Tokenization in Response

post https://service.pcibooking.net/api/payments/paycard/capture

E-commerce sites send a "Reservation with card data" request to a third party.
Once the e-commerce site initializes the request, the third party will send a response, with the card data.
The e-commerce site will receive the card URI that was saved in the database.

We recommend that you first review the guide for this method.

Once the response from the third party is received in PCI Booking. the card details will be extracted from the message body (the card details will be located by using the content filter specified in the target profile). The card will be tokenized, the card details in the message will be masked and the token URI will be added to the response header (the name of the header will be taken from the settings of the target profile).

If the eliminateCardDuplication parameter is set to True, the system will look up the card in the customer's stored cards and check if it already exists:

If it exists, then the card details will be masked and the token added to the response will be the token of the previously stored card.
If it does not exist, the card will generate a new token which will then be added to the response.

If the eliminateCardDuplication parameter is set to False or not added in the request, PCI Booking will generate a new token for any card processed.

📘
Access Token Vs. Session Token
Between the two options of using the Access Token or the Session Token, we would recommend using the Access Token.

📘
Multiple Authentication Methods allowed
This method accepts multiple forms of authentication methods (Session Token and Access Token). If more than one authentication method is provided, the Session Token will take precedence.

📘
All URLs should be https.

📘
Please note to urlEncode all components!

📘
CVV Retention Policy
Remember to set the CVV Retention Policy for this token.

Query Params

sessionToken

string

Optional authentication method. Please use either the Session Token or the Access Token. The session token is the value returned by the call to the "Start a Temporary Session" method.

accessToken

string

Optional authentication method. Please use either the Session Token or the Access Token. The Access Token is generated as a result of running the "Generate Access Token" code sample.

profileName

string

required

The profileName is the unique ID for the profile that was set up for the response you will receive for this request. You can set up as many profiles as you require. Read more about setting up target profiles.

targetURI

string

required

The URI of the third party that you would like to relay the request to in order to retrieve the card details.
For example http://permaculturenews.org/.

httpMethod

string

required

The HTTP method that PCI Booking should use when calling the target URI. Possible values are POST, GET, DELETE and OPTIONS.

saveCVV

boolean

Defaults to false

Will be used to determine whether to save the CVV in the database. true - save the CVV. false - do not save the CVV.

ref

string

A reference value which then can be used to query for this card token.

MerchantId

string

The user ID of the property you wish to associate the token with.
The user ID for the property can be found under "Property settings" in our user's site.

allowedUserId

string

The user ID of the PCI Booking customer (booker ID) you wish to associate the token with. You will need to ask the PCI Booking customer to share with you their user ID to the PCI Booking system.

timeout

int32

The number of seconds that PCI Booking should wait for a response from the third party.

eliminateCardDuplication

boolean

Defaults to false

Indicates whether the PCI Booking system should look up this card details in cards previously stored and return the token of the existing card (if found) or always return a new token.
Possible values are True: look up new card in existing cards and False: always create new tokens.
If this parameter is not specified in the request, the default behavior of the system would be to create a new token for each tokenized card - regardless if it is already stored in PCI Booking.

Headers

As required by the third party

json

Responses

Language


xxxxxxxxxx
1
curl --request POST \
2
     --url 'https://service.pcibooking.net/api/payments/paycard/capture?saveCVV=false&eliminateCardDuplication=false' \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json'

Click Try It! to start a request and see the response here! Or choose an example:

application/json

Tokenization in Response

📘
Access Token Vs. Session Token

📘
Multiple Authentication Methods allowed

📘
All URLs should be https.

📘
Please note to urlEncode all components!

📘
CVV Retention Policy

📘Access Token Vs. Session Token

📘Multiple Authentication Methods allowed

📘All URLs should be https.

📘Please note to urlEncode all components!

📘CVV Retention Policy

200200

201201

400400

401401

📘
Access Token Vs. Session Token

📘
Multiple Authentication Methods allowed

📘
All URLs should be https.

📘
Please note to urlEncode all components!

📘
CVV Retention Policy