HomeGuideMethod ReferenceAssess YourselfRequest Sandbox Account
Method Reference
Ask For AssistanceLogin

Request a Card Security Code Entry Form

get
https://service.pcibooking.net/api/payments/cvvcapturecard

This method lets you create a PCI Booking Card Security Code Entry form for capturing credit card CVV data within an e-commerce site. Apply the method from the user's browser, typically in an iFrame "src" tag.
We recommend that you first review the guide for this method.

The response of calling this method is the HTML content of the Card Security Code Capture Form itself (Click here for an example of the content). You can use the request URL either as the page URL that a customer is directed to or as the source URL of an iframe element on your page.

📘

Access Token Vs. Session Token

Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

📘

Multiple Authentication Methods allowed

This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

📘

All URLs should be https.

📘

Please note to urlEncode all components!

📘

Duplicate Card Token

As a result of this form submission, the card details of the original token will be duplicated to a new token and the CVV data captured in this form will be added to the new token.
It is your responsibility to clear the original token that was stored in PCI Booking. If this token is not cleared, it will be charged the monthly storage fee.

📘

CVV Retention Policy

Remember to set the CVV Retention Policy for this token.

📘

Complying with Visa 3DS Authentication requirements

As of August 12th 2024, Visa requires all merchants performing 3D Secure authentication to send additional information for the purpose of the authentication. Many of these additional details are sent automatically, in the background, by our system, but there are some parameters that you will need to provide PCI Booking in your request - you would need to provide either the email address or the phone number of the person you are authenticating.

You will find two new additional parameters in this request to provide these values.

If you are using 3DS authentication, you MUST provide at least one of these values.

Query Params
string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

string
required

The brand parameter should be used to provide your identification to the PCI Booking system. This would be your username to PCI Booking.

string
required

The card URI is the resource identifier for the card location within PCI Booking.

string
required

The form's language in ISO 639-1 (2-letter) format - see here. If an unsupported language is received, English will be displayed. Adding languages is simple - simply contact our support team.

string

The CSS resource name. Please follow our guide on managing stylesheets. If no CSS is provided, PCI Booking will implement the default CSS.

boolean
Defaults to false

Indication whether to use the PCI Booking base CSS or not. Note: using the base CSS will not collide with the e-commerce site's CSS. true," to remove the PCI Booking base CSS. false," to use the PCI Booking base CSS.

string

The URL where a successful response will be redirected to. Read more on how to set up success / failure redirection pages.

string

The URL where a failed response will be redirected to. Read more on how to set up success / failure redirection pages.

boolean

Indicates whether to include the PCI Booking submit button or not. Removing the PCI Booking submit button will limit the e-commerce site to use its own site button to collect reservation information and card information. true: will not include the submit button. false: will include the submit button. Read more on how to set up the postMessage mechanism.

boolean
Defaults to true

Indicates whether the iframe should be in focus when the parent page loads. If true, the focus will be on the card security code field.

string

The domain name of the host site where the iframe is displayed in.

string

A reference value which then can be used to query for this card token.

boolean
Defaults to false

Indicates whether to perform 3D secure authentication following card entry. Default value is False, i.e. not to run 3D secure authentication.
If you enable 3D Secure authentication on this card capture and you are using access token authorization, please remember to provide two access tokens as mentioned above.

string
Defaults to Accept

Instruction on what to do in case of a technical problem with the 3D process.
Accept - Ignores 3D secure processing and proceeds with tokenizing the credit card.
Reject - do not continue, and do not tokenize the card. In this case, the card owner will be directed to the failure page URL provided.

string

An optional value to indicate the merchant to be used for the 3D Secure authentication. To control the merchant information used for the 3D Secure authentication follow these instructions.
The value provided must be URL encoded and unique per the 3DS merchant account data used.

int32
Defaults to 0

An optional value to specify the transaction amount to be displayed in the 3D Secure challenge screen. When specifying the amount, please make sure to include the currency parameter as well.
If you do not provide the amount or currency parameters, the 3D Secure authentication will be based on a 0 Euro amount.
Please note that the amount needs to be listed in cents - for example, if the amount of the charge is 25 GBP, the value you would list in the amount parameter would be 2500.

string
Defaults to EUR

An optional value to specify the currency of the transaction amount to be displayed in the 3D Secure challenge screen. When specifying the currency, please make sure to include the amount parameter as well.
If you do not provide the amount or currency parameters, the 3D Secure authentication will be based on a 0 Euro amount.
The currency value needs to be in ISO 4217 format.

string

The email parameter should be used to provide the Cardholder's e-mail address for 3D Secure authentication. The Cardholder's email address must be in a valid email address format, e.g. [email protected].

string

The phone parameter should be used to provide the Cardholder's telephone number for 3D Secure authentication. The Cardholder's telephone number may only contain digits [0-9], e.g.: 00353112223344.

Response

Updated 11 days ago

Language
Response 
Click Try It! to start a request and see the response here! Or choose an example:
text/plain
Updated 11 days ago