Response Content Format
PCI Booking supports responses in both JSON and XML. Set theAccept header to control the format:
JSON Conventions
- DateTime fields use ISO 8601 format
- Enum values are serialized as strings
Currency Format
Currency codes follow the ISO 4217 standard (e.g.,USD, EUR, GBP).
Message Compression
PCI Booking supports response compression in gzip and deflate formats. If your request includes anAccept-Encoding header, PCI Booking compresses the response accordingly. Make sure your client can decompress the format(s) you request.
Accept-Encoding header, responses are returned uncompressed.
Tokenization Errors and Warnings
When performing tokenization via Tokenization on Request, Tokenization on Response, or Universal Tokenization, PCI Booking may encounter cards that cannot be tokenized. In these cases, card data is relayed as-is and the reason is returned in a response header.Only valid, non-expired cards are tokenized. Card data with incorrect numbers or past expiry dates does not fall under PCI compliance and is not tokenized.
Error Header
When a card fails tokenization, the reason appears in theX-pciBooking-Tokenization-Errors header.
If the message contains multiple cards, errors are separated by double semicolons (;;). The position in the list matches the card’s position in the message. Successfully tokenized cards have an empty entry.
Example with 3 cards where the second fails:
Warning Header
AX-pciBooking-Tokenization-Warnings header is added when a card was tokenized but some information is mismatched. Most common with Tokenization on Request.
Gateway Request Headers
When PCI Booking relays requests through the gateway (token replacement), it adds the following headers to the outbound request. See Gateway Request Headers for details.Supported File Types for FTP Transfer
When using File Transfer Token Replacement or File Transfer Tokenization, PCI Booking supports:Pagination
Some list and search endpoints return paginated results. PCI Booking uses offset-based pagination with two parameters:
Both use zero-based offsets. To page through results, increment the offset by the number of items returned:
System Limits
CVV Storage
PCI compliance requires that CVV cannot be stored indefinitely. CVV can only be stored until it is “used,” with the definition varying by workflow. PCI Booking enforces this through a CVV Retention Policy that lets you set relay restrictions and storage period limits.Card Storage
PCI Booking does not limit how long cards can be stored. Cards remain in the system as long as needed, regardless of expiration date. You can delete cards on demand or automatically as part of the CVV retention policy.Password Character Set
Passwords for PCI Booking portal accounts accept alphanumeric characters plus these symbols:! " # $ % & ' ( ) * + , - . / ; < = > ? @ [ \ ] and space.
