The request will trigger a message to be sent to the recipient (via email or text message) with a link to the card capture form.
We recommend that you first review the guide for this method.
When submitted successfully, the response body will be blank and there will be a header added:
Location: The URI for the card request which can be referenced later to retrieve status or cancel.
3D Secure challenge timeout
Please note that if you enable 3DS processing during card capture, the 3DS challenge window will have a 5 minute timeout period. If the card owner does not submit the response to the 3DS challenge within that timeframe, their authentication will be rejected.
Encoding URLs
Since the URLs provided in this request are provided in the body of the message instead of in the request URL's query string, the URLs mentioned above should not be urlEncoded.
Requests specific parameters vs account parameters
The following parameters -
CustomerSupportLink,CustomerSupportLinkText,CustomerSupportEmailandCustomerSupportPhone- can be provided either as specific values for each individual request, or their value can be retrieved from your account settings (as set in our portal).If specific values are provided in the request, they will override the values from the account and the specific values will be displayed in the card capture form.
CVV Retention Policy
Remember to set the CVV Retention Policy for this token.
Custom Merchant Information
Please do not use the
merchantNameparameter in the request unless you have followed our guide on managing merchant information for 3D Secure authentication as this may cause problems in your 3DS processing.If you plan to use the PCI Booking merchant information for 3DS Authentication, please set "ThreeDs" as
Trueand "merchantName" blank.
Please note that the PCI Booking merchant can only be used to perform 3D Secure authentication on Visa and Mastercard cards.
Complying with Visa 3DS Authentication requirements
As of August 12th 2024, Visa requires all merchants performing 3D Secure authentication to send additional information for the purpose of the authentication. Many of these additional details are sent automatically, in the background, by our system, but there are some parameters that you will need to provide PCI Booking in your request - you would need to provide either the email address or the phone number of the person you are authenticating.
You will find two new additional parameters in this request to provide these values.
If you are using 3DS authentication, you MUST provide at least one of these values.