HomeGuideMethod ReferenceAssess YourselfRequest Sandbox Account
Method Reference
Ask For AssistanceLogin

Request a Card Entry Form

get
https://service.pcibooking.net/api/payments/capturecard

This method lets you create a PCI Booking Card Entry form for capturing credit card data within an e-commerce site. Apply the method from the user's browser, typically in an iFrame "src" tag.
We recommend that you first review the guide for this method.

The response of calling this method is the HTML content of the Card Capture Form itself (Click here for an example of the content). You can use the request URL either as the page URL that a customer is directed to or as the source URL of an iframe element on your page.

🚧

3D Secure challenge timeout

Please note that if you enable 3DS processing during card capture, the 3DS challenge window will have a 5 minute timeout period. If the card owner does not submit the response to the 3DS challenge within that timeframe, their authentication will be rejected.

📘

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

📘

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

📘

All URLs should be https.

📘

Please note to urlEncode all components!

📘

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

❗️

Custom Merchant Information

Please do not use the merchantName parameter in the request unless you have followed our guide on managing merchant information for 3D Secure authentication as this may cause problems in your 3DS processing.

If you plan to use the PCI Booking merchant information for 3DS Authentication, please set "ThreeDs" as True and "merchantName" blank.
Please note that the PCI Booking merchant can only be used to perform 3D Secure authentication on Visa and Mastercard cards.

📘

Complying with Visa 3DS Authentication requirements

As of August 12th 2024, Visa requires all merchants performing 3D Secure authentication to send additional information for the purpose of the authentication. Many of these additional details are sent automatically, in the background, by our system, but there are some parameters that you will need to provide PCI Booking in your request - you would need to provide either the email address or the phone number of the person you are authenticating.

You will find two new additional parameters in this request to provide these values.

If you are using 3DS authentication, you MUST provide at least one of these values.

Query Params
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

string
required

The brand parameter should be used to provide your identification to the PCI Booking system. This would be your username to PCI Booking.

string
required

The form's language in ISO 639-1 (2-letter) format - see here. If an unsupported language is received, English will be displayed. Adding languages is simple - simply contact our support team.

string

The CSS resource name. Please follow our guide on managing stylesheets. If no CSS is provided, PCI Booking will implement the default CSS.

boolean
Defaults to false

Will be used to determine whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.

boolean
Defaults to false

Indication whether to use the PCI Booking base CSS or not. Note: using the base CSS will not collide with the e-commerce site's CSS. true," to remove the PCI Booking base CSS. false," to use the PCI Booking base CSS.

string

Minimum expiration month/year parameter. Format: mmyyyy. The expiration validation will be checked vs. the minimum expiration date. The expiration date must be a valid date, in the specified format. Use case: Used when the card expiration should be later than a check-in date.

boolean
Defaults to false

Indication whether to use card detection according to card number or not. true: use card detection. false: do not use card detection. There will be a drop down menu, indicating the card type.

string

Indicates which of the card types will be set as default in the card drop down menu.

string

The URL where a successful response will be redirected to. Read more on how to set up success / failure redirection pages.
While it is not required to specify a success URL value, we strongly recommend it so that you can receive the card token details for your records.

string

The URL where a failed response will be redirected to. Read more on how to set up success / failure redirection pages.

string
Defaults to false

Will be displayed in the form (required in some countries). true: include the field. false: exclude the field.

string

An optional parameter, which will limit the list of card types. If it is omitted, or if no valid card types are found, all types of cards will be displayed.

boolean

Indicates whether to include the PCI Booking submit button or not. Removing the PCI Booking submit button will limit the e-commerce site to use its own site button to collect reservation information and card information. true: will not include the submit button. false: will include the submit button. Read more on how to set up the postMessage mechanism.

boolean
Defaults to true

Indicates whether the iframe should be in focus when the parent page loads. If true, then if autoDetectCardType=true then the focus will be on the card number field. Otherwise, if autoDetectCardType=false or autoDetectCardType is not provided then the focus will be on the card type selection.

string
required

The domain name of the host site where the iframe is displayed in.

string

A reference value which then can be used to query for this card token.

boolean
Defaults to false

Indicates whether to perform 3D secure authentication following card entry. Default value is False, i.e. not to run 3D secure authentication.
If you enable 3D Secure authentication on this card capture and you are using access token authorization, please remember to provide two access tokens as mentioned above.

string
Defaults to Accept

Instruction on what to do in case of a technical problem with the 3D process.
Accept - Ignores 3D secure processing and proceeds with tokenizing the credit card.
Reject - do not continue, and do not tokenize the card. In this case, the card owner will be directed to the failure page URL provided.

string

Indicates the format of the card's expiration month dropdown - either as month names or month numbers. Optional values are names and numbers.
If this parameter is not set, the default value is numbers.

string

An optional value to indicate the merchant to be used for the 3D Secure authentication. To control the merchant information used for the 3D Secure authentication follow these instructions.
The value provided must be URL encoded and unique per the 3DS merchant account data used.

int32
Defaults to 0

An optional value to specify the transaction amount to be displayed in the 3D Secure challenge screen. When specifying the amount, please make sure to include the currency parameter as well.
If you do not provide the amount or currency parameters, the 3D Secure authentication will be based on a 0 Euro amount.
Please note that the amount needs to be listed in cents - for example, if the amount of the charge is 25 GBP, the value you would list in the amount parameter would be 2500.

string
Defaults to EUR

An optional value to specify the currency of the transaction amount to be displayed in the 3D Secure challenge screen. When specifying the currency, please make sure to include the amount parameter as well.
If you do not provide the amount or currency parameters, the 3D Secure authentication will be based on a 0 Euro amount.
The currency value needs to be in ISO 4217 format.

string

The email parameter should be used to provide the Cardholder's e-mail address for 3D Secure authentication. The Cardholder's email address must be in a valid email address format, e.g. [email protected].

string

The phone parameter should be used to provide the Cardholder's telephone number for 3D Secure authentication. The Cardholder's telephone number may only contain digits [0-9], e.g.: 00353112223344.

boolean

Indicates whether the PCI Booking system should look up this card details in cards previously stored and return the token of the existing card (if found) or always return a new token.
Possible values are True: look up new card in existing cards and False: always create new tokens.
If this parameter is not specified in the request, the default behavior of the system would be to create a new token for each tokenized card - regardless of whether it is already stored in PCI Booking.

string

An optional parameter to define additional input validation on the Name On Card field. Possible values are:

  • NO_DIGITS - indicates that the Name On Card field cannot contain digits.

    • boolean
    Defaults to false

    If enabled, the PCI Booking system will send a callback notice with all of the nonsecure details collected from the card owner to the client's server. Our process will then wait up to 3 seconds for a response in another PostMessage - the response should be either true or an error message.
    If the response is true or the 3 seconds timeout expired, the tokenization process will proceed.
    Otherwise, the tokenization process will fail and the response received from your server will be displayed as the error message and the reason for the tokenization failure.

    Response

    Updated 15 days ago

    Language
    Response 
    Click Try It! to start a request and see the response here! Or choose an example:
    text/plain
    Updated 15 days ago