufferedInputStream(fis);
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            cert = cf.generateCertificate(bis);
        } catch (Exception ex) {
            Usage("Cannot load certificate file: " + args[0] + " Error: " + ex);
        }
        // read time and convert to absolute date time in UTC
        Date expectedExpirationLocalTime = null;
        Date date = new Date();
        SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd");
        String cDate=formatter.format(date);
        formatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
        try {
            expectedExpirationLocalTime = formatter.parse(cDate+" "+args[2]);
        } catch (Exception ex) {
            Usage("Invalid expected time: " + args[2] + " Error: " + ex);
        }
        Calendar cal = Calendar.getInstance();
        long expiresIn = expectedExpirationLocalTime.getTime() - cal.getTime().getTime();
        if (expiresIn > 3600000 || expiresIn < 0) {
            Usage("Invalid expected time [" + args[2] + "]. Should be up to one hour ahead ");
        }
        formatter.setTimeZone(TimeZone.getTimeZone("UTC"));
        Date expectedExpirationUTC = null;
        try {
            expectedExpirationUTC = formatter.parse(formatter.format(expectedExpirationLocalTime));
        } catch (Exception ex) {
            Usage("Cannot convert time to UniversalTime: Error: " + ex);
        }

		// format to ISO 8601
		DateFormat df = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ");
		df.setTimeZone(TimeZone.getTimeZone("UTC"));
		String asISO8601 = df.format(expectedExpirationUTC);


        // Generate a guid
        String guid = UUID.randomUUID().toString().replace("-", "");
        // Construct data block
        String dataBlock = String.format("%1$s#%2$s#%3$s", args[1], guid, asISO8601);
        // encode the string to clear bytes
        byte[] clearBytes = null;
        try {
            clearBytes = dataBlock.getBytes("UTF-8");
        } catch (Exception ex) {
            Usage("Cannot encode to UTF8: Error: " + ex);
        }
        byte[] encryptedBytes = null;
        // perform the encryption
        try {
            // get an RSA cipher object and print the provider
            final Cipher cipher = Cipher.getInstance("RSA");
            // encrypt the plain text using the public key
            cipher.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());
            encryptedBytes = cipher.doFinal(clearBytes);
        } catch (Exception ex) {
            Usage("Cannot encrypt: Error: " + ex);
        }
        // convert byte array to hex string
        String accessToken = byteArrayToHex(encryptedBytes);

		// display the access token
		System.out.println(accessToken);
    }

    private static void Usage(String message) {
        if (!message.isEmpty()) {
            System.out.println(message);
        }

        for (String line : helpLines) {
            System.out.println(line);
        }
        System.exit(0);
    }

    private static String byteArrayToHex(byte[] a) {
        StringBuilder sb = new StringBuilder(a.length * 2);
        for (byte b : a) {
            sb.append(String.format("%02X", b & 0xff));
        }
        return sb.toString();
    }
}
<?php

require('vendor/autoload.php');

class CreateAccessToken
{

    private $certificate;
    private $apiKey;
    private $expirationTime;

    public function __construct($certificate, $apiKey, DateTime $expirationTime)
    {
        $this->certificate = $certificate;
        $this->apiKey = $apiKey;
        $this->expirationTime = $expirationTime;
    }

    public function createToken()
    {
        $cert = openssl_get_publickey($this->certificate);

        $this->expirationTime->setTimeZone(new DateTimeZone('UTC'));

        $expirationAsISO8601 = $this->expirationTime->format(DateTime::ISO8601);
        $guid = $this->generateUUID();
        $dataBlock = sprintf('%s#%s#%s', $this->apiKey, $guid, $expirationAsISO8601);

        openssl_public_encrypt($dataBlock, $encryptedData, $cert);

        $encryptedDataHex = strtoupper(bin2hex($encryptedData));

        return $encryptedDataHex;
    }

    private function generateUUID()
    {
        return str_replace('-', '', Ramsey\Uuid\Uuid::uuid4());
    }

}
import binascii
import uuid
import pytz

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.x509 import load_pem_x509_certificate


def create_access_token(cert_file, api_key, expiration_time):
    cert = load_pem_x509_certificate(cert_file.read(), default_backend())

    public_key = cert.public_key()

    try:
        expiration_time = pytz.utc.localize(expiration_time)
    except ValueError:
        pass

    expiration_string = expiration_time.isoformat()

    data_block = '{}#{}#{}'.format(api_key, uuid.uuid4(), expiration_string)

    ciphertext = public_key.encrypt(data_block, padding.PKCS1v15())

    return binascii.hexlify(ciphertext)


def main():
    import datetime
    import sys

    if len(sys.argv) != 4:
        print("Usage: {} cert_file api_key, expiration_timestamp".format(
            sys.argv[0]))
        exit(1)

    with open(sys.argv[1], "rb") as cert_file:
        expiration_time = datetime.datetime.fromtimestamp(int(sys.argv[3]))

        print(create_access_token(cert_file, sys.argv[2], expiration_time))


if __name__ == '__main__':
    main()
Suggest Edits

Get Supported Credit Cards

This method will allow you to retrieve the list of supported credit cards in PCI Booking. You can use this list as a basis to perform name mapping for credit cards.

 
gethttps://service.pcibooking.net/api/payments/paycard/supportedCards
curl --request GET \
  --url https://service.pcibooking.net/api/payments/paycard/supportedCards
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/payments/paycard/supportedCards' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/supportedCards")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/supportedCards");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/supportedCards"

response = requests.request("GET", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

{List of credit cards}
 
Suggest Edits

CSS Stylesheet Management

 

You can manage all aspects of the stored CSS stylesheets in PCI Booking using the following API methods.
Before you can use these methods, please make sure that the user you are using to perform API actions has the System Configurator permission. If you are unsure, please check with your account administrator or contact our support team.

Suggest Edits

Add or update CSS

This method allows you to create a new CSS record or update an existing one(by overriding the current content).

 
puthttps://service.pcibooking.net/api/ResourceName
curl --request PUT \
  --url https://service.pcibooking.net/api/ResourceName
var request = require("request");

var options = { method: 'PUT',
  url:
   'https://service.pcibooking.net/api/ResourceName' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/ResourceName")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Put.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("PUT", "https://service.pcibooking.net/api/ResourceName");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/ResourceName"

response = requests.request("PUT", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

Status 201 will be returned if this CSS resource name did not exist before. 
Status 200 will be returned if this CSS resource name existed before - in which case the stylesheet submitted in this request will override the existing data.
{
    "Message": "The request is invalid.",
    "ModelState": {
        "model": [
            "Required property 'IsDefault' not found in JSON. Path '', line 6, position 1."
        ],
        "model.ContentLTR": [
            "The ContentLTR field is required."
        ]
    }
}
{
    "Message": "The request is invalid.",
    "ModelState": {
        "ContentError": [
            "At least one of the fields, ContentLTR or ContentRTL, must have valid CSS content"
        ]
    }
}
{
    "Message": "Invalid CSS: Line number: 1<br />Error: invalid selector after \n"
}

Path Params

ResourceName
string
required

The "resource name" that you would like to assign this CSS record

Body Params

Description
string

This value will serve as the description of this CSS resource in the our user's site.

ContentLTR
string

The stylesheet configuration for LTR content.

ContentRTL
string

The stylesheet configuration for RTL content.
Normally, this is left blank unless you are using RTL pages.

IsDefault
boolean

Sets this CSS resource as the default CSS for your account.

Headers

Authorization
string

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

Same method is used for creating a new CSS resource and updating an existing CSS resource

Please be aware that the same method is used for both creating a new CSS and updating an existing one.
If you update an existing CSS, the content of it will be replaced with the uploaded content and this action cannot be undone.

Suggest Edits

List all CSS records

This method allows you to retrieve a list of all CSS records in your account.

 
gethttps://service.pcibooking.net/api
curl --request GET \
  --url https://service.pcibooking.net/api
var request = require("request");

var options = { method: 'GET', url: 'https://service.pcibooking.net/api' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api"

response = requests.request("GET", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

[
  {
	"ResourceName": "DefatultCSS",
   	"Description": "The default CSS",
     	"ContentLTR": 
"body {
		background-color: powderblue;
}
h1 {
		color: blue;
}",
	"ContentRTL": " ",
"IsDefault ": true,
"ContentType ": "test/css"
  },
  {
	"ResourceName": "ArabicCSS",
   	"Description": "CSS for arabice",
     	"ContentLTR": 
"",
	"ContentRTL": "body {
		background-color: orange;
}
h1 {
		color: blue;
} ",
"IsDefault ": false,
"ContentType ": "test/css",
  	},
]

Headers

Authorization
string

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

The response to this method will be an array of CSS resource items in your account in PCI Booking. Each of the CSS resource items in the array will have the same structure as defined in the method for adding a new CSS.

Suggest Edits

Retrieve CSS record

This method allows you to retrieve the content of a particular CSS stored in PCI Booking.

 
gethttps://service.pcibooking.net/api/ResourceName
curl --request GET \
  --url https://service.pcibooking.net/api/ResourceName
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/ResourceName' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/ResourceName")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/ResourceName");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/ResourceName"

response = requests.request("GET", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

  {
	"ResourceName": "DefatultCSS",
   	"Description": "The default CSS",
     	"ContentLTR": 
"body {
		background-color: powderblue;
}
h1 {
		color: blue;
}",
	"ContentRTL": " ",
"IsDefault ": true,
"ContentType ": "test/css"
  }

Path Params

ResourceName
string
required

The "resource name" that was assigned to this CSS record.
You can either log in to our user's site to view the list of CSS records or retrieve the full list of CSS records in your account.

Headers

Authorization
string

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

The response to this method will be a single CSS resource item from your account in PCI Booking based on the resource name that was provided. The CSS resource item will have the same structure as defined in the method for adding a new CSS.

Suggest Edits

Delete CSS record

This method allows you to delete the CSS record from PCI Booking.

 
deletehttps://service.pcibooking.net/api/ResourceName
curl --request DELETE \
  --url https://service.pcibooking.net/api/ResourceName
var request = require("request");

var options = { method: 'DELETE',
  url:
   'https://service.pcibooking.net/api/ResourceName' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/ResourceName")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Delete.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("DELETE", "https://service.pcibooking.net/api/ResourceName");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/ResourceName"

response = requests.request("DELETE", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

Try the API to see results

Path Params

ResourceName
string
required

The "resource name" that was assigned to this CSS record.
You can either log in to our user's site to view the list of CSS records or retrieve the full list of CSS records in your account.

Headers

Authorization
string

The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

 

The response to this method will be a single CSS resource item from your account in PCI Booking based on the resource name that was provided. The CSS resource item will have the same structure as defined in the method for adding a new CSS.

Suggest Edits

Tokenization Intro

 

Tokenizing cards is the process where card details reach your system (whether by push from a third party or pulling from a third party), our system processes the message on-the-fly, stores the card details and returns a non-secure token as reference to the card details.

PCI Booking offers several methods for tokenizing cards:

Suggest Edits

Tokenization in Response

E-commerce sites send a "Reservation with card data" request to a third party.
Once the e-commerce site initializes the request, the third party will send a response, with the card data.
The e-commerce site will receive the card URI that was saved in the database.

We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/payments/paycard/capture
curl --request POST \
  --url 'https://service.pcibooking.net/api/payments/paycard/capture?profileName=profileName&targetURI=targetURI&httpMethod=httpMethod'
var request = require("request");

var options = { method: 'POST',
  url:
   'https://service.pcibooking.net/api/payments/paycard/capture',
  qs:
   { profileName: 'profileName',
     targetURI: 'targetURI',
     httpMethod: 'httpMethod' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard/capture?profileName=profileName&targetURI=targetURI&httpMethod=httpMethod")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard/capture?profileName=profileName&targetURI=targetURI&httpMethod=httpMethod");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard/capture"

querystring = {"profileName":"profileName","targetURI":"targetURI","httpMethod":"httpMethod"}

response = requests.request("POST", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
	Status 200 will be returned for a card that already exists in your account in PCI Booking.
  The body of the response will be the response from third party with card details masked
}
{
	Status 201 will be returned for a card that does not exist in your account in PCI Booking.
  The body of the response will be the response from third party with card details masked
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Couldn't fetch a valid pciShield profile:: wsc",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Invalid target Uri::",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected Temp Session or One-Time Accesss Token",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected Temp Session or One-Time Accesss Token",
    "errorList": null
}

Query Params

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

profileName
string
required

The profileName is the unique ID for the profile that was set up for the response you will receive for this request. You can set up as many profiles as you require. Read more about setting up target profiles.

targetURI
string
required

The URI of the third party that you would like to relay the request to in order to retrieve the card details.
For example http://permaculturenews.org/.

httpMethod
string
required

The HTTP method that PCI Booking should use when calling the target URI. Possible values are POST and GET.

saveCVV
boolean

Will be used to determine whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.

ref
string

A reference value which then can be used to query for this card token.

MerchantId
string

The user ID of the property you wish to associate the token with.
The user ID for the property can be found under "Property settings" in our user's site.

allowedUserId
string

The user ID of the PCI Booking customer (booker ID) you wish to associate the token with. You will need to ask the PCI Booking customer to share with you their user ID to the PCI Booking system.

timeout
int32

The number of seconds that PCI Booking should wait for a response from the third party.

eliminateCardDuplication
boolean

Indicates whether the PCI Booking system should look up this card details in cards previously stored and return the token of the existing card (if found) or always return a new token.
Possible values are True: look up new card in existing cards and False: always create new tokens.
If this parameter is not specified in the request, the default behavior of the system would be to create a new token for each tokenized card - regardless if it is already stored in PCI Booking.

Body Params

As required by the third party
object
 

Headers

As required by the third party
object
 
 

Once the response from the third party is received in PCI Booking. the card details will be extracted from the message body (the card details will be located by using the content filter specified in the target profile). The card will be tokenized, the card details in the message will be masked and the token URI will be added to the response header (the name of the header will be taken from the settings of the target profile).

If the eliminateCardDuplication parameter is set to True, the system will look up the card in the customer's stored cards and check if it already exists:

  • If it exists, then the card details will be masked and the token added to the response will be the token of the previously stored card.
  • If it does not exist, the card will generate a new token which will then be added to the response.

If the eliminateCardDuplication parameter is set to False or not added in the request, PCI Booking will generate a new token for any card processed.

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

All URLs should be https.

Please note to urlEncode all components!

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

Suggest Edits

Tokenize from sFTP

This method will retrieve a file from the sFTP server provided, process it to extract the card details listed and tokenize them

 
gethttps://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName
curl --request GET \
  --url 'https://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName?sessionToken=sessionToken&filter=filter' \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'GET',
  url:
   'https://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName',
  qs:
   { sessionToken: 'sessionToken',
     filter: 'filter' },
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName?sessionToken=sessionToken&filter=filter")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName?sessionToken=sessionToken&filter=filter");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/sftp/serverAddress/folderPath/fileName"

querystring = {"sessionToken":"sessionToken","filter":"filter"}

headers = {'authorization': 'Authorization'}

response = requests.request("GET", url, headers=headers, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

Path Params

serverAddress
string
required

The sFTP server address. This could be the IP address or domain name of the server. If required, you can add the port number with a colon.
For example:
fsgatewaytest.aexp.com:22
10.200.1.10

folderPath
string
required

The folder path where the file should be downloaded from. This can either an individual folder or a whole path.

fileName
string
required

The file name that should be downloaded. The file name should include both name and extension as required. For example: PCIBTST.xml

Query Params

sessionToken
string
required

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

filter
string
required

An indicator to PCI Booking which format of file is being downloaded in this request.
Read more on our Supported Formats.

timeout
string

The timeout, in seconds, of how long PCI Booking should wait for the sFTP server to respond.

Headers

Authorization
string
required

The authorization parameter that should be used in order to authenticate to the sFTP server.

Content-Encoding
string

PCI Booking supports request compression in the formats of gzip and deflate. When sending a request that should be compressed with one of these formats, please add the Content-Encoding header with the value of gzip or deflate. If no compression is necessary, please omit this header from your request.

 

Once the response from the third party is received in PCI Booking. the card details will be extracted from the message body and tokenized, the card details in the message will be masked and the token URI will be added to the response header (the header field will be X-pciBooking-cardUri).

Suggest Edits

Universal Tokenization

 

The Universal Tokenization method allows customers to process on-the-fly tokenization from pre-configured third parties that PCI Booking has integrated with. This helps customers streamline the integration with common providers.

With the Universal Tokenization, you can do the following:

Suggest Edits

Get Tokenization Profiles

The request will produce a list of supported tokenization profiles and the description for each profile.
We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/booker
curl --request GET \
  --url https://service.pcibooking.net/api/booker
var request = require("request");

var options = { method: 'GET',
  url: 'https://service.pcibooking.net/api/booker' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/booker")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/booker");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/booker"

response = requests.request("GET", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

[
    {
        "Name": "Agoda",
        "Description": "Request to https://supply.agoda.com/api",
        "PathSegmentNames": []
    },
    {
        "Name": "SiteMinder",
        "Description": "Request to https://ws.siteminder.com/pmsxchangev2/services/{SiteMinderCustID}",
        "PathSegmentNames": [
            "SiteMinderCustID"
        ]
    },
  {...}
]
 

This method will return an array of profiles preset in the PCI Booking system. Each item in the array will contain the following parameters:

  • Name: The name of the profile - you will reference this later in the Tokenize on Response Using Preset Profiles method.
  • Description: a description of the profile and how to use it. If the target URL includes dynamic values in the URL path, the URL will be included here.
  • PathSegmentNames: A list of dynamic field names that need to be populated when submitting a request to this provider. If there is no need to provide dynamic values in the URL path, the value of this field will be an empty array.
Suggest Edits

Tokenize on Response Using Preset Profiles

E-commerce sites send a "Reservation with card data" request to a predefined and set third party (the integration will be done by PCI Booking).
Once the e-commerce site initializes the request, the third party will send a response, with the card data.
The e-commerce site will receive the card URI that was saved in the database.
We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/booker/ProfileName/reservation
curl --request POST \
  --url https://service.pcibooking.net/api/booker/ProfileName/reservation
var request = require("request");

var options = { method: 'POST',
  url:
   'https://service.pcibooking.net/api/booker/ProfileName/reservation' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/booker/ProfileName/reservation")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/booker/ProfileName/reservation");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/booker/ProfileName/reservation"

response = requests.request("POST", url)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
	Response from third party with card details masked
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected Temp Session or One-Time Accesss Token",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Couldn't fetch a valid pciShield profile:: wsc",
    "errorList": null
}
{
    "code": -125,
    "message": "Bad input data",
    "moreInfo": "Invalid target Uri::",
    "errorList": null
}

Path Params

ProfileName
string
required

The name of the profile as returned from the Get Tokenization Profiles method

Query Params

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

ref
string

A reference value which then can be used to query for this card token.

MerchantId
string

The Property's Username (user ID), found within PCI Booking (under "Property settings"), which has been given permission to view the card. Please note: The owner (Booker) has permission to view the card.

saveCVV
boolean

Will be used to determine whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.

pathSegments
string

In some instances, the target URL of the provider will include dynamic values added to the URL. For example: https://ws.mydomain.com/{customerName}. If this is the case, the object returned in the Get Tokenization Profiles method will include a list of items in the PathSegmentNames parameter. Additionally, the description parameter returned in the Get Tokenization Profiles method will include the full URL path of the target for your reference. When submitting the request to perform the tokenization, you will need to provide the value of these dynamic values in this field by listing [nameOfField]=[ValueOfField].

If multiple dynamic values are required, separate them with '&'.

The value of field should be URL encoded.

fwd
string

In some instances, the target URL of the provider will include query string parameters that should be appended to the end of the URL. For example: https://ws.mydomain.com?param1=value1&param2=value2. If the provider requires query string parameters, you will provide the list of query string (including the names and values of each key) in this parameter.

Each key-value pair of the query string should be url-encoded first, then the entire query string should be url-encoded and set as the value of this parameter.

eliminateCardDuplication
boolean

Indicates whether the PCI Booking system should look up this card details in cards previously stored and return the token of the existing card (if found) or always return a new token.
Possible values are True: look up new card in existing cards and False: always create new tokens.
If this parameter is not specified in the request, the default behavior of the system would be to create a new token for each tokenized card - regardless if it is already stored in PCI Booking.

Body Params

As required by the third party
object
 

Headers

As required by the third party
object
 
 

Once the response from the third party is received in PCI Booking. the card details will be extracted from the message body and tokenized, the card details in the message will be masked and the token URI will be added to the response header (the header field will be X-pciBooking-cardUri).

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

Suggest Edits

Request a Card Entry Form

This method lets you create a PCI Booking Card Entry form for capturing credit card data within an e-commerce site. Apply the method from the user's browser, typically in an iFrame "src" tag.
We recommend that you first review the guide for this method.

 
gethttps://service.pcibooking.net/api/payments/capturecard
curl --request GET \
  --url 'https://service.pcibooking.net/api/payments/capturecard?brand=brand&language=language'
var request = require("request");

var options = { method: 'GET',
  url: 'https://service.pcibooking.net/api/payments/capturecard',
  qs:
   { brand: 'brand',
     language: 'language' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/capturecard?brand=brand&language=language")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://service.pcibooking.net/api/payments/capturecard?brand=brand&language=language");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/capturecard"

querystring = {"brand":"brand","language":"language"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

HTML content of form

Query Params

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.
When using 3D Secure authentication, and the selected request authorization is ‘accessToken’, you will need to provide two access tokens in the value for this parameter listed in this format: &accessToken=Token1aaa,Token2bbb.

brand
string
required

The brand parameter should be used to provide your identification to the PCI Booking system. This would be your username to PCI Booking.

language
string
required

The form's language in ISO 639-1 (2-letter) format - see here. If an unsupported language is received, English will be displayed. Adding languages is simple - simply contact our support team.

css
string

The CSS resource name. Please follow our guide on managing stylesheets. If no CSS is provided, PCI Booking will implement the default CSS.

cvv
boolean

Will be used to determine whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.

removeBaseCss
boolean

Indication whether to use the PCI Booking base CSS or not. Note: using the base CSS will not collide with the e-commerce site's CSS. true," to remove the PCI Booking base CSS. false," to use the PCI Booking base CSS.

minExpiration
string

Minimum expiration month/year parameter. Format: mmyyyy. The expiration validation will be checked vs. the minimum expiration date. The expiration date must be a valid date, in the specified format. Use case: Used when the card expiration should be later than a check-in date.

autoDetectCardType
boolean

Indication whether to use card detection according to card number or not. true: use card detection. false: do not use card detection. There will be a drop down menu, indicating the card type.

defaultCardType
string

Indicates which of the card types will be set as default in the card drop down menu.

success
string

The URL where a successful response will be redirected to. Read more on how to set up success / failure redirection pages.
While it is not required to specify a success URL value, we strongly recommend it so that you can receive the card token details for your records.

failure
string

The URL where a failed response will be redirected to. Read more on how to set up success / failure redirection pages.

showOwnerId
string

Will be displayed in the form (required in some countries). true: include the field. false: exclude the field.

cardTypes
string

An optional parameter, which will limit the list of card types. If it is omitted, or if no valid card types are found, all types of cards will be displayed.

submitWithPostMessage
boolean

Indicates whether to include the PCI Booking submit button or not. Removing the PCI Booking submit button will limit the e-commerce site to use its own site button to collect reservation information and card information. true: will not include the submit button. false: will include the submit button. Read more on how to set up the postMessage mechanism.

autoFocus
boolean

Indicates whether the iframe should be in focus when the parent page loads. If true, then if autoDetectCardType=true then the focus will be on the card number field. Otherwise, if autoDetectCardType=false or autoDetectCardType is not provided then the focus will be on the card type selection.

postMessageHost
string

An optional value to provide the domain name of the host site where the iframe is displayed in.

creatorReference
string

A reference value which then can be used to query for this card token.

ThreeDS
boolean

Indicates whether to perform 3D secure authentication following card entry. Default value is False, i.e. not to run 3D secure authentication.
If you enable 3D Secure authentication on this card capture and you are using access token authorization, please remember to provide two access tokens as mentioned above.

UnavailThreeDSAuth
string

Instruction on what to do in case of a technical problem with the 3D process.
Accept - Ignores 3D secure processing and proceeds with tokenizing the credit card.
Reject - do not continue, and do not tokenize the card. In this case, the card owner will be directed to the failure page URL provided.

expirationMonths
string

Indicates the format of the card's expiration month dropdown - either as month names or month numbers. Optional values are names and numbers.
If this parameter is not set, the default value is numbers.

 

The response of calling this method is the HTML content of the Card Capture Form itself (Click here for an example of the content). You can use the request URL either as the page URL that a customer is directed to or as the source URL of an iframe element on your page.

Remote Customer Locations

If you are working with end customers in different locations, you may want to use our Card Entry Form with CDN.

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

All URLs should be https.

Please note to urlEncode all components!

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

Suggest Edits

HTML code of Card Capture Form

 

The result of requesting the Card Entry Form or the Card Entry Form with CDN will be a similar HTML format:

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <title>Card</title>
        <meta name="viewport" content="width=device-width, maximum-scale=1.0, minimum-scale=1.0, initial-scale=1.0" />
        <link rel="stylesheet" href="/Css/font-awesome-4.4.0/css/font-awesome.min.css">
        <link href="/Css/capture-ltr.css?v=1.00" rel="stylesheet" type="text/css" />
        <!--[if lt IE 9]>
        <link rel="stylesheet" type="text/css" media="all" href="/Css/style-ie8.css"/>
        <![endif]-->


    </head>
    <body>
        <div id="cardContainer" class="card-container" style="visibility: hidden; opacity: 1;">
            <form id="frmCardPayment" action="">
                <input type="hidden" id="cardType" name="cardType" />
                <fieldset>
                    <label class="form-label">
                    Card number:
                </label>
                    <div class="relative cc">
                        <div class="card-type-container"></div>
                        <input type="text" id="cardNumber" name="cardNumber" class="form-input required card-type" placeholder="****-****-****-****" maxlength="24" />
                    </div>
                </fieldset>
                <fieldset>
                    <label class="form-label">
                    Expiration:
                </label>
                    <select id="cardExpirationMonth" name="cardExpirationMonth" class="form-input month required">
                        <option value="">Month</option>
                    </select>
                    <select id="cardExpirationYear" name="cardExpirationYear" class="form-input year required">
                        <option value=""> Year</option>
                    </select>
                </fieldset>
                <fieldset id="cvvContainer">
                    <label class="form-label">
                    CVV
                    
                        <i class="fa fa-question-circle tooltip cardframe-cvv-tooltip" popuptip='The card security code is a unique three or four-digit number printed on your debit/credit card. The security code helps validate that the customer placing the online order actually has the credit card in his/hers possession, and that the credit/debit card account is legitimate.'></i>
                    </label>
                    <input type="text" id="cardCvv" name="cardCvv" class="form-input required" maxlength="4" placeholder='Card security code' />
                </fieldset>
                <fieldset>
                    <label class="form-label">
                    Name On Card:
                    
                        <i class="fa fa-question-circle tooltip cardframe-nameoncard-tooltip" popuptip='The name on card as it appears in your credit card'></i>
                    </label>
                    <input type="text" id="cardNameOnCard" name="cardNameOnCard" class="form-input required" placeholder='Name on card' />
                </fieldset>
                <fieldset id="card-issue-number-container" style="display: none;">
                    <label class="form-label">
                    Issue Number:
                </label>
                    <input type="text" id="cardIssueNumber" name="cardIssueNumber" class="form-input required" />
                </fieldset>
                <fieldset id="card-ownerid-container" style="display: none;">
                    <label class="form-label">
                    Owner ID:
                </label>
                    <input type="text" id="cardOwnerid" name="cardOwnerid" class="form-input required" />
                </fieldset>
                <div id="buttonContainer" class="button">
                    <input type="submit" value="Submit" id="card-enter" class="required" />
                </div>
            </form>
        </div>
        <div id="throbber" class="overlay" style="visibility: hidden; opacity: 1;"></div>
        <div class="throbberBox" style="visibility: hidden; opacity: 1;">
            <div class="loader"></div>
            <h2>Processing</h2>
        </div>
        <script src="/bundles/card-capture?v=ISf7ifjtBlZajClVQE6aUCmnsAlKa3yAtk18pgG2mt41"></script>
        <script>
        var messages = {};
        messages.require = 'This field is required.';
        messages.invalidCC = 'Please enter a valid credit card number.';
        messages.invalidCVV = 'Please enter a valid cvv number.';
        messages.invalidMinExp = 'The credit card must be valid beyond the booking period.';
        messages.nameOnCardMaxLength = 'The maximum name length is 32 characters';
        messages.invalidnameOnCard = 'Enter only letters, numerals and the following signs (\'), (-), (.) , (!), (£), ($), (%), (^), (*), ( )';
        messages.wrongCardTypeVSCardNumber = 'Your card number doesn\'t match the selected card.';
        messages.wrongCardTypeVSCardNumberUnionPay = 'Your card number doesn\'t match the selected card.';
        messages.cardTypeNotSupported = 'Your card is not supported. Please use {cardtypes}.';

        window.monthsVariables = ['January','February','March','April','May','June','July','August','September','October','November','December'];
        var successUrl = cardCapture.getParameterByName('success');
        var failureUrl = cardCapture.getParameterByName('failure');

        var showOwnerId = (cardCapture.getParameterByName('showOwnerId') !== null && cardCapture.getParameterByName('showOwnerId').toLowerCase() === "true");
        var submitWithPostMessage = (cardCapture.getParameterByName('submitWithPostMessage') !== null && cardCapture.getParameterByName('submitWithPostMessage').toLowerCase() === "true");
        cardCapture.init(messages, successUrl, failureUrl, true, showOwnerId, submitWithPostMessage, '2017-12-01', 'https://service.pcibooking.net', ["visa","mastercard","amex","jcb","solo","switch","maestro","electron","delta","dankort","cartebleue","cartasi","dinersclub","discover","unionpay","mc_canada","mc_alaska","bc","eurocard","lazer","elo","hipercard","enroute"]);
    </script>
    </body>
</html>
Suggest Edits

Request a Card Entry Form with CDN

This method lets you create a PCI Booking Card Entry form for capturing credit card data within an e-commerce site. Apply the method from the user's browser, typically in an iFrame "src" tag.
The content of the Card Entry Form will be retrieved from our CDN (Content Distribution Network).
We recommend that you first review the guide for this method.

 
gethttps://cf-service.pcibooking.net/api/payments/capturecard
curl --request GET \
  --url 'https://cf-service.pcibooking.net/api/payments/capturecard?brand=brand&language=language'
var request = require("request");

var options = { method: 'GET',
  url: 'https://cf-service.pcibooking.net/api/payments/capturecard',
  qs:
   { brand: 'brand',
     language: 'language' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://cf-service.pcibooking.net/api/payments/capturecard?brand=brand&language=language")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("GET", "https://cf-service.pcibooking.net/api/payments/capturecard?brand=brand&language=language");

xhr.send(data);
import requests

url = "https://cf-service.pcibooking.net/api/payments/capturecard"

querystring = {"brand":"brand","language":"language"}

response = requests.request("GET", url, params=querystring)

print(response.text)
A binary file was returned

You couldn't be authenticated

HTML content of form

Query Params

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

brand
string
required

The brand parameter should be used to provide your identification to the PCI Booking system. This would be your username to PCI Booking.

language
string
required

The form's language in ISO 639-1 (2-letter) format - see here. If an unsupported language is received, English will be displayed. Adding languages is simple - simply contact our support team.

css
string

The CSS resource name. Please follow our guide on managing stylesheets. If no CSS is provided, PCI Booking will implement the default CSS.

cvv
boolean

Will be used to determine whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.

removeBaseCss
boolean

Indication whether to use the PCI Booking base CSS or not. Note: using the base CSS will not collide with the e-commerce site's CSS. true," to remove the PCI Booking base CSS. false," to use the PCI Booking base CSS.

minExpiration
string

Minimum expiration month/year parameter. Format: mmyyyy. The expiration validation will be checked vs. the minimum expiration date. The expiration date must be a valid date, in the specified format. Use case: Used when the card expiration should be later than a check-in date.

autoDetectCardType
boolean

Indication whether to use card detection according to card number or not. true: use card detection. false: do not use card detection. There will be a drop down menu, indicating the card type.

defaultCardType
string

Indicates which of the card types will be set as default in the card drop down menu.

success
string

The URL where a successful response will be redirected to. Read more on how to set up success / failure redirection pages.

failure
string

The URL where a failed response will be redirected to. Read more on how to set up success / failure redirection pages.

showOwnerId
string

Will be displayed in the form (required in some countries). true: include the field. false: exclude the field.

cardTypes
string

An optional parameter, which will limit the list of card types. If it is omitted, or if no valid card types are found, all types of cards will be displayed.

submitWithPostMessage
boolean

Indicates whether to include the PCI Booking submit button or not. Removing the PCI Booking submit button will limit the e-commerce site to use its own site button to collect reservation information and card information. true: will not include the submit button. false: will include the submit button. Read more on how to set up the postMessage mechanism.

autoFocus
boolean

Indicates whether the iframe should be in focus when the parent page loads. If true, then if autoDetectCardType=true then the focus will be on the card number field. Otherwise, if autoDetectCardType=false or autoDetectCardType is not provided then the focus will be on the card type selection.

postMessageHost
string

An optional value to provide the domain name of the host site where the iframe is displayed in.

creatorReference
string

A reference value which then can be used to query for this card token.

ThreeDS
boolean

Indicates whether to perform 3D secure authentication following card entry. Default value is False, i.e. not to run 3D secure authentication.

UnavailThreeDSAuth
string

Instruction on what to do in case of a technical problem with the 3D process.
Accept - Ignores 3D secure processing and proceeds with tokenizing the credit card.
Reject - do not continue, and do not tokenize the card. In this case, the card owner will be directed to the failure page URL provided.

expirationMonths
string

Indicates the format of the card's expiration month dropdown - either as month names or month numbers. Optional values are names and numbers.
If this parameter is not set, the default value is numbers.

 

The response of calling this method is the HTML content of the Card Capture Form itself (Click here for an example of the content). You can use the request URL either as the page URL that a customer is directed to or as the source URL of an iframe element on your page.

Order of query string parameters

The order of the following query string parameters must be kept as listed and are case sensitive - all other query string parameters can be listed before or after these parameters and in any order:

  • autoDetectCardType
  • brand
  • css
  • cvv
  • language
  • minExpiration
  • removeBaseCss

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

All URLs should be https.

Please note to urlEncode all components!

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

Suggest Edits

Migrate card

This method lets users store card details when they were previously stored locally. The paycard is sent in XML format.
We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/payments/paycard
curl --request POST \
  --url https://service.pcibooking.net/api/payments/paycard \
  --header 'content-type: text/xml'
var request = require("request");

var options = { method: 'POST',
  url: 'https://service.pcibooking.net/api/payments/paycard',
  headers: { 'content-type': 'text/xml' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/payments/paycard")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["content-type"] = 'text/xml'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard");
xhr.setRequestHeader("content-type", "text/xml");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/payments/paycard"

headers = {'content-type': 'text/xml'}

response = requests.request("POST", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
    "Type": "Visa",
    "Number": "491891******5005",
    "NameOnCard": "Juan Dela Cruz",
    "ExpirationDate": {
        "Month": "07",
        "Year": "2020"
    },
    "IssueNumber": "2"
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY or Temp Session or One-Time Accesss Token",
    "errorList": null
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Merchant or Owner are not associated with bank card [{{Token}] userID: SoBookIt",
    "errorList": null
}

Query Params

ref
string

A reference value which then can be used to query for this card token.

merchant
string

The user ID of the property you wish to associate the token with.
The user ID for the property can be found under "Property settings" in our user's site.

allowedUserId
string

The user ID of the PCI Booking customer (booker ID) you wish to associate the token with.
You will need to ask the PCI Booking customer to share with you their user ID to the PCI Booking system.

saveCVV
boolean

Will be used to determine whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.

sessionToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken
string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

ValidateExpiration
boolean

An indication of whether to check if the listed expiration date is valid or not. True means to validate the expiration date and tokenization will fail if expiration date has passed. False means to accept the expiration date as is, even if it is in the past.

Body Params

BankCardDetails
object

The BankCardDetails object. You will find below the structure and example of the body request for the store method.

 

Headers

Authorization
string

Optional authentication method, you can use APIKEY authentication (in the format of APIKEY {value}) if not providing other authentication methods.
For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

Content-Type
string
required

PCI Booking accepts card details in the store method in text/xml format ony.

 

XML content only

Please note, the Store method accepts card details in XML format only. The above utility should not be used as it submits the content in JSON format.

<BankCardDetails xmlns="http://www.pcibooking.net/reservation" schemaVersion="1.0">
	<BankCard>
        <Type>Visa</Type>
        <Number>4918914107195005</Number>
        <NameOnCard>Juan Dela Cruz</NameOnCard>
        <ExpirationDate>
            <Month>07</Month>
            <Year>2020</Year>
        </ExpirationDate>
        <IssueNumber>2</IssueNumber>
        <CVV>123</CVV>
    </BankCard>
</BankCardDetails>

Once the Store Paycard method has bee completed successfully, a card token will be created and the token URI will be returned in the response header Location.
The card details submitted will also be returned in the response and the data will be masked.

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (API Key, Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

Suggest Edits

Card Over The Phone

 

The Card Over The Phone allows you to ask the card owner to provide you with their card details while speaking to them on the phone and without passing the card details themselves over the phone.

The following methods are available in the Card Over The Phone:

Suggest Edits

Request to Send Card Capture Form to Recipient

The request will trigger a message to be sent to the recipient (via email or text message) with a link to the card capture form.
We recommend that you first review the guide for this method.

 
posthttps://service.pcibooking.net/api/cardrequest/create
curl --request POST \
  --url https://service.pcibooking.net/api/cardrequest/create \
  --header 'authorization: Authorization'
var request = require("request");

var options = { method: 'POST',
  url: 'https://service.pcibooking.net/api/cardrequest/create',
  headers: { authorization: 'Authorization' } };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
require 'uri'
require 'net/http'

url = URI("https://service.pcibooking.net/api/cardrequest/create")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["authorization"] = 'Authorization'

response = http.request(request)
puts response.read_body
var data = JSON.stringify(false);

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function () {
  if (this.readyState === this.DONE) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://service.pcibooking.net/api/cardrequest/create");
xhr.setRequestHeader("authorization", "Authorization");

xhr.send(data);
import requests

url = "https://service.pcibooking.net/api/cardrequest/create"

headers = {'authorization': 'Authorization'}

response = requests.request("POST", url, headers=headers)

print(response.text)
A binary file was returned

You couldn't be authenticated

{
  
}
{
    "code": -179,
    "message": "Bad input parameter",
    "moreInfo": "Bad input data",
    "errorList": [
        "Bad json format"
    ]
}
{
    "code": -1003,
    "message": "Not authorized to access this resource",
    "moreInfo": "Bad or missing authorization data, expected APIKEY",
    "errorList": null
}

Body Params

SenderID
string
required

The user ID of the booker

Language
string

The form's language in ISO 639-1 (2-letter) format - see here. If an unsupported language is received, English will be displayed. Adding languages is simple to do through our user's control panel.

Css
string

The CSS resource name. Please follow our guide on managing stylesheets. If no CSS is provided, PCI Booking will implement the default CSS.

CallBackURL
string

A URL where the status of the request will be pushed to by PCI Booking.

CardTypes
string

An optional parameter, which will limit the list of card types. If it is omitted, or if no valid card types are found, all types of cards will be displayed.
The list of card types should be separated by comma (,).
Read more on our supported card types.

ShowOwnerID
boolean

Will be displayed in the form (required in some countries). true: include the field. false: exclude the field.

DefaultCardType
string

Indicates which of the card types will be set as default in the card drop down menu. Read more on our supported card types.

AutoDetectCardType
boolean

Indication whether to use card detection according to card number or not. true: use card detection. false: do not use card detection. There will be a drop down menu, indicating the card type.

MinExpiration
string

Minimum expiration month/year parameter. Format: mmyyyy. The expiration validation will be checked vs. the minimum expiration date. The expiration date must be a valid date, in the specified format. Use case: Used when the card expiration should be later than a check-in date.

CVV
boolean

Indicate whether to add the CVV field or not. true: include the CVV, and save it in the database. false: exclude the field.

RequestTTL
int32
required

The number of hours that the request will be valid for. Minimum 1 hour, maximum 24 hours.

DestinationType
string
required

Indicates how to send the link to the card capture form - by Email or by text message. Optional values are email and sms.

Destination
string
required

The destination of the message. Email address or a phone number. If providing a phone number, the number should be formatted as an international dial number: Country code + area code + phone number.

SenderReference
string

A reference value which then can be used to query for this card token.

Description
string

Free text field to provide a description of this request. The Description parameter can contain up to 50 characters.

RecipientName
string
required

Free text field to provide the recipient's name. The RecipientName parameter can contain up to 70 characters.

Amount
double

An optional parameter to indicate the amount of the transaction. The Amount parameter is required if the Currency parameter is provided.

Currency
string

An optional parameter to indicate the currency of the amount of the transaction. Currency should be provided in ISO 4217 (3-letter) format. The Currency parameter is required if the Amount parameter is provided. If the Currency parameter has an incorrect value, error code 401 BAD DATA will be returned.

CustomHeaderText
string

Free text to be displayed in the header of the message to the recipient. The CustomHeaderText parameter can contain up to 1000 characters.

If the RecipientName, Amount and Currency placeholders are not listed in the CustomHeaderText or in the portal customizations - however, they are provided in the other parameters of this request, the recipient name will be displayed under the header text area, and the amount and currency will be displayed under the recipient name.

CustomFooterText
string

Free text to be displayed in the footer of the message to the recipient. The CustomFooterText parameter can contain up to 1000 characters.

If the CustomerSupportEmail and CustomerSupportPhone placeholders are not listed in the CustomFooterText or in the portal customizations - however, they are provided in the other parameters of this request, the contact details will be displayed under the header text area.

CustomerSupportPhone
string

Free text to be displayed as the phone number displayed in the email message to the recipient and in the landing page. The CustomerSupportPhone parameter can contain up to 20 characters.

CustomerSupportEmail
string

Free text to be displayed in the email address displayed in the email message to the recipient and in the landing page. The CustomerSupportEmail parameter can contain up to 50 characters.

CustomerSupportLink
string

Free text to be displayed in the URL for customer support displayed in the email message to the recipient and in the landing page. The CustomerSupportLink parameter can contain up to 255 characters. The CustomerSupportLink parameter is required if the CustomerSupportLinkText parameter is provided.

CustomerSupportLinkText
string

Free text to be displayed in the display name of the URL for customer support displayed in the email message to the recipient and in the landing page. The CustomerSupportLinkText parameter can contain up to 100 characters. The CustomerSupportLinkText parameter is required if the CustomerSupportLink parameter is provided.

CompanyName
string

The name of the company sending the message
This field is required when sending a message as a SMS.

Success
string

The URL where a successful response will be redirected to. Read more on how to set up success / failure redirection pages.

Failure
string

The URL where a failed response will be redirected to. Read more on how to set up success / failure redirection pages.

ClientLogoURL
string

The URL to the logo that will be displayed in the COTP email and landing page.

  • If you prefer not to have a logo at all, please submit this parameter with a null value.
  • If the parameter is not supplied in the request, the logo displayed will be taken from the Booker information in our portal.
  • Images must be publically accessible, in HTTPS url with file type in one of the following: png, gif, bmp, jpeg or jpg.

  • LogoTitle
    string

    The title of the logo.

  • If not provided, the name of the booker (as set in our portal) will be used.
  • If you prefer that there will be no title to the logo image, please provide this parameter with a null value.
  • The LogoTitle can be up to 100 characters.

  • FaviconURL
    string

    The URL to the favicon that will be displayed in the COTP landing page.

  • If the parameter is not supplied in the request, the favicon displayed will be the browser default.
  • Images must be publically accessible, in HTTPS url in either ico or png format, size 1616 or 3232.

  • SiteTitle
    string

    The page title to be displayed. The SiteTitle can be up to 40 characters.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     

    Encoding URLs

    Since the URLs provided in this request are provided in the body of the message instead of in the request URL's query string, the URLs mentioned above should not be urlEncoded.

    Requests specific parameters vs account parameters

    The following parameters - CustomerSupportLink, CustomerSupportLinkText, CustomerSupportEmail and CustomerSupportPhone - can be provided either as specific values for each individual request, or their value can be retrieved from your account settings (as set in our portal).

    If specific values are provided in the request, they will override the values from the account and the specific values will be displayed in the card capture form.

    When submitted successfully, the response body will be blank and there will be a header added:

    • Location: The URI for the card request which can be referenced later to retrieve status or cancel.
    Suggest Edits

    Request to Send Card Security Code Capture Form to Recipient

    The request will trigger a message to be sent to the recipient (via email or text message) with a link to the card security code capture form.
    We recommend that you first review the guide for this method.

     
    posthttps://service.pcibooking.net/api/cardrequest/duplicate
    curl --request POST \
      --url https://service.pcibooking.net/api/cardrequest/duplicate \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'POST',
      url: 'https://service.pcibooking.net/api/cardrequest/duplicate',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/cardrequest/duplicate")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Post.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("POST", "https://service.pcibooking.net/api/cardrequest/duplicate");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/cardrequest/duplicate"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("POST", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    {
      
    }
    {
        "code": -179,
        "message": "Bad input parameter",
        "moreInfo": "Bad input data",
        "errorList": [
            "Bad json format"
        ]
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }

    Body Params

    SenderID
    string
    required

    The user ID of the booker

    OriginCardUri
    string
    required

    The card URI is the resource identifier for the card location within PCI Booking .

    Language
    string

    The form's language in ISO 639-1 (2-letter) format - see here. If an unsupported language is received, English will be displayed. Adding languages is simple to do through our user's control panel.

    Css
    string

    The CSS resource name. Please follow our guide on managing stylesheets. If no CSS is provided, PCI Booking will implement the default CSS.

    CallBackURL
    string

    A URL where the status of the request will be pushed to by PCI Booking.

    RequestTTL
    int32
    required

    The number of hours that the request will be valid for. Minimum 1 hour, maximum 24 hours.

    DestinationType
    string
    required

    Indicates how to send the link to the card capture form - by Email or by text message. Optional values are email and sms.

    Destination
    string
    required

    The destination of the message. Email address or a phone number. If providing a phone number, the number should be formatted as an international dial number: Country code + area code + phone number.

    SenderReference
    string

    A reference value which then can be used to query for this card token.

    Description
    string

    Free text field to provide a description of this request. The Description parameter can contain up to 50 characters.

    RecipientName
    string
    required

    Free text field to provide the recipient's name. The RecipientName parameter can contain up to 70 characters.

    Amount
    double

    An optional parameter to indicate the amount of the transaction. The Amount parameter is required if the Currency parameter is provided.

    Currency
    string

    An optional parameter to indicate the currency of the amount of the transaction. Currency should be provided in ISO 4217 (3-letter) format. The Currency parameter is required if the Amount parameter is provided. If the Currency parameter has an incorrect value, error code 401 BAD DATA will be returned.

    CustomHeaderText
    string

    Free text to be displayed in the header of the message to the recipient. The CustomHeaderText parameter can contain up to 1000 characters.

    If the RecipientName, Amount and Currency placeholders are not listed in the CustomHeaderText or in the portal customizations - however, they are provided in the other parameters of this request, the recipient name will be displayed under the header text area, and the amount and currency will be displayed under the recipient name.

    CustomFooterText
    string

    Free text to be displayed in the footer of the message to the recipient. The CustomFooterText parameter can contain up to 1000 characters.

    If the CustomerSupportEmail and CustomerSupportPhone placeholders are not listed in the CustomFooterText or in the portal customizations - however, they are provided in the other parameters of this request, the contact details will be displayed under the header text area.

    CustomerSupportPhone
    string

    Free text to be displayed as the phone number displayed in the email message to the recipient and in the landing page. The CustomerSupportPhone parameter can contain up to 20 characters.

    CustomerSupportEmail
    string

    Free text to be displayed in the email address displayed in the email message to the recipient and in the landing page. The CustomerSupportEmail parameter can contain up to 50 characters.

    CustomerSupportLink
    string

    Free text to be displayed in the URL for customer support displayed in the email message to the recipient and in the landing page. The CustomerSupportLink parameter can contain up to 255 characters. The CustomerSupportLink parameter is required if the CustomerSupportLinkText parameter is provided.

    CustomerSupportLinkText
    string

    Free text to be displayed in the display name of the URL for customer support displayed in the email message to the recipient and in the landing page. The CustomerSupportLinkText parameter can contain up to 100 characters. The CustomerSupportLinkText parameter is required if the CustomerSupportLink parameter is provided.

    Success
    string

    The URL where a successful response will be redirected to. Read more on how to set up success / failure redirection pages.

    Failure
    string

    The URL where a failed response will be redirected to. Read more on how to set up success / failure redirection pages.

    ClientLogoURL
    string

    The URL to the logo that will be displayed in the COTP email and landing page.

  • If you prefer not to have a logo at all, please submit this parameter with a null value.
  • If the parameter is not supplied in the request, the logo displayed will be taken from the Booker information in our portal.
  • Images must be publically accessible, in HTTPS url with file type in one of the following: png, gif, bmp, jpeg or jpg.

  • LogoTitle
    string

    The title of the logo.

  • If not provided, the name of the booker (as set in our portal) will be used.
  • If you prefer that there will be no title to the logo image, please provide this parameter with a null value.
  • The LogoTitle can be up to 100 characters.

  • FaviconURL
    string

    The URL to the favicon that will be displayed in the COTP landing page.

  • If the parameter is not supplied in the request, the favicon displayed will be the browser default.
  • Images must be publically accessible, in HTTPS url in either ico or png format, size 1616 or 3232.

  • SiteTitle
    string

    The page title to be displayed. The SiteTitle can be up to 40 characters.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     

    Encoding URLs

    Since the URLs provided in this request are provided in the body of the message instead of in the request URL's query string, the URLs mentioned above should not be urlEncoded.

    Requests specific parameters vs account parameters

    The following parameters - CustomerSupportLink, CustomerSupportLinkText, CustomerSupportEmail and CustomerSupportPhone - can be provided either as specific values for each individual request, or their value can be retrieved from your account settings (as set in our portal).

    If specific values are provided in the request, they will override the values from the account and the specific values will be displayed in the card capture form.

    When submitted successfully, the response body will be blank and there will be a header added:

    • Location: The URI for the card request which can be referenced later to retrieve status or cancel.

    Duplicate card warning

    Once the card owner enters the CVV code, the card details of the original token will be duplicated to a new token and the CVV data captured in this form will be added to the new token.
    It is your responsibility to clear the original token that was stored in PCI Booking. If this token is not cleared, it will be charged the monthly storage fee.

    Suggest Edits

    Retrieve a card data request

    The request will retrieve the card data request to check on its status.

    Below the reference you will find the possible status codes and their explanations.

    We recommend that you first review the guide for this method.

     
    gethttps://service.pcibooking.net/api/cardrequest/requestID/get
    curl --request GET \
      --url https://service.pcibooking.net/api/cardrequest/requestID/get \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'GET',
      url:
       'https://service.pcibooking.net/api/cardrequest/requestID/get',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/cardrequest/requestID/get")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Get.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("GET", "https://service.pcibooking.net/api/cardrequest/requestID/get");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/cardrequest/requestID/get"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("GET", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    {
       "CardTypes" : "Visa,MasterCard,AMEX",
       "DefaultCardType" : "AMEX",
       "ShowOwnerID" : false,
       "AutoDetectCardType" : true,
       "MinExpiration" : "082018",
       "CVV" : true,
       "RequestID" : "SULqe7pa22gghYDnX6O3J7QDMhyyUzNb",
       "CallBackURL" : "https://httpbin.org/post",
       "RequestTTL" : 22,
       "SenderReference" : "Refererfe",
       "Destination" : "[email protected]",
       "SenderID" : "Frodo",
       "Status" : "MessageQueued",
       "RequestType" : "Card",
       "StatusTime" : "2018-03-21T13:28:38",
       "DestinationType" : "Email",
       "CardUri" : null,
       "ShortUrl" : "SULqe7",
       "Css" : "TEst CSS",
       "CustomHeaderText" : "This is my header text<br/>Bla Bla Bla Bla Bla",
       "CustomFooterText" : "This is my Footer text<br/>Bla Bla Bla Bla Bla",
       "CustomerSupportPhone" : "97291231232",
       "CustomerSupportEmail" : "[email protected]",
       "CustomerSupportLink" : "http://www.mydomain.com/support",
       "CustomerSupportLinkText" : "Click for quick help",
       "Description" : "Request for Roee's reservation in Bora Bora",
       "RecipientName" : "Mr. Roee Dayan",
       "Amount" : 999.65,
       "Currency" : "USD",
       "Language" : "en"
    }
    {
       "CardTypes" : "Visa,MasterCard,AMEX",
       "DefaultCardType" : "AMEX",
       "ShowOwnerID" : false,
       "AutoDetectCardType" : true,
       "MinExpiration" : "082018",
       "CVV" : true,
       "RequestID" : "UPzpUmAj2NIRbciQCim3tHS0hZk7b2HE",
       "CallBackURL" : "https://httpbin.org/post",
       "RequestTTL" : 22,
       "SenderReference" : "Refererfe",
       "Destination" : "[email protected]",
       "SenderID" : "Frodo",
       "Status" : "CardStored",
       "RequestType" : "Card",
       "StatusTime" : "2018-03-21T12:53:28",
       "DestinationType" : "Email",
       "CardUri" : "https://service.pcibooking.net/api/payments/paycard/d919fe8ee51c4adbbbc22cef85e736a6",
       "ShortUrl" : "7inQGn",
       "Css" : "TEst CSS",
       "CustomHeaderText" : "This is my header text<br/>Bla Bla Bla Bla Bla",
       "CustomFooterText" : "This is my Footer text<br/>Bla Bla Bla Bla Bla",
       "CustomerSupportPhone" : "97291231232",
       "CustomerSupportEmail" : "[email protected]",
       "CustomerSupportLink" : "http://www.mydomain.com/support",
       "CustomerSupportLinkText" : "Click for quick help",
       "Description" : "Request for Roee's reservation in Bora Bora",
       "RecipientName" : "Mr. Roee Dayan",
       "Amount" : 999.65,
       "Currency" : "USD",
       "Language" : "en"
    }
    {
       "OriginCardUri" : "https://service.pcibooking.net/api/payments/paycard/7175f98744434ca89615b1cc86c69a45",
       "RequestID" : "pMdsvukESyaUIFuSBmvIufYtKjI0vOrj",
       "CallBackURL" : "https://httpbin.org/post",
       "RequestTTL" : 22,
       "SenderReference" : "Refererfe",
       "Destination" : null,
       "SenderID" : "Frodo",
       "Status" : "MessageSent",
       "RequestType" : "CVV",
       "StatusTime" : "2018-03-21T12:56:00",
       "DestinationType" : "SMS",
       "CardUri" : null,
       "ShortUrl" : "pMdsvu",
       "Css" : "TEst CSS",
       "CustomHeaderText" : "This is my header text<br/>Bla Bla Bla Bla Bla",
       "CustomFooterText" : "This is my Footer text<br/>Bla Bla Bla Bla Bla",
       "CustomerSupportPhone" : "97291231232",
       "CustomerSupportEmail" : "[email protected]",
       "CustomerSupportLink" : "http://www.mydomain.com/support",
       "CustomerSupportLinkText" : "Click for quick help",
       "Description" : "Request for Roee's reservation in Bora Bora",
       "RecipientName" : "Mr. Roee Dayan",
       "Amount" : 999.65,
       "Currency" : "USD",
       "Language" : "en"
    }
    {
       "OriginCardUri" : "https://service.pcibooking.net/api/payments/paycard/7175f98744434ca89615b1cc86c69a45",
       "RequestID" : "pMdsvukESyaUIFuSBmvIufYtKjI0vOrj",
       "CallBackURL" : "https://httpbin.org/post",
       "RequestTTL" : 22,
       "SenderReference" : "Refererfe",
       "Destination" : null,
       "SenderID" : "Frodo",
       "Status" : "CardStored",
       "RequestType" : "CVV",
       "StatusTime" : "2018-03-21T13:26:29",
       "DestinationType" : "SMS",
       "CardUri" : "https://service.pcibooking.net/api/payments/paycard/d4ffa09028a044d2ac0d8bada49b6502",
       "ShortUrl" : "pMdsvu",
       "Css" : "TEst CSS",
       "CustomHeaderText" : "This is my header text<br/>Bla Bla Bla Bla Bla",
       "CustomFooterText" : "This is my Footer text<br/>Bla Bla Bla Bla Bla",
       "CustomerSupportPhone" : "97291231232",
       "CustomerSupportEmail" : "[email protected]",
       "CustomerSupportLink" : "http://www.mydomain.com/support",
       "CustomerSupportLinkText" : "Click for quick help",
       "Description" : "Request for Roee's reservation in Bora Bora",
       "RecipientName" : "Mr. Roee Dayan",
       "Amount" : 999.65,
       "Currency" : "USD",
       "Language" : "en"
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }
    {
        "code": -160,
        "message": "Uri not found",
        "moreInfo": "Card request not found",
        "errorList": null
    }

    Path Params

    requestID
    string
    required

    The ID of the request in PCI Booking which was returned as the response of sending a new capture request

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     
    Method used Status Value Description
    Email / SMS Message queued MessageQueued Message was added to the PCI Booking queue.
    SMS Message sent MessageSent The message was sent to the recipient.
    SMS Message failed MessageFailed Message delivery to the recipient failed.
    SMS Message delivered MessageDelivered Message was successfully delivered to the recipient.
    Email / SMS Form viewed FormViewed Recipient viewed the capture form.
    Email / SMS Card stored CardStored The recipient has entered the card in the form and the credit card stored at PCI Booking.
    The status response will include a CardUri parameter which will contain the PCI Booking token.
    Email / SMS Link expired LinkExpired The link to the capture form has expired.
    Email / SMS Store Failed StoreFailed Capture form submission failed.

    Card Security Code Requests

    As a result of this form submission, the card details of the original token will be duplicated to a new token and the CVV data captured in this form will be added to the new token.
    It is your responsibility to clear the original token that was stored in PCI Booking. If this token is not cleared, it will be charged the monthly storage fee.

    CVV Retention Policy

    Once the status of the card request is CardStored, remember to set the CVV Retention Policy for this token.

    Suggest Edits

    Receive Request Status Via Callback

    We recommend that you first review the guide for this method.

     

    PCI Booking offers customers the ability to receive status notifications on card requests sent to a specific URL. The callback API should have the following signature. The callback will be sent each time there is a status change.

    • Parameters
      • RequestID: 9e4fac88bab14e01b5befe540 (string) - The ID of the request in PCI Booking.
      • LastNotifiedStatus: FormViewed (string) The request card status - see table below for full list of statuses and description.
      • LastNotifiedTime: 2017-11-12T14:38:14 (string) The time of the latest update.

    Once you have received the callback and the LastNotifiedStatus is CardStored, you should use the Retrieve a card data request method to retrieve the request details including the card token.

    Below is an example of the request body that will be sent to your callback application:

    {
    	"LastNotifiedStatus": "CardStored",
    	"RequestID": "uC1efRTOpU4p3hmhH7fbY3J6A9LYL3j5",
    	"LastNotifiedTime": "2017-12-19T20:07:32"
    }
    Method used Status Value Description
    Email / SMS Message queued MessageQueued Message was added to the PCI Booking queue.
    SMS Message sent MessageSent The message was sent to the recipient.
    SMS Message failed MessageFailed Message delivery to the recipient failed.
    SMS Message delivered MessageDelivered Message was successfully delivered to the recipient.
    Email / SMS Form viewed FormViewed Recipient viewed the capture form.
    Email / SMS Card stored CardStored The recipient has entered the card in the form and the credit card stored at PCI Booking.
    The status response will include a CardUri parameter which will contain the PCI Booking token.
    Email / SMS Link expired LinkExpired The link to the capture form has expired.
    Email / SMS Store Failed StoreFailed Capture form submission failed.

    Card Security Code Requests

    As a result of this form submission, the card details of the original token will be duplicated to a new token and the CVV data captured in this form will be added to the new token.
    It is your responsibility to clear the original token that was stored in PCI Booking. If this token is not cleared, it will be charged the monthly storage fee.

    CVV Retention Policy

    Once the status of the card request is CardStored, remember to set the CVV Retention Policy for this token.

    Suggest Edits

    Delete a card data request

    The request will delete the card data request. If a customer will try to click on a link of a request that has been deleted, they will receive an "invalid link" message.

    We recommend that you first review the guide for this method.

     
    posthttps://service.pcibooking.net/api/cardrequest/requestID/delete
    curl --request POST \
      --url https://service.pcibooking.net/api/cardrequest/requestID/delete \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'POST',
      url:
       'https://service.pcibooking.net/api/cardrequest/requestID/delete',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/cardrequest/requestID/delete")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Post.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("POST", "https://service.pcibooking.net/api/cardrequest/requestID/delete");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/cardrequest/requestID/delete"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("POST", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    {""}
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }
    {
        "code": -160,
        "message": "Uri not found",
        "moreInfo": "Card request not found",
        "errorList": null
    }

    Path Params

    requestID
    string
    required

    The ID of the request in PCI Booking which was received as the response of requesting to send the card form to the customer.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     
    Suggest Edits

    Manage Tokens Intro

     

    The following set of methods allows you to manage the card stokens that you stored within PCI Booking.

    The methods available to you are:

    Suggest Edits

    3D Secure Authentication

     

    3D Secure is a security protocol that is designed to provide an additional layer of security for online credit card and debit card transactions. As of September 2019, all merchants will be required to capture 3D secure authentication from the card owners in order to be compliant with PSD2.

    The following methods will allow you to manage the 3D secure authentication of a card token. These methods should be used in situations where the card details are retrieved from a third party who captured the card originally from the card owner.

    The available methods are:

    Suggest Edits

    Store 3D tokens to a Paycard

    This method lets users store 3D tokens that were retrieved from a third party within the card token.

     
    puthttps://service.pcibooking.net/api/payments/paycard/cardToken/3dToken
    {  
       "eci":"12",
       "AuthenticationValue":"1234567890",
       "Indication":"Authenticated"
    }
    A binary file was returned

    You couldn't be authenticated

    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY or Temp Session or One-Time Accesss Token",
        "errorList": null
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Merchant or Owner are not associated with bank card [{{Token}] userID: SoBookIt",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.
    For example, 2821a46d80e14d1b96a7f18f1b81926d.

    Body Params

    eci
    string

    The Electronic Commerce Indicator (eci) value. e.g 12

    AuthenticationValue
    string

    The cardholder's Authentication Verification Value (AVV). e.g. 1234567890

    Indication
    string
    required

    The 3D secure authentication decision. The parameter will accept: Authenticated or Rejected

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     
    Suggest Edits

    Retrieve 3D tokens for a Paycard

    The method will retrieve the 3D authentication token of the specified card token.
    Note that this information can also be retrieved through the Retrieve a Paycard Metadata method.

     
    gethttps://service.pcibooking.net/api/payments/paycard/cardToken/3dToken
    curl --request GET \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/3dToken \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'GET',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/3dToken',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/3dToken")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Get.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/cardToken/3dToken");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/3dToken"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("GET", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    {  
       "token":"  0f297c03acea46d89e3c50d21cb507f5 ",
       "eci":"12",
       "AuthenticationValue":"1234567890",
       "Indication":"Authenticated"
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.
    For example, 2821a46d80e14d1b96a7f18f1b81926d.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.<br>For example,APIKEY bd3ce883352e42539a2b7644f72e6311`.

     
    Suggest Edits

    Delete 3D tokens for a paycard

    This method lets users delete the 3D authentication token stored for the specified card token.
    Please note that deleting the 3D authentication tokens will have no effect on the card token itself. To delete the card token, you will need to use the Delete Paycard method.

     
    deletehttps://service.pcibooking.net/api/payments/paycard/cardToken/3dToken
    curl --request DELETE \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/3dToken \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'DELETE',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/3dToken',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/3dToken")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Delete.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken/3dToken");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/3dToken"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("DELETE", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    ""
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "User is not the owner of this bank card",
        "errorList": null
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.
    For example, 2821a46d80e14d1b96a7f18f1b81926d.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     

    Deleting a card is permanent and cannot be undone.

    Suggest Edits

    CVV Retention Policy

    We recommend that you first review the guide for this method.

     

    The following methods allow you to manage the CVV Retention Policy:

    Method
    Explanation

    Allows you to set the CVV retention for a token.

    Allows you to retrieve the CVV Retention Policy for a token and see your progress within the restrictions.

    Allows you to delete the CVV Retention Policy for a token.
    By deleting the existing CVV Retention Policy, the card token will use the default CVV Retention Policy.

    Suggest Edits

    Set CVV Retention Policy

    This method allows you to set the CVV retention for a token.
    This method supports submitting the request with a body in both JSON (default) and XML formats.

    We recommend that you first review the guide for this method.

     
    puthttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction
    curl --request PUT \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'PUT',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Put.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("PUT", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("PUT", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    {""}
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }
    {
        "code": -179,
        "message": "Bad input parameter",
        "moreInfo": "Bad input data",
        "errorList": [
            "Unrecognized DestinationType in json request"
        ]
    }
    {
        "code": -179,
        "message": "Bad input parameter",
        "moreInfo": "Bad input data",
        "errorList": [
            "Invalid Host name"
        ]
    }
    {
        "code": -179,
        "message": "Bad input parameter",
        "moreInfo": "Bad input data",
        "errorList": [
            "CvvEndRetentionDate is invalid"
        ]
    }
    {
        "code": -1010,
        "message": "Resource is locked for updates",
        "moreInfo": "This card does not have a Cvv",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.

    Body Params

    CvvEndRetentionDate
    string
    required

    The CVV retention period end date and time. The format is YYYY-MM-DD HH:MM:SS.
    Validation: end date is not more than 48 months from token creation date and time.

    CvvRetentionPolicyList
    array of objects

    An array of destination whitelists. You can set up to 50 different destinations. For each destination, you can set the type of destination it is and the number of times the card, including the CVV, can be sent to this destination.
    Read more on possible values for destination type and destination Data

    DestinationType
    DestinationData
    Quota
    DeleteCardUponCVVCleanup
    boolean

    Indicates whether the full card details should be deleted when the CVV retention period is over.
    If field is not present in the request, default is False.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

    Content-Type
    string

    The body of this request is, by default, in JSON format. You can provide the Content-Type header and specify the value as application/xml in order to submit the request body in a XML format.

     

    Below are several examples of the message body used for setting the CVV retention policy.
    The first example shows how to use each one of the destinationTypes in XML format.
    The second example shows the minimal request body in XML format.
    The third example shows the minimal request body in JSON format.

    <?xml version="1.0"?>
    <CardCvvRetentionPolicy>
        <CvvEndRetentionDate>2018-01-19T11:58:00</CvvEndRetentionDate>
        <DeleteCardUponCvvCleanup>true</DeleteCardUponCvvCleanup>
        <CvvRetentionPolicyList>
            <CvvRetentionPolicyDestination>
                <DestinationType>HostName</DestinationType>
                <DestinationData>httpbin.org</DestinationData>
                <Quota>10</Quota>
                <Usage>0</Usage>
            </CvvRetentionPolicyDestination>
            <CvvRetentionPolicyDestination>
                <DestinationType>Owner</DestinationType>
                <DestinationData />
                <Quota>23</Quota>
            </CvvRetentionPolicyDestination>
            <CvvRetentionPolicyDestination>
                <DestinationType>OtherMerchant</DestinationType>
                <DestinationData>RoeeExcel9</DestinationData>
                <Quota>30</Quota>
            </CvvRetentionPolicyDestination>
            <CvvRetentionPolicyDestination>
                <DestinationType>SFTP</DestinationType>
                <DestinationData>127.0.0.1</DestinationData>
                <Quota>43</Quota>
            </CvvRetentionPolicyDestination>
            <CvvRetentionPolicyDestination>
                <DestinationType>OtherUser</DestinationType>
                <DestinationData>RoeeBlat</DestinationData>
                <Quota>50</Quota>
            </CvvRetentionPolicyDestination>
        </CvvRetentionPolicyList>
    </CardCvvRetentionPolicy>
    <?xml version="1.0"?>
    <CardCvvRetentionPolicy>
        <CvvEndRetentionDate>2020-05-11T11:37:54</CvvEndRetentionDate>
        <CvvRetentionPolicyList>
        </CvvRetentionPolicyList>
    </CardCvvRetentionPolicy>
    {
      "CvvEndRetentionDate": "2020-12-12 12:32:45",
      "CvvRetentionPolicyList": []
    }
    Suggest Edits

    Get CVV Retention Policy

    This method allows you to retrieve the CVV Retention Policy for a token and see your progress within the restrictions.
    This method supports providing the response in both JSON (default) and XML formats.

    We recommend that you first review the guide for this method.

     
    gethttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction
    curl --request GET \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'GET',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Get.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("GET", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    {
        "CvvEndRetentionDate": "2021-12-12T12:32:45",
        "DeleteCardUponCvvCleanup": "true",
        "CvvRetentionPolicyList": [
            {
                "CvvDestinationUsage": 0,
                "DestinationType": "HostName",
                "DestinationData": "httpbin.org",
                "Quota": 10
            },
          {...}
        ]
    }
    {
        "CvvEndRetentionDate": "2018-01-12T20:02:26",
        "CvvRetentionPolicyList": []
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "User is not the owner of this bank card",
        "errorList": null
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

    Accept
    string

    The response of this method is, by default, in JSON format. You can provide the Accept header and specify the value as application/xml in order to receive the response in a XML format.

     

    The response body will be the same structure of the request body to Set CVV Retention Policy. There will be an additional field called CvvDestinationUsage to indicate, per destination, how many times the CVV has been relayed to that destination already.

    Below is a full example of the XML body that is returned when retrieving the CVV restriction policy. This example demonstrates all of the destinationTypes.

    <?xml version="1.0"?>
    <CvvRetentionPolicy>
        <CvvEndRetentionDate>2018-01-19T11:58:00</CvvEndRetentionDate>
        <CvvRetentionPolicyList>
            <CvvRetentionPolicyDestinationUsage>
                <DestinationType>HostName</DestinationType>
                <DestinationData>httpbin.org</DestinationData>
                <Quota>10</Quota>
                <Usage>0</Usage>
            </CvvRetentionPolicyDestinationUsage>
            <CvvRetentionPolicyDestinationUsage>
                <DestinationType>Owner</DestinationType>
                <DestinationData />
                <Quota>23</Quota>
                <Usage>0</Usage>
            </CvvRetentionPolicyDestinationUsage>
            <CvvRetentionPolicyDestinationUsage>
                <DestinationType>OtherMerchant</DestinationType>
                <DestinationData>RoeeExcel9</DestinationData>
                <Quota>30</Quota>
                <Usage>0</Usage>
            </CvvRetentionPolicyDestinationUsage>
            <CvvRetentionPolicyDestinationUsage>
                <DestinationType>SFTP</DestinationType>
                <DestinationData>127.0.0.1</DestinationData>
                <Quota>43</Quota>
                <Usage>0</Usage>
            </CvvRetentionPolicyDestinationUsage>
            <CvvRetentionPolicyDestinationUsage>
                <DestinationType>OtherUser</DestinationType>
                <DestinationData>RoeeBlat</DestinationData>
                <Quota>50</Quota>
                <Usage>0</Usage>
            </CvvRetentionPolicyDestinationUsage>
        </CvvRetentionPolicyList>
    </CvvRetentionPolicy>
    Suggest Edits

    Get CVV Retention Policy for a specific destination type and data

    This method allows you to retrieve the CVV Retention Policy regarding a specific destination type and data for a token and see your progress within the restrictions.

    We recommend that you first review the guide for this method.

     
    gethttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData
    curl --request GET \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'GET',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Get.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("GET", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    {
        "CvvDestinationUsage": 0,
        "DeleteCardUponCvvCleanup": "true",
        "DestinationType": "HostName",
        "DestinationData": "httpbin.org",
        "Quota": 10
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "User is not the owner of this bank card",
        "errorList": null
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.

    DestinationType
    string
    required

    The destination type that you are looking for.
    Read more on possible values for destination type and destination Data

    DestinationData
    string
    required

    The applicable data for this destination type.
    Read more on possible values for destination type and destination Data

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     

    The response body will be the same structure of the destination object in the request body to Set CVV Retention Policy. There will be an additional field called CvvDestinationUsage to indicate, per destination, how many times the CVV has been relayed to that destination already.

    Suggest Edits

    Delete CVV Retention Policy

    This method allows you to delete the current CVV Retention Policy for a token.
    By deleting the existing CVV Retention Policy, the card token will use the system-wide default CVV Retention Policy.

    We recommend that you first review the guide for this method.

     
    deletehttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction
    curl --request DELETE \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'DELETE',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Delete.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("DELETE", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    {
    
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "User is not the owner of this bank card",
        "errorList": null
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     

    CVV policy after deletion

    When using this method, the entire CVV retention policy will be deleted. The card token will then be assigned the default system-wide retention policy.

    Suggest Edits

    Delete CVV Retention Policy for a specific Destination Type

    This method allows you to delete the CVV Retention Policy of a specific destination type for a token.
    By deleting the existing CVV Retention Policy of this destination, the remaining policy will be unaffected and will still be applied.

    We recommend that you first review the guide for this method.

     
    deletehttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType
    curl --request DELETE \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'DELETE',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Delete.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("DELETE", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    {
    
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "User is not the owner of this bank card",
        "errorList": null
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.

    DestinationType
    string
    required

    The destination type that you are looking for.
    Read more on possible values for destination type and destination Data

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     

    CVV policy after deletion

    When using this method, only those destinations of the type provided will be deleted.
    If the CVV retention policy includes other destinations, those will remain applicable. If there are no other destinations in the retention policy, PCI Booking will follow the rules pertaining to destinations in the default system-wide retention policy.

    Suggest Edits

    Delete CVV Retention Policy for a specific Destination Type / Destination Data combination

    This method allows you to delete the CVV Retention Policy of a specific combination of destination type and destination data for a token.
    By deleting the existing CVV Retention Policy of this destination, the remaining policy will be unaffected and will still be applied.

    We recommend that you first review the guide for this method.

     
    deletehttps://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData
    curl --request DELETE \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'DELETE',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Delete.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/cvv/Restriction/DestinationType/DestinationData"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("DELETE", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    {
    
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "User is not the owner of this bank card",
        "errorList": null
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.

    DestinationType
    string
    required

    The destination type that you are looking for.
    Read more on possible values for destination type and destination Data

    DestinationData
    string
    required

    The applicable data for this destination type.
    Read more on possible values for destination type and destination Data

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     

    CVV policy after deletion

    When using this method, only the destination that matches the type and data provided will be deleted.
    If the CVV retention policy includes other destinations, those will remain applicable. If there are no other destinations in the retention policy, PCI Booking will follow the rules pertaining to destinations in the default system-wide retention policy.

    Suggest Edits

    Delete Paycard

    This method deletes the card data stored in PCI Booking.
    We recommend that you first review the guide for this method.

     
    deletehttps://service.pcibooking.net/api/payments/paycard/cardToken
    curl --request DELETE \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'DELETE',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Delete.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("DELETE", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    ""
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "User is not the owner of this bank card",
        "errorList": null
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.
    For example, 2821a46d80e14d1b96a7f18f1b81926d.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     

    Deleting a card is permanent and cannot be undone.

    Suggest Edits

    Duplicate Paycard

    This method enables duplication of a card to a new card, optionally adding a CVV, and specifying the e-commerce site association and creator reference.
    We recommend that you first review the guide for this method.

     
    posthttps://service.pcibooking.net/api/payments/paycard/duplicate
    curl --request POST \
      --url 'https://service.pcibooking.net/api/payments/paycard/duplicate?cardUri=cardUri'
    var request = require("request");
    
    var options = { method: 'POST',
      url:
       'https://service.pcibooking.net/api/payments/paycard/duplicate',
      qs: { cardUri: 'cardUri' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/duplicate?cardUri=cardUri")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Post.new(url)
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard/duplicate?cardUri=cardUri");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/duplicate"
    
    querystring = {"cardUri":"cardUri"}
    
    response = requests.request("POST", url, params=querystring)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    <?xml version='1.0' encoding='utf-8'?>
    <BankCard>
        <Type>Visa</Type>
        <Number>491891******5005</Number>
        <NameOnCard>Juan Dela Cruz</NameOnCard>
        <ExpirationDate>
            <Month>07</Month>
            <Year>2020</Year>
        </ExpirationDate>
        <IssueNumber>2</IssueNumber>
    </BankCard>
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY or Temp Session or One-Time Accesss Token",
        "errorList": null
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Merchant or Owner are not associated with bank card [{{Token}] userID: SoBookIt",
        "errorList": null
    }

    Query Params

    cardUri
    string
    required

    The card URI is the resource identifier for the card location within PCI Booking.
    For example https://service.pcibooking.net/api/payments/paycard/865ed8bec1f84366b97112a69cdbf915

    Please note, the card URI should be URL encoded.

    cvv
    string

    Security code, as returned from the iFrame, or other sources. If the CVV is not entered the new token will not contain any CVV.

    ref
    string

    A reference value which then can be used to query for this card token.

    merchant
    string

    The Property's Username (user ID), found within PCI Booking (under "Property settings"), which has been given permission to view the card. Please note: The owner (Booker) has permission to view the card.

    sessionToken
    string

    Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

    accessToken
    string

    Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

    Headers

    Authorization
    string

    Optional authentication method, you can use APIKEY authentication (in the format of APIKEY {value}) if not providing other authentication methods.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     

    Once the Duplicate Paycard method has bee completed successfully, a new card token will be created and the token URI will be returned in the response header Location.

    The result of this process would be that there are two card tokens in PCI Booking for the same card.
    It is your responsibility to delete one of them in order to avoid getting charged for storage for both tokens.

    Access Token Vs. Session Token

    Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

    Multiple Authentication Methods allowed

    This method accepts multiple forms of authentication methods (API Key, Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

    CVV Retention Policy

    Remember to set the CVV Retention Policy for this token.

    Suggest Edits

    Manage CVV

     

    Customers can manage the CVVs stored with the tokens. You can use the following methods:

    CVV Retention Policy

    If you are planning on storing CVV values alongside with the card details, you need to consider using the CVV Retention Policy to ensure that CVV values are stored only for the specific amount of time necessary and are available to those that need it.

    Suggest Edits

    Clear CVV

    This method deletes CVV information from card data stored in PCI Booking's memory.
    We recommend that you first review the guide for this method.

     
    posthttps://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv
    curl --request POST \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv
    var request = require("request");
    
    var options = { method: 'POST',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv' };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Post.new(url)
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("POST", "https://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/op/clearcvv"
    
    response = requests.request("POST", url)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    ""
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY or Temp Session or HTTP Basic or One-Time Accesss Token",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.
    For example: 2821a46d80e14d1b96a7f18f1b81926d.

    Query Params

    sessionToken
    string

    Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

    accessToken
    string

    Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

    Headers

    Authorization
    string

    Optional authentication method, you can use APIKEY authentication (in the format of APIKEY {value}) if not providing other authentication methods.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     

    Access Token Vs. Session Token

    Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

    Providing both Access Token and Session Token in the same request

    If both Session Token and Access Token are listed in the request's query string parameters, the Session Token will take precedence.

    Suggest Edits

    Request a Card Security Code Entry Form

    This method lets you create a PCI Booking Card Security Code Entry form for capturing credit card CVV data within an e-commerce site. Apply the method from the user's browser, typically in an iFrame "src" tag.
    We recommend that you first review the guide for this method.

     
    gethttps://service.pcibooking.net/api/payments/cvvcapturecard
    curl --request GET \
      --url 'https://service.pcibooking.net/api/payments/cvvcapturecard?brand=brand&cardUri=cardUri&language=language'
    var request = require("request");
    
    var options = { method: 'GET',
      url: 'https://service.pcibooking.net/api/payments/cvvcapturecard',
      qs:
       { brand: 'brand',
         cardUri: 'cardUri',
         language: 'language' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/cvvcapturecard?brand=brand&cardUri=cardUri&language=language")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Get.new(url)
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("GET", "https://service.pcibooking.net/api/payments/cvvcapturecard?brand=brand&cardUri=cardUri&language=language");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/cvvcapturecard"
    
    querystring = {"brand":"brand","cardUri":"cardUri","language":"language"}
    
    response = requests.request("GET", url, params=querystring)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    HTML content of form

    Query Params

    sessionToken
    string

    Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

    accessToken
    string

    Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

    brand
    string
    required

    The brand parameter should be used to provide your identification to the PCI Booking system. This would be your username to PCI Booking.

    cardUri
    string
    required

    The card URI is the resource identifier for the card location within PCI Booking.

    language
    string
    required

    The form's language in ISO 639-1 (2-letter) format - see here. If an unsupported language is received, English will be displayed. Adding languages is simple - simply contact our support team.

    css
    string

    The CSS resource name. Please follow our guide on managing stylesheets. If no CSS is provided, PCI Booking will implement the default CSS.

    removeBaseCss
    boolean

    Indication whether to use the PCI Booking base CSS or not. Note: using the base CSS will not collide with the e-commerce site's CSS. true," to remove the PCI Booking base CSS. false," to use the PCI Booking base CSS.

    success
    string

    The URL where a successful response will be redirected to. Read more on how to set up success / failure redirection pages.

    failure
    string

    The URL where a failed response will be redirected to. Read more on how to set up success / failure redirection pages.

    submitWithPostMessage
    boolean

    Indicates whether to include the PCI Booking submit button or not. Removing the PCI Booking submit button will limit the e-commerce site to use its own site button to collect reservation information and card information. true: will not include the submit button. false: will include the submit button. Read more on how to set up the postMessage mechanism.

    autoFocus
    boolean

    Indicates whether the iframe should be in focus when the parent page loads. If true, the focus will be on the card security code field.

    postMessageHost
    string

    An optional value to provide the domain name of the host site where the iframe is displayed in.

    creatorReference
    string

    A reference value which then can be used to query for this card token.

     

    The response of calling this method is the HTML content of the Card Security Code Capture Form itself (Click here for an example of the content). You can use the request URL either as the page URL that a customer is directed to or as the source URL of an iframe element on your page.

    Access Token Vs. Session Token

    Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

    Multiple Authentication Methods allowed

    This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

    All URLs should be https.

    Please note to urlEncode all components!

    Duplicate Card Token

    As a result of this form submission, the card details of the original token will be duplicated to a new token and the CVV data captured in this form will be added to the new token.
    It is your responsibility to clear the original token that was stored in PCI Booking. If this token is not cleared, it will be charged the monthly storage fee.

    CVV Retention Policy

    Remember to set the CVV Retention Policy for this token.

    Suggest Edits

    HTML code of Card Security Code Capture Form

     

    The result of requesting the Card Security Code Entry Form will be a similar HTML format:

    <!DOCTYPE html>
    <html xmlns="http://www.w3.org/1999/xhtml">
        <head>
            <title>Card</title>
            <meta name="viewport" content="width=device-width, maximum-scale=1.0, minimum-scale=1.0, initial-scale=1.0" />
            <link rel="stylesheet" href="/Css/font-awesome-4.4.0/css/font-awesome.min.css">
            <link href="/Css/capture-ltr.css?v=1.00" rel="stylesheet" type="text/css" />
        </head>
        <body>
            <div class="card-container">
                <form id="frmCardPayment" action="">
                    <fieldset>
                        <label class="form-label">
                        CVV
                        
                            <i class="fa fa-question-circle tooltip cvvframe-cvv-tooltip" popuptip='The card security code is a unique three or four-digit number printed on your debit/credit card.'></i>
                        </label>
                        <input type="text" id="cardCvv" name="cardCvv" class="form-input required" maxlength="3" placeholder="Card security code"/>
                    </fieldset>
                    <div class="button">
                        <input type="submit" value="Submit" id="card-enter" class="required" />
                    </div>
                </form>
            </div>
            <div id="throbber" class="overlay" style="visibility: hidden; opacity: 1;"></div>
            <div class="throbberBox" style="visibility: hidden; opacity: 1;">
                <div class="loader"></div>
                <h2>Processing</h2>
            </div>
            <script src="/bundles/card-cvv-capture?v=vU0dCMABiBwR5fpunENGXHR7TMap4htoFLZIZptscug1"></script>
            <script>
            var messages = {};
            messages.require = 'This field is required.';
            messages.invalidCVV = 'Please enter a valid cvv number.';
            cardCvvCapture.init('https%3a%2f%2fservice.pcibooking.net%2fapi%2fpayments%2fpaycard%2fe0006bee98ed4da9abd36864f1635c71', messages, 'https://cs_demo.pcibooking.net:443/tester/Success.aspx?sessionToken={sessionToken}&cardToken={cardToken}&cardType={cardType}&cardNumber={cardNumber}&cvv={cvv}&expiration={expiration}&cardHolderName={cardHolderName}', 'https://cs_demo.pcibooking.net:443/tester/Failure.aspx', false, 'Visa', 'https://service.pcibooking.net');
        </script>
        </body>
    </html>
    Suggest Edits

    Manage token association with properties

     

    The following methods allow you to manage the association of tokens with properties that you manage in your account in PCI Booking.

    The available methods are:

    Suggest Edits

    Associate Paycard with a Property

    Associate a token with a specific property, from the list of properties managed in your PCI Booking account, in order to allow the property to view the card via the managed card display form.
    A token can be associated with multiple properties.
    We recommend that you first review the guide for this method.

     
    puthttps://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID
    curl --request PUT \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'PUT',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Put.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("PUT", "https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("PUT", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    ""
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "User is not the owner of this bank card",
        "errorList": null
    }
    {
        "code": -125,
        "message": "Bad input data",
        "moreInfo": "Could not find a valid user",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.

    merchantID
    string
    required

    The MerchantID is the user ID of the property you wish to associate the token with.
    The user ID for the property can be found under "Property settings" in our user's site.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     
    Suggest Edits

    Disassociate Paycard from a Property

    Disassociate a paycard from the merchant ID, specified in the URI. After dissociation, the merchant will not longer be authorized to view the card data.
    We recommend that you first review the guide for this method.

     
    deletehttps://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID
    curl --request DELETE \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'DELETE',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Delete.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("DELETE", "https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/merchant/merchantID"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("DELETE", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    ""
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }
    {
        "code": -125,
        "message": "Bad input data",
        "moreInfo": "Could not find a valid merchant SoBookIt for SoBookIt",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.
    For example, 2821a46d80e14d1b96a7f18f1b81926d.

    merchantID
    string
    required

    The MerchantID is the user ID of the property that you wish to disassociate the token with.
    The user ID for the property can be found under "Property settings" in our user's site.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     
    Suggest Edits

    Get A List Of Associated Merchants (Properties)

    Retrieve a list of all properties associated with this token.
    We recommend that you first review the guide for this method.

     
    gethttps://service.pcibooking.net/api/payments/paycard/cardToken/merchants
    curl --request GET \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/merchants \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'GET',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/merchants',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/merchants")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Get.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("GET", "https://service.pcibooking.net/api/payments/paycard/cardToken/merchants");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/merchants"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("GET", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated

    [
        "AutoTPCIBiflxSAlt1"
    ]
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "Bad or missing authorization data, expected APIKEY",
        "errorList": null
    }
    {
        "code": -1003,
        "message": "Not authorized to access this resource",
        "moreInfo": "User is not the owner of this bank card",
        "errorList": null
    }
    {
        "code": -125,
        "message": "Bad input data",
        "moreInfo": "Could not find a valid user",
        "errorList": null
    }

    Path Params

    cardToken
    string
    required

    The token ID as returned by one of the tokenization methods.

    Headers

    Authorization
    string
    required

    The authorization mechanism for this method is with the API key in the format of APIKEY {value}.
    For example, APIKEY bd3ce883352e42539a2b7644f72e6311.

     

    The successful response to this message will include an array of IDs that are associated with this token.

    Suggest Edits

    Manage token association with PCI Booking customers

     

    The following methods allow you to manage the association of tokens with other PCI Booking customers.

    The available methods are:

    Suggest Edits

    Associate Paycard with a PCI Booking Customer

    Associate a token with a specific PCI Booking customer in order to allow the other customer to perform actions on this token.
    A token can be associated with multiple customers.
    We recommend that you first review the guide for this method.

     
    puthttps://service.pcibooking.net/api/payments/paycard/cardToken/user/userID
    curl --request PUT \
      --url https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID \
      --header 'authorization: Authorization'
    var request = require("request");
    
    var options = { method: 'PUT',
      url:
       'https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID',
      headers: { authorization: 'Authorization' } };
    
    request(options, function (error, response, body) {
      if (error) throw new Error(error);
    
      console.log(body);
    });
    
    require 'uri'
    require 'net/http'
    
    url = URI("https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID")
    
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    
    request = Net::HTTP::Put.new(url)
    request["authorization"] = 'Authorization'
    
    response = http.request(request)
    puts response.read_body
    var data = JSON.stringify(false);
    
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    
    xhr.addEventListener("readystatechange", function () {
      if (this.readyState === this.DONE) {
        console.log(this.responseText);
      }
    });
    
    xhr.open("PUT", "https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID");
    xhr.setRequestHeader("authorization", "Authorization");
    
    xhr.send(data);
    import requests
    
    url = "https://service.pcibooking.net/api/payments/paycard/cardToken/user/userID"
    
    headers = {'authorization': 'Authorization'}
    
    response = requests.request("PUT", url, headers=headers)
    
    print(response.text)
    A binary file was returned

    You couldn't be authenticated