This endpoint lets you request a secure card display for any cardholder. You submit the card token, their email and phone number, and how long the link should stay valid. PCI Booking handles the email, SMS, and verification—you just need to make one API call.
For more details, read our guide.
Workflow Details
When you submit a request, PCI Booking validates everything, generates a unique ID, and sends the email immediately (usually within 1-2 minutes). The email contains the link, a greeting with the viewer name, and basic instructions. The link includes your request ID and language parameter.
When the cardholder clicks the link, we verify the request exists and hasn't expired. They enter their phone number, which we validate and format. If it looks good, we generate a 6-digit code and send it via SMS. The code expires in 10 minutes, and there's a countdown timer on the screen. When they enter all 6 digits, we automatically verify it. After verification, they see the card details—card number (first 4 and last 4 visible), cardholder name, expiration, CVV if enabled, and card type. That session stays active for 15 minutes.