> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart

> Tokenize a card and process a payment in minutes using PCI Booking's hosted card form and Universal Payment Gateway

This quickstart walks through one common flow: capture a card using the hosted card entry form, inspect the token, and process a payment through the Universal Payment Gateway.

This is one example. Each step has alternatives you can swap in depending on your use case:

| Step         | This Example                    | Other Options                                                                                                                                                                                                                                                                          |
| ------------ | ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Tokenize** | Hosted Card Entry Form (iframe) | [Card Entry Form Session](/capture-cards/hosted-card-entry-form), [Card By Link](/capture-cards/card-by-link), [Payments Library](/payments-library/setup), [Card Migration](/capture-cards/store-card-migration), [Tokenization on Response](/capture-cards/tokenization-on-response) |
| **Inspect**  | Query token metadata            | [Query by reference](/manage-tokens/query-retrieve)                                                                                                                                                                                                                                    |
| **Use**      | Charge via UPG                  | [Authorize & Capture](/use-tokens/authorize-capture), [Token Replacement](/use-tokens/token-replacement-in-request), [Card Display](/use-tokens/card-display)                                                                                                                          |

See [Capture Cards Overview](/capture-cards/overview) and [Use Tokens Overview](/use-tokens/overview) for the full list.

***

## Step 1: Authenticate

Log in to your PCI Booking account and navigate to the API Keys section. Copy your API key. You will use it for server-to-server calls in the format:

```http theme={null}
Authorization: APIKEY your-api-key
```

The hosted card entry form runs in the cardholder's browser, so it cannot use your API key directly. Instead, generate a temporary session token:

```bash theme={null}
curl -X POST https://service.pcibooking.net/api/payments/paycard/tempsession \
  -H "Authorization: APIKEY your-api-key"
```

The response returns a session token as a plain string:

```text theme={null}
33b245a015cf4d10a3ca885e7f4c5600
```

Save this token. you will pass it as a query parameter when building the card form URL in the next step.

## Step 2: Tokenize a Card

Build a URL to the PCI Booking hosted card entry form. This URL is the `src` of an iframe you embed in your page. When the browser loads this URL, PCI Booking serves a secure card entry form directly to the cardholder. Card data never touches your servers.

The URL includes the session token from Step 1 and your configuration as query parameters:

```text theme={null}
https://service.pcibooking.net/api/payments/capturecard?accessToken=YOUR_SESSION_TOKEN&language=en&autoDetectCardType=true&success=https://yoursite.com/success&failure=https://yoursite.com/failure
```

This example uses only a few basic parameters. The card entry form supports many additional options including custom styling, card type restrictions, CVV requirements, and more. See the [full parameter reference](/api-reference/tokenize-cards/request-card-entry-form) for the complete list.

Embed it in your page:

```html theme={null}
<iframe
  src="https://service.pcibooking.net/api/payments/capturecard?accessToken=YOUR_SESSION_TOKEN&language=en&autoDetectCardType=true&success=https://yoursite.com/success&failure=https://yoursite.com/failure"
  width="400"
  height="350"
  frameborder="0">
</iframe>
```

After the cardholder submits the form, PCI Booking tokenizes the card and redirects to your `success` URL with the token appended. You can also use a [callback URL](/capture-cards/hosted-card-entry-form) instead of redirect URLs.

<Info>
  There are other ways to tokenize cards: [Card Entry Form Sessions](/capture-cards/hosted-card-entry-form), [Card By Link](/capture-cards/card-by-link), [Payments Library](/payments-library/setup), [direct API storage](/capture-cards/store-card-migration), and more. See [Capture Cards Overview](/capture-cards/overview).
</Info>

## Step 3: Retrieve Your Token

Confirm the card was stored by checking the token metadata. This includes the card brand, last four digits, expiration date, and the issuing bank and country. useful for routing decisions between PSPs.

```bash theme={null}
curl -X GET "https://service.pcibooking.net/api/payments/paycard/{token}/meta" \
  -H "Authorization: APIKEY your-api-key"
```

The response includes the masked card number, expiry, card brand, and token metadata. You will never see the full card number through this endpoint.

## Step 4: Use Your Token (Process a Payment)

Send the token through the Universal Payment Gateway (UPG). PCI Booking detokenizes the card and forwards it to your PSP.

For testing, PCI Booking provides two built-in mock payment gateways:

| Mock Gateway    | Behavior                        |
| --------------- | ------------------------------- |
| **NULLSuccess** | Always approves the transaction |
| **NULLFailure** | Always declines the transaction |

Mock gateways require no credentials and return instant responses. Use them to test your integration before connecting a real PSP.

```bash theme={null}
curl -X POST https://service.pcibooking.net/api/paymentgateway \
  -H "Authorization: APIKEY your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "PaymentGateway": {
      "Name": "NULLSuccess"
    },
    "CardToken": "{token}",
    "OperationType": "Charge",
    "Amount": 100.00,
    "Currency": "USD"
  }'
```

PCI Booking replaces the token with real card data, sends it to the gateway, and returns the result. You never see the card. With `NULLSuccess`, the response will always be a successful charge.

When you are ready for production, replace `NULLSuccess` with your real PSP name and credentials:

```bash theme={null}
curl -X POST https://service.pcibooking.net/api/paymentgateway \
  -H "Authorization: APIKEY your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "PaymentGateway": {
      "Name": "YourPSPName",
      "Credentials": {
        "MerchantId": "your-merchant-id",
        "ApiKey": "your-psp-api-key"
      }
    },
    "CardToken": "{token}",
    "OperationType": "Charge",
    "Amount": 100.00,
    "Currency": "USD"
  }'
```

<Info>
  You can also store your PSP credentials in PCI Booking and pass a `credentialsId` query parameter instead of including credentials in every request. See [Gateway Credentials](/account-setup/gateway-credentials).
</Info>

<Info>
  Processing payments through the UPG is one way to use a token. You can also [relay card data via HTTP](/use-tokens/token-replacement-in-request), [relay via file](/use-tokens/file-transfer-token-replacement), or [display the card](/use-tokens/card-display). See [Use Tokens Overview](/use-tokens/overview).
</Info>

## What's Next

* [Authentication](/getting-started/authentication): All authentication methods in detail.
* [Capture Cards Overview](/capture-cards/overview): All card capture and tokenization methods.
* [Token Management](/manage-tokens/overview): Query, update, and manage stored tokens.
* [Use Tokens Overview](/use-tokens/overview): All ways to use your tokens.
* [Payments Library](/payments-library/overview): Cards, Apple Pay, Google Pay, PayPal via the Payments Library.
