> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Collect a Guest's Card and Share It with a Hotel

> Collect card details directly from a guest via a secure form or email link, then give a hotel property access to view the card. All PCI compliant, no card data on your servers.

This workflow is for when you need to capture the card directly from the cardholder (for example, at booking time on your website or through an email link) and then share it with a hotel. Your servers never handle raw card data, keeping you out of PCI scope. If you already have a token and just need to share it with a hotel, see [Send Stored Card Details to a Hotel Property](/use-cases/capture-and-send-to-hotel) instead.

## Card capture and delivery options

| Capture Method                                                                          | Delivery Method                                                                                                                                        |
| --------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| [Hosted Card Entry Form](/capture-cards/hosted-card-entry-form) - embed in your website | [Card Display with OTP](/use-tokens/card-display-otp) - hotel receives a secure link and verifies identity with OTP to view the card **(recommended)** |
| [Card By Link](/capture-cards/card-by-link) - send a capture link via email/SMS         | [Token Replacement](/use-tokens/token-replacement-in-request) - send card data directly to the hotel's API                                             |

You can mix and match. The example below uses Card By Link to capture and Card Display with OTP to share the card with the hotel.

## Step 1: Collect the Card

Using Card By Link as an example:

1. Send a [Card By Link request](/api-reference/tokenize-cards/cotp-send-card-form) to PCI Booking with the cardholder's email or phone number. Include optional details like amount, reference number, and header/footer text for the landing page.
2. PCI Booking sends a secure link to the cardholder.
3. The cardholder enters their card details on the hosted page.
4. If configured, a [3D Secure prompt](/account-setup/3ds-merchant-setup) is displayed.
5. PCI Booking tokenizes the card and sends a [callback](/api-reference/tokenize-cards/cotp-callback) with the token.

## Step 2: Share the Card with the Hotel

Using Card Display with OTP as an example:

1. Call the [Card Display OTP endpoint](/api-reference/process-cards/card-display-otp) with the card token, the hotel contact's email, phone number, and name. Set a time-to-live for how long the link should remain valid.
2. PCI Booking sends the hotel contact an email containing a secure link.
3. The hotel contact clicks the link and verifies their identity by entering a code sent to their phone via SMS.
4. After verification, the card details are displayed on PCI Booking's hosted page. The session stays active for 15 minutes.
5. Delete the token when no longer needed.

No portal setup or user accounts are needed on the hotel's side. PCI Booking handles the entire identity verification and card display flow.

## Related

* [Card Display with OTP](/use-tokens/card-display-otp). Full guide on the OTP-secured card display flow.
* [Third-Party Permissions](/manage-tokens/third-party-permissions). Control which merchants can access your tokens.
* [CVV Retention Policy](/capture-cards/cvv-retention-policy). Configure CVV access for card display.
* [Send Stored Card Details to a Hotel](/use-cases/capture-and-send-to-hotel). Already have a token? Share it with a hotel without re-capturing.
* [Collect and Process a Payment](/use-cases/capture-and-charge). Need to charge the card instead of sharing it with a hotel?
